Release #93
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
workflow_dispatch: | |
inputs: | |
release_candidate: | |
type: boolean | |
description: "Release Candidate" | |
required: false | |
default: false | |
create_branch: | |
type: boolean | |
description: "Create Release Branch" | |
required: false | |
default: false | |
prerelease: | |
type: string | |
description: "Release Candidate Name" | |
required: false | |
default: "" | |
jobs: | |
check: | |
name: Check Release Preconditions | |
runs-on: large_runner | |
permissions: | |
contents: write | |
id-token: write | |
repository-projects: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Job Settings | |
run: | | |
echo "Release Job Arguments" | |
if ${{ github.event.inputs.release_candidate }}; then | |
v="v$(go run $GITHUB_WORKSPACE/api/version/generate --no-dev print-rc-version ${{ github.event.inputs.prerelease }})" | |
if [ -n "${{ github.event.inputs.prerelease }}" ]; then | |
echo "Candidate: $v" | |
else | |
echo "Candidate: $v (taken from source)" | |
fi | |
else | |
v="v$(go run $GITHUB_WORKSPACE/api/version/generate print-version)" | |
echo "Final Release: $v" | |
if ${{ github.event.inputs.create_branch }}; then | |
echo "with release branch creation" | |
else | |
echo "without release branch creation" | |
fi | |
fi | |
- name: Set Base Version | |
run: | | |
BASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate print-version) | |
echo "BASE_VERSION=$BASE_VERSION" >> $GITHUB_ENV | |
- name: Set Pre-Release Version | |
if: inputs.release_candidate == true | |
run: | | |
RELEASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate --no-dev print-rc-version ${{ github.event.inputs.prerelease }}) | |
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV | |
- name: Set Version | |
if: inputs.release_candidate == false | |
run: | | |
RELEASE_VERSION=${{env.BASE_VERSION}} | |
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV | |
- name: Check Tag | |
run: | | |
set -e | |
if git ls-remote --exit-code origin refs/tags/${{ env.RELEASE_VERSION }} ; then | |
>&2 echo "tag ${{ env.RELEASE_VERSION }} already exists" | |
exit 1 | |
fi | |
- name: Check Branch | |
if: inputs.release_candidate == false && inputs.create_branch && github.ref == 'refs/heads/main' | |
run: | | |
set -e | |
if git ls-remote --exit-code origin refs/heads/releases/${{ env.RELEASE_VERSION }} ; then | |
>&2 echo "branch releases/${{ env.RELEASE_VERSION }} already exists" | |
exit 1 | |
fi | |
- name: Get Draft Release Notes | |
id: release-notes | |
uses: cardinalby/git-get-release-action@v1 | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
with: | |
draft: true | |
releaseName: ${{ env.BASE_VERSION }} | |
lint-and-test: | |
name: Lint and Unit Tests | |
uses: ./.github/workflows/lint_and_test.yaml | |
needs: check | |
permissions: | |
contents: read | |
pull-requests: read | |
components: | |
name: Component CTF Builds | |
uses: ./.github/workflows/components.yaml | |
needs: check | |
permissions: | |
contents: read | |
pull-requests: read | |
diff-check-manifests: | |
name: Check for diff after go mod tidy and generated targets | |
uses: ./.github/workflows/check_diff_action.yaml | |
needs: check | |
permissions: | |
contents: read | |
pull-requests: read | |
release: | |
needs: | |
- lint-and-test | |
- components | |
name: Release Build | |
runs-on: large_runner | |
permissions: | |
contents: write | |
id-token: write | |
packages: write | |
steps: | |
- name: Self Hosted Runner Post Job Cleanup Action | |
uses: TooMuch4U/[email protected] | |
- name: Generate token | |
id: generate_token | |
uses: tibdex/github-app-token@v2 | |
with: | |
permissions: >- | |
{ "packages": "write", | |
"contents": "write", | |
"id-token": "write" } | |
app_id: ${{ secrets.OCMBOT_APP_ID }} | |
private_key: ${{ secrets.OCMBOT_PRIV_KEY }} | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
token: ${{ steps.generate_token.outputs.token }} | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: '${{ github.workspace }}/go.mod' | |
check-latest: false | |
- name: Setup Syft | |
uses: anchore/sbom-action/download-syft@f5e124a5e5e1d497a692818ae907d3c45829d033 # v0.17.3 | |
- name: Setup Cosign | |
uses: sigstore/[email protected] | |
- name: Setup git config | |
run: | | |
git config user.name "GitHub Actions Bot" | |
git config user.email "<41898282+github-actions[bot]@users.noreply.github.com>" | |
