Update workflows

trnubo · trnubo · commit d509c91887d3 · 2026-01-23T15:38:39.000+11:00
diff --git a/.github/workflows/github-release.yml b/.github/workflows/github-release.yml
@@ -1,6 +1,19 @@
 # Source: https://github.com/panubo/reference-github-actions/blob/main/github-release.yml
 # Description: Create a GitHub release
 # LICENSE: MIT License, Copyright (c) 2021-2025 Volt Grid Pty Ltd t/a Panubo
+#
+# This workflow supports release candidate tags. If a tag contains "-rc" for
+# example "v1.2.3-rc.1" then the release will be marked as a prerelease.
+# Additionally when generating changelog for release notes any RC releases will
+# be ignored.
+#
+# If you want to provide additional release notes you can add a
+# _ci_release_notes to a Makefile in the root of the repo. This will be called
+# while generating the release notes and will be attended to the end of the auto
+# generated release notes. If the command is absent or fails the failure will be
+# ignored. Additionally the tag/ref_name will be passed with TAG="${TAG#v}"
+# which will strip the "v" prefix from the tag, this is useful for listing
+# container images with their tag.
 
 name: GitHub Release
 
@@ -24,23 +37,32 @@ jobs:
           fetch-depth: 0 # Required for git log to work
 
       - name: Get Release Notes
+        env:
+          TAG: ${{ github.ref_name }}
         id: get_release_notes
         run: |
-          NOTES=$(git log --pretty=format:%s $(git tag --sort=-v:refname | head -1)...$(git tag --sort=-v:refname | head -2 | tail -1) | awk '{ print "-", $0  }')
-          printf "notes<<EOF\\n%s\\nEOF\\n" "${NOTES}" >> "$GITHUB_OUTPUT"
+          tag1="$(git -c 'versionsort.suffix=-' tag --sort=-v:refname | head -1)"
+          tag2="$(git -c 'versionsort.suffix=-' tag --sort=-v:refname | grep -v '\-rc' | grep -v -w "${tag1}" | head -1)"
+          {
+            echo 'notes<<EOF'
+            echo "## Changes since last release:"
+            echo
+            git log --graph --pretty=tformat:'%s %H' --abbrev-commit --date=relative "${tag1}"..."${tag2}"
+            echo
+            echo "**Full Changelog**: https://github.com/${GITHUB_REPOSITORY}/compare/${tag2}...${tag1}"
+            # Optionally allow the Makefile to generate some release notes too
+            make _ci_release_notes TAG=${TAG#v} || true
+            echo EOF
+          } >> "${GITHUB_OUTPUT}"
 
       - name: Create Release
         id: create_release
-        uses: actions/create-release@v1
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
-        with:
-          tag_name: ${{ github.ref }}
-          release_name: ${{ github.ref }}
-          body: |
-            Changes since last release:
-
-            ${{ steps.get_release_notes.outputs.notes }}
-
-          draft: false
-          prerelease: false
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TAG: ${{ github.ref_name }}
+        run: |
+          gh release create "$TAG" \
+            --title "Release $TAG" \
+            --notes "${{ steps.get_release_notes.outputs.notes }}" \
+            --draft=false \
+            --prerelease="${{ contains(github.ref, '-rc') }}"
diff --git a/.github/workflows/update-registry-metadata.yml b/.github/workflows/update-registry-metadata.yml
@@ -0,0 +1,79 @@
+# Source: https://github.com/panubo/reference-github-actions/blob/main/docker-images/update-registry-metadata.yml
+
+name: Update Registry Metadata
+
+on:
+  push:
+    branches:
+      - main
+
+env:
+  GITHUB_ROLE_ARN: arn:aws:iam::461800378586:role/GitHubECRPublic
+
+permissions:
+  id-token: write   # Required for OIDC
+  contents: read    # This is required for actions/checkout
+
+jobs:
+  update_repo_metadata:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Get repo name
+        id: image_name
+        run: |
+          sed -E -e 's/docker-//' -e 's/^/image_name=/' <<<"${{ github.repository }}" >> "$GITHUB_OUTPUT"
+
+      - name: Get repo description
+        id: repo_description
+        run: |
+          description=$(gh repo view ${{ github.repository }} --json description -q .description)
+          echo "description=$description" >> "$GITHUB_OUTPUT"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      # There are numerous issues with extracting a Usage section
+      # * Varying levels of header ie "# Usage" or "## Usage"
+      # * The match should continue until the next header of the same level or a higher level
+      # * The next header could be indented in a quote or alert/note eg "> # Next Section"
+      # * The section name could differ, Usage | usage | Install | Example etc
+      # Note: if we put this back in it needs to be added to the Update Catalog Data step
+      # - name: Extract Usage from README
+      #   id: usage
+      #   run: |
+      #     if awk '/^#+ *Install \/ Usage/{flag=1; next} /^#+/{flag=0} flag' README.md | grep -q .; then
+      #       usage=$(awk '/^#+ *Install \/ Usage/{flag=1; next} /^#+/{flag=0} flag' README.md)
+      #       echo "usage<<EOF" >> "$GITHUB_OUTPUT"
+      #       echo "$usage" >> "$GITHUB_OUTPUT"
+      #       echo "EOF" >> "$GITHUB_OUTPUT"
+      #     fi
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ env.GITHUB_ROLE_ARN }}
+          aws-region: us-east-1 # ECR Public is in us-east-1
+
+      - name: Update ECR Repository Catalog Data
+        env:
+          # ECR only wants the image_name not owner/image_name so we add image_name as an env then strip the owner with bash variable manipulation
+          IMAGE_NAME: ${{ steps.image_name.outputs.image_name }}
+        run: |
+          set -x
+          aws ecr-public get-repository-catalog-data --repository-name ${IMAGE_NAME#*/} > catalog-data.json
+          if [[ -n "${{ steps.repo_description.outputs.description }}" ]]; then
+            jq --arg description "${{ steps.repo_description.outputs.description }}" '.catalogData.description = $description' catalog-data.json > catalog-data.json.tmp && mv catalog-data.json.tmp catalog-data.json
+          fi
+          jq --arg about "$(cat README.md)" --arg repo "${IMAGE_NAME#*/}" '.catalogData.aboutText = $about | .repositoryName = $repo | del(.catalogData.logoUrl)' catalog-data.json > catalog-data.json.tmp && mv catalog-data.json.tmp catalog-data.json
+          aws ecr-public put-repository-catalog-data --repository-name ${IMAGE_NAME#*/} --cli-input-json file://catalog-data.json
+
+      - name: Update Quay.io Repository Description
+        run: |
+          JSON_DESCRIPTION="$(jq -n --arg desc "$(<README.md)" '{description: $desc}')"
+          curl -sSf -X PUT \
+            -H "Authorization: Bearer ${{ secrets.PANUBUILD_QUAYIO_API_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            -d "${JSON_DESCRIPTION}" \
+            'https://quay.io/api/v1/repository/${{ steps.image_name.outputs.image_name }}'
