77
88jobs :
99 test :
10- uses : chainloop-dev/bedrock-old/.github/workflows/test.yml@main
11- # secrets required to run the attestation on the testing job, otherwise the chainloop token is not available
12- secrets : inherit
10+ uses : chainloop-dev/chainloop/.github/workflows/test.yml@main
1311
1412 release :
1513 name : Release CLI and control-plane/artifact-cas container images
2119 contents : write # required for goreleaser
2220 env :
2321 CHAINLOOP_VERSION : 0.8.89
24- CHAINLOOP_ROBOT_ACCOUNT : ${{ secrets.CHAINLOOP_WF_RELEASE }}
25- CONTAINER_IMAGE_CP : us-east1-docker.pkg.dev/bedrock-371810 /chainloop/control-plane:${{ github.ref_name }}
26- CONTAINER_IMAGE_CAS : us-east1-docker.pkg.dev/bedrock-371810 /chainloop/artifact-cas:${{ github.ref_name }}
22+ CHAINLOOP_ROBOT_ACCOUNT : ${{ secrets.CHAINLOOP_ROBOT_ACCOUNT }}
23+ CONTAINER_IMAGE_CP : ghcr.io/chainloop-dev /chainloop/control-plane:${{ github.ref_name }}
24+ CONTAINER_IMAGE_CAS : ghcr.io/chainloop-dev /chainloop/artifact-cas:${{ github.ref_name }}
2725 steps :
2826 - name : Install Cosign
2927 uses : sigstore/cosign-installer@v2.5.0
@@ -45,25 +43,18 @@ jobs:
4543 - name : Initialize Attestation
4644 run : |
4745 chainloop attestation init
48- - name : Set up Go
49- uses : actions/setup-go@v3
50- with :
51- go-version : " 1.20"
5246
53- - name : " Configure Google Cloud credentials"
54- id : " auth-google"
55- uses : " google-github-actions/auth@v0"
47+ - name : Docker login to Github Packages
48+ uses : docker/login-action@v2
5649 with :
57- token_format : " access_token "
58- workload_identity_provider : projects/1044976554810/locations/global/workloadIdentityPools/chainloop- github-pool/providers/github-provider
59- service_account : chainloop-release-github@bedrock-371810.iam.gserviceaccount.com
50+ registry : ghcr.io
51+ username : ${{ github.actor }}
52+ password : ${{ secrets.GITHUB_TOKEN }}
6053
61- - name : Login to GAR
62- uses : docker/login-action@v2
54+ - name : Set up Go
55+ uses : actions/setup-go@v3
6356 with :
64- registry : us-east1-docker.pkg.dev
65- username : oauth2accesstoken
66- password : ${{ steps.auth-google.outputs.access_token }}
57+ go-version : " 1.20"
6758
6859 - name : Run GoReleaser
6960 id : release
@@ -130,71 +121,3 @@ jobs:
130121 if : ${{ cancelled() }}
131122 run : |
132123 chainloop attestation reset --trigger cancellation
133-
134- deploy :
135- name : Deploy to Kubernetes
136- runs-on : ubuntu-latest
137- needs : release
138- strategy :
139- fail-fast : false
140- matrix :
141- app :
142- - controlplane
143- - frontend
144- - artifact-cas
145- if : github.ref_type == 'tag' # Guard to make sure we are releasing once
146- permissions :
147- id-token : write
148- contents : write
149- steps :
150- - name : Checkout
151- uses : actions/checkout@v3
152- with :
153- fetch-depth : 0
154-
155- - name : " Configure Google Cloud credentials"
156- id : " auth-google"
157- uses : " google-github-actions/auth@v0"
158- with :
159- token_format : " access_token"
160- workload_identity_provider : projects/1044976554810/locations/global/workloadIdentityPools/chainloop-github-pool/providers/github-provider
161- service_account : chainloop-release-github@bedrock-371810.iam.gserviceaccount.com
162-
163- - name : " Get Google Kubernetes Engine credentials"
164- uses : " google-github-actions/get-gke-credentials@v1"
165- with :
166- cluster_name : " bedrock"
167- location : " us-central1"
168-
169- - name : Check kubectl
170- run : kubectl cluster-info
171-
172- - name : Check Helm version
173- run : helm version
174-
175- - name : Bump Helm Chart
176- if : ${{ matrix.app == 'controlplane' || matrix.app == 'artifact-cas' }}
177- run : cd deployment && ./bump-chart-app-version.sh ${{ matrix.app }}/chart/Chart.yaml ${{ github.ref_name }}
178-
179- - name : Bump Helm Chart Frontend
180- if : ${{ matrix.app == 'frontend' }}
181- run : |
182- # The frontend follows upstream frontend version instead
183- LATEST_FRONTEND=$(gh api repos/chainloop-dev/frontend/tags -q ".[0].name")
184- cd deployment && ./bump-chart-app-version.sh ${{ matrix.app }}/chart/Chart.yaml ${LATEST_FRONTEND}
185- env :
186- # PAT token with permissions to access the frontend private repository
187- GITHUB_TOKEN : ${{ secrets.PAT_FRONTEND_TAGS_LIST }}
188-
189- - name : Deploy to production
190- run : make -C deployment/${{ matrix.app }} upgrade-prod
191-
192- - name : Commit new Helm Chart
193- uses : stefanzweifel/git-auto-commit-action@v4
194- with :
195- commit_message : Bump ${{ matrix.app }} Chart Version to ${{github.ref_name}}
196- skip_checkout : false
197- file_pattern : " */*/chart/Chart.yaml"
198- branch : main
199- commit_author : Chainloop bot <bot@chainloop.dev>
200- push_options : " --force"
0 commit comments