release.yaml

name: Release kubectl-testkube

on:
  push:
    tags:
      - "v[0-9]+.[0-9]+.[0-9]+"

permissions:
  id-token: write # needed for keyless signing
  contents: write

env:
  TESTKUBE_CHOCO_REPO: https://chocolatey.kubeshop.io/
  ALPINE_IMAGE: alpine:3.18.0

jobs:
  pre_build:
    name: Pre-build
    runs-on: ubuntu-latest
    strategy:
      matrix:
        include:
          - name: "linux"
            path: .builds-linux.goreleaser.yml
          - name: "windows"
            path: .builds-windows.goreleaser.yml
          - name: "darwin"
            path: .builds-darwin.goreleaser.yml
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Set up QEMU
        if: matrix.name == 'linux'
        uses: docker/setup-qemu-action@v1

      - name: Set up Docker Buildx
        if: matrix.name == 'linux'
        id: buildx
        uses: docker/setup-buildx-action@v1

      - name: Set up Go
        uses: actions/setup-go@v2
        with:
          go-version: 1.21

      - name: Go Cache
        uses: actions/cache@v2
        with:
          path: |
            ~/go/pkg/mod
            ~/.cache/go-build
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-

      - name: Login to DockerHub
        if: matrix.name == 'linux'
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Get tag
        id: tag
        uses: dawidd6/action-get-tag@v1
        with:
          strip_v: true

      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v4
        with:
          distribution: goreleaser-pro
          version: latest
          args: release -f ${{ matrix.path }} --skip-publish
        env:
          GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }}
          ANALYTICS_TRACKING_ID: "${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_ID}}"
          ANALYTICS_API_KEY: "${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_SECRET}}"
          # Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution
          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
          DOCKER_BUILDX_BUILDER: "${{ steps.buildx.outputs.name }}"
          DOCKER_BUILDX_CACHE_FROM: "type=gha"
          DOCKER_BUILDX_CACHE_TO: "type=gha,mode=max"
          ALPINE_IMAGE: ${{ env.ALPINE_IMAGE }}
          DOCKER_IMAGE_TAG: ${{steps.tag.outputs.tag}}

      - name: Push Docker images
        if: matrix.name == 'linux'
        run: |
          docker push kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-arm64v8
          docker push kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-amd64

          # adding the docker manifest for the latest image tag
          docker manifest create kubeshop/testkube-cli:latest --amend kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-amd64 --amend kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-arm64v8
          docker manifest push -p kubeshop/testkube-cli:latest

          docker manifest create kubeshop/testkube-cli:${{steps.tag.outputs.tag}} --amend kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-amd64 --amend kubeshop/testkube-cli:${{steps.tag.outputs.tag}}-arm64v8
          docker manifest push -p kubeshop/testkube-cli:${{steps.tag.outputs.tag}}

      - name: Upload Artifacts
        uses: actions/upload-artifact@master
        with:
          name: testkube_${{ matrix.name }}
          path: |
            ${{ matrix.name }}/testkube_${{ matrix.name }}_*
          retention-days: 1

  release:
    name: Create and upload release-artifacts
    needs: pre_build
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - uses: sigstore/cosign-installer@v3.4.0
      - uses: anchore/sbom-action/download-syft@v0.14.2
      - name: Download Artifacts for Linux
        uses: actions/download-artifact@master
        with:
          name: testkube_linux
          path: linux
      - name: Download Artifacts for Windows
        uses: actions/download-artifact@master
        with:
          name: testkube_windows
          path: windows
      - name: Download Artifacts for Darwin
        uses: actions/download-artifact@master
        with:
          name: testkube_darwin
          path: darwin
      # Added as a workaround since files lose their permissions when being moved from one stage to another in GH. A bug was reported
      # and will be fixed in the next release of GoReleaser, thus we will be able to remove this code.
      - name: Add executable mode
        run: chmod -R +x linux/ darwin/
      - name: Set up Go
        uses: actions/setup-go@v2
        with:
          go-version: 1.21
      - name: Go Cache
        uses: actions/cache@v2
        with:
          path: |
            ~/go/pkg/mod
            ~/.cache/go-build
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v2
        with:
          distribution: goreleaser-pro
          version: latest
          args: release -f .goreleaser.yml
        env:
          GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }}
          ANALYTICS_TRACKING_ID: "${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_ID}}"
          ANALYTICS_API_KEY: "${{secrets.TESTKUBE_CLI_GA_MEASUREMENT_SECRET}}"
          SLACK_BOT_CLIENT_ID: "${{secrets.TESTKUBE_SLACK_BOT_CLIENT_ID}}"
          SLACK_BOT_CLIENT_SECRET: "${{secrets.TESTKUBE_SLACK_BOT_CLIENT_SECRET}}"
          # Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution
          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
      - name: Store Intermediate Artifacts
        uses: actions/upload-artifact@master
        with:
          name: bin-artifacts
          path: dist
          retention-days: 1

  build-and-publish-windows-installer:
    needs: release
    runs-on: windows-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Get Intermediate Artifacts
        uses: actions/download-artifact@master
        with:
          name: testkube_windows
          path: windows

      - name: Get MSFT Cert
        id: write_file
        uses: timheuer/base64-to-file@v1.1
        with:
          fileName: "kubeshop_msft.p12"
          fileDir: "./temp/"
          encodedString: ${{ secrets.CERT_MSFT_KUBESHOP_P12_B64 }}

