Skip to content

Release

Release #93

Workflow file for this run

name: Release
on:
workflow_dispatch:
inputs:
release_candidate:
type: boolean
description: "Release Candidate"
required: false
default: false
create_branch:
type: boolean
description: "Create Release Branch"
required: false
default: false
prerelease:
type: string
description: "Release Candidate Name"
required: false
default: ""
jobs:
check:
name: Check Release Preconditions
runs-on: large_runner
permissions:
contents: write
id-token: write
repository-projects: read
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Job Settings
run: |
echo "Release Job Arguments"
if ${{ github.event.inputs.release_candidate }}; then
v="v$(go run $GITHUB_WORKSPACE/api/version/generate --no-dev print-rc-version ${{ github.event.inputs.prerelease }})"
if [ -n "${{ github.event.inputs.prerelease }}" ]; then
echo "Candidate: $v"
else
echo "Candidate: $v (taken from source)"
fi
else
v="v$(go run $GITHUB_WORKSPACE/api/version/generate print-version)"
echo "Final Release: $v"
if ${{ github.event.inputs.create_branch }}; then
echo "with release branch creation"
else
echo "without release branch creation"
fi
fi
- name: Set Base Version
run: |
BASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate print-version)
echo "BASE_VERSION=$BASE_VERSION" >> $GITHUB_ENV
- name: Set Pre-Release Version
if: inputs.release_candidate == true
run: |
RELEASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate --no-dev print-rc-version ${{ github.event.inputs.prerelease }})
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV
- name: Set Version
if: inputs.release_candidate == false
run: |
RELEASE_VERSION=${{env.BASE_VERSION}}
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV
- name: Check Tag
run: |
set -e
if git ls-remote --exit-code origin refs/tags/${{ env.RELEASE_VERSION }} ; then
>&2 echo "tag ${{ env.RELEASE_VERSION }} already exists"
exit 1
fi
- name: Check Branch
if: inputs.release_candidate == false && inputs.create_branch && github.ref == 'refs/heads/main'
run: |
set -e
if git ls-remote --exit-code origin refs/heads/releases/${{ env.RELEASE_VERSION }} ; then
>&2 echo "branch releases/${{ env.RELEASE_VERSION }} already exists"
exit 1
fi
- name: Get Draft Release Notes
id: release-notes
uses: cardinalby/git-get-release-action@v1
env:
GITHUB_TOKEN: ${{ github.token }}
with:
draft: true
releaseName: ${{ env.BASE_VERSION }}
lint-and-test:
name: Lint and Unit Tests
uses: ./.github/workflows/lint_and_test.yaml
needs: check
permissions:
contents: read
pull-requests: read
components:
name: Component CTF Builds
uses: ./.github/workflows/components.yaml
needs: check
permissions:
contents: read
pull-requests: read
diff-check-manifests:
name: Check for diff after go mod tidy and generated targets
uses: ./.github/workflows/check_diff_action.yaml
needs: check
permissions:
contents: read
pull-requests: read
release:
needs:
- lint-and-test
- components
name: Release Build
runs-on: large_runner
permissions:
contents: write
id-token: write
packages: write
steps:
- name: Self Hosted Runner Post Job Cleanup Action
uses: TooMuch4U/[email protected]
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@v2
with:
permissions: >-
{ "packages": "write",
"contents": "write",
"id-token": "write" }
app_id: ${{ secrets.OCMBOT_APP_ID }}
private_key: ${{ secrets.OCMBOT_PRIV_KEY }}
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ steps.generate_token.outputs.token }}
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: '${{ github.workspace }}/go.mod'
check-latest: false
- name: Setup Syft
uses: anchore/sbom-action/download-syft@f5e124a5e5e1d497a692818ae907d3c45829d033 # v0.17.3
- name: Setup Cosign
uses: sigstore/[email protected]
- name: Setup git config
run: |
git config user.name "GitHub Actions Bot"
git config user.email "<41898282+github-actions[bot]@users.noreply.github.com>"
