release-scripts contains scripting assets related to distributing carvel's binaries to the various distribution channels. i.e. Homebrew, carvel.dev install.sh script etc.
- .github/ contains github action workflow files
- ./scripts/ contains scripts used by the github action in this repo
- releases.yaml contains all the tools shasums for the latest version (used on the generation of the install.sh)
- The following step need to be added to the current release-published.yml of the tools repository
for e.g.
- run: |
curl -X POST https://api.github.com/repos/carvel-dev/release-scripts/dispatches \
-H 'Accept: application/vnd.github.everest-preview+json' \
-u ${{ secrets.ACCESS_TOKEN }} \
--data '{"event_type": "<YourToolName>_released", "client_payload": { "tagName": "${{ github.event.release.tag_name }}", "repo": "${{ github.repository }}", "toolName": "<YourToolName>" }}'
Need to change in the above:
ACCESS_TOKENthis secret needs to be one the format username@accessToken and the user needs to have access to execute workflows in this repository<YourToolName>should be replace with the tool name
- Enable in the tool the published workflow and add the step in this question
- Edit
releases.yamland add the following entry to it:
- product: YourProductName- Release the new tool on the tools Github Repository and the automation will start running
Note: This automated release process will make the tool installable via installation script from the website
- The repository has a
./hack/build.shscript that will build the binaries
- Create a secret named
SLACK_WEBHOOK_URLthat points to a slack webhook or slack workflow. - Create a new workflow that looks like this:
name: Trivy CVE Dependency Scanner
on:
schedule:
- cron: '0 0 * * *'
jobs:
trivy-scan:
uses: carvel-dev/release-scripts/.github/workflows/trivy-scan.yml@main
with:
repo: carvel-dev/imgpkg
tool: imgpkg
goVersion: 1.17.0
secrets:
githubToken: ${{ secrets.GITHUB_TOKEN }}
slackWebhookURL: ${{ secrets.SLACK_WEBHOOK_URL }}