feat: add semantic-release and Helm chart; push Docker image and Helm chart to ghcr.io

BREAKING CHANGE: not really a breaking change, just bumping to v1.0.0

Author: alfredkrohmer

.github/workflows/branches.yaml

@@ -1,24 +1,18 @@
-name: Build Container (branches)
+name: Build docker image on branches
 on: 
   push:
-    branches:
-    - /refs/heads/*
-    - !master
+    branches-ignore:
+    - main
 jobs:
   build:
     name: Docker Build and Publish
     runs-on: ubuntu-latest
     steps:
-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
+    - name: Check out code
+      uses: actions/checkout@v3
 
-    - name: Docker build and publish
-      uses: docker/build-push-action@v1
+    - name: Docker build
+      uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
       with:
-        username: ${{ secrets.DOCKERHUB_USER }}
-        password: ${{ secrets.DOCKERHUB_PASSWORD }}
-        repository: logmein/k8s-aws-operator
-        tag_with_ref: false
-        tag_with_sha: false
+        context: .
         push: false
-

.github/workflows/master.yaml

@@ -0,0 +1,71 @@
+name: Publish Docker image and Helm chart
+
+on:
+  release:
+    types: [published]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push-image:
+    name: Buld and push Docker image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Log in to the Container registry
+      uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+    - name: Build and push Docker image
+      id: build-and-push
+      uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+      with:
+        context: .
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+    outputs:
+      imageDigest: ${{ steps.build-and-push.outputs.digest }}
+
+  build-and-push-chart:
+    name: Buld and push Helm chart
+    needs: build-and-push-image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Helm login
+      shell: bash
+      run: echo ${{ secrets.GITHUB_TOKEN }} | helm registry login -u ${{ github.actor }} --password-stdin ghcr.io
+
+    - name: Helm package
+      shell: bash
+      run: helm package charts/${{ github.event.repository.name }} --app-version ${{ github.event.release.tag_name }}@${{needs.build-and-push-image.outputs.imageDigest}} --version ${{ github.event.release.tag_name }}-chart
+
+    - name: Helm push
+      shell: bash
+      run: helm push ${{ github.event.repository.name }}-${{ github.event.release.tag_name }}-chart.tgz oci://ghcr.io/${{ github.repository_owner }}
+
+    - name: Helm logout
+      shell: bash
+      run: helm registry logout ghcr.io

.github/workflows/publish.yaml

@@ -0,0 +1,29 @@
+name: Release
+
+on:
+  push:
+    branches:
+    - 'main'
+
+jobs:
+  semantic-release:
+    name: Run semantic-release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+      issues: write
+      pull-requests: write
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Semantic Release
+      uses: cycjimmy/semantic-release-action@071ef4c9640be3700de2aa7f39e8f4038e0269ed
+      with:
+        extra_plugins: |
+          [email protected]
+          @semantic-release/[email protected]
+          @semantic-release/[email protected]
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yaml

@@ -0,0 +1,13 @@
+verifyConditions: []
+branches:
+- main
+plugins:
+- '@semantic-release/commit-analyzer'
+- - '@semantic-release/release-notes-generator'
+  - preset: conventionalcommits
+- - '@semantic-release/changelog'
+  - changelogFile: CHANGELOG.md
+- - '@semantic-release/git'
+  - assets:
+    - CHANGELOG.md
+    message: "chore(release): ${nextRelease.version}\n\n${nextRelease.notes}"

.releaserc.yaml

@@ -47,7 +47,7 @@ deploy: manifests
 
 # Generate manifests e.g. CRD, RBAC etc.
 manifests: controller-gen
-	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=charts/k8s-aws-operator/crds
 
 # Run go fmt against code
 fmt:

Makefile

@@ -2,8 +2,6 @@
 
 Manage AWS Elastic IPs (EIPs) and Elastic Network Interfaces (ENIs) as Custom Resources in your Kubernetes cluster and assign them your pods.
 
-**Warning:** This project is still work in progress. There might be breaking API changes in the future. Use at your own risk.
-
 ## Requirements
 
 * Your pod IPs must be allocated from your VPC subnets. This is the default setup on AWS EKS by using the [AWS VPC CNI plugin](https://github.com/aws/amazon-vpc-cni-k8s).
@@ -18,13 +16,14 @@ Create an IAM role with the policy [here](iam/policy.json).
 
 ### Install the operator
 
-Ensure that the k8s-aws-operator uses this role, e.g. using [»IAM Roles for Service Accounts« (IRSA)](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) or [kube2iam](https://github.com/jtblin/kube2iam)/[kiam](https://github.com/uswitch/kiam). Modify the manifests [here](deploy) accordingly, then run:
+Run:
 
 ```bash
-$ kubectl apply -f config/crd/bases/ # install Custom Resource Definition (CRD) for EIP Custom Resource
-$ kubectl apply -f deploy/          # install the operator
+$ helm install --namespace kube-system --set aws.region=us-east-1 oci://ghcr.io/goto-opensource/k8s-aws-operator --version v1.0.0 # adjust version
 ```
 
+If you want to use [IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html), add the required trust relationship with your cluster to the IAM role and add the corresponding annotation on the service account (e.g. by setting the Helm value `serviceAccount.annotations."eks.amazonaws.com/role-arn"` accordingly).
+
 ## Usage
 
 ### EIPs

README.md

@@ -0,0 +1,11 @@
+apiVersion: v1
+type: application
+name: k8s-aws-operator
+version: 0.0.0-placeholder
+appVersion: v0.0.0-placeholder
+description: Operator for managing ENIs and EIPs in AWS from within Kubernetes
+home: https://github.com/goto-opensource/k8s-aws-operator
+maintainers:
+- name: Alfred Krohmer
+  email: [email protected]
+  url: https://github.com/alfredkrohmer