ci: generate hauls for each release for air-gapped delivery (#312)

## Issue
<!-- Link to the github issue this PR address, ie: #123 -->

## Description
<!-- Description of the changes made -->

---------

Signed-off-by: Tyler Gillson <tyler.gillson@gmail.com>

.github/workflows/release.yaml

@@ -15,3 +15,20 @@ jobs:
       packages: write
       pull-requests: write
     secrets: inherit
+
+  haul:
+    if: needs.call-release.outputs.releases_created == 'true'
+    runs-on: [self-hosted, Linux, X64, validator]
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        with:
+          submodules: recursive
+
+      - name: Generate Hauls for release
+        run: make haul
+
+      - name: Attach Hauls to release
+        uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2
+        with:
+          tag_name: ${{ needs.call-release.outputs.tag_name }}
+          files: ./validator-haul-linux-amd64.tar.zst,./validator-haul-darwin-arm64.tar.zst

Makefile

@@ -10,4 +10,20 @@ CHART_NAME=validator
 
 .PHONY: docker-build-certs-init
 docker-build-certs-init: ## Build validator-certs-init docker image.
-	$(CONTAINER_TOOL) build -f hack/validator-certs-init.Dockerfile -t ${CERTS_INIT_IMG} . --platform linux/$(GOARCH)
+	$(CONTAINER_TOOL) build -f hack/validator-certs-init.Dockerfile -t ${CERTS_INIT_IMG} . --platform linux/$(GOARCH)
+
+PLATFORMS ?= linux/amd64 darwin/arm64
+.PHONY: haul
+haul: hauler ## Generate Hauls for latest release
+	$(foreach platform,$(PLATFORMS),\
+		$(eval GOOS=$(word 1,$(subst /, ,$(platform)))) \
+		$(eval GOARCH=$(word 2,$(subst /, ,$(platform)))) \
+		echo "Building Haul for $(GOOS)/$(GOARCH)..."; \
+		hauler store sync -s store-$(GOOS)-$(GOARCH) -f hauler-manifest.yaml -p $(platform); \
+		hauler store save -s store-$(GOOS)-$(GOARCH) -f validator-haul-$(GOOS)-$(GOARCH).tar.zst; \
+		rm -rf store-$(GOOS)-$(GOARCH);
+
+HAULER_VERSION ?= 1.0.4
+.PHONY: hauler
+hauler: ## Install hauler
+	curl -sfL https://get.hauler.dev | HAULER_VERSION=$(HAULER_VERSION) bash

chart/validator/README.md

@@ -37,7 +37,7 @@ The following table lists the configurable parameters of the Validator chart and
 | `metricsService.type` |  | `"ClusterIP"` |
 | `env` |  | `[]` |
 | `proxy.enabled` |  | `false` |
-| `proxy.image` |  | `"quay.io/validator-labs/validator-certs-init:latest"` |
+| `proxy.image` |  | `"quay.io/validator-labs/validator-certs-init:1.0.0"` |
 | `proxy.secretName` |  | `"proxy-cert"` |
 | `proxy.createSecret` |  | `false` |
 | `proxy.caCert` |  | `"-----BEGIN CERTIFICATE-----\n<your certificate content here>\n-----END CERTIFICATE-----\n"` |

chart/validator/values.yaml

@@ -66,7 +66,7 @@ env: []
 proxy:
   enabled: false
   # The image used by the init container. Must include the update-ca-certificates command.
-  image: quay.io/validator-labs/validator-certs-init:latest
+  image: quay.io/validator-labs/validator-certs-init:1.0.0
   # The name of a secret containing a proxy CA certificate.
   secretName: proxy-cert
   # If false (using an existing secret), the key whose value is the CA certificate must end with '.crt'.

hauler-manifest.yaml

@@ -0,0 +1,60 @@
+apiVersion: content.hauler.cattle.io/v1alpha1
+kind: Images
+metadata:
+  name: validator-images
+spec:
+  images:
+    - name: quay.io/validator-labs/validator:v0.0.44
+    - name: quay.io/validator-labs/validator-plugin-aws:v0.1.1
+    - name: quay.io/validator-labs/validator-plugin-azure:v0.0.12
+    - name: quay.io/validator-labs/validator-plugin-kubescape:v0.0.3
+    - name: quay.io/validator-labs/validator-plugin-maas:v0.0.4
+    - name: quay.io/validator-labs/validator-plugin-network:v0.0.17
+    - name: quay.io/validator-labs/validator-plugin-oci:v0.0.10
+    - name: quay.io/validator-labs/validator-plugin-vsphere:v0.0.26
+    - name: quay.io/validator-labs/validator-certs-init:1.0.0
+    - name: gcr.io/spectro-images-public/release/spectro-cleanup:1.2.0
+    - name: kindest/node:v1.30.2
+    # TODO: align on a single kube-rbac-proxy image
+    - name: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0
+    - name: gcr.io/kubebuilder/kube-rbac-proxy:v0.16.0
+---
+apiVersion: content.hauler.cattle.io/v1alpha1
+kind: Charts
+metadata:
+  name: validator-charts
+spec:
+  charts:
+    - name: validator
+      repoURL: https://validator-labs.github.io/validator
+      version: 0.0.44
+    - name: validator-plugin-aws
+      repoURL: https://validator-labs.github.io/validator-plugin-aws
+      version: 0.1.1
+    - name: validator-plugin-azure
+      repoURL: https://validator-labs.github.io/validator-plugin-azure
+      version: 0.0.12
+    - name: validator-plugin-kubescape
+      repoURL: https://validator-labs.github.io/validator-plugin-kubescape
+      version: 0.0.3
+    - name: validator-plugin-maas
+      repoURL: https://validator-labs.github.io/validator-plugin-maas
+      version: 0.0.4
+    - name: validator-plugin-network
+      repoURL: https://validator-labs.github.io/validator-plugin-network
+      version: 0.0.17
+    - name: validator-plugin-oci
+      repoURL: https://validator-labs.github.io/validator-plugin-oci
+      version: 0.0.10
+    - name: validator-plugin-vsphere
+      repoURL: https://validator-labs.github.io/validator-plugin-vsphere
+      version: 0.0.26
+---
+apiVersion: content.hauler.cattle.io/v1alpha1
+kind: Files
+metadata:
+  name: validator-files
+spec:
+  files:
+    - name: validatorctl
+      path: https://github.com/validator-labs/validatorctl/releases/download/v0.0.3/validator-linux-amd64