Publish release #73
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish release | |
| on: | |
| release: | |
| types: | |
| - published | |
| # allow running release workflow manually | |
| workflow_dispatch: | |
| # Determine the version numbers that will be assigned to the release. | |
| inputs: | |
| version_v1: | |
| required: true | |
| type: string | |
| description: Version number for 1.x components. Don't include a leading `v`. | |
| version_v2: | |
| required: true | |
| type: string | |
| description: Version number for 2.x components. Don't include a leading `v`. | |
| dry_run: | |
| required: true | |
| type: boolean | |
| description: Pass `true` for a test run. It will only build one platform (for speed) and will not push artifacts. | |
| # See https://github.com/jaegertracing/jaeger/issues/4017 | |
| permissions: | |
| contents: read | |
| jobs: | |
| publish-release: | |
| permissions: | |
| contents: write | |
| deployments: write | |
| if: github.repository == 'jaegertracing/jaeger' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Clean up some disk space | |
| # We had an issue where the workflow was running out of disk space, | |
| # because it downloads so many Docker images for different platforms. | |
| # Here we delete some stuff from the VM that we do not use. | |
| # Inspired by https://github.com/jlumbroso/free-disk-space. | |
| run: | | |
| sudo rm -rf /usr/local/lib/android || true | |
| df -h / | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 | |
| with: | |
| egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| submodules: true | |
| - name: Fetch git tags | |
| run: | | |
| git fetch --prune --unshallow --tags | |
| - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
| with: | |
| go-version: 1.23.x | |
| - name: Setup Node.js version | |
| uses: ./.github/actions/setup-node.js | |
| - name: Determine parameters | |
| id: params | |
| run: | | |
| if [[ "${{ inputs.dry_run }}" == "true" ]]; then | |
| echo "platforms=linux/amd64" >> $GITHUB_OUTPUT | |
| echo "linux_platforms=linux/amd64" >> $GITHUB_OUTPUT | |
| echo "gpg_key_override=-k skip" >> $GITHUB_OUTPUT | |
| else | |
| echo "platforms=$(make echo-platforms)" >> $GITHUB_OUTPUT | |
| echo "linux_platforms=$(make echo-linux-platforms)" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Export BRANCH variable and validate it is a semver | |
| # Many scripts depend on BRANCH variable. We do not want to | |
| # use ./.github/actions/setup-branch here because it may set | |
| # BRANCH=main when the workflow is triggered manually. | |
| # | |
| # TODO this currently utilizes 1.x version tag | |
| run: | | |
| BRANCH=$(make echo-v1) | |
| echo "BRANCH=${BRANCH}" >> ${GITHUB_ENV} | |
| echo Validate that the latest tag ${BRANCH} is in semver format | |
| echo ${BRANCH} | grep -E '^v[0-9]+.[0-9]+.[0-9]+$' | |
| - name: Install tools | |
| run: make install-ci | |
| - name: Configure GPG Key | |
| if: ${{ inputs.dry_run != true }} | |
| uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
| - name: Build all binaries | |
| run: make build-all-platforms PLATFORMS=${{ steps.params.outputs.platforms }} | |
| - name: Package binaries | |
| id: package-binaries | |
| run: bash scripts/package-deploy.sh -p ${{ steps.params.outputs.platforms }} ${{ steps.params.outputs.gpg_key_override }} | |
| - name: Upload binaries | |
| if: ${{ inputs.dry_run != true }} | |
| uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # 2.9.0 | |
| with: | |
| file: '{deploy/*.tar.gz,deploy/*.zip,deploy/*.sha256sum.txt,deploy/*.asc}' | |
| file_glob: true | |
| overwrite: true | |
| tag: ${{ env.BRANCH }} | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Delete the release artifacts after uploading them. | |
| run: | | |
| rm -rf deploy || true | |
| df -h / | |
| - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
| - name: Build and upload all container images | |
| # -B skips building the binaries since we already did that above | |
| run: bash scripts/build-upload-docker-images.sh -B -p ${{ steps.params.outputs.linux_platforms }} | |
| env: | |
| DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
| QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }} | |
| - name: Build, test, and publish all-in-one image | |
| run: bash scripts/build-all-in-one-image.sh -p ${{ steps.params.outputs.linux_platforms }} | |
| env: | |
| DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
| QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }} | |
| - name: Build, test, and publish hotrod image | |
| run: bash scripts/build-hotrod-image.sh -p ${{ steps.params.outputs.linux_platforms }} | |
| env: | |
| DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
| QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }} | |
| - name: Generate SBOM | |
| uses: anchore/sbom-action@d94f46e13c6c62f59525ac9a1e147a99dc0b9bf5 # v0.17.0 | |
| with: | |
| output-file: jaeger-SBOM.spdx.json | |
| upload-release-assets: false | |
| upload-artifact: false | |
| - name: Upload SBOM | |
| # Upload SBOM manually, because anchore/sbom-action does not do that | |
| # when the workflow is triggered manually, only from a release. | |
| # See https://github.com/jaegertracing/jaeger/issues/4817 | |
| uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # 2.9.0 | |
| if: ${{ inputs.dry_run != true }} | |
| with: | |
| file: jaeger-SBOM.spdx.json | |
| overwrite: true | |
| tag: ${{ env.BRANCH }} | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} |