Skip to content

ko: don't generate sbom #5

ko: don't generate sbom

ko: don't generate sbom #5

Workflow file for this run

---
name: "Release"
on: # yamllint disable-line rule:truthy
push:
tags:
- "*"
permissions:
contents: "write"
packages: "write"
jobs:
goreleaser:
runs-on: "ubuntu-latest"
env:
KUSTOMIZER_ARTIFACT: "oci://ghcr.io/${{github.repository_owner}}/${{github.event.repository.name}}-manifests"
steps:
- uses: "actions/checkout@v3"
with:
fetch-depth: 0
- uses: "authzed/actions/setup-go@main"
- uses: "authzed/actions/docker-login@main"
with:
quayio_token: "${{ secrets.QUAYIO_PASSWORD }}"
github_token: "${{ secrets.GITHUB_TOKEN }}"
dockerhub_token: "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}"
# the release directory is gitignored, which keeps goreleaser from
# complaining about a dirty tree
- name: "Copy manifests to release directory"
run: mkdir release && cp -R deploy release
- name: "Set image in release manifests"
uses: "mikefarah/yq@master"
with:
cmd: |
yq eval '.images[0].newName="ghcr.io/${{github.repository_owner}}/${{github.event.repository.name}}"' -i ./release/deploy/kustomization.yaml
- name: "Set tag in release manifests"
uses: "mikefarah/yq@master"
with:
cmd: |
yq eval '.images[0].newTag="${{ github.ref_name }}"' -i ./release/deploy/kustomization.yaml
- name: "Setup Kustomizer CLI"
uses: "stefanprodan/kustomizer/action@main"
- name: "Build release bundle.yaml"
run: |
kustomizer build inventory -k release/deploy > release/bundle.yaml
- uses: "goreleaser/goreleaser-action@v2"
with:
distribution: "goreleaser-pro"
version: "latest"
args: "release --rm-dist"
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
GORELEASER_KEY: "${{ secrets.GORELEASER_KEY }}"
- name: "Push release manifests"
run: |
kustomizer push artifact ${KUSTOMIZER_ARTIFACT}:${{ github.ref_name }} -k ./release/deploy \
--source=${{ github.repositoryUrl }} \
--revision="${{ github.ref_name }}/${{ github.sha }}"
- name: "Tag latest release manifests"
run: |
kustomizer tag artifact ${KUSTOMIZER_ARTIFACT}:${GITHUB_REF_NAME} latest