Skip to content

update cert

update cert #482

Workflow file for this run

name: Release kubectl-testkube dev
on:
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+-*"
permissions:
id-token: write # needed for keyless signing
contents: write
env:
ALPINE_IMAGE: alpine:3.20.3
BUSYBOX_IMAGE: busybox:1.36.1-musl
jobs:
pre_build:
name: Pre-build
runs-on: ubuntu-latest
strategy:
matrix:
include:
- name: "linux"
path: .builds-linux.goreleaser.yml
- name: "windows"
path: .builds-windows.goreleaser.yml
- name: "darwin"
path: .builds-darwin.goreleaser.yml
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up QEMU
if: matrix.name == 'linux'
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
if: matrix.name == 'linux'
id: buildx
uses: docker/setup-buildx-action@v3
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: stable
- name: Go Cache
uses: actions/cache@v4
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Login to DockerHub
if: matrix.name == 'linux'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Get tag
id: tag
uses: dawidd6/action-get-tag@v1
with:
strip_v: true
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser-pro
version: latest
args: release -f ${{ matrix.path }} --skip=publish
env:
GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }}
ANALYTICS_TRACKING_ID: "${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_ID}}"
ANALYTICS_API_KEY: "${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_SECRET}}"
# Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
DOCKER_BUILDX_BUILDER: "${{ steps.buildx.outputs.name }}"
DOCKER_BUILDX_CACHE_FROM: "type=gha"
DOCKER_BUILDX_CACHE_TO: "type=gha,mode=max"
ALPINE_IMAGE: ${{ env.ALPINE_IMAGE }}
BUSYBOX_IMAGE: ${{ env.BUSYBOX_IMAGE }}
DOCKER_IMAGE_TAG: ${{steps.tag.outputs.tag}}
- name: Push Docker images
if: matrix.name == 'linux'
run: |
docker push kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-arm64v8
docker push kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-amd64
# adding the docker manifest for the latest image tag
docker manifest create kubeshop/testkube-cli:latest --amend kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-amd64 --amend kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-arm64v8
docker manifest push -p kubeshop/testkube-cli:latest
docker manifest create kubeshop/testkube-cli:${{steps.tag.outputs.tag}} --amend kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-amd64 --amend kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-arm64v8
docker manifest push -p kubeshop/testkube-cli:${{steps.tag.outputs.tag}}
- name: Push README to Dockerhub
if: matrix.name == 'linux'
uses: christian-korneck/update-container-description-action@v1
env:
DOCKER_USER: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKER_PASS: ${{ secrets.DOCKERHUB_TOKEN }}
with:
destination_container_repo: kubeshop/testkube-cli
provider: dockerhub
short_description: "Testkube CLI Docker image"
readme_file: "./README.md"
- name: Upload Artifacts
uses: actions/upload-artifact@master
with:
name: testkube_${{ matrix.name }}
path: |
${{ matrix.name }}/testkube_${{ matrix.name }}_*
retention-days: 1
build_agent_image:
name: Build a Docker image for Testkube Agent
runs-on: ubuntu-latest
env:
TESTKUBE_CLOUD_URL: "agent.testkube.io:443"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Get tag
id: tag
uses: dawidd6/action-get-tag@v1
with:
strip_v: true
- name: Preload kind images
run: |
mkdir -p build/kind/images
docker pull --platform linux/arm64 kindest/node:v1.31.0
docker save kindest/node:v1.31.0 > build/kind/images/node.tar
docker pull --platform linux/amd64 kindest/node:v1.31.0
docker save kindest/node:v1.31.0 >> build/kind/images/node.tar
- name: Build and push
uses: docker/build-push-action@v6
with:
build-args: |
segmentio_key=${{secrets.TESTKUBE_SEGMENTIO_KEY}}
ga_id=${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_ID}}
ga_secret=${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_SECRET}}
docker_image_version=${{steps.tag.outputs.tag}}
cloud_url=${{ env.TESTKUBE_CLOUD_URL }}
context: build/kind
file: build/kind/kind.Dockerfile
platforms: linux/amd64,linux/arm64/v8
provenance: mode=max
push: true
sbom: true
tags: kubeshop/testkube-agent:${{steps.tag.outputs.tag}}
release:
name: Create and upload release-artifacts
needs: pre_build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: sigstore/[email protected]
- uses: anchore/sbom-action/[email protected]
- name: Download Artifacts for Linux
uses: actions/download-artifact@master
with:
name: testkube_linux
path: linux
- name: Download Artifacts for Windows
uses: actions/download-artifact@master
with:
name: testkube_windows
path: windows
- name: Download Artifacts for Darwin
uses: actions/download-artifact@master
with:
name: testkube_darwin
path: darwin
# Added as a workaround since files lose their permissions when being moved from one stage to another in GH. A bug was reported
# and will be fixed in the next release of GoReleaser, thus we will be able to remove this code.
- name: Add executable mode
