77 type : choice
88 description : The type of release
99 options :
10- - Patch
11- - Minor
12- - Major
13- - Snapshot
10+ - Patch
11+ - Minor
12+ - Major
13+ - Snapshot
1414 vulnerability_severity :
1515 description : The severity to fail the workflow if such vulnerability is detected. DO NOT override it unless a Jira ticket is raised.
1616 type : choice
1717 options :
18- - CRITICAL,HIGH
19- - CRITICAL,HIGH,MEDIUM
20- - CRITICAL (DO NOT use if JIRA ticket not raised)
18+ - CRITICAL,HIGH
19+ - CRITICAL,HIGH,MEDIUM
20+ - CRITICAL (DO NOT use if JIRA ticket not raised)
2121 testing_mode :
2222 type : boolean
2323 default : false
@@ -30,13 +30,13 @@ jobs:
3030 name : Start Operator Build
3131 runs-on : ubuntu-latest
3232 outputs :
33- new_version : ${{ steps.version.outputs.new_version }}
34- commit_sha : ${{ steps.commit-and-tag.outputs.commit_sha }}
35- release_type : ${{ steps.set-env.outputs.release_type }}
36- vulnerability_severity : ${{ steps.set-env.outputs.vulnerability_severity }}
33+ new_version : ${{ steps.version.outputs.new_version }}
34+ commit_sha : ${{ steps.commit-and-tag.outputs.commit_sha }}
35+ release_type : ${{ steps.set-env.outputs.release_type }}
36+ vulnerability_severity : ${{ steps.set-env.outputs.vulnerability_severity }}
3737 env :
38- RELEASE_TYPE : ${{ inputs.release_type || (github.event_name == 'schedule' && 'patch') }}
39- VULNERABILITY_SEVERITY : ${{ inputs.vulnerability_severity || (github.event_name == 'schedule' && 'CRITICAL,HIGH') }}
38+ RELEASE_TYPE : ${{ inputs.release_type || (github.event_name == 'schedule' && 'patch') }}
39+ VULNERABILITY_SEVERITY : ${{ inputs.vulnerability_severity || (github.event_name == 'schedule' && 'CRITICAL,HIGH') }}
4040 steps :
4141 - name : Set Environment Variables
4242 id : set-env
@@ -59,14 +59,14 @@ jobs:
5959 printenv
6060 echo "$GITHUB_CONTEXT"
6161shell : bash
62- env :
63- GITHUB_CONTEXT : ${{ toJson(github) }}
62+ env :
63+ GITHUB_CONTEXT : ${{ toJson(github) }}
6464
6565 - name : Check branch and release type
6666 uses : IABTechLab/uid2-shared-actions/actions/check_branch_and_release_type@v3
6767 with :
6868 release_type : ${{ inputs.release_type }}
69-
69+
7070 - name : Checkout repo
7171 uses : actions/checkout@v4
7272 with :
@@ -100,7 +100,7 @@ jobs:
100100 with :
101101 add : ' pom.xml version.json'
102102 message : ' Released ${{ env.RELEASE_TYPE }} version: ${{ steps.version.outputs.new_version }}'
103- tag : v${{ steps.version.outputs.new_version }}
103+ tag : v${{ steps.version.outputs.new_version }}
104104
105105 buildPublic :
106106 if : ${{ github.event.inputs.testing_mode != 'true' }}
@@ -151,7 +151,7 @@ jobs:
151151 buildAMI :
152152 if : ${{ github.event.inputs.testing_mode != 'true' }}
153153 name : Build AWS AMI
154- needs : [start, buildAWS]
154+ needs : [ start, buildAWS ]
155155 uses : ./.github/workflows/build-uid2-ami.yaml
156156 with :
157157 operator_run_number : ${{ github.run_id }}
@@ -170,14 +170,6 @@ jobs:
170170 with :
171171 fetch-depth : 0
172172
173- # Delete any existing draft for this tag (so old assets go away)
174- - name : Delete existing draft (clean slate)
175- env :
176- GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
177- run : |
178- gh release delete "v${{ needs.start.outputs.new_version }}" --yes \
179- || echo "No existing draft to delete
180-
181173 - name : Download public manifest
182174 if : ${{ github.event.inputs.testing_mode != 'true' }}
183175 uses : actions/download-artifact@v4
@@ -258,6 +250,36 @@ jobs:
258250 (cd ./deployment/gcp-oidc-deployment-files-${{ needs.start.outputs.new_version }} && zip -r ../../gcp-oidc-deployment-files-${{ needs.start.outputs.new_version }}.zip . )
259251 (cd manifests && zip -r ../uid2-operator-release-manifests-${{ needs.start.outputs.new_version }}.zip .)
260252
253+ – name : Cleanup old assets from this tag
254+ # requires GH CLI and contents: write
255+ env :
256+ GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
257+ REPO : ${{ github.repository }}
258+ TAG : v${{ needs.start.outputs.new_version }}
259+ shell : bash
260+ run : |
261+ set -euo pipefail
262+ # Fetch the release ID for our tag (if it exists)
263+ release_id=$(gh api "repos/$REPO/releases/tags/$TAG" --jq .id || echo "")
264+ if [ -n "$release_id" ]; then
265+ echo "Found existing release $TAG (id=$release_id), pruning assets…"
266+ # Loop through all assets on that release
267+ gh api "repos/$REPO/releases/$release_id/assets" --jq '.[].id' | \
268+ while read asset_id; do
269+ name=$(gh api "repos/$REPO/releases/assets/$asset_id" --jq .name)
270+ # If the name does NOT contain our tag, delete it
271+ if [[ "$name" != *"$TAG"* ]]; then
272+ echo "Deleting old asset: $name"
273+ gh api "repos/$REPO/releases/assets/$asset_id" -X DELETE
274+ else
275+ echo "Keeping current asset: $name"
276+ fi
277+ done
278+ else
279+ echo "No existing release v$TAG to prune—moving on."
280+ fi
281+
282+
261283name : Create draft release
262284 uses : softprops/action-gh-release@v2
263285 with :
@@ -266,10 +288,10 @@ jobs:
266288 overwrite_files : true
267289 draft : true
268290 files : |
269- ./aws-euid-deployment-files-${{ needs.start.outputs.new_version }}.zip
270- ./aws-uid2-deployment-files-${{ needs.start.outputs.new_version }}.zip
271- ./azure-cc-deployment-files-${{ needs.start.outputs.new_version }}.zip
272- ./azure-aks-deployment-files-${{ needs.start.outputs.new_version }}.zip
273- ./gcp-oidc-deployment-files-${{ needs.start.outputs.new_version }}.zip
274- ./uid2-operator-release-manifests-${{ needs.start.outputs.new_version }}.zip
291+ ./aws-euid-deployment-files-${{ needs.start.outputs.new_version }}.zip
292+ ./aws-uid2-deployment-files-${{ needs.start.outputs.new_version }}.zip
293+ ./azure-cc-deployment-files-${{ needs.start.outputs.new_version }}.zip
294+ ./azure-aks-deployment-files-${{ needs.start.outputs.new_version }}.zip
295+ ./gcp-oidc-deployment-files-${{ needs.start.outputs.new_version }}.zip
296+ ./uid2-operator-release-manifests-${{ needs.start.outputs.new_version }}.zip
275297
0 commit comments