Skip to content

Release

Release #108

Workflow file for this run

name: Release
on:
workflow_dispatch:
inputs:
release_candidate:
type: boolean
description: "Release Candidate"
required: true
default: true
create_branch:
type: boolean
description: "Create Release Branch (on failure or if already existing, set to false to ensure a successful run)"
required: true
default: false
prerelease:
type: string
description: "Release Candidate Name, adjust after every succinct release candidate (e.g. to rc.2, rc.3...)"
required: true
default: "rc.1"
jobs:
check:
name: Check Release Preconditions
runs-on: large_runner
permissions:
contents: write
id-token: write
repository-projects: read
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Generate Base Version
run: |
BASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate print-version)
echo "BASE_VERSION=$BASE_VERSION" >> $GITHUB_ENV
- name: Generate Pre-Release Version
if: inputs.release_candidate == true
run: |
RELEASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate --no-dev print-rc-version ${{ github.event.inputs.prerelease }})
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV
- name: Generate Release Version
if: inputs.release_candidate == false
run: |
RELEASE_VERSION=${{env.BASE_VERSION}}
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV
- name: Check Tag
run: |
set -e
if git ls-remote --exit-code origin refs/tags/${{ env.RELEASE_VERSION }} ; then
>&2 echo "tag ${{ env.RELEASE_VERSION }} already exists"
exit 1
fi
- name: Check Branch
if: inputs.release_candidate == false && inputs.create_branch && github.ref == 'refs/heads/main'
run: |
set -e
if git ls-remote --exit-code origin refs/heads/releases/${{ env.RELEASE_VERSION }} ; then
>&2 echo "branch releases/${{ env.RELEASE_VERSION }} already exists"
exit 1
fi
- name: Get Draft Release Notes
id: release-notes
uses: cardinalby/git-get-release-action@v1
env:
GITHUB_TOKEN: ${{ github.token }}
with:
draft: true
releaseName: ${{ env.BASE_VERSION }}
components:
name: Component CTF Builds
uses: ./.github/workflows/components.yaml
needs: check
permissions:
contents: read
pull-requests: read
release:
needs:
# run check before actual release to make sure we succeed
# they will be skipped from the needs check
- check
name: Release Build
runs-on: large_runner
permissions:
contents: write
id-token: write
packages: write
steps:
- name: Self Hosted Runner Post Job Cleanup Action
uses: TooMuch4U/[email protected]
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@v2
with:
app_id: ${{ secrets.OCMBOT_APP_ID }}
private_key: ${{ secrets.OCMBOT_PRIV_KEY }}
- name: Checkout
uses: actions/checkout@v4
with:
# fetch all history so we can calculate the version and tagging
fetch-depth: 0
token: ${{ steps.generate_token.outputs.token }}
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: '${{ github.workspace }}/go.mod'
check-latest: false
cache: false
- name: Get go environment for use with cache
run: |
echo "go_cache=$(go env GOCACHE)" >> $GITHUB_ENV
echo "go_modcache=$(go env GOMODCACHE)" >> $GITHUB_ENV
# This step will only reuse the go mod and build cache from main made during the Build,
# see push_ocm.yaml => "ocm-cli-latest" Job
# This means it never caches by itself and PRs cannot cause cache pollution / thrashing
# This is because we have huge storage requirements for our cache because of the mass of dependencies
- name: Restore / Reuse Cache from central build
id: cache-golang-restore
uses: actions/cache/restore@v4 # Only Restore, not build another cache (too big)
with:
path: |
${{ env.go_cache }}
${{ env.go_modcache }}
key: ${{ env.cache_name }}-${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ hashFiles('**/go.mod') }}
restore-keys: |
${{ env.cache_name }}-${{ runner.os }}-go-
env:
cache_name: ocm-cli-latest-go-cache # needs to be the same key in the end as in the build step
- name: Setup Syft
uses: anchore/sbom-action/download-syft@251a468eed47e5082b105c3ba6ee500c0e65a764 # v0.17.6
- name: Setup Cosign
uses: sigstore/[email protected]
- name: Setup git config
run: |
git config user.name "GitHub Actions Bot"
git config user.email "<41898282+github-actions[bot]@users.noreply.github.com>"
- name: Set Base Version
run: |
BASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate print-version)
