add release workflow (nginx#5742)

pdabelf5 · web-flow · commit d96e0c22c7f2 · 2024-06-14T08:52:04.000+01:00
diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml
@@ -221,7 +221,7 @@ jobs:
               architecture=("${arch#*/}")
               ./preflight check container quay.io/nginx/nginx-ingress:${{ steps.meta.outputs.version }} --pyxis-api-token ${{ secrets.PYXIS_API_TOKEN }} --certification-project-id ${{ secrets.CERTIFICATION_PROJECT_ID }} --platform $architecture --submit
           done
-        if: ${{ github.ref_type == 'tag' && contains(inputs.image, 'ubi') }}
+        if: ${{ (github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true') && contains(inputs.image, 'ubi') }}
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # 0.22.0
diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml
@@ -174,7 +174,7 @@ jobs:
           push: true
           build-args: |
             BUILD_OS=${{ inputs.image }}
-            IC_VERSION=${{ github.ref_type == 'tag' && steps.meta.outputs.version || 'CI' }}
+            IC_VERSION=${{ (github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true') && steps.meta.outputs.version || 'CI' }}
             ${{ steps.nap_modules.outputs.modules != '' && format('NAP_MODULES={0}', steps.nap_modules.outputs.modules) || '' }}
           secrets: |
             "nginx-repo.crt=${{ inputs.nap_modules != '' && secrets.NGINX_AP_CRT || secrets.NGINX_CRT }}"
@@ -203,7 +203,7 @@ jobs:
           build-args: |
             BUILD_OS=${{ inputs.image }}
             PREBUILT_BASE_IMG=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/plus:${{ inputs.base-image-md5 }}-${{ inputs.image }}${{ steps.nap_modules.outputs.name != '' && format('-{0}', steps.nap_modules.outputs.name) || '' }}
-            IC_VERSION=${{ github.ref_type == 'tag' && steps.meta.outputs.version || 'CI' }}
+            IC_VERSION=${{ (github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true') && steps.meta.outputs.version || 'CI' }}
             ${{ inputs.nap_modules != '' && format('NAP_MODULES={0}', steps.nap_modules.outputs.modules) || '' }}
             ${{ contains(inputs.image, 'v5') && 'WAF_VERSION=v5' || '' }}
             ${{ (contains(inputs.target, 'aws') && inputs.nap_modules != '') && format('NAP_MODULES_AWS={0}', steps.nap_modules.outputs.modules) || '' }}
diff --git a/.github/workflows/cache-update.yml b/.github/workflows/cache-update.yml
@@ -55,7 +55,7 @@ jobs:
         with:
           minor-label: "enhancement"
           major-label: "change"
-          publish: ${{ github.ref_type == 'tag' }}
+          publish: false
           collapse-after: 50
           variables: |
             helm-chart=${{ needs.checks.outputs.chart_version }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -107,7 +107,7 @@ jobs:
           publish=false
           if ${{ github.event_name == 'workflow_dispatch' && inputs.publish-image }}; then
             publish=true
-          elif ${{ github.ref_type == 'tag' && startsWith(github.ref, 'refs/heads/release-') }}; then
+          elif ${{ (github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true') && startsWith(github.ref, 'refs/heads/release-') }}; then
             publish=true
           elif ${{ github.event_name != 'workflow_dispatch' && github.event_name != 'pull_request' && ! startsWith(github.ref, 'refs/heads/release-') }}; then
             publish=true
@@ -181,7 +181,7 @@ jobs:
         with:
           minor-label: "enhancement"
           major-label: "change"
-          publish: ${{ github.ref_type == 'tag' }}
+          publish: ${{ github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true' }}
           collapse-after: 50
           variables: |
             helm-chart=${{ needs.checks.outputs.chart_version }}
@@ -220,17 +220,17 @@ jobs:
 
       - name: Download Syft
         uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0
-        if: github.ref_type == 'tag'
+        if: ${{ github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true' }}
 
       - name: Install Cosign
         uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
-        if: github.ref_type == 'tag'
+        if: ${{ github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true' }}
 
       - name: Build binaries
         uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
         with:
           version: latest
-          args: ${{ github.ref_type == 'tag' && 'release' || 'build --snapshot' }} ${{ github.event_name == 'pull_request' && '--single-target' || '' }} --clean
+          args: ${{ (github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true') && 'release' || 'build --snapshot' }} ${{ github.event_name == 'pull_request' && '--single-target' || '' }} --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GOPATH: ${{ needs.checks.outputs.go_path }}
@@ -690,7 +690,7 @@ jobs:
       base-image-md5: ${{ needs.checks.outputs.docker_md5 }}
       release-url: ${{ needs.release-notes.outputs.release-url }}
       publish-image: ${{ needs.checks.outputs.publish_images == 'true' }}
-      publish-aws-market-place: ${{ github.ref_type == 'tag' && startsWith(github.ref, 'refs/heads/release-') && contains(matrix.target, 'aws') }}
+      publish-aws-market-place: ${{ (github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true') && startsWith(github.ref, 'refs/heads/release-') && contains(matrix.target, 'aws') }}
       publish-nginx-reqistry: ${{ needs.checks.outputs.publish_images == 'true' && ! contains(matrix.target, 'aws') }}
       forked-workflow: ${{ needs.checks.outputs.forked_workflow == 'true' }}
     permissions:
@@ -765,7 +765,7 @@ jobs:
       nap_modules: ${{ matrix.nap_modules }}
       release-url: ${{ needs.release-notes.outputs.release-url }}
       publish-image: ${{ needs.checks.outputs.publish_images == 'true' }}
-      publish-aws-market-place: ${{ github.ref_type == 'tag' && startsWith(github.ref, 'refs/heads/release-') && contains(matrix.target, 'aws') }}
+      publish-aws-market-place: ${{ (github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true') && startsWith(github.ref, 'refs/heads/release-') && contains(matrix.target, 'aws') }}
       publish-nginx-reqistry: ${{ needs.checks.outputs.publish_images == 'true' && ! contains(matrix.target, 'aws') }}
       forked-workflow: ${{ needs.checks.outputs.forked_workflow == 'true' }}
     permissions:
@@ -784,9 +784,9 @@ jobs:
     uses: ./.github/workflows/publish-helm.yml
     with:
       branch: ${{ github.ref_name }}
-      ic_version: ${{ github.ref_type == 'tag' && needs.checks.outputs.ic_version || 'edge' }}
-      chart_version: ${{ github.ref_type == 'tag' && needs.checks.outputs.chart_version || '0.0.0-edge' }}
-      nginx_helm_repo: ${{ github.ref_type == 'tag' }}
+      ic_version: ${{ (github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true') && needs.checks.outputs.ic_version || 'edge' }}
+      chart_version: ${{ (github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true') && needs.checks.outputs.chart_version || '0.0.0-edge' }}
+      nginx_helm_repo: ${{ github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true' }}
     secrets: inherit
 
   operator:
@@ -808,7 +808,7 @@ jobs:
                 chart_version: '${{ needs.checks.outputs.chart_version }}'
               },
             })
-    if: github.ref_type == 'tag'
+    if: ${{ github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true' }}
 
   gcp-marketplace:
     name: Trigger PR for GCP Marketplace
@@ -829,4 +829,4 @@ jobs:
                 chart_version: '${{ needs.checks.outputs.chart_version }}'
               },
             })
-    if: github.ref_type == 'tag'
+    if: ${{ github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true' }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
diff --git a/.github/workflows/update-docker-sha.yml b/.github/workflows/update-docker-sha.yml