- name: Set Base Version
run: |
BASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate print-version)
echo "BASE_VERSION=$BASE_VERSION" >> $GITHUB_ENV
- name: Set Pre-Release Version
if: inputs.release_candidate == true
run: |
RELEASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate --no-dev print-rc-version ${{ github.event.inputs.prerelease }})
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV
echo "release name is $RELEASE_VERSION"
- name: Set Version
if: inputs.release_candidate == false
run: |
RELEASE_VERSION=${{env.BASE_VERSION}}
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV
echo "release name is $RELEASE_VERSION"
- name: Get Draft Release Notes
id: release-notes
uses: cardinalby/git-get-release-action@v1
env:
GITHUB_TOKEN: ${{ github.token }}
with:
draft: true
releaseName: ${{ env.BASE_VERSION }}
- name: Update Release Notes File
env:
RELEASE_NOTES: ${{ steps.release-notes.outputs.body }}
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
run: |
if git ls-remote --exit-code origin refs/tags/${{ env.RELEASE_VERSION }}; then
>&2 echo "tag ${{ env.RELEASE_VERSION }} already exists"
exit 2
fi
v="${{env.RELEASE_VERSION}}"
f="docs/releasenotes/$v.md"
if [ ! -f "$f" ]; then
echo "# Release ${{ env.RELEASE_VERSION }}" > "$f"
echo "$RELEASE_NOTES" | tail -n +2 >> "$f"
echo "RELEASE_NOTES_FILE=$f" >> $GITHUB_ENV
git add "$f"
git commit -m "ReleaseNotes for $RELEASE_VERSION"
git push origin ${GITHUB_REF#refs/heads/}
else
echo "Using release notes file $f from code base"
fi
- name: Create and Push Release
env:
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
run: |
# git checkout --detach HEAD
echo -n "${RELEASE_VERSION#v}" > VERSION
git add VERSION
git commit -m "Release $RELEASE_VERSION"
msg="Release ${{ env.RELEASE_VERSION }}"
git tag --annotate --message "${msg}" ${{ env.RELEASE_VERSION }}
git push origin ${{ env.RELEASE_VERSION }}
- name: Create GPG Token file from Secret
run: |
echo "${{ secrets.GPG_PRIVATE_KEY_FOR_SIGNING }}" > ocm-releases-key.gpg
echo "GPG_KEY_PATH=ocm-releases-key.gpg" >> $GITHUB_ENV
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser
version: 2.1.0
args: release --clean --timeout 60m --skip=validate --config=.github/config/goreleaser.yaml --release-notes=${{ env.RELEASE_NOTES_FILE }}
env:
GITHUBORG: ${{ github.repository_owner }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
GORELEASER_CURRENT_TAG: ${{ env.RELEASE_VERSION }}
NFPM_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Push OCM Components
env:
GITHUBORG: ${{ github.repository_owner }}
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
run: make plain-push
- name: Create Release Branch
if: inputs.release_candidate == false && inputs.create_branch && github.ref == 'refs/heads/main'
run: |
n="releases/${{env.RELEASE_VERSION}}"
git checkout -b "$n"
v="$(go run ./api/version/generate bump-patch)"
echo "$v" > VERSION
git add VERSION
git commit -m "Prepare Development of v$v"
git push origin "$n"
- name: Bump Version File
if: inputs.release_candidate == false
run: |
set -e
git checkout ${GITHUB_REF#refs/heads/}
v="$(go run ./api/version/generate bump-version)"
echo "$v" > VERSION
git add VERSION
git commit -m "Update version file to $v"
git push origin ${GITHUB_REF#refs/heads/}
echo "Next branch version is $v"
- name: Publish Release Event
if: inputs.release_candidate == false
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ steps.generate_token.outputs.token }}
repository: open-component-model/ocm-website
event-type: ocm-cli-release
client-payload: '{"tag": "${{ env.RELEASE_VERSION }}"}'
- name: Publish Release Event for other package registries
if: inputs.release_candidate == false
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ steps.generate_token.outputs.token }}
repository: open-component-model/ocm
event-type: ocm-cli-release
client-payload: '{"version": "${{ env.RELEASE_VERSION }}"}'