Release build and publish #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release build and publish | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: The version to tag the release with, e.g., 1.2.0, 1.2.1-alpha.1 | |
required: true | |
major_version: | |
description: The major version to tag the release with, e.g., 1.x, 2.x, 3.x | |
required: true | |
permissions: | |
id-token: write | |
contents: write | |
jobs: | |
build_publish_daemon_image: | |
name: Build X-Ray daemon artifacts and publish docker image to docker hub and public ECR | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v2 | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: '^1.21.3' | |
- uses: actions/cache@v2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Build archives and test | |
run: make build test | |
env: | |
VERSION: ${{ github.event.inputs.version }} | |
- name: Build Linux archives | |
run: make packaging | |
env: | |
VERSION: ${{ github.event.inputs.version }} | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }} | |
aws-region: us-east-1 | |
- name: Download package signing GPG secret key | |
run: | | |
aws secretsmanager get-secret-value --region us-east-1 --secret-id "XRayDaemonSecrets" | jq -r ".SecretString" > aws-xray-secret.gpg | |
md5sum aws-xray-secret.gpg | |
- name: Import signing GPG key | |
run: | | |
gpg --import aws-xray-secret.gpg | |
gpg --list-keys | |
gpg --armor --export -a "aws-xray@amazon.com" > aws-xray-public.gpg | |
rpm --import aws-xray-public.gpg | |
shred -fuvz aws-xray-secret.gpg | |
shred -fuvz aws-xray-public.gpg | |
- name: Sign daemon packages | |
run: ./Tool/src/packaging/sign-packages.sh | |
- name: Remove Package Signing GPG Key from local GPG Key Ring | |
run: | | |
gpg --fingerprint --with-colons aws-xray@amazon.com | grep -m 1 "fpr" | sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p' | xargs gpg --batch --yes --delete-secret-keys | |
gpg --list-secret-keys | |
- name: Upload archives as actions artifact | |
uses: actions/upload-artifact@v2 | |
with: | |
name: distributions | |
path: build/dist/ | |
- name: Login to Public ECR | |
run: aws ecr-public get-login-password | docker login --username AWS --password-stdin public.ecr.aws | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_USER }} | |
password: ${{ secrets.DOCKER_PASS }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Cache Docker layers | |
uses: actions/cache@v2 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Build and push docker image for Public ECR | |
uses: docker/build-push-action@v2 | |
with: | |
context: . | |
file: ./Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
tags: | | |
public.ecr.aws/xray/aws-xray-daemon:${{ github.event.inputs.version }} | |
public.ecr.aws/xray/aws-xray-daemon:latest | |
public.ecr.aws/xray/aws-xray-daemon:${{ github.event.inputs.major_version }} | |
push: true | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
- name: Build and push docker image for DockerHub | |
uses: docker/build-push-action@v2 | |
with: | |
context: . | |
file: ./Dockerfile.amazonlinux | |
platforms: linux/amd64,linux/arm64 | |
tags: | | |
amazon/aws-xray-daemon:${{ github.event.inputs.version }} | |
amazon/aws-xray-daemon:latest | |
amazon/aws-xray-daemon:${{ github.event.inputs.major_version }} | |
push: true | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
- name: Create Release | |
id: create_release | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: 'v${{ github.event.inputs.version }}' | |
release_name: 'AWS X-Ray daemon update v${{ github.event.inputs.version }}' | |
body: 'Please refer [change-log](https://github.com/aws/aws-xray-daemon/blob/master/CHANGELOG.md) for more details' | |
draft: true | |
prerelease: false |