forked from open-component-model/open-component-model
-
Notifications
You must be signed in to change notification settings - Fork 0
152 lines (136 loc) · 5.6 KB
/
cli-release.yml
File metadata and controls
152 lines (136 loc) · 5.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
name: CLI Release
run-name: CLI Release based on ${{ github.event.inputs.branch }}${{ github.event.inputs.dry_run == 'true' && '(dry-run)' || '' }}
on:
workflow_dispatch:
inputs:
branch:
description: "Branch to cut to, must match regex releases/v0.[0-9]+"
required: true
type: string
dry_run:
description: "Perform dry run without pushing tags"
required: false
default: true
type: boolean
env:
REGISTRY: ghcr.io
COMPONENT_PATH: cli
concurrency:
cancel-in-progress: true
group: cli-release-${{ github.event.inputs.branch }}
jobs:
# --------------------------------------------------------
# 1. Prepare: release candidate version
# --------------------------------------------------------
prepare:
name: Prepare Release Candidate Version
uses: ./.github/workflows/release-candidate-version.yml
with:
branch: ${{ github.event.inputs.branch }}
component_path: cli # cannot use env here
secrets: inherit
# --------------------------------------------------------
# 2. Tag: Create and push RC tag (skipped on dry-run)
# --------------------------------------------------------
tag:
name: Create and Push Tag
runs-on: ubuntu-latest
needs: [prepare]
if: ${{ github.event.inputs.dry_run == 'false' }}
permissions:
contents: write
outputs:
pushed: ${{ steps.tag.outputs.pushed }}
steps:
# Checkout repository for tagging
- name: Checkout Repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
sparse-checkout: ${{ env.COMPONENT_PATH }}
ref: ${{ github.event.inputs.branch }}
token: ${{ secrets.GITHUB_TOKEN }}
# Determine committer and set up git identity
- id: committer
name: Determine Committer used for pushing Tag
run: |
echo "name=${{ github.actor }}" >> "$GITHUB_OUTPUT"
echo "email=${{ github.actor }}@users.noreply.github.com" >> "$GITHUB_OUTPUT"
- name: Setup git config
run: |
git config --global user.name "${{ steps.committer.outputs.name }}"
git config --global user.email "${{ steps.committer.outputs.email }}"
# Create and push tag if not existing
- name: Create ${{ needs.prepare.outputs.new_tag }}
id: tag
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
env:
TAG: ${{ needs.prepare.outputs.new_tag }}
CHANGELOG_B64: ${{ needs.prepare.outputs.changelog_b64 }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { execSync } = require("child_process");
const tag = process.env.TAG;
const msg = Buffer.from(process.env.CHANGELOG_B64, "base64").toString("utf8");
try { execSync(`git rev-parse "refs/tags/${tag}"`); core.info(`Tag ${tag} exists`); core.setOutput("pushed","false"); return; } catch {}
require("fs").writeFileSync(".tagmsg", msg);
execSync(`git tag -a "${tag}" -F .tagmsg`);
execSync(`git push origin "refs/tags/${tag}"`);
core.setOutput("pushed","true");
core.info(`✅ Created RC tag ${tag}`);
# --------------------------------------------------------
# 3. Build CLI
# --------------------------------------------------------
build:
name: Build CLI for ${{ needs.prepare.outputs.new_tag }}
if: ${{ needs.tag.outputs.pushed == 'true' }}
needs: [prepare, tag]
uses: ./.github/workflows/cli.yml
secrets: inherit
with:
ref: ${{ needs.prepare.outputs.new_tag }}
# --------------------------------------------------------
# 4. Release: Create GitHub pre-release if tag was pushed
# --------------------------------------------------------
release:
name: Create Pre-Release
needs: [prepare, tag, build]
runs-on: ubuntu-latest
permissions:
contents: write
environment:
name: cli/release-candidate
url: ${{ steps.release.outputs.html_url }}
steps:
# Recreate changelog file from base64 string for release body
- name: Decode changelog to file
run: |
echo "${{ needs.prepare.outputs.changelog_b64 }}" | base64 --decode > "${{ runner.temp }}/CHANGELOG.md"
- name: Download CLI artifacts
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ github.repository }}
name: ${{ needs.build.outputs.artifact_name }}
- name: Create Release
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2
with:
name: CLI ${{ needs.prepare.outputs.new_version }}
tag_name: ${{ needs.prepare.outputs.new_tag }}
body_path: ${{ runner.temp }}/CHANGELOG.md
fail_on_unmatched_files: true
overwrite_files: 'true'
prerelease: true
files: |
${{ github.workspace }}/bin/ocm-*
${{ github.workspace }}/oci/*
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# --------------------------------------------------------
# 5. Promote: TODO(jakobmoellerdev): https://github.com/open-component-model/ocm-project/issues/721
# - Protect the release with an environment that has a timer and reviewers
# - Create tag from RC tag commit
# - Promote the image to the latest tag
# - Promote the image to the release version
# - Push new release with all artifacts from RC
# --------------------------------------------------------