controlplane: prefer kubeconfig-based readiness and secret flow; avoi… #46
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*-rc*' # Release Candidate tags only | |
| - 'v*' # Release tags | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository_owner }}/capt | |
| TEST_IMAGE_NAME: ${{ github.repository_owner }}/capt-test | |
| jobs: | |
| test-release: | |
| if: contains(github.ref, '-rc') # Only run for RC tags | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.23.3' | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata for test image | |
| id: meta-test | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.TEST_IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=tag | |
| - name: Build and push test Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile.rc | |
| platforms: linux/amd64 | |
| push: true | |
| tags: ${{ steps.meta-test.outputs.tags }} | |
| labels: ${{ steps.meta-test.outputs.labels }} | |
| build-image: | |
| if: "!contains(github.ref, '-rc')" # Only run for release tags | |
| runs-on: ${{ matrix.runner }} | |
| permissions: | |
| packages: write | |
| strategy: | |
| matrix: | |
| include: | |
| - runner: ubuntu-24.04 | |
| platform: linux/amd64 | |
| arch: amd64 | |
| - runner: ubuntu-24.04-arm | |
| platform: linux/arm64 | |
| arch: arm64 | |
| outputs: | |
| image_tag: ${{ steps.meta.outputs.tags }} | |
| image_digest: ${{ steps.build.outputs.digest }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.24.4' | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=ref,event=tag,suffix=-${{ matrix.arch }} | |
| type=semver,pattern={{version}},suffix=-${{ matrix.arch }} | |
| labels: | | |
| org.opencontainers.image.title=CAPT | |
| org.opencontainers.image.description=Cluster API Provider for Terraform | |
| org.opencontainers.image.vendor=AppThrust | |
| - name: Build and push Docker image | |
| id: build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| platforms: ${{ matrix.platform }} | |
| push: true | |
| provenance: false | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| create-manifest: | |
| needs: | |
| - build-image | |
| if: "!contains(github.ref, '-rc')" # Only run for release tags | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: write | |
| outputs: | |
| image_tag: ${{ steps.get_tag.outputs.tag }} | |
| steps: | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get tag name | |
| id: get_tag | |
| run: | | |
| TAG=${GITHUB_REF#refs/tags/} | |
| echo "tag=${TAG}" >> $GITHUB_OUTPUT | |
| - name: Create and push manifest list | |
| run: | | |
| TAG=${{ steps.get_tag.outputs.tag }} | |
| # Create manifest list | |
| docker manifest create \ | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${TAG} \ | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${TAG}-amd64 \ | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${TAG}-arm64 | |
| # Annotate architectures (optional but recommended) | |
| docker manifest annotate \ | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${TAG} \ | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${TAG}-amd64 \ | |
| --arch amd64 --os linux | |
| docker manifest annotate \ | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${TAG} \ | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${TAG}-arm64 \ | |
| --arch arm64 --os linux | |
| # Push manifest list | |
| docker manifest push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${TAG} | |
| create-release: | |
| needs: | |
| - create-manifest | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| outputs: | |
| upload_url: ${{ steps.create_release.outputs.upload_url }} | |
| tag_name: ${{ steps.branch_name.outputs.TAG_NAME }} | |
| steps: | |
| # Get the tag name for release | |
| - name: Branch name | |
| id: branch_name | |
| run: | | |
| echo TAG_NAME="${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT | |
| - name: Cleanup duplicate draft releases for this tag | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REPO: ${{ github.repository }} | |
| TAG: ${{ steps.branch_name.outputs.TAG_NAME }} | |
| run: | | |
| set -euo pipefail | |
| url="https://api.github.com/repos/$REPO/releases?per_page=100" | |
| releases=$(curl -fsSL -H "Authorization: token $GH_TOKEN" "$url") | |
| # Delete all draft releases that match this tag (if any) | |
| echo "$releases" | jq -r ".[] | select(.tag_name==\"$TAG\" and .draft==true) | .id" | while read -r id; do | |
| echo "Deleting draft release id=$id for tag=$TAG" | |
| curl -fsSL -X DELETE -H "Authorization: token $GH_TOKEN" "https://api.github.com/repos/$REPO/releases/$id" >/dev/null 2>&1 || true | |
| done | |
| - name: Create Release | |
| id: create_release | |
| uses: shogo82148/actions-create-release@v1.7.8 | |
| with: | |
| release_name: ${{ steps.branch_name.outputs.TAG_NAME }} | |
| draft: true # So we can manually edit before publishing | |
| prerelease: ${{ contains(github.ref, '-') }} | |
| upload-assets: | |
| needs: | |
| - create-manifest | |
| - create-release | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| asset: | |
| - name: metadata.yaml | |
| path: ./metadata.yaml | |
| - name: infrastructure-components.yaml | |
| path: ./capt/infrastructure-capt/v0.0.0/infrastructure-components.yaml | |
| - name: control-plane-components.yaml | |
| path: ./capt/control-plane-capt/v0.0.0/control-plane-components.yaml | |
| - name: cluster-template.yaml | |
| path: ./templates/cluster-template.yaml | |
| - name: cluster-template-topology.yaml | |
| path: ./templates/cluster-template-topology.yaml | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.24.4' | |
| - name: Generate Cluster API manifests | |
| run: | | |
| make clusterctl-setup IMG=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.create-manifest.outputs.image_tag }} | |
| - name: Upload Release Asset - ${{ matrix.asset.name }} | |
| uses: shogo82148/actions-upload-release-asset@v1.8.1 | |
| with: | |
| upload_url: ${{ needs.create-release.outputs.upload_url }} | |
| asset_path: ${{ matrix.asset.path }} | |
| asset_name: ${{ matrix.asset.name }} | |
| asset_content_type: application/octet-stream |