From f945128a668552c19ead52538930dbaa576f329e Mon Sep 17 00:00:00 2001 From: leongross Date: Mon, 23 Jan 2023 17:05:46 +0100 Subject: [PATCH 1/5] remove -ko suffix from workflows --- .../build-constellation-node-operator-ko.yml | 31 ------------- .../build-constellation-node-operator.yml | 6 +-- .../workflows/build-joinservice-image-ko.yml | 39 ----------------- .github/workflows/build-joinservice-image.yml | 13 +++--- .../workflows/build-keyservice-image-ko.yml | 43 ------------------- .github/workflows/build-keyservice-image.yml | 11 +++-- .../build-verification-service-ko.yml | 37 ---------------- .../workflows/build-verification-service.yml | 5 +-- 8 files changed, 20 insertions(+), 165 deletions(-) delete mode 100644 .github/workflows/build-constellation-node-operator-ko.yml delete mode 100644 .github/workflows/build-joinservice-image-ko.yml delete mode 100644 .github/workflows/build-keyservice-image-ko.yml delete mode 100644 .github/workflows/build-verification-service-ko.yml diff --git a/.github/workflows/build-constellation-node-operator-ko.yml b/.github/workflows/build-constellation-node-operator-ko.yml deleted file mode 100644 index a1f08aa4dd..0000000000 --- a/.github/workflows/build-constellation-node-operator-ko.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: Build and upload constellation node operator image (KO) - -on: - workflow_dispatch: - push: - branches: - - main - - "release/**" - -jobs: - build-constellation-node-operator: - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: write - steps: - - name: Check out repository - id: checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - with: - ref: ${{ github.head_ref }} - - - name: Build and upload constellation-node-operator container image - uses: ./.github/actions/build_micro_service_ko - with: - name: node-operator - koTarget: ./operators/constellation-node-operator - githubToken: ${{ secrets.GITHUB_TOKEN }} - cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} - cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} - cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} diff --git a/.github/workflows/build-constellation-node-operator.yml b/.github/workflows/build-constellation-node-operator.yml index c3987da8b3..bbca7cf423 100644 --- a/.github/workflows/build-constellation-node-operator.yml +++ b/.github/workflows/build-constellation-node-operator.yml @@ -22,7 +22,7 @@ jobs: id: checkout uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: - ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} + ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Setup Go environment uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 @@ -30,10 +30,10 @@ jobs: go-version: "1.19.5" - name: Build and upload constellation-node-operator container image - uses: ./.github/actions/build_operator + uses: ./.github/actions/build_micro_service_ko with: name: node-operator - sourceDir: operators/constellation-node-operator + koTarget: ./operators/constellation-node-operator githubToken: ${{ secrets.GITHUB_TOKEN }} cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} diff --git a/.github/workflows/build-joinservice-image-ko.yml b/.github/workflows/build-joinservice-image-ko.yml deleted file mode 100644 index f10c0f3218..0000000000 --- a/.github/workflows/build-joinservice-image-ko.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: Build and upload join service image (KO) -env: - REGISTRY: ghcr.io - -on: - workflow_dispatch: - push: - branches: - - main - - "release/**" - -jobs: - build-join-service-ko: - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: write - steps: - - name: Check out repository - id: checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - with: - ref: ${{ github.head_ref }} - - - name: Setup Go environment - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 - with: - go-version: "1.19.5" - - - name: Build and upload join service container image - id: build-and-upload - uses: ./.github/actions/build_micro_service_ko - with: - name: joinservice - koTarget: ./joinservice/cmd - githubToken: ${{ secrets.GITHUB_TOKEN }} - cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} - cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} - cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} diff --git a/.github/workflows/build-joinservice-image.yml b/.github/workflows/build-joinservice-image.yml index 5e66c105f1..8c2f0498d5 100644 --- a/.github/workflows/build-joinservice-image.yml +++ b/.github/workflows/build-joinservice-image.yml @@ -1,4 +1,6 @@ -name: Build and upload join-service image +name: Build and upload join service image +env: + REGISTRY: ghcr.io on: workflow_dispatch: @@ -29,13 +31,12 @@ jobs: with: go-version: "1.19.5" - - name: Build and upload join-service container image + - name: Build and upload join service container image id: build-and-upload - uses: ./.github/actions/build_micro_service + uses: ./.github/actions/build_micro_service_ko with: - name: join-service - projectVersion: "0.0.0" - dockerfile: joinservice/Dockerfile + name: joinservice + koTarget: ./joinservice/cmd githubToken: ${{ secrets.GITHUB_TOKEN }} cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} diff --git a/.github/workflows/build-keyservice-image-ko.yml b/.github/workflows/build-keyservice-image-ko.yml deleted file mode 100644 index b52ce12b36..0000000000 --- a/.github/workflows/build-keyservice-image-ko.