feat: rename module and change api domain

.github/workflows/release.yaml

@@ -2,65 +2,50 @@ name: release
 on:
   push:
     tags:
-      - 'v*'
+      - "v*"
   workflow_dispatch:
     inputs:
       tag:
-        description: 'image tag prefix'
-        default: 'rc'
+        description: "image tag prefix"
+        default: "rc"
         required: true
 jobs:
-  release:
+  _:
+    runs-on: ubuntu-latest
     permissions:
-      contents: write # for creating the GitHub release.
-      id-token: write # for creating OIDC tokens for signing.
-      packages: write # for pushing and signing container images.
-    uses: fluxcd/gha-workflows/.github/workflows/controller-release.yaml@v0.4.0
-    with:
-      controller: ${{ github.event.repository.name }}
-      release-candidate-prefix: ${{ github.event.inputs.tag }}
-    secrets:
-      github-token: ${{ secrets.GITHUB_TOKEN }}
-      dockerhub-token: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
-  release-provenance:
-    needs: [release]
-    permissions:
-      actions: read # for detecting the Github Actions environment.
-      id-token: write # for creating OIDC tokens for signing.
-      contents: write # for uploading attestations to GitHub releases.
-    if: startsWith(github.ref, 'refs/tags/v')
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0
-    with:
-      provenance-name: "provenance.intoto.jsonl"
-      base64-subjects: "${{ needs.release.outputs.release-digests }}"
-      upload-assets: true
-  dockerhub-provenance:
-    needs: [release]
-    permissions:
-      contents: read # for reading the repository code.
-      actions: read # for detecting the Github Actions environment.
-      id-token: write # for creating OIDC tokens for signing.
-      packages: write # for uploading attestations.
-    if: startsWith(github.ref, 'refs/tags/v')
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0
-    with:
-      image: ${{ needs.release.outputs.image-name }}
-      digest: ${{ needs.release.outputs.image-digest }}
-      registry-username: ${{ github.repository_owner == 'fluxcd' && 'fluxcdbot' || github.repository_owner }}
-    secrets:
-      registry-password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
-  ghcr-provenance:
-    needs: [release]
-    permissions:
-      contents: read # for reading the repository code.
-      actions: read # for detecting the Github Actions environment.
-      id-token: write # for creating OIDC tokens for signing.
-      packages: write # for uploading attestations.
-    if: startsWith(github.ref, 'refs/tags/v')
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0
-    with:
-      image: ghcr.io/${{ needs.release.outputs.image-name }}
-      digest: ${{ needs.release.outputs.image-digest }}
-      registry-username: fluxcdbot # not necessary for ghcr.io
-    secrets:
-      registry-password: ${{ secrets.GITHUB_TOKEN }}
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3
+      - name: Setup Kustomize
+        uses: fluxcd/pkg/actions/kustomize@62ddfc16c29b86028b855f5b999329c6abca4207
+      - name: Prepare
+        id: prep
+        env:
+          GIT_REF: ${{ github.ref }}
+          GIT_SHA: ${{ github.sha }}
+          RELEASE_CANDIDATE_PREFIX: ${{ github.event.inputs.tag }}
+        run: |
+          VERSION="${RELEASE_CANDIDATE_PREFIX}-${GIT_SHA::8}"
+          if [[ $GIT_REF == refs/tags/* ]]; then
+            VERSION=${GIT_REF/refs\/tags\//}
+          fi
+          echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
+      - name: Generate release artifacts
+        if: startsWith(github.ref, 'refs/tags/v')
+        env:
+          CONTROLLER: ${{ github.event.repository.name }}
+        run: |
+          mkdir -p config/release
+          kustomize build ./config/crd > ./config/release/${CONTROLLER}.crds.yaml
+          kustomize build ./config/manager > ./config/release/${CONTROLLER}.deployment.yaml
+      - name: Create release
+        id: run-goreleaser
+        if: startsWith(github.ref, 'refs/tags/v')
+        uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0
+        with:
+          version: latest
+          args: release --clean --skip=validate
+        env:
+          GITHUB_TOKEN: ${{ secrets.github-token }}

.goreleaser.yaml

@@ -1,4 +1,4 @@
-project_name: source-controller
+project_name: nelm-source-controller
 
 builds:
   - skip: true
@@ -10,17 +10,13 @@ release:
   header: |
     ## Changelog
 
-    [{{.Tag}} changelog](https://github.com/fluxcd/{{.ProjectName}}/blob/{{.Tag}}/CHANGELOG.md)
+    [{{.Tag}} changelog](https://github.com/werf/{{.ProjectName}}/blob/{{.Tag}}/CHANGELOG.md)
   footer: |
     ## Container images
-
-    - `docker.io/fluxcd/{{.ProjectName}}:{{.Tag}}`
-    - `ghcr.io/fluxcd/{{.ProjectName}}:{{.Tag}}`
-
+
+    - `registry.werf.io/nelm/source-controller:{{.Tag}}`
+
     Supported architectures: `linux/amd64`, `linux/arm64` and `linux/arm/v7`.
-
-    The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC.
-    To verify the images and their provenance (SLSA level 3), please see the [security documentation](https://fluxcd.io/flux/security/).
 
 changelog:
   disable: true
@@ -32,26 +28,3 @@ checksum:
 source:
   enabled: true
   name_template: "{{ .ProjectName }}_{{ .Version }}_source_code"
-
-sboms:
-  - id: source
-    artifacts: source
-    documents:
-      - "{{ .ProjectName }}_{{ .Version }}_sbom.spdx.json"
-
-# signs the checksum file
-# all files (including the sboms) are included in the checksum
-# https://goreleaser.com/customization/sign
-signs:
-  - cmd: cosign
-    env:
-      - COSIGN_EXPERIMENTAL=1
-    certificate: "${artifact}.pem"
-    args:
-      - sign-blob
-      - "--yes"
-      - "--output-certificate=${certificate}"
-      - "--output-signature=${signature}"
-      - "${artifact}"
-    artifacts: checksum
-    output: true