name: Publish Kata release artifacts on: push: tags: - '[0-9]+.[0-9]+.[0-9]+*' jobs: build-and-push-assets-amd64: uses: ./.github/workflows/release-amd64.yaml with: target-arch: amd64 secrets: inherit build-and-push-assets-arm64: uses: ./.github/workflows/release-arm64.yaml with: target-arch: arm64 secrets: inherit build-and-push-assets-s390x: uses: ./.github/workflows/release-s390x.yaml with: target-arch: s390x secrets: inherit publish-multi-arch-images: runs-on: ubuntu-latest needs: [build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x] steps: - name: Checkout repository uses: actions/checkout@v3 - name: Login to Kata Containers docker.io uses: docker/login-action@v3 with: registry: docker.io username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to Kata Containers quay.io uses: docker/login-action@v3 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - name: Push multi-arch manifest run: | # tag the container image we created and push to DockerHub tag=$(echo $GITHUB_REF | cut -d/ -f3-) tags=($tag) tags+=($([[ "$tag" =~ "alpha"|"rc" ]] && echo "latest" || echo "stable")) # push to quay.io and docker.io for tag in ${tags[@]}; do docker manifest create quay.io/kata-containers/kata-deploy:${tag} \ --amend quay.io/kata-containers/kata-deploy:${tag}-amd64 \ --amend quay.io/kata-containers/kata-deploy:${tag}-arm64 \ --amend quay.io/kata-containers/kata-deploy:${tag}-s390x docker manifest create docker.io/katadocker/kata-deploy:${tag} \ --amend docker.io/katadocker/kata-deploy:${tag}-amd64 \ --amend docker.io/katadocker/kata-deploy:${tag}-arm64 \ --amend docker.io/katadocker/kata-deploy:${tag}-s390x docker manifest push quay.io/kata-containers/kata-deploy:${tag} docker manifest push docker.io/katadocker/kata-deploy:${tag} done upload-multi-arch-static-tarball: needs: publish-multi-arch-images runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: install hub run: | HUB_VER=$(curl -s "https://api.github.com/repos/github/hub/releases/latest" | jq -r .tag_name | sed 's/^v//') wget -q -O- https://github.com/github/hub/releases/download/v$HUB_VER/hub-linux-amd64-$HUB_VER.tgz | \ tar xz --strip-components=2 --wildcards '*/bin/hub' && sudo mv hub /usr/local/bin/hub - name: download-artifacts-amd64 uses: actions/download-artifact@v3 with: name: kata-static-tarball-amd64 - name: push amd64 static tarball to github run: | tag=$(echo $GITHUB_REF | cut -d/ -f3-) tarball="kata-static-$tag-x86_64.tar.xz" mv kata-static.tar.xz "$GITHUB_WORKSPACE/${tarball}" pushd $GITHUB_WORKSPACE echo "uploading asset '${tarball}' for tag: ${tag}" GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}" popd - name: download-artifacts-arm64 uses: actions/download-artifact@v3 with: name: kata-static-tarball-arm64 - name: push arm64 static tarball to github run: | tag=$(echo $GITHUB_REF | cut -d/ -f3-) tarball="kata-static-$tag-aarch64.tar.xz" mv kata-static.tar.xz "$GITHUB_WORKSPACE/${tarball}" pushd $GITHUB_WORKSPACE echo "uploading asset '${tarball}' for tag: ${tag}" GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}" popd - name: download-artifacts-s390x uses: actions/download-artifact@v3 with: name: kata-static-tarball-s390x - name: push s390x static tarball to github run: | tag=$(echo $GITHUB_REF | cut -d/ -f3-) tarball="kata-static-$tag-s390x.tar.xz" mv kata-static.tar.xz "$GITHUB_WORKSPACE/${tarball}" pushd $GITHUB_WORKSPACE echo "uploading asset '${tarball}' for tag: ${tag}" GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}" popd upload-cargo-vendored-tarball: needs: upload-multi-arch-static-tarball runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: generate-and-upload-tarball run: | tag=$(echo $GITHUB_REF | cut -d/ -f3-) tarball="kata-containers-$tag-vendor.tar.gz" pushd $GITHUB_WORKSPACE bash -c "tools/packaging/release/generate_vendor.sh ${tarball}" GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}" popd upload-libseccomp-tarball: needs: upload-cargo-vendored-tarball runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: download-and-upload-tarball env: GITHUB_TOKEN: ${{ secrets.GIT_UPLOAD_TOKEN }} GOPATH: ${HOME}/go run: | pushd $GITHUB_WORKSPACE ./ci/install_yq.sh tag=$(echo $GITHUB_REF | cut -d/ -f3-) versions_yaml="versions.yaml" version=$(${GOPATH}/bin/yq read ${versions_yaml} "externals.libseccomp.version") repo_url=$(${GOPATH}/bin/yq read ${versions_yaml} "externals.libseccomp.url") download_url="${repo_url}/releases/download/v${version}" tarball="libseccomp-${version}.tar.gz" asc="${tarball}.asc" curl -sSLO "${download_url}/${tarball}" curl -sSLO "${download_url}/${asc}" # "-m" option should be empty to re-use the existing release title # without opening a text editor. # For the details, check https://hub.github.com/hub-release.1.html. hub release edit -m "" -a "${tarball}" "${tag}" hub release edit -m "" -a "${asc}" "${tag}" popd