echo "BASE_VERSION=$BASE_VERSION" >> $GITHUB_ENV
- name: Set Pre-Release Version
if: inputs.release_candidate == true
run: |
RELEASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate --no-dev print-rc-version ${{ github.event.inputs.prerelease }})
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV
echo "release name is $RELEASE_VERSION"
- name: Set Version
if: inputs.release_candidate == false
run: |
RELEASE_VERSION=${{env.BASE_VERSION}}
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV
echo "release name is $RELEASE_VERSION"
- name: Get Draft Release Notes
id: release-notes
uses: cardinalby/git-get-release-action@v1
env:
GITHUB_TOKEN: ${{ github.token }}
with:
draft: true
releaseName: ${{ env.BASE_VERSION }}
- name: Update Release Notes File
env:
RELEASE_NOTES: ${{ steps.release-notes.outputs.body }}
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
run: |
if git ls-remote --exit-code origin refs/tags/${{ env.RELEASE_VERSION }}; then
>&2 echo "tag ${{ env.RELEASE_VERSION }} already exists"
exit 2
fi
v="${{env.RELEASE_VERSION}}"
f="docs/releasenotes/$v.md"
if [ ! -f "$f" ]; then
echo "# Release ${{ env.RELEASE_VERSION }}" > "$f"
echo "$RELEASE_NOTES" | tail -n +2 >> "$f"
echo "RELEASE_NOTES_FILE=$f" >> $GITHUB_ENV
git add "$f"
git commit -m "ReleaseNotes for $RELEASE_VERSION"
git push origin ${GITHUB_REF#refs/heads/}
else
echo "Using release notes file $f from code base"
fi
- name: Create and Push Release
env:
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
run: |
# git checkout --detach HEAD
echo -n "${RELEASE_VERSION#v}" > VERSION
git add VERSION
git commit -m "Release $RELEASE_VERSION"
msg="Release ${{ env.RELEASE_VERSION }}"
git tag --annotate --message "${msg}" ${{ env.RELEASE_VERSION }}
git push origin ${{ env.RELEASE_VERSION }}
- name: Create GPG Token file from Secret
run: |
echo "${{ secrets.GPG_PRIVATE_KEY_FOR_SIGNING }}" > ocm-releases-key.gpg
echo "GPG_KEY_PATH=ocm-releases-key.gpg" >> $GITHUB_ENV
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser
version: 2.1.0
args: release --clean --timeout 60m --skip=validate --config=.github/config/goreleaser.yaml --release-notes=${{ env.RELEASE_NOTES_FILE }}
env:
GITHUBORG: ${{ github.repository_owner }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
GORELEASER_CURRENT_TAG: ${{ env.RELEASE_VERSION }}
NFPM_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Remove GPG Token file
run: |
rm ocm-releases-key.gpg
- name: Push OCM Components
env:
GITHUBORG: ${{ github.repository_owner }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: make plain-push
- name: Create Release Branch
if: inputs.release_candidate == false && inputs.create_branch && github.ref == 'refs/heads/main'
run: |
n="releases/${{env.RELEASE_VERSION}}"
git checkout -b "$n"
v="$(go run ./api/version/generate bump-patch)"
echo "$v" > VERSION
git add VERSION
git commit -m "Prepare Development of v$v"
git push origin "$n"
- name: Bump Version File
if: inputs.release_candidate == false
run: |
set -e
git checkout ${GITHUB_REF#refs/heads/}
v="$(go run ./api/version/generate bump-version)"
echo "$v" > VERSION
# Trigger a bump of any potential files that depend on a new version
make -f hack/Makefile mdref && make -f hack/Makefile go-bindata && make generate
git add --all
git commit -m "Update version to $v"
git push origin ${GITHUB_REF#refs/heads/}
echo "Next branch version is $v"
- name: Publish Release Event
if: inputs.release_candidate == false
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ steps.generate_token.outputs.token }}
repository: open-component-model/ocm-website
event-type: ocm-cli-release
client-payload: '{"tag": "${{ env.RELEASE_VERSION }}"}'
# now distribute the release event so that other jobs can listen for this
# and use the event to publish our release to other package registries
- name: Publish Release Event for other package registries
if: inputs.release_candidate == false
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ steps.generate_token.outputs.token }}
repository: ${{ github.repository_owner }}/ocm
event-type: publish-ocm-cli
client-payload: '{"version":"${{ env.RELEASE_VERSION }}","push-to-aur":true,"push-to-chocolatey":true,"push-to-winget":true}'