WIP

clemlesne · Aug 17, 2024 · 816113d · 816113d
1 parent c240c4f
commit 816113d
Showing 1 changed file with 19 additions and 73 deletions.
diff --git a/.github/workflows/pipeline.yaml b/.github/workflows/pipeline.yaml
@@ -89,87 +89,33 @@ jobs:
           name: binary-${{ matrix.os }}
           path: dist/scrape-it-now-${{ needs.init.outputs.VERSION }}-${{ matrix.os }}
 
-  create-release:
-    name: Create release
+  publish-release:
+    name: Release
     permissions:
       contents: write
     runs-on: ubuntu-22.04
     needs:
       - build-app
       - init
-    outputs:
-      RELEASE_ID: ${{ steps.create-release.outputs.result }}
-    # Only publish on non-scheduled main branch, as there is only one Helm repo and we cannot override an existing version
-    if: (github.event_name != 'schedule') && (github.ref == 'refs/heads/main')
-    steps:
-      - name: Checkout
-        uses: actions/[email protected]
-
-      - name: Create release
-        id: create-release
-        uses: actions/[email protected]
-        with:
-          script: |
-            const isMain = context.ref == `refs/heads/main`;
-            const repoName = context.repo.repo;
-
-            console.log(isMain ? 'Creating release for default branch' : 'Creating release for non-default branch');
-
-            const { data } = await github.rest.repos.createRelease({
-              draft: true,
-              generate_release_notes: true,
-              name: `${repoName} v${{ needs.init.outputs.VERSION }}`,
-              owner: context.repo.owner,
-              prerelease: !isMain,
-              repo: repoName,
-              tag_name: 'v${{ needs.init.outputs.VERSION }}',
-              target_commitish: context.ref,
-            });
-            return data.id
-
-  attest-dependencies:
-    name: Attest - Dependencies
-    permissions:
-      contents: write
-    runs-on: ubuntu-22.04
-    needs:
-      - create-release
-      - init
+    # Only publish on non-scheduled default branch
+    # if: (github.event_name != 'schedule') && (github.ref == 'refs/heads/main')
     steps:
-      - name: Checkout
-        uses: actions/[email protected]
-
-      - name: Login to registry - GitHub
-        uses: docker/[email protected]
+      - name: Download artifacts
+        id: download
+        uses: actions/[email protected]
         with:
-          registry: ${{ env.CONTAINER_REGISTRY_GHCR }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          merge-multiple: true
+          pattern: binary-*
 
-      - name: Run attestation
-        uses: advanced-security/[email protected]
-        with:
-          dockerImagesToScan: ${{ env.CONTAINER_REGISTRY_GHCR }}/${{ env.API_CONTAINER_NAME }}:${{ needs.init.outputs.VERSION_FULL }}
+      - name: Export artifact list
+        id: list
+        run: |
+          echo "artifacts=$(ls -1 ${{ steps.download.outputs.download-path }})" >> $GITHUB_OUTPUT
 
-  publish-release:
-    name: Publish release
-    permissions:
-      contents: write
-    runs-on: ubuntu-22.04
-    needs:
-      - attest-dependencies
-      - create-release
-    # Only publish on non-scheduled default branch
-    if: (github.event_name != 'schedule') && (github.ref == 'refs/heads/main')
-    steps:
-      - name: publish release
-        id: publish-release
-        uses: actions/[email protected]
+      - name: Publish
+        uses: softprops/[email protected]
         with:
-          script: |
-            github.rest.repos.updateRelease({
-              draft: false,
-              owner: context.repo.owner,
-              release_id: ${{ needs.create-release.outputs.RELEASE_ID }},
-              repo: context.repo.repo,
-            });
+          files: ${{ steps.list.outputs.artifacts }}
+          generate_release_notes: true
+          make_latest: true
+          tag_name: ${{ needs.init.outputs.VERSION }}