Release #103
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
workflow_dispatch: | |
inputs: | |
release_candidate: | |
type: boolean | |
description: "Release Candidate" | |
required: true | |
default: true | |
create_branch: | |
type: boolean | |
description: "Create Release Branch (on failure or if already existing, set to false to ensure a successful run)" | |
required: true | |
default: false | |
prerelease: | |
type: string | |
description: "Release Candidate Name, adjust after every succinct release candidate (e.g. to rc.2, rc.3...)" | |
required: true | |
default: "rc.1" | |
jobs: | |
check: | |
name: Check Release Preconditions | |
runs-on: large_runner | |
permissions: | |
contents: write | |
id-token: write | |
repository-projects: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Job Settings | |
run: | | |
echo "Release Job Arguments" | |
if ${{ github.event.inputs.release_candidate }}; then | |
v="v$(go run $GITHUB_WORKSPACE/api/version/generate --no-dev print-rc-version ${{ github.event.inputs.prerelease }})" | |
if [ -n "${{ github.event.inputs.prerelease }}" ]; then | |
echo "Candidate: $v" | |
else | |
echo "Candidate: $v (taken from source)" | |
fi | |
else | |
v="v$(go run $GITHUB_WORKSPACE/api/version/generate print-version)" | |
echo "Final Release: $v" | |
if ${{ github.event.inputs.create_branch }}; then | |
echo "with release branch creation" | |
else | |
echo "without release branch creation" | |
fi | |
fi | |
- name: Set Base Version | |
run: | | |
BASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate print-version) | |
echo "BASE_VERSION=$BASE_VERSION" >> $GITHUB_ENV | |
- name: Set Pre-Release Version | |
if: inputs.release_candidate == true | |
run: | | |
RELEASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate --no-dev print-rc-version ${{ github.event.inputs.prerelease }}) | |
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV | |
- name: Set Version | |
if: inputs.release_candidate == false | |
run: | | |
RELEASE_VERSION=${{env.BASE_VERSION}} | |
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV | |
- name: Check Tag | |
run: | | |
set -e | |
if git ls-remote --exit-code origin refs/tags/${{ env.RELEASE_VERSION }} ; then | |
>&2 echo "tag ${{ env.RELEASE_VERSION }} already exists" | |
exit 1 | |
fi | |
- name: Check Branch | |
if: inputs.release_candidate == false && inputs.create_branch && github.ref == 'refs/heads/main' | |
run: | | |
set -e | |
if git ls-remote --exit-code origin refs/heads/releases/${{ env.RELEASE_VERSION }} ; then | |
>&2 echo "branch releases/${{ env.RELEASE_VERSION }} already exists" | |
exit 1 | |
fi | |
- name: Get Draft Release Notes | |
id: release-notes | |
uses: cardinalby/git-get-release-action@v1 | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
with: | |
draft: true | |
releaseName: ${{ env.BASE_VERSION }} | |
lint-and-test: | |
name: Lint and Unit Tests | |
uses: ./.github/workflows/lint_and_test.yaml | |
needs: check | |
permissions: | |
contents: read | |
pull-requests: read | |
components: | |
name: Component CTF Builds | |
uses: ./.github/workflows/components.yaml | |
needs: check | |
permissions: | |
contents: read | |
pull-requests: read | |
diff-check-manifests: | |
name: Check for diff after go mod tidy and generated targets | |
uses: ./.github/workflows/check_diff_action.yaml | |
needs: check | |
permissions: | |
contents: read | |
pull-requests: read | |
release: | |
# needs: | |
# - lint-and-test | |
# - components | |
name: Release Build | |
runs-on: large_runner | |
permissions: | |
contents: write | |
id-token: write | |
packages: write | |
steps: | |
- name: Self Hosted Runner Post Job Cleanup Action | |
uses: TooMuch4U/[email protected] | |
- name: Generate token | |
id: generate_token | |
uses: tibdex/github-app-token@v2 | |
with: | |
app_id: ${{ secrets.OCMBOT_APP_ID }} | |
private_key: ${{ secrets.OCMBOT_PRIV_KEY }} | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
token: ${{ steps.generate_token.outputs.token }} | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: '${{ github.workspace }}/go.mod' | |
check-latest: false | |
cache: false | |
- name: Get go environment for use with cache | |
run: | | |
echo "go_cache=$(go env GOCACHE)" >> $GITHUB_ENV | |
echo "go_modcache=$(go env GOMODCACHE)" >> $GITHUB_ENV | |
- name: Set up cache | |
# https://github.com/actions/setup-go/issues/358 - cache is not working with setup-go for multiple jobs | |
uses: actions/cache@v4 | |
with: | |
path: | | |
${{ env.go_cache }} | |
${{ env.go_modcache }} | |
key: ${{ env.cache_name }}-${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ hashFiles('**/go.mod') }} | |
restore-keys: | | |
${{ env.cache_name }}-${{ runner.os }}-go- | |
env: | |
cache_name: release-go-cache | |
- name: Setup Syft | |
uses: anchore/sbom-action/download-syft@8d0a6505bf28ced3e85154d13dc6af83299e13f1 # v0.17.4 | |
