Add GitHub Action to install and setup ko

[imjasonh]

Example usage:

name: Publish
on:
  push:
    branches: [ 'main' ]
jobs:
  publish:
    name: Publish
    steps:
      - uses: actions/setup-go@v2
        with:
          go-version: 1.15
      - uses: actions/checkout@v2

      - name: Setup ko
        uses: google/ko@main

      - name: Publish
        run: ko publish ./cmd/server

This workflow will install the latest released version of ko by default, ko login ghcr.io using the GITHUB_TOKEN secret, and set KO_DOCKER_REPO=ghcr.io/[owner]/[repo] for future steps, so the ko publish step will publish to ghcr.io/[owner]/[repo]/server-[md5].

If a user wants to publish elsewhere, they can set KO_DOCKER_REPO themselves and provide credentials for that registry.

The action takes an input to install a specific version of ko:

- name: Setup ko
  uses: google/ko@main
  with:
    version: v0.6.0

Users can also specify version: tip to build and install ko from the tip of the main branch using go get.

A note on versioning

In general it's probably bad advice to recommend users reference the action from @main -- unintended breakages and possible vulnerabilities could ensue.

When included in the google/ko repo and published to the GitHub Marketplace, the action definition will be released and versioned alongside existing ko binary releases. This means users will be able to specify uses: google/ko@v1.2.3 to pick up v1.2.3 of the action definition, even though it would by default install the floating latest release of ko.

I don't have a good solution to this, maybe we could try to make uses: google/ko@v1.2.3 also install v1.2.3 by default? Anyway I wanted to point it out as a possible cause of confusion.

---

I've iterated on this in https://github.com/imjasonh/ghatest, where you can see an example workflow: https://github.com/imjasonh/ghatest/blob/main/.github/workflows/build.yaml

When this PR is merged, I'll delist https://github.com/marketplace/actions/setup-ko and publish google/ko's action to the GitHub Marketplace, where it will look mostly the same, with a better README.

cc @mattmoor who has some experience with GitHub Actions

[codecov-commenter]

Codecov Report

Merging #347 (b3e506c) into main (29cd8e0) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #347   +/-   ##
=======================================
  Coverage   38.37%   38.37%           
=======================================
  Files          33       33           
  Lines        1522     1522           
=======================================
  Hits          584      584           
  Misses        844      844           
  Partials       94       94           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 29cd8e0...b3e506c. Read the comment docs.

[imjasonh]

Apparently ${{ github.token }} is always available to actions, so we could just always ko login to ghcr.io/[owner]/[repo]. If a user doesn't want that, they can just set KO_DOCKER_REPO to something else, and they could disable the token's access to packages entirely (I think; I've been unable to demonstrate this 🤔 ).

edit: I like this more, let's login to ghcr.io by default.