name: Finalize release on: release: types: [published] workflow_dispatch: inputs: version: description: 'Run finalize release on a specific tag.' required: true default: '' jobs: push-final-images: runs-on: ubuntu-latest env: SYSDIG_IMAGE_BASE: ghcr.io/draios/sysdig SYSDIG_DOCKERHUB_IMAGE_BASE: docker.io/sysdig/sysdig RELEASE: ${{ (github.event_name == 'workflow_dispatch') && (github.event.inputs.version != '') && github.event.inputs.version || github.event.release.name }} steps: - name: Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_HUB_USERNAME_PUBLIC }} password: ${{ secrets.DOCKER_HUB_PASSWORD_PUBLIC }} - name: Login to Github Packages uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Publish final docker images uses: akhilerm/tag-push-action@v2.0.0 with: src: ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.RELEASE }}-draft dst: | ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.RELEASE }} ${{ env.SYSDIG_IMAGE_BASE }}:latest ${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:${{ env.RELEASE }} ${{ env.SYSDIG_DOCKERHUB_IMAGE_BASE }}:latest release-rpm: strategy: matrix: name: [amd64, arm64] include: - name: amd64 base_arch: x86_64 release_arch: x86_64 - name: arm64 base_arch: aarch64 release_arch: aarch64 runs-on: ubuntu-latest env: RPM_BASEARCH: ${{ matrix.base_arch }} RELEASE_ARCH: ${{ matrix.release_arch }} REPOSITORY_NAME: stable REPOSITORY_DIR: rpm_repo PACKAGES_DIR: packages S3_BUCKET: download.draios.com RELEASE: ${{ (github.event_name == 'workflow_dispatch') && (github.event.inputs.version != '') && github.event.inputs.version || github.event.release.name }} KEY_ID: EC51E8C4 # These permissions are needed to interact with GitHub's OIDC Token endpoint. permissions: id-token: write contents: read container: image: centos:8 steps: - name: Install deps run: | sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-* yum -y install unzip createrepo_c git cd /tmp curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip ./aws/install - name: Checkout Sysdig uses: actions/checkout@v2 with: path: sysdig - name: Create directories run: | mkdir -p $REPOSITORY_DIR mkdir -p $PACKAGES_DIR - name: Download RPM uses: dsaltares/fetch-gh-release-asset@master with: version: "tags/${{ env.RELEASE }}" file: sysdig-${{ env.RELEASE }}-${{ env.RELEASE_ARCH }}.rpm target: ${{ env.PACKAGES_DIR }}/sysdig-${{ env.RELEASE }}-${{ env.RELEASE_ARCH }}.rpm token: ${{ secrets.GITHUB_TOKEN }} - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@fcd8bb1e0a3c9d2a0687615ee31d34d8aea18a96 with: role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} aws-region: us-east-1 - name: Import private key env: PRIVATE_KEY: ${{ secrets.SYSDIG_REPO_SIGNING_KEY }} run: printenv PRIVATE_KEY | gpg --import - - name: Release RPMs env: SCRIPTS_DIR: sysdig/scripts/release run: sysdig/scripts/release/release_rpm.sh release-deb: strategy: matrix: name: [amd64, arm64] include: - name: amd64 base_arch: amd64 release_arch: x86_64 - name: arm64 base_arch: arm64 release_arch: aarch64 runs-on: ubuntu-latest env: DEB_BASEARCH: ${{ matrix.base_arch }} RELEASE_ARCH: ${{ matrix.release_arch }} REPOSITORY_NAME: stable REPOSITORY_DIR: deb_repo PACKAGES_DIR: packages RELEASE: ${{ (github.event_name == 'workflow_dispatch') && (github.event.inputs.version != '') && github.event.inputs.version || github.event.release.name }} S3_BUCKET: download.draios.com KEY_ID: EC51E8C4 # These permissions are needed to interact with GitHub's OIDC Token endpoint. permissions: id-token: write contents: read steps: - name: Install deps run: | sudo apt-get update && sudo apt-get -y install dpkg-dev gpg - name: Checkout Sysdig uses: actions/checkout@v2 with: path: sysdig - name: Create directories run: | mkdir -p $REPOSITORY_DIR mkdir -p $PACKAGES_DIR - name: Download DEB uses: dsaltares/fetch-gh-release-asset@master with: version: "tags/${{ env.RELEASE }}" file: sysdig-${{ env.RELEASE }}-${{ env.RELEASE_ARCH }}.deb target: ${{ env.PACKAGES_DIR }}/sysdig-${{ env.RELEASE }}-${{ env.RELEASE_ARCH }}.deb token: ${{ secrets.GITHUB_TOKEN }} - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@fcd8bb1e0a3c9d2a0687615ee31d34d8aea18a96 with: role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} aws-region: us-east-1 - name: Import private key env: PRIVATE_KEY: ${{ secrets.SYSDIG_REPO_SIGNING_KEY }} run: printenv PRIVATE_KEY | gpg --import - - name: Release DEBs env: SCRIPTS_DIR: sysdig/scripts/release run: sysdig/scripts/release/release_deb.sh release-tgz: strategy: matrix: name: [amd64, arm64] include: - name: amd64 base_arch: x86_64 release_arch: x86_64 - name: arm64 base_arch: aarch64 release_arch: aarch64 runs-on: ubuntu-latest env: RELEASE_ARCH: ${{ matrix.release_arch }} TGZ_BASEARCH: ${{ matrix.base_arch }} REPOSITORY_NAME: stable REPOSITORY_DIR: tgz_repo PACKAGES_DIR: packages RELEASE: ${{ (github.event_name == 'workflow_dispatch') && (github.event.inputs.version != '') && github.event.inputs.version || github.event.release.name }} S3_BUCKET: download.draios.com # These permissions are needed to interact with GitHub's OIDC Token endpoint. permissions: id-token: write contents: read steps: - name: Checkout Sysdig uses: actions/checkout@v2 with: path: sysdig - name: Create directories run: | mkdir -p $REPOSITORY_DIR mkdir -p $PACKAGES_DIR - name: Download targz uses: dsaltares/fetch-gh-release-asset@master with: version: "tags/${{ env.RELEASE }}" file: sysdig-${{ env.RELEASE }}-${{ env.RELEASE_ARCH }}.tar.gz target: ${{ env.PACKAGES_DIR }}/sysdig-${{ env.RELEASE }}-${{ env.RELEASE_ARCH }}.tar.gz token: ${{ secrets.GITHUB_TOKEN }} - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@fcd8bb1e0a3c9d2a0687615ee31d34d8aea18a96 with: role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} aws-region: us-east-1 - name: Release tar.gz run: sysdig/scripts/release/release_tgz.sh - name: Release install-sysdig run: aws s3 cp sysdig/scripts/install-sysdig s3://${{ env.S3_BUCKET }}/${{ env.REPOSITORY_NAME }}/ --acl public-read