Skip to content

Finalize release

Finalize release #27

name: Finalize release
on:
release:
types: [published]
workflow_dispatch:
inputs:
version:
description: 'Run finalize release on a specific tag.'
required: true
default: ''
jobs:
push-final-images:
runs-on: ubuntu-latest
env:
SYSDIG_IMAGE_BASE: ghcr.io/draios/sysdig
SYSDIG_DOCKERHUB_IMAGE_BASE: docker.io/sysdig/sysdig
RELEASE: ${{ (github.event_name == 'workflow_dispatch') && (github.event.inputs.version != '') && github.event.inputs.version || github.event.release.name }}
steps:
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: Login to Github Packages
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Publish final docker images
uses: akhilerm/[email protected]
with:
src: ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.RELEASE }}-draft
dst: |
${{ env.SYSDIG_IMAGE_BASE }}:${{ env.RELEASE }}
${{ env.SYSDIG_IMAGE_BASE }}:latest
${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:${{ env.RELEASE }}
${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:latest
release-rpm:
strategy:
matrix:
name: [amd64, arm64]
include:
- name: amd64
base_arch: x86_64
release_arch: x86_64
- name: arm64
base_arch: aarch64
release_arch: aarch64
runs-on: ubuntu-latest
env:
RPM_BASEARCH: ${{ matrix.base_arch }}
RELEASE_ARCH: ${{ matrix.release_arch }}
REPOSITORY_NAME: stable
REPOSITORY_DIR: rpm_repo
PACKAGES_DIR: packages
S3_BUCKET: download.draios.com
RELEASE: ${{ github.event.release.name }}
KEY_ID: EC51E8C4
# These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
container:
image: centos:8
steps:
- name: Install deps
run: |
sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
yum -y install unzip createrepo_c git
cd /tmp
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
./aws/install
- name: Checkout Sysdig
uses: actions/checkout@v2
with:
path: sysdig
- name: Create directories
run: |
mkdir -p $REPOSITORY_DIR
mkdir -p $PACKAGES_DIR
- name: Download RPM
uses: dsaltares/fetch-gh-release-asset@master
with:
version: "tags/${{ env.RELEASE }}"
file: sysdig-${{ env.RELEASE }}-${{ env.RELEASE_ARCH }}.rpm
target: ${{ env.PACKAGES_DIR }}/sysdig-${{ env.RELEASE }}-${{ env.RELEASE_ARCH }}.rpm
token: ${{ secrets.GITHUB_TOKEN }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@fcd8bb1e0a3c9d2a0687615ee31d34d8aea18a96
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
aws-region: us-east-1
- name: Import private key
env:
PRIVATE_KEY: ${{ secrets.SYSDIG_REPO_SIGNING_KEY }}
run: printenv PRIVATE_KEY | gpg --import -
- name: Release RPMs
env:
SCRIPTS_DIR: sysdig/scripts/release
run: sysdig/scripts/release/release_rpm.sh
release-deb:
strategy:
matrix:
name: [amd64, arm64]
include:
- name: amd64
base_arch: amd64
release_arch: x86_64
- name: arm64
base_arch: arm64
release_arch: aarch64
runs-on: ubuntu-latest
env:
DEB_BASEARCH: ${{ matrix.base_arch }}
RELEASE_ARCH: ${{ matrix.release_arch }}
REPOSITORY_NAME: stable
REPOSITORY_DIR: deb_repo
PACKAGES_DIR: packages
RELEASE: ${{ github.event.release.name }}
S3_BUCKET: download.draios.com
KEY_ID: EC51E8C4
# These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
steps:
- name: Install deps
run: |
sudo apt-get update && sudo apt-get -y install dpkg-dev gpg
- name: Checkout Sysdig
uses: actions/checkout@v2
with:
path: sysdig
- name: Create directories
run: |
mkdir -p $REPOSITORY_DIR
mkdir -p $PACKAGES_DIR
- name: Download DEB
uses: dsaltares/fetch-gh-release-asset@master
with:
version: "tags/${{ env.RELEASE }}"
file: sysdig-${{ env.RELEASE }}-${{ env.RELEASE_ARCH }}.deb
target: ${{ env.PACKAGES_DIR }}/sysdig-${{ env.RELEASE }}-${{ env.RELEASE_ARCH }}.deb
token: ${{ secrets.GITHUB_TOKEN }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@fcd8bb1e0a3c9d2a0687615ee31d34d8aea18a96
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
aws-region: us-east-1
- name: Import private key
env:
PRIVATE_KEY: ${{ secrets.SYSDIG_REPO_SIGNING_KEY }}
run: printenv PRIVATE_KEY | gpg --import -
- name: Release DEBs
env:
SCRIPTS_DIR: sysdig/scripts/release
run: sysdig/scripts/release/release_deb.sh
release-tgz:
strategy:
matrix:
name: [amd64, arm64]
include:
- name: amd64
base_arch: x86_64
release_arch: x86_64
- name: arm64
base_arch: aarch64
release_arch: aarch64
runs-on: ubuntu-latest
env:
RELEASE_ARCH: ${{ matrix.release_arch }}
TGZ_BASEARCH: ${{ matrix.base_arch }}
REPOSITORY_NAME: stable
REPOSITORY_DIR: tgz_repo
PACKAGES_DIR: packages
RELEASE: ${{ github.event.release.name }}
S3_BUCKET: download.draios.com
# These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
steps:
- name: Checkout Sysdig
uses: actions/checkout@v2
with:
path: sysdig
- name: Create directories
run: |
mkdir -p $REPOSITORY_DIR
mkdir -p $PACKAGES_DIR
- name: Download targz
uses: dsaltares/fetch-gh-release-asset@master
with:
version: "tags/${{ env.RELEASE }}"
file: sysdig-${{ env.RELEASE }}-${{ env.RELEASE_ARCH }}.tar.gz
target: ${{ env.PACKAGES_DIR }}/sysdig-${{ env.RELEASE }}-${{ env.RELEASE_ARCH }}.tar.gz
token: ${{ secrets.GITHUB_TOKEN }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@fcd8bb1e0a3c9d2a0687615ee31d34d8aea18a96
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
aws-region: us-east-1
- name: Release tar.gz
run: sysdig/scripts/release/release_tgz.sh
- name: Release install-sysdig
run: aws s3 cp sysdig/scripts/install-sysdig s3://${{ env.S3_BUCKET }}/${{ env.REPOSITORY_NAME }}/ --acl public-read