-
Notifications
You must be signed in to change notification settings - Fork 1.2k
/
Copy pathrelease
executable file
·78 lines (70 loc) · 2.18 KB
/
release
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/usr/bin/env bash
set -eu -o pipefail
: "${GITHUB_ACTIONS=}"
: "${GITHUB_REPOSITORY=}"
: "${GITHUB_RUN_ID=}"
: "${GITHUB_TOKEN=}"
: "${BUILDX_CMD=docker buildx}"
: "${DESTDIR=./bin/release}"
: "${CACHE_FROM=}"
: "${CACHE_TO=}"
: "${RELEASE=false}"
: "${PLATFORMS=}"
if [ -n "$CACHE_FROM" ]; then
for cfrom in $CACHE_FROM; do
if [[ $cfrom == *"type=gha"* ]]; then
if [[ -n "$GITHUB_REPOSITORY" ]] && [[ $cfrom != *"repository="* ]]; then
cfrom="${cfrom},repository=${GITHUB_REPOSITORY}"
fi
if [[ -n "$GITHUB_TOKEN" ]] && [[ $cfrom != *"ghtoken="* ]]; then
cfrom="${cfrom},ghtoken=${GITHUB_TOKEN}"
fi
fi
setFlags+=(--set "*.cache-from=$cfrom")
done
fi
if [ -n "$CACHE_TO" ]; then
for cto in $CACHE_TO; do
if [[ $cto == *"type=gha"* ]]; then
if [[ -n "$GITHUB_REPOSITORY" ]] && [[ $cto != *"repository="* ]]; then
cto="${cto},repository=${GITHUB_REPOSITORY}"
fi
if [[ -n "$GITHUB_TOKEN" ]] && [[ $cto != *"ghtoken="* ]]; then
cto="${cto},ghtoken=${GITHUB_TOKEN}"
fi
fi
setFlags+=(--set "*.cache-to=$cto")
done
fi
if [ -n "$PLATFORMS" ]; then
setFlags+=(--set "*.platform=$PLATFORMS")
fi
if ${BUILDX_CMD} build --help 2>&1 | grep -- '--attest' >/dev/null; then
prvattrs="mode=max"
if [ "$GITHUB_ACTIONS" = "true" ]; then
prvattrs="$prvattrs,builder-id=https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
fi
setFlags+=(--set "*.attest=type=sbom")
setFlags+=(--set "*.attest=type=provenance,$prvattrs")
fi
if [[ "$RELEASE" = "true" ]] && [[ "$GITHUB_ACTIONS" = "true" ]]; then
setFlags+=(--set "*.no-cache-filter=gobuild-base")
fi
output=$(mktemp -d -t buildkit-output.XXXXXXXXXX)
(
set -x
${BUILDX_CMD} bake "${setFlags[@]}" --set "*.args.BUILDKIT_MULTI_PLATFORM=true" --set "*.output=$output" release
)
for pdir in "${output}"/*/; do
(
cd "$pdir"
releasetar=$(find . -name '*.tar.gz')
filename=$(basename "${releasetar%.tar.gz}")
mv "provenance.json" "${filename}.provenance.json"
mv "sbom-binaries.spdx.json" "${filename}.sbom.json"
find . -name 'sbom*.json' -exec rm {} \;
)
done
mkdir -p "$DESTDIR"
mv "$output"/**/* "$DESTDIR/"
rm -rf "$output"