@@ -2,100 +2,45 @@ name: release
22
33on :
44 release :
5- types : [created, prereleased, released]
5+ types : [published]
6+ workflow_dispatch :
7+ inputs :
8+ tag :
9+ description : " Image and chart version tag (e.g. v3.1.0)"
10+ required : true
11+ latest :
12+ description : " Update the latest tag"
13+ type : boolean
14+ default : true
615
716env :
817 REGISTRY : ghcr.io
18+ IMAGE : ghcr.io/${{ github.repository }}
19+ TAG : ${{ inputs.tag || github.event.release.tag_name }}
920
1021jobs :
11- version :
12- # created+draft → commit-sha build
13- # prereleased → rc.N build (auto-incremented)
14- # released → final build
15- # created+!draft → skip (released/prereleased handles it)
16- if : >-
17- github.event.action == 'released' ||
18- github.event.action == 'prereleased' ||
19- (github.event.action == 'created' && github.event.release.draft)
20- runs-on : ubuntu-latest
21- permissions :
22- contents : read
23- packages : read
24- outputs :
25- image_tag : ${{ steps.resolve.outputs.image_tag }}
26- chart_version : ${{ steps.resolve.outputs.chart_version }}
27- app_version : ${{ steps.resolve.outputs.app_version }}
28- is_latest : ${{ steps.resolve.outputs.is_latest }}
29- steps :
30- - uses : actions/checkout@v4
31-
32- - name : Resolve version
33- id : resolve
34- env :
35- GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
36- run : |
37- TAG_NAME="${{ github.event.release.tag_name }}"
38-
39- if [[ "${{ github.event.release.draft }}" == "true" ]]; then
40- SHORT_SHA=$(git rev-parse --short HEAD)
41- {
42- echo "image_tag=sha-${SHORT_SHA}"
43- echo "chart_version=${TAG_NAME#v}-sha.${SHORT_SHA}"
44- echo "app_version=sha-${SHORT_SHA}"
45- echo "is_latest=false"
46- } >> "$GITHUB_OUTPUT"
47-
48- elif [[ "${{ github.event.release.prerelease }}" == "true" ]]; then
49- OWNER="${{ github.repository_owner }}"
50- PACKAGE="aws-load-balancer-controller"
51-
52- EXISTING_TAGS=$( \
53- gh api "/orgs/${OWNER}/packages/container/${PACKAGE}/versions" \
54- --paginate --jq '.[].metadata.container.tags[]' 2>/dev/null \
55- || gh api "/users/${OWNER}/packages/container/${PACKAGE}/versions" \
56- --paginate --jq '.[].metadata.container.tags[]' 2>/dev/null \
57- || true)
58-
59- LAST_RC=$(echo "$EXISTING_TAGS" \
60- | grep -E "^${TAG_NAME}-rc\.[0-9]+$" \
61- | sed "s/^${TAG_NAME}-rc\.//" \
62- | sort -n | tail -1)
63-
64- NEXT_RC=$((${LAST_RC:-0} + 1))
65- {
66- echo "image_tag=${TAG_NAME}-rc.${NEXT_RC}"
67- echo "chart_version=${TAG_NAME#v}-rc.${NEXT_RC}"
68- echo "app_version=${TAG_NAME}-rc.${NEXT_RC}"
69- echo "is_latest=false"
70- } >> "$GITHUB_OUTPUT"
71-
72- else
73- {
74- echo "image_tag=${TAG_NAME}"
75- echo "chart_version=${TAG_NAME#v}"
76- echo "app_version=${TAG_NAME}"
77- echo "is_latest=true"
78- } >> "$GITHUB_OUTPUT"
79- fi
80-
81- container-image :
82- needs : version
83- runs-on : ubuntu-latest
22+ build :
23+ strategy :
24+ fail-fast : false
25+ matrix :
26+ platform : [linux/amd64, linux/arm64]
27+ runs-on : ${{ matrix.platform == 'linux/arm64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
8428 permissions :
8529 contents : read
8630 packages : write
8731 steps :
32+ - name : Lowercase image name
33+ run : echo "IMAGE=${IMAGE,,}" >> "$GITHUB_ENV"
34+
8835 - uses : actions/checkout@v4
8936 with :
37+ ref : ${{ env.TAG }}
9038 fetch-depth : 0
9139
9240 - name : Read Go version
9341 id : go
9442 run : echo "version=$(cat .go-version)" >> "$GITHUB_OUTPUT"
9543
96- - name : Set up QEMU
97- uses : docker/setup-qemu-action@v3
98-
9944 - name : Set up Docker Buildx
10045 uses : docker/setup-buildx-action@v3
10146
@@ -110,31 +55,93 @@ jobs:
11055 id : meta
11156 uses : docker/metadata-action@v5
11257 with :
113- images : ${{ env.REGISTRY }}/${{ github.repository }}
114- tags : |
115- type=raw,value=${{ needs.version.outputs.image_tag }}
116- type=raw,value=latest,enable=${{ needs.version.outputs.is_latest }}
58+ images : ${{ env.IMAGE }}
11759
118- name : Build and push
60+ - name : Build and push by digest
61+ id : build
11962 uses : docker/build-push-action@v6
12063 with :
12164 context : .
