-
Notifications
You must be signed in to change notification settings - Fork 2
63 lines (57 loc) · 2.57 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
on:
push:
tags:
- "*/v*"
name: Release policy
jobs:
calculate-policy-from-tag:
runs-on: ubuntu-latest
outputs:
policy-working-dir: ${{ steps.calculate-vars.outputs.policy_working_dir }}
policy-version: ${{ steps.calculate-vars.outputs.policy_version }}
policy-id: ${{ steps.calculate-vars.outputs.policy_id }}
steps:
- uses: actions/checkout@v4
- id: calculate-vars
shell: bash
run: |
# we expect a tag on the form of: ControllerContainerBlockSSHPort/v0.1.0
# and want:
# policy_working_dir="policies/ControllerContainerBlockSSHPort"
# policy_version="0.1.0"
# policy_id="controller-container-block-ssh-port" # from metadata.yml
policy_dir_name=$( echo ${{ github.ref_name }} | sed 's/\(.*\)\/\(.*\)$/\1/' )
policy_working_dir=policies/"$policy_dir_name"
policy_ociUrl=$(yq -r '.annotations."io.kubewarden.policy.ociUrl"' $policy_working_dir/metadata.yml)
policy_id=${policy_ociUrl##*/}
echo "policy_id=$policy_id" >> $GITHUB_OUTPUT
echo "policy_working_dir=$policy_working_dir" >> $GITHUB_OUTPUT
echo "policy_version=$( echo ${{ github.ref_name }} | sed 's/\(.*\)\/\(.*\)$/\2/' | cut -c2- )" >> $GITHUB_OUTPUT
if [ ! -d "$policy_working_dir" ]; then
echo "$policy_working_dir does not exist, policy not found";
exit 1;
fi
unit-tests:
needs: calculate-policy-from-tag
name: run unit tests and linters
uses: kubewarden/github-actions/.github/workflows/reusable-test-policy-rego.yml@v3.4.6
with:
policy-working-dir: ${{ needs.calculate-policy-from-tag.outputs.policy-working-dir }}
policy-version: ${{ needs.calculate-policy-from-tag.outputs.policy-version }}
release:
needs: [unit-tests, calculate-policy-from-tag]
permissions:
# Required to create GH releases
contents: write
# Required to push to GHCR
packages: write
# Required by cosign keyless signing
id-token: write
concurrency:
group: release-policy # only allow 1 release job of "release-policy" concurrently
cancel-in-progress: false
uses: kubewarden/github-actions/.github/workflows/reusable-release-policy-rego.yml@v3.4.6
with:
oci-target: ghcr.io/${{ github.repository_owner }}/policies/${{ needs.calculate-policy-from-tag.outputs.policy-id }}
policy-working-dir: ${{ needs.calculate-policy-from-tag.outputs.policy-working-dir }}
policy-version: ${{ needs.calculate-policy-from-tag.outputs.policy-version }}