Release #108
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
workflow_dispatch: | |
inputs: | |
release_candidate: | |
type: boolean | |
description: "Release Candidate" | |
required: true | |
default: true | |
create_branch: | |
type: boolean | |
description: "Create Release Branch (on failure or if already existing, set to false to ensure a successful run)" | |
required: true | |
default: false | |
prerelease: | |
type: string | |
description: "Release Candidate Name, adjust after every succinct release candidate (e.g. to rc.2, rc.3...)" | |
required: true | |
default: "rc.1" | |
jobs: | |
check: | |
name: Check Release Preconditions | |
runs-on: large_runner | |
permissions: | |
contents: write | |
id-token: write | |
repository-projects: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Generate Base Version | |
run: | | |
BASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate print-version) | |
echo "BASE_VERSION=$BASE_VERSION" >> $GITHUB_ENV | |
- name: Generate Pre-Release Version | |
if: inputs.release_candidate == true | |
run: | | |
RELEASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate --no-dev print-rc-version ${{ github.event.inputs.prerelease }}) | |
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV | |
- name: Generate Release Version | |
if: inputs.release_candidate == false | |
run: | | |
RELEASE_VERSION=${{env.BASE_VERSION}} | |
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV | |
- name: Check Tag | |
run: | | |
set -e | |
if git ls-remote --exit-code origin refs/tags/${{ env.RELEASE_VERSION }} ; then | |
>&2 echo "tag ${{ env.RELEASE_VERSION }} already exists" | |
exit 1 | |
fi | |
- name: Check Branch | |
if: inputs.release_candidate == false && inputs.create_branch && github.ref == 'refs/heads/main' | |
run: | | |
set -e | |
if git ls-remote --exit-code origin refs/heads/releases/${{ env.RELEASE_VERSION }} ; then | |
>&2 echo "branch releases/${{ env.RELEASE_VERSION }} already exists" | |
exit 1 | |
fi | |
- name: Get Draft Release Notes | |
id: release-notes | |
uses: cardinalby/git-get-release-action@v1 | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
with: | |
draft: true | |
releaseName: ${{ env.BASE_VERSION }} | |
components: | |
name: Component CTF Builds | |
uses: ./.github/workflows/components.yaml | |
needs: check | |
permissions: | |
contents: read | |
pull-requests: read | |
release: | |
needs: | |
# run check before actual release to make sure we succeed | |
# they will be skipped from the needs check | |
- check | |
name: Release Build | |
runs-on: large_runner | |
permissions: | |
contents: write | |
id-token: write | |
packages: write | |
steps: | |
- name: Self Hosted Runner Post Job Cleanup Action | |
uses: TooMuch4U/[email protected] | |
- name: Generate token | |
id: generate_token | |
uses: tibdex/github-app-token@v2 | |
with: | |
app_id: ${{ secrets.OCMBOT_APP_ID }} | |
private_key: ${{ secrets.OCMBOT_PRIV_KEY }} | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
# fetch all history so we can calculate the version and tagging | |
fetch-depth: 0 | |
token: ${{ steps.generate_token.outputs.token }} | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: '${{ github.workspace }}/go.mod' | |
check-latest: false | |
cache: false | |
- name: Get go environment for use with cache | |
run: | | |
echo "go_cache=$(go env GOCACHE)" >> $GITHUB_ENV | |
echo "go_modcache=$(go env GOMODCACHE)" >> $GITHUB_ENV | |
# This step will only reuse the go mod and build cache from main made during the Build, | |
# see push_ocm.yaml => "ocm-cli-latest" Job | |
# This means it never caches by itself and PRs cannot cause cache pollution / thrashing | |
# This is because we have huge storage requirements for our cache because of the mass of dependencies | |
- name: Restore / Reuse Cache from central build | |
id: cache-golang-restore | |
uses: actions/cache/restore@v4 # Only Restore, not build another cache (too big) | |
with: | |
path: | | |
${{ env.go_cache }} | |
${{ env.go_modcache }} | |
key: ${{ env.cache_name }}-${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ hashFiles('**/go.mod') }} | |
restore-keys: | | |
${{ env.cache_name }}-${{ runner.os }}-go- | |
env: | |
cache_name: ocm-cli-latest-go-cache # needs to be the same key in the end as in the build step | |
- name: Setup Syft | |
uses: anchore/sbom-action/download-syft@251a468eed47e5082b105c3ba6ee500c0e65a764 # v0.17.6 | |
- name: Setup Cosign | |
uses: sigstore/[email protected] | |
- name: Setup git config | |
run: | | |
git config user.name "GitHub Actions Bot" | |
git config user.email "<41898282+github-actions[bot]@users.noreply.github.com>" | |
- name: Set Base Version | |
run: | | |
BASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate print-version) | |
echo "BASE_VERSION=$BASE_VERSION" >> $GITHUB_ENV | |
- name: Set Pre-Release Version | |
if: inputs.release_candidate == true | |
run: | | |
RELEASE_VERSION=v$(go run $GITHUB_WORKSPACE/api/version/generate --no-dev print-rc-version ${{ github.event.inputs.prerelease }}) | |
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV | |
echo "release name is $RELEASE_VERSION" | |
- name: Set Version | |
if: inputs.release_candidate == false | |
run: | | |
RELEASE_VERSION=${{env.BASE_VERSION}} | |
echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV | |
echo "release name is $RELEASE_VERSION" | |
- name: Get Draft Release Notes | |
id: release-notes | |
uses: cardinalby/git-get-release-action@v1 | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
with: | |
draft: true | |
releaseName: ${{ env.BASE_VERSION }} | |
- name: Update Release Notes File | |
env: | |
RELEASE_NOTES: ${{ steps.release-notes.outputs.body }} | |
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
run: | | |
if git ls-remote --exit-code origin refs/tags/${{ env.RELEASE_VERSION }}; then | |
>&2 echo "tag ${{ env.RELEASE_VERSION }} already exists" | |
exit 2 | |
fi | |
v="${{env.RELEASE_VERSION}}" | |
f="docs/releasenotes/$v.md" | |
if [ ! -f "$f" ]; then | |
echo "# Release ${{ env.RELEASE_VERSION }}" > "$f" | |
echo "$RELEASE_NOTES" | tail -n +2 >> "$f" | |
echo "RELEASE_NOTES_FILE=$f" >> $GITHUB_ENV | |
git add "$f" | |
git commit -m "ReleaseNotes for $RELEASE_VERSION" | |
git push origin ${GITHUB_REF#refs/heads/} | |
else | |
echo "Using release notes file $f from code base" | |
fi | |
- name: Create and Push Release | |
env: | |
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
run: | | |
# git checkout --detach HEAD | |
echo -n "${RELEASE_VERSION#v}" > VERSION | |
git add VERSION | |
git commit -m "Release $RELEASE_VERSION" | |
msg="Release ${{ env.RELEASE_VERSION }}" | |
git tag --annotate --message "${msg}" ${{ env.RELEASE_VERSION }} | |
git push origin ${{ env.RELEASE_VERSION }} | |
- name: Create GPG Token file from Secret | |
run: | | |
echo "${{ secrets.GPG_PRIVATE_KEY_FOR_SIGNING }}" > ocm-releases-key.gpg | |
echo "GPG_KEY_PATH=ocm-releases-key.gpg" >> $GITHUB_ENV | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@v6 | |
with: | |
distribution: goreleaser | |
version: 2.1.0 | |
args: release --clean --timeout 60m --skip=validate --config=.github/config/goreleaser.yaml --release-notes=${{ env.RELEASE_NOTES_FILE }} | |
env: | |
GITHUBORG: ${{ github.repository_owner }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
GORELEASER_CURRENT_TAG: ${{ env.RELEASE_VERSION }} | |
NFPM_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
- name: Remove GPG Token file | |
run: | | |
rm ocm-releases-key.gpg | |
- name: Push OCM Components | |
env: | |
GITHUBORG: ${{ github.repository_owner }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: make plain-push | |
- name: Create Release Branch | |
if: inputs.release_candidate == false && inputs.create_branch && github.ref == 'refs/heads/main' | |
run: | | |
n="releases/${{env.RELEASE_VERSION}}" | |
git checkout -b "$n" | |
v="$(go run ./api/version/generate bump-patch)" | |
echo "$v" > VERSION | |
git add VERSION | |
git commit -m "Prepare Development of v$v" | |
git push origin "$n" | |
- name: Bump Version File | |
if: inputs.release_candidate == false | |
run: | | |
set -e | |
git checkout ${GITHUB_REF#refs/heads/} | |
v="$(go run ./api/version/generate bump-version)" | |
echo "$v" > VERSION | |
# Trigger a bump of any potential files that depend on a new version | |
make -f hack/Makefile mdref && make -f hack/Makefile go-bindata && make generate | |
git add --all | |
git commit -m "Update version to $v" | |
git push origin ${GITHUB_REF#refs/heads/} | |
echo "Next branch version is $v" | |
- name: Publish Release Event | |
if: inputs.release_candidate == false | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ steps.generate_token.outputs.token }} | |
repository: open-component-model/ocm-website | |
event-type: ocm-cli-release | |
client-payload: '{"tag": "${{ env.RELEASE_VERSION }}"}' | |
# now distribute the release event so that other jobs can listen for this | |
# and use the event to publish our release to other package registries | |
- name: Publish Release Event for other package registries | |
if: inputs.release_candidate == false | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ steps.generate_token.outputs.token }} | |
repository: ${{ github.repository_owner }}/ocm | |
event-type: publish-ocm-cli | |
client-payload: '{"version":"${{ env.RELEASE_VERSION }}","push-to-aur":true,"push-to-chocolatey":true,"push-to-winget":true}' |