122- push : true
123- tags : ${{ steps.meta.outputs.tags }}
65+ platforms : ${{ matrix.platform }}
12466 labels : ${{ steps.meta.outputs.labels }}
125- platforms : linux/amd64,linux/arm64
12667 build-args : |
12768 BASE_IMAGE=public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-nonroot:2025-12-09-1765306943.2023
12869 BUILD_IMAGE=public.ecr.aws/docker/library/golang:${{ steps.go.outputs.version }}
70+ outputs : type=image,name=${{ env.IMAGE }},push-by-digest=true,name-canonical=true,push=true
71+ cache-from : type=gha,scope=${{ github.ref_name }}-${{ matrix.platform }}
72+ cache-to : type=gha,mode=max,scope=${{ github.ref_name }}-${{ matrix.platform }}
73+
74+ - name : Export digest
75+ run : |
76+ mkdir -p /tmp/digests
77+ digest="${{ steps.build.outputs.digest }}"
78+ touch "/tmp/digests/${digest#sha256:}"
79+
80+ name : Upload digest
81+ uses : actions/upload-artifact@v4
82+ with :
83+ name : digests-${{ matrix.platform == 'linux/amd64' && 'amd64' || 'arm64' }}
84+ path : /tmp/digests/*
85+ if-no-files-found : error
86+ retention-days : 1
87+
88+ push-image :
89+ needs : build
90+ runs-on : ubuntu-latest
91+ permissions :
92+ contents : read
93+ packages : write
94+ steps :
95+ - name : Lowercase image name
96+ run : echo "IMAGE=${IMAGE,,}" >> "$GITHUB_ENV"
97+
98+ - name : Download digests
99+ uses : actions/download-artifact@v4
100+ with :
101+ path : /tmp/digests
102+ pattern : digests-*
103+ merge-multiple : true
104+
105+ - name : Set up Docker Buildx
106+ uses : docker/setup-buildx-action@v3
107+
108+ - name : Log in to GitHub Container Registry
109+ uses : docker/login-action@v3
110+ with :
111+ registry : ${{ env.REGISTRY }}
112+ username : ${{ github.actor }}
113+ password : ${{ secrets.GITHUB_TOKEN }}
114+
115+ - name : Docker metadata
116+ id : meta
117+ uses : docker/metadata-action@v5
118+ with :
119+ images : ${{ env.IMAGE }}
120+ tags : |
121+ type=raw,value=${{ env.TAG }}
122+ type=raw,value=latest,enable=${{ inputs.latest || !github.event.release.prerelease }}
123+
124+ name : Create manifest list and push
125+ working-directory : /tmp/digests
126+ run : |
127+ # shellcheck disable=SC2046
128+ docker buildx imagetools create \
129+ $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
130+ $(printf '${{ env.IMAGE }}@sha256:%s ' *)
131+
132+ name : Inspect image
133+ run : docker buildx imagetools inspect '${{ env.IMAGE }}:${{ env.TAG }}'
129134
130135 helm-chart :
131- needs : version
136+ needs : push-image
132137 runs-on : ubuntu-latest
133138 permissions :
134139 contents : read
135140 packages : write
136141 steps :
137142 - uses : actions/checkout@v4
143+ with :
144+ ref : ${{ env.TAG }}
138145
139146 - name : Set up Helm
140147 uses : azure/setup-helm@v4
@@ -147,13 +154,15 @@ jobs:
147154
148155name : Package Helm chart
149156 run : |
157+ VERSION="${{ env.TAG }}"
150158 helm package helm/aws-load-balancer-controller \
151- --version "${{ needs.version.outputs.chart_version } }" \
152- --app-version "${{ needs.version.outputs.app_version }}"
159+ --version "${VERSION#v }" \
160+ --app-version "${{ env.TAG }}"
153161
154162name : Push Helm chart
155163 run : |
164+ VERSION="${{ env.TAG }}"
156165 REPO_OWNER="${{ github.repository_owner }}"
157166 helm push \
158- "aws-load-balancer-controller-${{ needs.version.outputs.chart_version } }.tgz" \
167+ "aws-load-balancer-controller-${VERSION#v }.tgz" \
159168 "oci://${{ env.REGISTRY }}/${REPO_OWNER,,}/charts"
0 commit comments