run: chmod -R +x linux/ darwin/
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: stable
- name: Go Cache
uses: actions/cache@v4
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser-pro
version: latest
args: release -f .goreleaser-dev.yml
env:
GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }}
ANALYTICS_TRACKING_ID: "${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_ID}}"
ANALYTICS_API_KEY: "${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_SECRET}}"
SLACK_BOT_CLIENT_ID: "${{secrets.TESTKUBE_SLACK_BOT_CLIENT_ID}}"
SLACK_BOT_CLIENT_SECRET: "${{secrets.TESTKUBE_SLACK_BOT_CLIENT_SECRET}}"
# Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
- name: Store Intermediate Artifacts
uses: actions/upload-artifact@master
with:
name: bin-artifacts
path: dist
retention-days: 1
build-and-publish-windows-installer:
needs: release
runs-on: windows-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get Intermediate Artifacts
uses: actions/download-artifact@master
with:
name: testkube_windows
path: windows
- name: Get MSFT Cert
id: write_file
uses: timheuer/[email protected]
with:
fileName: "kubeshop_msft.p12"
fileDir: "./temp/"
encodedString: ${{ secrets.CERT_MSFT_KUBESHOP_P12_B64 }}
- name: Create and Sign MSI
run: |
Copy-Item 'windows\testkube_windows_386\kubectl-testkube.exe' '.\kubectl-testkube.exe'
Copy-Item 'build\installer\windows\testkube.wxs' '.\testkube.wxs'
Copy-Item 'build\installer\windows\tk.bat' '.\tk.bat'
Copy-Item 'build\installer\windows\testkube.bat' '.\testkube.bat'
& "$env:WIX\bin\candle.exe" *.wxs
& "$env:WIX\bin\light.exe" *.wixobj
& "C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe" sign /f "$env:P12_CERT" /p "$env:P12_PASSWORD" /d "Kubetest by Kubeshop" /tr http://timestamp.digicert.com testkube.msi
env:
P12_CERT: ${{ steps.write_file.outputs.filePath }}
P12_PASSWORD: ${{ secrets.CERT_MSFT_KUBESHOP_P12_PASSWORD }}
- name: Get tag
id: tag
uses: dawidd6/action-get-tag@v1
with:
# Optionally strip `v` prefix
strip_v: true
- name: Get release
id: get_release
uses: bruceadams/[email protected]
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Calculate Checksum
id: checksum
run: |
$installer_name = $env:MSI_NAME
$hash=Get-FileHash testkube.msi
$hash.Hash + " " + $installer_name + ".msi" >> msi_checksum.txt
echo "::set-output name=INSTALLER_NAME::${installer_name}"
#export MSI hash to environment
$hashsum = $hash.Hash
echo "::set-output name=CHECKSUM::${hashsum}"
#copy MSI to choco directory to build a nuget package
Copy-Item -Path "testkube.msi" -Destination ".\choco\tools\$env:MSI_NAME.msi"
env:
MSI_NAME: testkube_${{steps.tag.outputs.tag}}_Windows_i386
- name: Upload release binary
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ github.token }}
with:
upload_url: ${{ steps.get_release.outputs.upload_url }}
asset_path: testkube.msi
asset_name: ${{steps.checksum.outputs.INSTALLER_NAME}}.msi
asset_content_type: application/octet-stream
- name: Upload Checksum
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ github.token }}
with:
upload_url: ${{ steps.get_release.outputs.upload_url }}
asset_path: msi_checksum.txt
asset_name: ${{steps.checksum.outputs.INSTALLER_NAME}}_checksum.txt
asset_content_type: text/plain
# build-and-publish-linux-installer:
# needs: release
# runs-on: ubuntu-latest
# steps:
# - name: Get Intermediate Artifacts
# uses: actions/download-artifact@master
# with:
# name: bin-artifacts
# path: dist
# - name: Get tag
# id: tag
# uses: dawidd6/action-get-tag@v1
# with:
# strip_v: true
# - name: Publish package
# env:
# USERNAME: "aptly"
# PASSWORD: ${{ secrets.APTLY_PASSWORD }}
# APTLY_URL: "repo.testkube.io:8080"
# VERSION: ${{steps.tag.outputs.tag}}
# run: |
# ### Upload files
# curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST -F file=@dist/testkube_${VERSION}_linux_386.deb http://${APTLY_URL}/api/files/testkube
# curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST -F file=@dist/testkube_${VERSION}_linux_arm64.deb http://${APTLY_URL}/api/files/testkube
# curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST -F file=@dist/testkube_${VERSION}_linux_amd64.deb http://${APTLY_URL}/api/files/testkube
# ### Add file to repo
# curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST http://${APTLY_URL}/api/repos/testkube/file/testkube?forceReplace=1
# ### Create snapshot
# curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST -H 'Content-Type: application/json' --data '{"Name":"testkube-'${VERSION}'"}' http://${APTLY_URL}/api/repos/testkube/snapshots
# ### Publish repo
# curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X PUT -H 'Content-Type: application/json' --data '{"Snapshots": [{"Component": "main", "Name": "testkube-'${VERSION}'"}]}'}], http://repo.testkube.io:8080/api/publish/:linux/linux
trigger-deploy-to-dev-env:
needs: release
runs-on: ubuntu-latest
steps:
- name: Repository Dispatch
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ secrets.CI_BOT_TOKEN }}
repository: kubeshop/helm-charts
event-type: trigger-helm-chart-deployment-to-develop-cluster