feat: publish images on release #352
Conversation
Signed-off-by: Adam Talbot <adamtalbot93@googlemail.com>
There was a problem hiding this comment.
Pull request overview
This pull request adds OCI image build and publish capabilities to the cmctl repository by integrating reusable Makefile modules from cert-manager/makefile-modules. The PR enables automatic publishing of container images to quay.io during releases, resolving issue #351.
Key Changes:
- Adds OCI build and publish Makefile modules with support for multi-architecture builds, signing, and registry rewriting
- Configures cmctl for OCI image builds targeting quay.io/jetstack/cmctl
- Updates release workflow to authenticate with Quay and publish images
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
make/_shared/oci-publish/image-exists.sh |
Bash script to check if image tag already exists in registry before pushing |
make/_shared/oci-publish/01_mod.mk |
Defines Makefile targets for pushing and signing OCI images |
make/_shared/oci-publish/00_mod.mk |
Provides image registry rewrite functionality and image name resolution |
make/_shared/oci-build/01_mod.mk |
Defines targets for building OCI images using ko |
make/_shared/oci-build/00_mod.mk |
Configures base images, validates build parameters, and defines build variables |
make/02_mod.mk |
Adds oci-push-cmctl to the release target |
make/00_mod.mk |
Configures OCI build parameters for cmctl (base image, image name, tag) |
klone.yaml |
Adds oci-build and oci-publish module dependencies |
.github/workflows/release.yaml |
Adds Quay registry authentication for image publishing |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
SgtCoDFish
left a comment
There was a problem hiding this comment.
/lgtm
/approve
Haven't tested locally but it looks right! Happy to merge, happy to review follow-ups if needed.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: SgtCoDFish The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@SgtCoDFish could you add the QUAY credentials as GH actions secrets? They are not in the 1password (i'm assuming because its still the jetstack one) |
Done! It's a manual process through the quay UI still - because it's the jetstack org, you're right. I've created the cmctl repo and added the QUAY_USERNAME and QUAY_PASSWORD envvars as repository secrets on this repo. |
|
Thanks @SgtCoDFish /unhold |
Pull Request Motivation
This pull request adds reusable Makefile modules for OCI image build and publish workflows, updates the build configuration to use these modules.
It also updates the release Github action to publish the image using the makefile modules.
Before this can be merged quay secrets need adding
/hold
resolves #351
Kind
/kind feature
Release Note