Update dependencies (#1972) #41

Workflow file for this run

.github/workflows/publish-images.yaml at e818731

	name: Publish images

	on:
	push:
	tags:
	- v[0-9]+.[0-9]+.[0-9]+
	- v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+ # include prerelease tags too

	permissions:
	contents: read
	id-token: write

	jobs:
	prepare:
	name: Prepare properties
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
	- name: Prepare build parameters
	id: prep
	run: \|
	hack/build/ci/prepare-build-variables.sh
	- name: Docker metadata
	uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0
	id: meta
	with:
	images: dynatrace/dynatrace-operator
	tags: ${{ steps.prep.outputs.docker_image_tag }}
	labels: \|
	${{ steps.prep.outputs.docker_image_labels }}
	vcs-ref=${{ github.sha }}
	outputs:
	labels: ${{ steps.meta.outputs.labels }}
	version: ${{ steps.prep.outputs.docker_image_tag }}

	build:
	name: Build images
	runs-on: ubuntu-latest
	needs: [prepare]
	strategy:
	matrix:
	platform: [amd64, arm64, ppc64le]
	steps:
	- name: Checkout
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
	- name: Build image
	uses: ./.github/actions/build-image
	with:
	platform: ${{ matrix.platform }}
	labels: ${{ needs.prepare.outputs.labels }}
	image-tag: ${{ needs.prepare.outputs.version }}

	push:
	name: Push images
	environment: Release
	needs: [prepare, build]
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	strategy:
	matrix:
	platform: [amd64, arm64, ppc64le]
	registry: [gcr, dockerhub]
	include:
	- registry: gcr
	url: gcr.io
	repository: GCR_REPOSITORY
	username: GCR_USERNAME
	password: GCR_JSON_KEY
	- registry: dockerhub
	url: docker.io
	repository: DOCKERHUB_REPOSITORY
	username: DOCKERHUB_USERNAME
	password: DOCKERHUB_PASSWORD
	steps:
	- name: Checkout
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
	- name: Login to Registry
	uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
	with:
	registry: ${{ matrix.url }}
	username: ${{ secrets[matrix.username] }}
	password: ${{ secrets[matrix.password] }}
	- name: Push ${{matrix.platform}} to ${{matrix.registry}}
	uses: ./.github/actions/upload-image
	with:
	platform: ${{ matrix.platform }}
	labels: ${{ needs.prepare.outputs.labels }}
	version: ${{ needs.prepare.outputs.version }}
	registry: ${{ matrix.url }}
	repository: ${{ secrets[matrix.repository] }}
	- name: Get image digest
	id: digest
	env:
	IMAGE: ${{ matrix.url }}/${{ secrets[matrix.repository] }}:${{ needs.prepare.outputs.version }}-${{ matrix.platform }}
	run: \|
	hack/build/ci/get-image-digest.sh
	- name: Sign image for ${{matrix.registry}}
	uses: ./.github/actions/sign-image
	with:
	image: ${{ matrix.url }}/${{ secrets[matrix.repository] }}:${{ needs.prepare.outputs.version }}-${{ matrix.platform }}@${{steps.digest.outputs.digest}}
	signing-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
	signing-password: ${{ secrets.COSIGN_PASSWORD }}

	push-rhcc:
	name: Push amd64 image to RHCC
	if: ${{ !contains(github.ref, '-rc') }}
	environment: Release
	needs: [prepare, build]
	runs-on: ubuntu-latest
	env:
	SCAN_REGISTRY: "quay.io"
	steps:
	- name: Checkout
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
	- name: Login to Registry
	uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
	with:
	registry: ${{ env.SCAN_REGISTRY }}
	username: ${{ secrets.RHCC_USERNAME }}
	password: ${{ secrets.RHCC_PASSWORD }}
	- name: Push amd64 image to scan registry
	uses: ./.github/actions/upload-image
	with:
	platform: "amd64"
	labels: ${{ needs.prepare.outputs.labels }}
	version: ${{ needs.prepare.outputs.version }}
	registry: ${{ env.SCAN_REGISTRY }}
	repository: ${{ secrets.RHCC_REPOSITORY }}
	skip-platform-suffix: true
	- name: Run preflight
	uses: ./.github/actions/preflight
	with:
	version: ${{ needs.prepare.outputs.version }}
	registry: ${{ env.SCAN_REGISTRY }}
	repository: ${{ secrets.RHCC_REPOSITORY }}
	report-name: "preflight.json"
	redhat-project-id: ${{ secrets.REDHAT_PROJECT_ID }}
	pyxis-api-token: ${{ secrets.PYXIS_API_TOKEN }}

