-
Notifications
You must be signed in to change notification settings - Fork 113
148 lines (132 loc) · 5.65 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: Release
on:
workflow_dispatch:
inputs:
release:
description: 'Desired tag'
required: true
tags:
description: 'Previous tag'
required: true
git-ref:
description: 'Git reference to checkout. Use an appropriate release-v* branch name, tag, or commit SHA.'
required: true
jobs:
release:
if: ${{ github.repository == 'shipwright-io/build' }}
runs-on: ubuntu-latest
permissions:
id-token: write # To be able to get OIDC ID token to sign images.
contents: write # To be able to update releases.
packages: write # To be able to push images and signatures.
pull-requests: write # To be able to create pull requests
env:
IMAGE_HOST: ghcr.io
IMAGE_NAMESPACE: ${{ github.repository }}
TAG: ${{ inputs.release }}
steps:
- name: Setup release ${{ inputs.release }}
run: |
echo "Creating release ${{ inputs.release }} from previous tag ${{ inputs.tags }} with ref ${{ inputs.git-ref }}"
- uses: actions/checkout@v4
with:
ref: ${{ inputs.git-ref }}
fetch-depth: 0 # Fetch all history, needed for release note generation.
- uses: actions/setup-go@v5
with:
go-version: '1.21.x'
cache: true
check-latest: true
# Install tools
- uses: ko-build/[email protected]
with:
version: v0.15.2
- uses: sigstore/cosign-installer@v3
- name: Build Release Changelog
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PREVIOUS_TAG: ${{ inputs.tags }}
run: |
# might not be necessary but make sure
chmod +x "${GITHUB_WORKSPACE}/.github/draft_release_notes.sh"
export GITHUB_TOKEN
export PREVIOUS_TAG
"${GITHUB_WORKSPACE}/.github/draft_release_notes.sh"
- name: Draft release
id: draft_release
# TODO: This action is no longer mainained. We should use a different action
# or the gh command line directly.
uses: actions/create-release@v1
with:
release_name: "Shipwright Build release ${{ inputs.release }}"
tag_name: ${{ inputs.release }}
body_path: Changes.md
draft: true
prerelease: true
# create-release assumes one of two things if commitish is not set
# 1. Release is from the "latest commit" on the repo's default branch.
# 2. Release is for an existing tag with the same name
commitish: ${{ inputs.git-ref }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Generate and upload release.yaml
env:
REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
REGISTRY_USERNAME: ${{ github.repository_owner }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
make release
gh release upload ${TAG} release.yaml
gh release upload ${TAG} sample-strategies.yaml
- name: Sign released images
# Updated to use the git SHA of the checked out commit. The SHA for
# workflow_dispatch events is the latest SHA of the _branch_ where the
# action was invoked.
run: |
gitsha=$(git rev-parse --verify HEAD)
grep -o "ghcr.io[^\"]*" release.yaml | xargs cosign sign --yes \
-a sha=${gitsha} \
-a run_id=${{ github.run_id }} \
-a run_attempt=${{ github.run_attempt }}
- name: Update docs after release creation
env:
PREVIOUS_TAG: ${{ inputs.tags }}
NEW_TAG: ${{ inputs.release }}
run: |
# Update README.md with new tag
sed -i 's#https://github.com/shipwright-io/build/releases/download/'"$PREVIOUS_TAG"'/release.yaml#https://github.com/shipwright-io/build/releases/download/'"$NEW_TAG"'/release.yaml#g' README.md
sed -i 's#https://github.com/shipwright-io/build/releases/download/'"$PREVIOUS_TAG"'/sample-strategies.yaml#https://github.com/shipwright-io/build/releases/download/'"$NEW_TAG"'/sample-strategies.yaml#g' README.md
sed -i 's#https://raw.githubusercontent.com/shipwright-io/build/'"$PREVIOUS_TAG"'/hack/setup-webhook-cert.sh#https://raw.githubusercontent.com/shipwright-io/build/'"$NEW_TAG"'/hack/setup-webhook-cert.sh#g' README.md
sed -i '/Examples @ HEAD/a | ['"$NEW_TAG"'](https://github.com/shipwright-io/build/releases/tag/'"$NEW_TAG"') | [Docs @ '"$NEW_TAG"'](https://github.com/shipwright-io/build/tree/'"$NEW_TAG"'/docs) | [Examples @ '"$NEW_TAG"'](https://github.com/shipwright-io/build/tree/'"$NEW_TAG"'/samples) |' README.md
- name: Create Readme commits
run: |
git config user.name ${{ github.actor }}
git config user.email ${{ github.actor }}@users.noreply.github.com
git add README.md
git commit -m "Update Readme with new Tag ${{ inputs.release }}"
git clean -f
- name: Create Readme PR
uses: peter-evans/create-pull-request@v7
with:
commit-message: Update Readme with new Tag
author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
signoff: false
labels: |
kind/documentation
branch: update-readme-tag-refs
delete-branch: true
title: 'Update Readme with new tag'
body: |
Update README.md
# Changes
- Bump tag references to ${{ inputs.release }}
# Submitter Checklist
- [ ] Includes tests if functionality changed/was added
- [x] Includes docs if changes are user-facing
- [x] [Set a kind label on this PR](https://prow.k8s.io/command-help#kind)
- [x] Release notes block has been filled in, or marked NONE
# Release Notes
```release-note
None
```
draft: false