Skip to content

publish as latest

publish as latest #3

name: publish as latest
on:
# publish on pushes to the main branch (image tagged as "latest")
# https://ocm.software/ocm/pkgs/container/ocm
workflow_dispatch:
push:
branches:
- main
paths:
- '**/*.go'
- '**/*.mod'
- '**/*.sum'
- 'resources/**'
- '.github/config/latest.yml'
jobs:
docker_publish:
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
packages: write
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@v2
with:
app_id: ${{ secrets.OCMBOT_APP_ID }}
private_key: ${{ secrets.OCMBOT_PRIV_KEY }}
- name: Checkout
uses: actions/checkout@v4
with:
token: ${{ steps.generate_token.outputs.token }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker Login
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ github.repository }}
- name: Go Build Cache for Docker
uses: actions/cache@v4
with:
path: go-build-cache
key: ${{ runner.os }}-go-build-cache-${{ hashFiles('**/go.sum') }}
- name: inject go-build-cache into docker
uses: reproducible-containers/buildkit-cache-dance@v3
with:
cache-source: go-build-cache
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
# supported platforms of https://hub.docker.com/_/golang/tags?page=1&name=1.23-alpine3.20
platforms: linux/amd64,darwin
push: true
tags: |
ghcr.io/hilmarf/ocm/ocm.software/ocmcli/ocmcli-image:latest
ocm-cli-latest:
name: Build latest ocm-cli
runs-on: large_runner
permissions:
contents: write
id-token: write
packages: write
steps:
- name: Self hosted runner post job cleanup
uses: TooMuch4U/[email protected]
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@v2
with:
app_id: ${{ secrets.OCMBOT_APP_ID }}
private_key: ${{ secrets.OCMBOT_PRIV_KEY }}
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ steps.generate_token.outputs.token }}
- name: Enable github-cli
uses: actions4gh/[email protected]
with:
token: ${{ steps.generate_token.outputs.token }}
- name: Move tag to latest commit
run: |
gh api -X PATCH -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/open-component-model/ocm/git/refs/tags/ocm-cli/latest -f "sha=${{ github.sha }}" -F "force=true"
- name: Setup go
uses: actions/setup-go@v5
with:
go-version-file: '${{ github.workspace }}/go.mod'
check-latest: false
cache: false
- name: Get go environment for use with cache
run: |
echo "go_cache=$(go env GOCACHE)" >> $GITHUB_ENV
echo "go_modcache=$(go env GOMODCACHE)" >> $GITHUB_ENV
# This step will only reuse the go mod and build cache from main made during the Build,
# see push_ocm.yaml => "ocm-cli-latest" Job
# This means it never caches by itself and PRs cannot cause cache pollution / thrashing
# This is because we have huge storage requirements for our cache because of the mass of dependencies
- name: Restore / Reuse Cache from central build
id: cache-golang-restore
uses: actions/cache/restore@v4 # Only Restore, not build another cache (too big)
with:
path: |
${{ env.go_cache }}
${{ env.go_modcache }}
key: ${{ env.cache_name }}-${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ hashFiles('**/go.mod') }}
restore-keys: |
${{ env.cache_name }}-${{ runner.os }}-go-
env:
cache_name: ocm-cli-latest-go-cache # needs to be the same key in the end as in the build step
- name: Goreleaser release snapshot
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser
version: 2.2.0
args: release --clean --timeout 60m --snapshot --skip=validate --config=.github/config/latest.yml
env:
GITHUBORG: ${{ github.repository_owner }}
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
GORELEASER_CURRENT_TAG: v0.0.0
GORELEASER_PREVIOUS_TAG: v0.0.0
- name: Create or update release
uses: ncipollo/release-action@v1
with:
name: latest ocm-cli
tag: ocm-cli/latest
artifacts: "dist/*.tar.gz, dist/*.zip, dist/*.sha256"
token: ${{ steps.generate_token.outputs.token }}
allowUpdates: true
omitBodyDuringUpdate: true
omitNameDuringUpdate: true
prerelease: true
draft: false
removeArtifacts: true
replacesArtifacts: true
skipIfReleaseExists: false
body: |
holds always the latest ocm-cli binaries
# This step is actually responsible for populating our build cache for the next runs in PRs or on main.
- name: Save Cache of Build (only on main)
id: cache-golang-save
uses: actions/cache/save@v4 # Only save build cache once
with:
path: |
${{ env.go_cache }}
${{ env.go_modcache }}
key: ${{ env.cache_name }}-${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ hashFiles('**/go.mod') }}
upload-chunk-size: 256000000 # default of 32MB is not really optimal for our large cache, choose 256MB instead
env:
cache_name: ocm-cli-latest-go-cache # needs to be the same key in the end as in the build step