-
Notifications
You must be signed in to change notification settings - Fork 2.5k
130 lines (108 loc) · 4.24 KB
/
ci-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Publish release
on:
release:
types:
- published
# allow running release workflow manually
workflow_dispatch:
# See https://github.com/jaegertracing/jaeger/issues/4017
permissions:
contents: read
jobs:
publish-release:
permissions:
contents: write
deployments: write
if: github.repository == 'jaegertracing/jaeger'
runs-on: ubuntu-latest
steps:
- name: Clean up some disk space
# We had an issue where the workflow was running out of disk space,
# because it downloads so many Docker images for different platforms.
# Here we delete some stuff from the VM that we do not use.
# Inspired by https://github.com/jlumbroso/free-disk-space.
run: |
sudo rm -rf /usr/local/lib/android || true
df -h /
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
submodules: true
- name: Fetch git tags
run: |
git fetch --prune --unshallow --tags
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: 1.22.x
- name: Setup Node.js version
uses: ./.github/actions/setup-node.js
- name: Export BRANCH variable and validate it is a semver
# Many scripts depend on BRANCH variable. We do not want to
# use ./.github/actions/setup-branch here because it may set
# BRANCH=main when the workflow is triggered manually.
run: |
BRANCH=$(make echo-version)
echo "BRANCH=${BRANCH}" >> ${GITHUB_ENV}
echo Validate that the latest tag ${BRANCH} is in semver format
echo ${BRANCH} | grep -E '^v[0-9]+.[0-9]+.[0-9]+$'
- name: Install tools
run: make install-ci
- name: Configure GPG Key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Build binaries
run: make build-all-platforms
- name: Package binaries
id: package-binaries
run: bash scripts/package-deploy.sh
- name: Upload binaries
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2.7.0
with:
file: '{deploy/*.tar.gz,deploy/*.zip,deploy/*.sha256sum.txt,deploy/*.asc}'
file_glob: true
overwrite: true
tag: ${{ env.BRANCH }}
repo_token: ${{ secrets.GITHUB_TOKEN }}
- name: Clean up some more disk space
# Delete the release artifacts after uploading them.
run: |
rm -rf deploy || true
df -h /
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Build and upload all container images
run: bash scripts/build-upload-docker-images.sh
env:
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }}
- name: Build, test, and publish all-in-one image
run: bash scripts/build-all-in-one-image.sh
env:
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }}
- name: Build, test, and publish hotrod image
run: bash scripts/hotrod-integration-test.sh
env:
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }}
- name: Generate SBOM
uses: anchore/sbom-action@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0
with:
output-file: jaeger-SBOM.spdx.json
upload-release-assets: false
upload-artifact: false
- name: Upload SBOM
# Upload SBOM manually, because anchore/sbom-action does not do that
# when the workflow is triggered manually, only from a release.
# See https://github.com/jaegertracing/jaeger/issues/4817
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2.7.0
with:
file: jaeger-SBOM.spdx.json
overwrite: true
tag: ${{ env.BRANCH }}
repo_token: ${{ secrets.GITHUB_TOKEN }}