Skip to content

Release

Release #17

Workflow file for this run

name: Release
on:
workflow_dispatch:
# Enables manual activation of the workflow
push:
# Publish `master` as Docker `latest` image.
# buildbuddy: not needed
# branches:
# - master
# Publish `v1.2.3` tags as releases.
tags:
- buildbuddy-v* # buildbuddy: use "buildbuddy-" prefix to avoid having to overwrite upstream tags
env:
PODMAN_IMAGE: podman
PODMAN_MINIMAL_IMAGE: podman-minimal
PODMAN_REMOTE_IMAGE: podman-remote
jobs:
push:
runs-on: ubuntu-latest
permissions:
actions: write
attestations: none
checks: none
contents: write
deployments: none
discussions: none
id-token: none
issues: none
packages: read
pages: none
pull-requests: none
repository-projects: none
security-events: none
statuses: none
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Set up qemu
uses: docker/setup-qemu-action@v1
with:
platforms: all
- name: Print environment
run: |
uname -a
docker --version
- name: Build & test
run: make images test
- name: Build signed archives
run: make clean multiarch-tar TAR_TARGET=signed-tar
env:
GPG_SIGN_KEY: ${{ secrets.GPG_SIGN_KEY }}
GPG_SIGN_KEY_PASSPHRASE: ${{ secrets.GPG_SIGN_KEY_PASSPHRASE }}
- name: Log into GitHub registry
if: false # buildbuddy: not needed.
run: echo "$GITHUB_TOKEN" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Log into DockerHub registry
if: false # buildbuddy: not needed.
run: echo "$DOCKERHUB_TOKEN" | docker login docker.io -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
env:
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Push images
if: false # buildbuddy: not needed.
run: |
set -eu
GITHUB_IMAGE_REPO=ghcr.io/mgoltzsche/podman
GITHUB_IMAGE_REPO=$(echo $GITHUB_IMAGE_REPO | tr '[A-Z]' '[a-z]')
DOCKERHUB_IMAGE_REPO=docker.io/mgoltzsche/podman
# Strip git ref prefix from version
TAGS=$(echo "$GITHUB_REF" | sed -e 's,.*/\(.*\),\1,')
# Strip "v" prefix from tag name
[[ "$GITHUB_REF" == "refs/tags/v"* ]] && TAGS=$(echo $TAGS | sed -e 's/^v//')
# Expand tags: 1.2.3 -> 1 1.2 1.2.3
TAGS="$(echo "$TAGS" | sed -E -e 's/^((([0-9]+)\.[0-9]+)\.[0-9]+)$/\3 \2 \1/')"
for IMAGE in $PODMAN_REMOTE_IMAGE $PODMAN_IMAGE $PODMAN_MINIMAL_IMAGE; do
TAG_SUFFIX=$(echo $IMAGE | sed -E -e 's/^([^-]+)//')
LATEST_TAG="$([ "$TAG_SUFFIX" ] && echo $TAG_SUFFIX | sed -E -e 's/^-//' || echo latest)"
[ "$TAGS" == "master" ] && IMAGE_TAGS="$LATEST_TAG" || IMAGE_TAGS="$LATEST_TAG $TAGS"
TAG_OPTS=
printf 'Pushing image tags: '
for TAG in $IMAGE_TAGS; do
[ "$TAG" = "$LATEST_TAG" ] || TAG="${TAG}${TAG_SUFFIX}"
TAG_OPTS="$TAG_OPTS -t $DOCKERHUB_IMAGE_REPO:$TAG -t $GITHUB_IMAGE_REPO:$TAG"
printf ' %s' "$TAG"
done
echo
echo "Pushing $IMAGE image to $DOCKERHUB_IMAGE_REPO and $GITHUB_IMAGE_REPO"
make "$IMAGE" PODMAN_BUILD_OPTS="$TAG_OPTS" PODMAN_MINIMAL_BUILD_OPTS="$TAG_OPTS" PODMAN_REMOTE_BUILD_OPTS="$TAG_OPTS"
done
env:
BUILDX_OUTPUT: type=registry
PLATFORM: linux/arm64/v8,linux/amd64
GITHUB_REF: ${{ github.ref }}
- name: Create release
if: github.ref != 'refs/heads/master'
id: create_release
run: |
{
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"/repos/${GITHUB_REPOSITORY}/releases" \
-f "tag_name=${GITHUB_REF}" -f "name=${GITHUB_REF#ref/tags/buildbuddy-}" \
| jq -r 'to_entries | map("\(.key)=\(.value)") | join("\n")'
} >> "$GITHUB_OUTPUT"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REF: ${{ github.ref }}
GITHUB_REPOSITORY: ${{ github.repository }}
- name: Upload arm64 archive signature
if: github.ref != 'refs/heads/master'
id: upload-arm64-archive-signature
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
# This pulls from the CREATE RELEASE step above, referencing its ID to
# get its outputs object, which contains all the entries in the JSON
# response from the API endpoint. This includes the upload URL.
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./build/asset/podman-linux-arm64.tar.gz.asc
asset_name: podman-linux-arm64.tar.gz.asc
asset_content_type: application/octet-stream
- name: Upload arm64 archive
if: github.ref != 'refs/heads/master'
id: upload-arm64-archive
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
# This pulls from the CREATE RELEASE step above, referencing its ID to
# get its outputs object, which contains all the entries in the JSON
# response from the API endpoint. This includes the upload URL.
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./build/asset/podman-linux-arm64.tar.gz
asset_name: podman-linux-arm64.tar.gz
asset_content_type: application/octet-stream
- name: Upload amd64 archive signature
if: github.ref != 'refs/heads/master'
id: upload-amd64-archive-signature
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
# This pulls from the CREATE RELEASE step above, referencing its ID to
# get its outputs object, which contains all the entries in the JSON
# response from the API endpoint. This includes the upload URL.
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./build/asset/podman-linux-amd64.tar.gz.asc
asset_name: podman-linux-amd64.tar.gz.asc
asset_content_type: application/octet-stream
- name: Upload amd64 archive
if: github.ref != 'refs/heads/master'
id: upload-amd64-archive
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
# This pulls from the CREATE RELEASE step above, referencing its ID to
# get its outputs object, which contains all the entries in the JSON
# response from the API endpoint. This includes the upload URL.
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./build/asset/podman-linux-amd64.tar.gz
asset_name: podman-linux-amd64.tar.gz
asset_content_type: application/octet-stream