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: Build and upload KeyService image (KO) -env: - REGISTRY: ghcr.io - -on: - workflow_dispatch: - push: - branches: - - main - - "release/**" - -jobs: - build-keyservice: - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: write - steps: - - name: Check out repository - id: checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - with: - ref: ${{ github.head_ref }} - - - name: Setup Go environment - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 - with: - go-version: "1.19.5" - - - name: Set up ko - uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6 - - - name: Build and upload KeyService container image - id: build-and-upload - uses: ./.github/actions/build_micro_service_ko - with: - name: key-service - koConfig: .ko.yaml - koTarget: ./keyservice/cmd - githubToken: ${{ secrets.GITHUB_TOKEN }} - cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} - cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} - cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} diff --git a/.github/workflows/build-keyservice-image.yml b/.github/workflows/build-keyservice-image.yml index cb5d53a0f9..dc0263ce9e 100644 --- a/.github/workflows/build-keyservice-image.yml +++ b/.github/workflows/build-keyservice-image.yml @@ -1,4 +1,6 @@ name: Build and upload KeyService image +env: + REGISTRY: ghcr.io on: workflow_dispatch: @@ -29,13 +31,16 @@ jobs: with: go-version: "1.19.5" + - name: Set up ko + uses: imjasonh/setup-ko@9a31684920a610d5dbe8012888714d64706f9787 # tag=v0.6 + - name: Build and upload KeyService container image id: build-and-upload - uses: ./.github/actions/build_micro_service + uses: ./.github/actions/build_micro_service_ko with: name: key-service - projectVersion: "0.0.0" - dockerfile: keyservice/Dockerfile + koConfig: .ko.yaml + koTarget: ./kms/cmd githubToken: ${{ secrets.GITHUB_TOKEN }} cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} diff --git a/.github/workflows/build-verification-service-ko.yml b/.github/workflows/build-verification-service-ko.yml deleted file mode 100644 index 8b20b70fc8..0000000000 --- a/.github/workflows/build-verification-service-ko.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: Build and upload verification-service image (KO) - -on: - workflow_dispatch: - push: - branches: - - main - - "release/**" - -jobs: - build-verification-service: - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: write - steps: - - name: Check out repository - id: checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - with: - ref: ${{ github.head_ref }} - - - name: Setup Go environment - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 - with: - go-version: "1.19.5" - - - name: Build and upload verification-service container image (KO) - id: build-and-upload - uses: ./.github/actions/build_micro_service_ko - with: - name: verification-service - koTarget: ./verify/cmd - githubToken: ${{ secrets.GITHUB_TOKEN }} - cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} - cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} - cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} diff --git a/.github/workflows/build-verification-service.yml b/.github/workflows/build-verification-service.yml index 821ecb2796..545807e9f0 100644 --- a/.github/workflows/build-verification-service.yml +++ b/.github/workflows/build-verification-service.yml @@ -31,11 +31,10 @@ jobs: - name: Build and upload verification-service container image id: build-and-upload - uses: ./.github/actions/build_micro_service + uses: ./.github/actions/build_micro_service_ko with: name: verification-service - projectVersion: "0.0.0" - dockerfile: verify/Dockerfile + koTarget: ./verify/cmd githubToken: ${{ secrets.GITHUB_TOKEN }} cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} From 40d81734a25917c5ef2cf6a4da00197101ac80d2 Mon Sep 17 00:00:00 2001 From: leongross Date: Mon, 23 Jan 2023 17:10:41 +0100 Subject: [PATCH 2/5] update build_ko action, update build_micro_service_ko