	manifest:
	name: Create manifest
	environment: Release
	needs: [prepare, push]
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	strategy:
	matrix:
	registry: [gcr, dockerhub]
	include:
	- registry: gcr
	url: gcr.io
	repository: GCR_REPOSITORY
	username: GCR_USERNAME
	password: GCR_JSON_KEY
	- registry: dockerhub
	url: docker.io
	repository: DOCKERHUB_REPOSITORY
	username: DOCKERHUB_USERNAME
	password: DOCKERHUB_PASSWORD
	steps:
	- name: Checkout
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
	- name: Login to Registry
	uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
	with:
	registry: ${{ matrix.url }}
	username: ${{ secrets[matrix.username] }}
	password: ${{ secrets[matrix.password] }}
	- name: Create manifests for ${{matrix.registry}}
	uses: ./.github/actions/create-manifests
	with:
	version: ${{ needs.prepare.outputs.version }}
	registry: ${{ matrix.url }}
	repository: ${{ secrets[matrix.repository] }}
	combined: true
	- name: Get image digest
	id: digest
	env:
	IMAGE: ${{ matrix.url }}/${{ secrets[matrix.repository] }}:${{ needs.prepare.outputs.version }}
	run: \|
	hack/build/ci/get-image-digest.sh
	- name: Sign manifests for ${{matrix.registry}}
	uses: ./.github/actions/sign-image
	with:
	image: ${{ matrix.url }}/${{ secrets[matrix.repository] }}:${{ needs.prepare.outputs.version }}@${{steps.digest.outputs.digest}}
	signing-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
	signing-password: ${{ secrets.COSIGN_PASSWORD }}
	attach-sbom:
	name: Attach sbom
	environment: Release
	needs: [ prepare, push, manifest ]
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	strategy:
	matrix:
	registry: [gcr, dockerhub]
	include:
	- registry: gcr
	url: gcr.io
	repository: GCR_REPOSITORY
	username: GCR_USERNAME
	password: GCR_JSON_KEY
	- registry: dockerhub
	url: docker.io
	repository: DOCKERHUB_REPOSITORY
	username: DOCKERHUB_USERNAME
	password: DOCKERHUB_PASSWORD
	steps:
	- name: Checkout
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
	- name: Login to Registry
	uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
	with:
	registry: ${{ matrix.url }}
	username: ${{ secrets[matrix.username] }}
	password: ${{ secrets[matrix.password] }}
	- name: Get operator-image digest
	id: operator-digest
	env:
	IMAGE: ${{ matrix.url }}/${{ secrets[matrix.repository] }}:${{ needs.prepare.outputs.version }}
	run: \|
	hack/build/ci/get-image-digest.sh
	- name: Create sbom for ${{matrix.registry}}
	id: sbom
	uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54 # v0.11.2
	with:
	image-ref: ${{ matrix.url }}/${{ secrets[matrix.repository] }}:${{ needs.prepare.outputs.version }}@${{steps.operator-digest.outputs.digest}}
	format: 'cyclonedx'
	output: 'result.json'
	skip-dirs: '/usr/share/dynatrace-operator/third_party_licenses'
	- name: Upload sbom to ${{matrix.registry}}
	uses: ./.github/actions/upload-sbom
	with:
	image: ${{ matrix.url }}/${{ secrets[matrix.repository] }}:${{ needs.prepare.outputs.version }}@${{steps.operator-digest.outputs.digest}}
	sbom: 'result.json'
	signing-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
	signing-password: ${{ secrets.COSIGN_PASSWORD }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependencies (#1972) #41

Workflow file

Update dependencies (#1972) #41

Jobs

Run details

Workflow file for this run