Release #19
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| workflow_dispatch: | |
| # Enables manual activation of the workflow | |
| push: | |
| # Publish `master` as Docker `latest` image. | |
| # buildbuddy: not needed | |
| # branches: | |
| # - master | |
| # Publish `v1.2.3` tags as releases. | |
| tags: | |
| - buildbuddy-v* # buildbuddy: use "buildbuddy-" prefix to avoid having to overwrite upstream tags | |
| env: | |
| PODMAN_IMAGE: podman | |
| PODMAN_MINIMAL_IMAGE: podman-minimal | |
| PODMAN_REMOTE_IMAGE: podman-remote | |
| jobs: | |
| push: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: write | |
| attestations: none | |
| checks: none | |
| contents: write | |
| deployments: none | |
| discussions: none | |
| id-token: none | |
| issues: none | |
| packages: read | |
| pages: none | |
| pull-requests: none | |
| repository-projects: none | |
| security-events: none | |
| statuses: none | |
| if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v2 | |
| - name: Set up qemu | |
| uses: docker/setup-qemu-action@v1 | |
| with: | |
| platforms: all | |
| - name: Print environment | |
| run: | | |
| uname -a | |
| docker --version | |
| - name: Build & test | |
| run: make images test | |
| - name: Build signed archives | |
| run: make clean multiarch-tar TAR_TARGET=signed-tar | |
| env: | |
| GPG_SIGN_KEY: ${{ secrets.GPG_SIGN_KEY }} | |
| GPG_SIGN_KEY_PASSPHRASE: ${{ secrets.GPG_SIGN_KEY_PASSPHRASE }} | |
| - name: Log into GitHub registry | |
| if: false # buildbuddy: not needed. | |
| run: echo "$GITHUB_TOKEN" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| - name: Log into DockerHub registry | |
| if: false # buildbuddy: not needed. | |
| run: echo "$DOCKERHUB_TOKEN" | docker login docker.io -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin | |
| env: | |
| DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Push images | |
| if: false # buildbuddy: not needed. | |
| run: | | |
| set -eu | |
| GITHUB_IMAGE_REPO=ghcr.io/mgoltzsche/podman | |
| GITHUB_IMAGE_REPO=$(echo $GITHUB_IMAGE_REPO | tr '[A-Z]' '[a-z]') | |
| DOCKERHUB_IMAGE_REPO=docker.io/mgoltzsche/podman | |
| # Strip git ref prefix from version | |
| TAGS=$(echo "$GITHUB_REF" | sed -e 's,.*/\(.*\),\1,') | |
| # Strip "v" prefix from tag name | |
| [[ "$GITHUB_REF" == "refs/tags/v"* ]] && TAGS=$(echo $TAGS | sed -e 's/^v//') | |
| # Expand tags: 1.2.3 -> 1 1.2 1.2.3 | |
| TAGS="$(echo "$TAGS" | sed -E -e 's/^((([0-9]+)\.[0-9]+)\.[0-9]+)$/\3 \2 \1/')" | |
| for IMAGE in $PODMAN_REMOTE_IMAGE $PODMAN_IMAGE $PODMAN_MINIMAL_IMAGE; do | |
| TAG_SUFFIX=$(echo $IMAGE | sed -E -e 's/^([^-]+)//') | |
| LATEST_TAG="$([ "$TAG_SUFFIX" ] && echo $TAG_SUFFIX | sed -E -e 's/^-//' || echo latest)" | |
| [ "$TAGS" == "master" ] && IMAGE_TAGS="$LATEST_TAG" || IMAGE_TAGS="$LATEST_TAG $TAGS" | |
| TAG_OPTS= | |
| printf 'Pushing image tags: ' | |
| for TAG in $IMAGE_TAGS; do | |
| [ "$TAG" = "$LATEST_TAG" ] || TAG="${TAG}${TAG_SUFFIX}" | |
| TAG_OPTS="$TAG_OPTS -t $DOCKERHUB_IMAGE_REPO:$TAG -t $GITHUB_IMAGE_REPO:$TAG" | |
| printf ' %s' "$TAG" | |
| done | |
| echo | |
| echo "Pushing $IMAGE image to $DOCKERHUB_IMAGE_REPO and $GITHUB_IMAGE_REPO" | |
| make "$IMAGE" PODMAN_BUILD_OPTS="$TAG_OPTS" PODMAN_MINIMAL_BUILD_OPTS="$TAG_OPTS" PODMAN_REMOTE_BUILD_OPTS="$TAG_OPTS" | |
| done | |
| env: | |
| BUILDX_OUTPUT: type=registry | |
| PLATFORM: linux/arm64/v8,linux/amd64 | |
| GITHUB_REF: ${{ github.ref }} | |
| - name: Create release | |
| if: github.ref != 'refs/heads/master' | |
| id: create_release | |
| run: | | |
| { | |
| gh api \ | |
| --method POST \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| "/repos/${GITHUB_REPOSITORY}/releases" \ | |
| -f "tag_name=${GITHUB_REF}" -f "name=${GITHUB_REF#ref/tags/buildbuddy-}" \ | |
| | jq -r 'to_entries | map("\(.key)=\(.value)") | join("\n")' | |
| } >> "$GITHUB_OUTPUT" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GITHUB_REF: ${{ github.ref }} | |
| GITHUB_REPOSITORY: ${{ github.repository }} | |
| - name: Upload arm64 archive signature | |
| if: github.ref != 'refs/heads/master' | |
| id: upload-arm64-archive-signature | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| # This pulls from the CREATE RELEASE step above, referencing its ID to | |
| # get its outputs object, which contains all the entries in the JSON | |
| # response from the API endpoint. This includes the upload URL. | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| asset_path: ./build/asset/podman-linux-arm64.tar.gz.asc | |
| asset_name: podman-linux-arm64.tar.gz.asc | |
| asset_content_type: application/octet-stream | |
| - name: Upload arm64 archive | |
| if: github.ref != 'refs/heads/master' | |
| id: upload-arm64-archive | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| # This pulls from the CREATE RELEASE step above, referencing its ID to | |
| # get its outputs object, which contains all the entries in the JSON | |
| # response from the API endpoint. This includes the upload URL. | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| asset_path: ./build/asset/podman-linux-arm64.tar.gz | |
| asset_name: podman-linux-arm64.tar.gz | |
| asset_content_type: application/octet-stream | |
| - name: Upload amd64 archive signature | |
| if: github.ref != 'refs/heads/master' | |
| id: upload-amd64-archive-signature | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| # This pulls from the CREATE RELEASE step above, referencing its ID to | |
| # get its outputs object, which contains all the entries in the JSON | |
| # response from the API endpoint. This includes the upload URL. | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| asset_path: ./build/asset/podman-linux-amd64.tar.gz.asc | |
| asset_name: podman-linux-amd64.tar.gz.asc | |
| asset_content_type: application/octet-stream | |
| - name: Upload amd64 archive | |
| if: github.ref != 'refs/heads/master' | |
| id: upload-amd64-archive | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| # This pulls from the CREATE RELEASE step above, referencing its ID to | |
| # get its outputs object, which contains all the entries in the JSON | |
| # response from the API endpoint. This includes the upload URL. | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| asset_path: ./build/asset/podman-linux-amd64.tar.gz | |
| asset_name: podman-linux-amd64.tar.gz | |
| asset_content_type: application/octet-stream | |