action, update release to build reprod --- .github/actions/build_ko/action.yml | 13 ++++-- .../actions/build_micro_service_ko/action.yml | 8 ++-- .github/workflows/release.yml | 44 ++++++++++++++++--- .ko.yaml | 2 +- 4 files changed, 53 insertions(+), 14 deletions(-) diff --git a/.github/actions/build_ko/action.yml b/.github/actions/build_ko/action.yml index 82cfd85449..968b37b371 100644 --- a/.github/actions/build_ko/action.yml +++ b/.github/actions/build_ko/action.yml @@ -21,7 +21,7 @@ inputs: required: true pushTag: description: "Use this image tag" - required: false + required: true githubToken: description: "GitHub authorization token" required: true @@ -50,6 +50,12 @@ runs: id: pseudo-version uses: ./.github/actions/pseudo_version + - name: Setup Go environment + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 + with: + go-version: "1.19.5" + cache: true + - name: Set up ko uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6 @@ -60,7 +66,7 @@ runs: KO_USER: ${{ github.actor }} KO_CONFIG_PATH: ${{ inputs.koConfig }} KO_PASSWORD: ${{ inputs.githubToken }} - KO_DOCKER_REPO: ${{ inputs.registry }}/edgelesssys/${{ inputs.name }}-ko + KO_DOCKER_REPO: ${{ inputs.registry }}/edgelesssys/constellation/${{ inputs.name }} run: | tags="" sbom="" @@ -91,7 +97,8 @@ runs: sbom="--sbom=none" fi - container_full=$(ko build ${{ inputs.koTarget }} --bare --tags ${tags} ${sbom}) + echo "Building container image with tags: ${tags}" + container_full=$(ko build ${{ inputs.koTarget }} --bare --tags "${tags}" ${sbom}) container_image=$(echo $container_full | cut -d@ -f1) container_sha256=$(echo $container_full | cut -d: -f2) diff --git a/.github/actions/build_micro_service_ko/action.yml b/.github/actions/build_micro_service_ko/action.yml index a34ee5080b..7c557b7d3d 100644 --- a/.github/actions/build_micro_service_ko/action.yml +++ b/.github/actions/build_micro_service_ko/action.yml @@ -27,10 +27,10 @@ inputs: default: "false" cosignPublicKey: description: "Cosign public key" - required: false + required: true cosignPrivateKey: description: "Cosign private key" - required: false + required: true cosignPassword: description: "Password for Cosign private key" required: false @@ -50,11 +50,11 @@ runs: uses: ./.github/actions/build_ko with: name: ${{ inputs.name }} - koConfig: ${{ inputs.koConfig }} pseudoVersion: ${{ inputs.pseudoVersion }} + koConfig: ${{ inputs.koConfig }} koTarget: ${{ inputs.koTarget }} + pushTag: ${{ inputs.pushTag }} githubToken: ${{ inputs.GITHUB_TOKEN }} - pushTag: ci-test - name: Download ko Container Data id: download_container_data diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4285309675..a6562618e5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -115,6 +115,40 @@ jobs: git push origin "${BRANCH}" micro-services: + name: Build micro services + runs-on: ubuntu-22.04 + needs: [verify-inputs, prepare-release-branch] + strategy: + matrix: + koTarget: + [./joinservice/cmd, ./key-service/cmd, ./verify/cmd, ./operators/constellation-node-operator] + include: + - koTarget: ./joinservice/cmd + name: join-service + - koTarget: ./key-service/cmd + name: key-service + - koTarget: ./verify/cmd + name: verification-service + - koTarget: ./operators/constellation-node-operator + name: node-operator + steps: + - name: Checkout + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + with: + ref: ${{ github.head_ref }} + + - name: Build ${{ matrix.name }} micro service + uses: ./.github/actions/build_micro_service_ko + with: + koTarget: ${{ matrix.koTarget }} + name: ${{ matrix.name }} + pushTag: ${{ inputs.version }} + githubToken: ${{ secrets.GITHUB_TOKEN }} + cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} + cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} + cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} + + micro-services-metadata: name: Build micro services needs: [verify-inputs, prepare-release-branch] uses: ./.github/workflows/build-micro-service-manual.yml @@ -122,12 +156,8 @@ jobs: contents: read packages: write secrets: inherit - strategy: - matrix: - service: - [join-service, key-service, verification-service, qemu-metadata-api] with: - microService: ${{ matrix.service }} + microService: qemu-metadata-api imageTag: ${{ inputs.version }} version: ${{ needs.verify-inputs.outputs.WITHOUT_V }} ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }} @@ -148,7 +178,7 @@ jobs: update-versions: name: Update container image versions - needs: [verify-inputs, micro-services, constellation-node-operator] + needs: [verify-inputs, micro-services] runs-on: ubuntu-22.04 permissions: contents: write @@ -182,7 +212,9 @@ jobs: yq eval -i ".version = \"${WITHOUT_V}\"" "cli/internal/helm/charts/edgeless/constellation-services/charts/${service}/Chart.yaml" git add "cli/internal/helm/charts/edgeless/constellation-services/charts/${service}/Chart.yaml" done + git add cli/internal/helm/charts/edgeless/constellation-services/Chart.yaml + yq eval -i ".version = \"${WITHOUT_V}\"" cli/internal/helm/charts/edgeless/operators/Chart.yaml for service in node-maintenance-operator constellation-operator; do yq eval -i "(.dependencies[] | select(.name == \"${service}\")).version = \"${WITHOUT_V}\"" cli/internal/helm/charts/edgeless/operators/Chart.yaml diff --git a/.ko.yaml b/.ko.yaml index 4065afc4bb..6e06e035ad 100644 --- a/.ko.yaml +++ b/.ko.yaml @@ -7,7 +7,7 @@ baseImageOverrides: builds: - id: keyservice dir: . - main: ./keyservice/cmd + main: ./key-service/cmd env: - CGO_ENABLED=0 - GOOS=linux From cd0eb60a3b45efd74f2cf2e365e6a602c504d683 Mon Sep 17 00:00:00 2001 From: leongross Date: Mon, 23 Jan 2023 17:15:58 +0100 Subject: [PATCH 3/5] fix: replace key-service/cmd with correct keyservice path --- .github/workflows/release.yml | 4 ++-- .ko.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a6562618e5..c3a351a90f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -121,11 +121,11 @@ jobs: strategy: matrix: koTarget: - [./joinservice/cmd, ./key-service/cmd, ./verify/cmd, ./operators/constellation-node-operator] + [./joinservice/cmd, ./keyservice/cmd, ./verify/cmd, ./operators/constellation-node-operator] include: - koTarget: ./joinservice/cmd name: join-service - - koTarget: ./key-service/cmd + - koTarget: ./keyservice/cmd name: key-service - koTarget: ./verify/cmd name: verification-service diff --git a/.ko.yaml b/.ko.yaml index 6e06e035ad..4065afc4bb 100644 --- a/.ko.yaml +++ b/.ko.yaml @@ -7,7 +7,7 @@ baseImageOverrides: builds: - id: keyservice dir: . - main: ./key-service/cmd + main: ./keyservice/cmd env: - CGO_ENABLED=0 - GOOS=linux From 29a36299bbc8befc7c5beb4340189b923982c279 Mon Sep 17 00:00:00 2001 From: leongross Date: Mon, 30 Jan 2023 12:15:10 +0100 Subject: [PATCH 4/5] adjust helm charts to use hard coded kop binary path --- .../charts/constellation-operator/templates/deployment.yaml | 2 +- .../charts/node-maintenance-operator/templates/deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cli/internal/helm/charts/edgeless/operators/charts/constellation-operator/templates/deployment.yaml b/cli/internal/helm/charts/edgeless/operators/charts/constellation-operator/templates/deployment.yaml index 42996246de..84e7949884 100644 --- a/cli/internal/helm/charts/edgeless/operators/charts/constellation-operator/templates/deployment.yaml +++ b/cli/internal/helm/charts/edgeless/operators/charts/constellation-operator/templates/deployment.yaml @@ -51,7 +51,7 @@ spec: - --metrics-bind-address=127.0.0.1:8080 - --leader-elect command: - - /manager + - /ko-app/v2 env: - name: KUBERNETES_CLUSTER_DOMAIN value: {{ .Values.kubernetesClusterDomain }} diff --git a/cli/internal/helm/charts/edgeless/operators/charts/node-maintenance-operator/templates/deployment.yaml b/cli/internal/helm/charts/edgeless/operators/charts/node-maintenance-operator/templates/deployment.yaml index 218de74515..8b050b6856 100644 --- a/cli/internal/helm/charts/edgeless/operators/charts/node-maintenance-operator/templates/deployment.yaml +++ b/cli/internal/helm/charts/edgeless/operators/charts/node-maintenance-operator/templates/deployment.yaml @@ -48,7 +48,7 @@ spec: - --metrics-bind-address=:8080 - --leader-elect command: - - /manager + - /ko-app/v2 env: - name: OPERATOR_NAMESPACE valueFrom: From eeb7785b89f4c70b4d046b84f016f9f178a3704e Mon Sep 17 00:00:00 2001 From: leongross Date: Mon, 30 Jan 2023 16:25:10 +0100 Subject: [PATCH 5/5] fix: typo and checkout ref --- .github/workflows/build-constellation-node-operator.yml | 2 +- .github/workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-constellation-node-operator.yml b/.github/workflows/build-constellation-node-operator.yml index bbca7cf423..e999e26244 100644 --- a/.github/workflows/build-constellation-node-operator.yml +++ b/.github/workflows/build-constellation-node-operator.yml @@ -22,7 +22,7 @@ jobs: id: checkout uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: - ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} + ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Setup Go environment uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c3a351a90f..938e612d0a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -135,7 +135,7 @@ jobs: - name: Checkout uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: - ref: ${{ github.head_ref }} + ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }} - name: Build ${{ matrix.name }} micro service uses: ./.github/actions/build_micro_service_ko