This repository has been archived by the owner on Sep 26, 2023. It is now read-only.
Remove unnecessary permission in the deploy file #17
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' # tags matching v*, i.e. v0.0.1, v1.0.0-rc.0 | |
| jobs: | |
| build: | |
| name: Create Release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set Up Environment Variables | |
| env: | |
| REPO: quay.io/${{ secrets.QUAY_ACCOUNT_NAME }} | |
| IMG: gatekeeper-operator | |
| run: | | |
| echo "REPO=${REPO}" >> ${GITHUB_ENV} | |
| RELEASE_VERSION=${{ github.ref }} | |
| # Removes the 'refs/tags/' portion of the string i.e. 'refs/tags/v0.0.1' to 'v0.0.1' | |
| echo "RELEASE_VERSION=${RELEASE_VERSION##*/}" >> ${GITHUB_ENV} | |
| RELEASE_IMG="${REPO}/${IMG}" | |
| echo "RELEASE_IMG=${RELEASE_IMG}" >> ${GITHUB_ENV} | |
| echo "RELEASE_BUNDLE_IMG=${RELEASE_IMG}-bundle" >> ${GITHUB_ENV} | |
| echo "RELEASE_BUNDLE_INDEX_IMG=${RELEASE_IMG}-bundle-index" >> ${GITHUB_ENV} | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 # Fetch all history for all tags and branches | |
| - name: Set Up Go to Install OPM | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version-file: go.mod | |
| # FIXME: The version tags created in this repo for official releases are | |
| # annotated tags. However, this step is necessary to enable matching | |
| # lightweight (non-annotated) tags because the GitHub Actions checkout@v3 | |
| # action (run just prior) will overwrite the annotated tag with a | |
| # non-annotated one here | |
| # https://github.com/actions/checkout/blob/5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f/src/git-source-provider.ts#L136-L141 | |
| # as a result of the refspec created at | |
| # https://github.com/actions/checkout/blob/5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f/src/ref-helper.ts#L94-L97. | |
| # This issue is tracked at https://github.com/actions/checkout/issues/290. | |
| # Once the issue is resolved, this step can be removed. | |
| - name: Extract Non-Annotated Version Tag | |
| run: | | |
| GIT_VERSION=$(git describe --tags --match='v*' --always --dirty) | |
| echo "GIT_VERSION=${GIT_VERSION}" >> ${GITHUB_ENV} | |
| - name: Verify release manifest | |
| run: | | |
| # GitHub Actions obfuscates values of secrets e.g. REPO='quay.io/***', | |
| # so pass an unset REPO variable to use the default within the | |
| # Makefile. | |
| unset REPO | |
| make release | |
| git diff --exit-code ./deploy/gatekeeper-operator.yaml | |
| # Reset state of git tree modified by kustomize. | |
| git reset --hard | |
| - uses: docker/setup-qemu-action@v2 | |
| - uses: docker/setup-buildx-action@v2 | |
| with: | |
| driver-opts: image=moby/buildkit:v0.8-beta | |
| - uses: docker/login-action@v2 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.QUAY_USERNAME }} | |
| password: ${{ secrets.QUAY_TOKEN }} | |
| - name: Build and Push Operator Image | |
| run: | | |
| make docker-build | |
| make docker-push IMG=${RELEASE_IMG}:${RELEASE_VERSION} | |
| - name: Build and Push Bundle Image | |
| run: | | |
| make bundle-build | |
| make docker-push IMG=${RELEASE_BUNDLE_IMG}:${RELEASE_VERSION} | |
| - name: Build and Push Bundle Index Image | |
| run: | | |
| make bundle-index-build | |
| make docker-push IMG=${RELEASE_BUNDLE_INDEX_IMG}:${RELEASE_VERSION} | |
| - name: Create Release | |
| id: create_release | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions. | |
| with: | |
| tag_name: ${{ github.ref }} | |
| release_name: Gatekeeper Operator ${{ github.ref }} | |
| body: | | |
| To install the Gatekeeper Operator: | |
| ``` | |
| kubectl apply -f https://raw.githubusercontent.com/${{ github.repository }}/${{ env.RELEASE_VERSION }}/deploy/gatekeeper-operator.yaml | |
| ``` | |
| generateReleaseNotes: true | |
| draft: true | |
| prerelease: false |