      - name: Create and Sign MSI
        run: |
          Copy-Item 'windows\testkube_windows_386\kubectl-testkube.exe' '.\kubectl-testkube.exe'
          Copy-Item 'build\installer\windows\testkube.wxs' '.\testkube.wxs'
          Copy-Item 'build\installer\windows\tk.bat' '.\tk.bat'
          Copy-Item 'build\installer\windows\testkube.bat' '.\testkube.bat'
          & "$env:WIX\bin\candle.exe" *.wxs
          & "$env:WIX\bin\light.exe" *.wixobj
          & "C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\signtool.exe" sign /f "$env:P12_CERT" /p "$env:P12_PASSWORD" /d "Kubetest by Kubeshop" /tr http://timestamp.digicert.com testkube.msi
        env:
          P12_CERT: ${{ steps.write_file.outputs.filePath }}
          P12_PASSWORD: ${{ secrets.CERT_MSFT_KUBESHOP_P12_PASSWORD }}

      - name: Get tag
        id: tag
        uses: dawidd6/action-get-tag@v1
        with:
          # Optionally strip `v` prefix
          strip_v: true

      - name: Get release
        id: get_release
        uses: bruceadams/get-release@v1.2.3
        env:
          GITHUB_TOKEN: ${{ github.token }}

      - name: Calculate Checksum
        id: checksum
        run: |
          $installer_name = $env:MSI_NAME
          $hash=Get-FileHash testkube.msi
          $hash.Hash + "  " + $installer_name + ".msi" >> msi_checksum.txt
          echo "::set-output name=INSTALLER_NAME::${installer_name}"

          #export MSI hash to environment
          $hashsum = $hash.Hash
          echo "::set-output name=CHECKSUM::${hashsum}"

          #copy MSI to choco directory to build a nuget package
          Copy-Item -Path "testkube.msi" -Destination ".\choco\tools\$env:MSI_NAME.msi"
        env:
          MSI_NAME: testkube_${{steps.tag.outputs.tag}}_Windows_i386

      - name: Upload release binary
        uses: actions/upload-release-asset@v1.0.2
        env:
          GITHUB_TOKEN: ${{ github.token }}
        with:
          upload_url: ${{ steps.get_release.outputs.upload_url }}
          asset_path: testkube.msi
          asset_name: ${{steps.checksum.outputs.INSTALLER_NAME}}.msi
          asset_content_type: application/octet-stream

      - name: Upload Checksum
        uses: actions/upload-release-asset@v1.0.2
        env:
          GITHUB_TOKEN: ${{ github.token }}
        with:
          upload_url: ${{ steps.get_release.outputs.upload_url }}
          asset_path: msi_checksum.txt
          asset_name: ${{steps.checksum.outputs.INSTALLER_NAME}}_checksum.txt
          asset_content_type: text/plain

      - name: Update checksum in chocolateyInstall.ps1 file
        working-directory: ./choco
        run: |
          $file_content  = Get-Content .\tools\chocolateyInstall.ps1 -Raw
          $update_version = $file_content -replace "(?i)(\schecksum\s*=\s*)('.*')", "`$1'${{steps.checksum.outputs.CHECKSUM}}'"
          Set-Content -Path .\tools\chocolateyInstall.ps1 -Value $update_version -NoNewline

      - name: Bump versions and push package to chocolatey repo
        working-directory: ./choco
        run: |
          ./update.ps1 ${{steps.tag.outputs.tag}} ${{ secrets.COMMOM_CHOCO_API_KEY }} ${{ env.TESTKUBE_CHOCO_REPO }}

  build-and-publish-linux-installer:
    needs: release
    runs-on: ubuntu-latest

    steps:
      - name: Get Intermediate Artifacts
        uses: actions/download-artifact@master
        with:
          name: bin-artifacts
          path: dist

      - name: Get tag
        id: tag
        uses: dawidd6/action-get-tag@v1
        with:
          strip_v: true

      - name: Publish package
        env:
          USERNAME: "aptly"
          PASSWORD: ${{ secrets.APTLY_PASSWORD }}
          APTLY_URL: "repo.testkube.io:8080"
          VERSION: ${{steps.tag.outputs.tag}}
        run: |
          ### Upload files
          curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST -F file=@dist/testkube_${VERSION}_linux_386.deb http://${APTLY_URL}/api/files/testkube
          curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST -F file=@dist/testkube_${VERSION}_linux_arm64.deb http://${APTLY_URL}/api/files/testkube
          curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST -F file=@dist/testkube_${VERSION}_linux_amd64.deb http://${APTLY_URL}/api/files/testkube

          ### Add file to repo
          curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST http://${APTLY_URL}/api/repos/testkube/file/testkube?forceReplace=1

          ### Create snapshot
          curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X POST -H 'Content-Type: application/json' --data '{"Name":"testkube-'${VERSION}'"}' http://${APTLY_URL}/api/repos/testkube/snapshots

          ### Publish repo
          curl --fail-with-body -u ${USERNAME}:${PASSWORD} -X PUT -H 'Content-Type: application/json' --data '{"Snapshots": [{"Component": "main", "Name": "testkube-'${VERSION}'"}]}'}], http://repo.testkube.io:8080/api/publish/:linux/linux

  trigger-argocd-image-build:
    needs: release
    runs-on: ubuntu-latest
    steps:
      - name: Release tag
        id: release_tag
        run: |
          echo ::set-output name=SOURCE_TAG::${GITHUB_REF#refs/tags/}

      - name: Set env
        env:
          SOURCE_TAG: ${{ steps.release_tag.outputs.SOURCE_TAG }}
        run: |
          echo RELEASE_TAG=${SOURCE_TAG:1} >> $GITHUB_ENV

      - name: Repository Dispatch
        uses: peter-evans/repository-dispatch@v2
        with:
          token: ${{ secrets.CI_BOT_TOKEN }}
          repository: kubeshop/testkube-argocd
          event-type: trigger-argocd-image-build
          client-payload: '{"release_version": "${{ env.RELEASE_TAG }}"}'