- name: Setup Cosign | |
uses: sigstore/[email protected] | |
- name: Setup git config | |
run: | | |
git config user.name "GitHub Actions Bot" | |
git config user.email "<41898282+github-actions[bot]@users.noreply.github.com>" | |
- name: Set Base Version | |
run: | | |
BASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate print-version) | |
echo "BASE_VERSION=$BASE_VERSION" >> $GITHUB_ENV | |
- name: Set Pre-Release Version | |
if: inputs.release_candidate == true | |
run: | | |
RELEASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate --no-dev print-rc-version ${{ github.event.inputs.prerelease }}) | |
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV | |
echo "release name is $RELEASE_VERSION" | |
- name: Set Version | |
if: inputs.release_candidate == false | |
run: | | |
RELEASE_VERSION=${{env.BASE_VERSION}} | |
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV | |
echo "release name is $RELEASE_VERSION" | |
- name: Get Draft Release Notes | |
id: release-notes | |
uses: cardinalby/git-get-release-action@v1 | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
with: | |
draft: true | |
releaseName: ${{ env.BASE_VERSION }} | |
- name: Update Release Notes File | |
env: | |
RELEASE_NOTES: ${{ steps.release-notes.outputs.body }} | |
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
run: | | |
if git ls-remote --exit-code origin refs/tags/${{ env.RELEASE_VERSION }}; then | |
>&2 echo "tag ${{ env.RELEASE_VERSION }} already exists" | |
exit 2 | |
fi | |
v="${{env.RELEASE_VERSION}}" | |
f="docs/releasenotes/$v.md" | |
if [ ! -f "$f" ]; then | |
echo "# Release ${{ env.RELEASE_VERSION }}" > "$f" | |
echo "$RELEASE_NOTES" | tail -n +2 >> "$f" | |
echo "RELEASE_NOTES_FILE=$f" >> $GITHUB_ENV | |
git add "$f" | |
git commit -m "ReleaseNotes for $RELEASE_VERSION" | |
git push origin ${GITHUB_REF#refs/heads/} | |
else | |
echo "Using release notes file $f from code base" | |
fi | |
- name: Create and Push Release | |
env: | |
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
run: | | |
# git checkout --detach HEAD | |
echo -n "${RELEASE_VERSION#v}" > VERSION | |
git add VERSION | |
git commit -m "Release $RELEASE_VERSION" | |
msg="Release ${{ env.RELEASE_VERSION }}" | |
git tag --annotate --message "${msg}" ${{ env.RELEASE_VERSION }} | |
git push origin ${{ env.RELEASE_VERSION }} | |
- name: Create GPG Token file from Secret | |
run: | | |
echo "${{ secrets.GPG_PRIVATE_KEY_FOR_SIGNING }}" > ocm-releases-key.gpg | |
echo "GPG_KEY_PATH=ocm-releases-key.gpg" >> $GITHUB_ENV | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@v6 | |
with: | |
distribution: goreleaser | |
version: 2.1.0 | |
args: release --clean --timeout 60m --skip=validate --config=.github/config/goreleaser.yaml --release-notes=${{ env.RELEASE_NOTES_FILE }} | |
env: | |
GITHUBORG: ${{ github.repository_owner }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
GORELEASER_CURRENT_TAG: ${{ env.RELEASE_VERSION }} | |
NFPM_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
- name: Push OCM Components | |
env: | |
GITHUBORG: ${{ github.repository_owner }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: make plain-push | |
- name: Create Release Branch | |
if: inputs.release_candidate == false && inputs.create_branch && github.ref == 'refs/heads/main' | |
run: | | |
n="releases/${{env.RELEASE_VERSION}}" | |
git checkout -b "$n" | |
v="$(go run ./api/version/generate bump-patch)" | |
echo "$v" > VERSION | |
git add VERSION | |
git commit -m "Prepare Development of v$v" | |
git push origin "$n" | |
- name: Bump Version File | |
if: inputs.release_candidate == false | |
run: | | |
set -e | |
git checkout ${GITHUB_REF#refs/heads/} | |
v="$(go run ./api/version/generate bump-version)" | |
echo "$v" > VERSION | |
# Trigger a bump of any potential files that depend on a new version | |
make generate | |
git add --all | |
git commit -m "Update version to $v" | |
git push origin ${GITHUB_REF#refs/heads/} | |
echo "Next branch version is $v" | |
- name: Publish Release Event | |
if: inputs.release_candidate == false | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ steps.generate_token.outputs.token }} | |
repository: open-component-model/ocm-website | |
event-type: ocm-cli-release | |
client-payload: '{"tag": "${{ env.RELEASE_VERSION }}"}' | |
# now distribute the release event so that other jobs can listen for this | |
# and use the event to publish our release to other package registries | |
- name: Publish Release Event for other package registries | |
if: inputs.release_candidate == false | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ steps.generate_token.outputs.token }} | |
repository: open-component-model/ocm | |
event-type: ocm-cli-release | |
client-payload: '{"version": "${{ env.RELEASE_VERSION }}"}' |