- name: Set Base Version | |
run: | | |
BASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate print-version) | |
echo "BASE_VERSION=$BASE_VERSION" >> $GITHUB_ENV | |
- name: Set Pre-Release Version | |
if: inputs.release_candidate == true | |
run: | | |
RELEASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate --no-dev print-rc-version ${{ github.event.inputs.prerelease }}) | |
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV | |
echo "release name is $RELEASE_VERSION" | |
- name: Set Version | |
if: inputs.release_candidate == false | |
run: | | |
RELEASE_VERSION=${{env.BASE_VERSION}} | |
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV | |
echo "release name is $RELEASE_VERSION" | |
- name: Get Draft Release Notes | |
id: release-notes | |
uses: cardinalby/git-get-release-action@v1 | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
with: | |
draft: true | |
releaseName: ${{ env.BASE_VERSION }} | |
- name: Update Release Notes File | |
env: | |
RELEASE_NOTES: ${{ steps.release-notes.outputs.body }} | |
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
run: | | |
if git ls-remote --exit-code origin refs/tags/${{ env.RELEASE_VERSION }}; then | |
>&2 echo "tag ${{ env.RELEASE_VERSION }} already exists" | |
exit 2 | |
fi | |
v="${{env.RELEASE_VERSION}}" | |
f="docs/releasenotes/$v.md" | |
if [ ! -f "$f" ]; then | |
echo "# Release ${{ env.RELEASE_VERSION }}" > "$f" | |
echo "$RELEASE_NOTES" | tail -n +2 >> "$f" | |
echo "RELEASE_NOTES_FILE=$f" >> $GITHUB_ENV | |
git add "$f" | |
git commit -m "ReleaseNotes for $RELEASE_VERSION" | |
git push origin ${GITHUB_REF#refs/heads/} | |
else | |
echo "Using release notes file $f from code base" | |
fi | |
- name: Create and Push Release | |
env: | |
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
run: | | |
# git checkout --detach HEAD | |
echo -n "${RELEASE_VERSION#v}" > VERSION | |
git add VERSION | |
git commit -m "Release $RELEASE_VERSION" | |
msg="Release ${{ env.RELEASE_VERSION }}" | |
git tag --annotate --message "${msg}" ${{ env.RELEASE_VERSION }} | |
git push origin ${{ env.RELEASE_VERSION }} | |
- name: Create GPG Token file from Secret | |
run: | | |
echo "${{ secrets.GPG_PRIVATE_KEY_FOR_SIGNING }}" > ocm-releases-key.gpg | |
echo "GPG_KEY_PATH=ocm-releases-key.gpg" >> $GITHUB_ENV | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@v6 | |
with: | |
distribution: goreleaser | |
version: 2.1.0 | |
args: release --clean --timeout 60m --skip=validate --config=.github/config/goreleaser.yaml --release-notes=${{ env.RELEASE_NOTES_FILE }} | |
env: | |
GITHUBORG: ${{ github.repository_owner }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
GORELEASER_CURRENT_TAG: ${{ env.RELEASE_VERSION }} | |
NFPM_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
- name: Push OCM Components | |
env: | |
GITHUBORG: ${{ github.repository_owner }} | |
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
run: make plain-push | |
- name: Create Release Branch | |
if: inputs.release_candidate == false && inputs.create_branch && github.ref == 'refs/heads/main' | |
run: | | |
n="releases/${{env.RELEASE_VERSION}}" | |
git checkout -b "$n" | |
v="$(go run ./api/version/generate bump-patch)" | |
echo "$v" > VERSION | |
git add VERSION | |
git commit -m "Prepare Development of v$v" | |
git push origin "$n" | |
- name: Bump Version File | |
if: inputs.release_candidate == false | |
run: | | |
set -e | |
git checkout ${GITHUB_REF#refs/heads/} | |
v="$(go run ./api/version/generate bump-version)" | |
echo "$v" > VERSION | |
git add VERSION | |
git commit -m "Update version file to $v" | |
git push origin ${GITHUB_REF#refs/heads/} | |
echo "Next branch version is $v" | |
- name: Publish Release Event | |
if: inputs.release_candidate == false | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ steps.generate_token.outputs.token }} | |
repository: open-component-model/ocm-website | |
event-type: ocm-cli-release | |
client-payload: '{"tag": "${{ env.RELEASE_VERSION }}"}' | |
- name: Publish Release Event for other package registries | |
if: inputs.release_candidate == false | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ steps.generate_token.outputs.token }} | |
repository: open-component-model/ocm | |
event-type: ocm-cli-release | |
client-payload: '{"version": "${{ env.RELEASE_VERSION }}"}' |