Release Armada Operator #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Armada Operator | |
| on: | |
| workflow_run: | |
| types: [completed] | |
| workflows: [CI] | |
| branches: | |
| - v* | |
| permissions: | |
| contents: write | |
| jobs: | |
| validate: | |
| if: github.event.workflow_run.event == 'push' && github.event.workflow_run.conclusion == 'success' && github.repository_owner == 'armadaproject' | |
| name: "Validate revision" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "Checkout" | |
| uses: "actions/checkout@v4" | |
| with: | |
| fetch-depth: 0 | |
| # The given ref should belong to the main branch. | |
| # If it starts with 'v', it should be a tag, belong to the main branch and match the semver regex. | |
| # Anything else is invalid. | |
| - name: Validate ref | |
| run: | | |
| ref='${{ github.event.workflow_run.head_branch }}' | |
| sha='${{ github.event.workflow_run.head_sha }}' | |
| [[ $ref =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] && | |
| [ $(git tag --points-at $sha | grep -E "^$ref\$" | wc -l) -eq 1 ] && | |
| [ $(git branch --contains=$sha main | wc -l) -eq 1 ] | |
| if [ $? -ne 0 ]; then | |
| echo "::error ::Invalid ref $ref $sha: must be a tag, belong to the main branch and match the semver regex" | |
| exit 1 | |
| fi | |
| release: | |
| name: "Release" | |
| needs: validate | |
| runs-on: ubuntu-latest | |
| environment: armada-dockerhub | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Fetch Git tags | |
| run: git fetch --force --tags | |
| - name: Setup Go | |
| id: setup-go | |
| uses: ./.github/actions/setup-go-cache | |
| with: | |
| cache-prefix: go-build | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: "Docker login" | |
| uses: "docker/login-action@v3" | |
| with: | |
| username: "${{ secrets.DOCKERHUB_USER }}" | |
| password: "${{ secrets.DOCKERHUB_PASS }}" | |
| - name: Set up Syft | |
| run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin | |
| - name: Set current and previous tag # Workaround, GoReleaser uses 'git-describe' to determine a previous tag. | |
| run: | | |
| current_tag='${{ github.event.workflow_run.head_branch }}' | |
| echo "GORELEASER_CURRENT_TAG=$current_tag" >> $GITHUB_ENV | |
| previous_tag=$(git -c 'versionsort.suffix=-rc' tag --list --sort=version:refname | grep -Eo '^v[0-9]{1,}.[0-9]{1,}.[0-9]{1,}$' | tail -n 2 | head -n 1) | |
| echo "GORELEASER_PREVIOUS_TAG=$previous_tag" >> $GITHUB_ENV | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v5 | |
| with: | |
| distribution: goreleaser | |
| version: v1.26.2 | |
| args: "-f ./.goreleaser.yaml release --clean" | |
| env: | |
| FULL_RELEASE: true | |
| DOCKER_REPO: "gresearch" | |
| GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| DOCKER_BUILDX_BUILDER: "${{ steps.buildx.outputs.name }}" | |
| invoke-chart-push: | |
| name: Invoke Chart push | |
| needs: release | |
| uses: G-Research/charts/.github/workflows/invoke-push.yaml@master | |
| secrets: | |
| APP_ID: ${{ secrets.APP_ID }} | |
| APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }} |