Skip to content
This repository has been archived by the owner on Aug 3, 2023. It is now read-only.
Release

Merge pull request #40 from epinio/updating-node-releaseyaml #39

Sign in to view logs

Merge pull request #40 from epinio/updating-node-releaseyaml

Merge pull request #40 from epinio/updating-node-releaseyaml #39

Workflow file for this run

.github/workflows/release.yml at 2b5dadb
name: Release
on:
push:
tags:
- "v*"
workflow_dispatch:
inputs:
ui_bundle_url:
description: "ui_bundle_url"
required: false
type: string
env:
SETUP_GO_VERSION: '1.18'
SETUP_NODE_VERSION: '16'
jobs:
release:
runs-on: ubuntu-latest
permissions:
id-token: write # This is the key for OIDC!
contents: write
packages: write
steps:
-
name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
fetch-depth: 0
-
name: Set up Go
uses: actions/setup-go@v4
with:
cache: false
go-version: ${{ env.SETUP_GO_VERSION }}
-
name: Set up Node
uses: actions/setup-node@v3
with:
node-version: ${{ env.SETUP_NODE_VERSION }}
-
name: Install yarn
run: npm install --global yarn
-
uses: anchore/sbom-action/download-syft@v0.13.1
-
uses: sigstore/cosign-installer@v2.8.1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
-
name: Login to GitHub Docker Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Get current tag
id: get_tag
run: echo "TAG=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT
# if the ui_bundle_url is defined download and unpack the dashboard
-
name: Download dashboard
if: ${{ github.event.inputs.ui_bundle_url != '' }}
run: |
mkdir ui
wget "${{ github.event.inputs.ui_bundle_url }}"
tar xfz *.tar.gz -C ui
# otherwise fetch and build the latest dashboard from the repository
-
name: Checkout Rancher Dashboard UI
if: ${{ github.event.inputs.ui_bundle_url == '' }}
uses: actions/checkout@v3
with:
repository: epinio/ui
ref: ${{ steps.get_tag.outputs.TAG }}
submodules: recursive
fetch-depth: 0
path: epinio-ui
-
name: Build Epinio dashboard
if: ${{ github.event.inputs.ui_bundle_url == '' }}
# go to the repo's directory, build the ui, move the build to `ui` in the workflow root (as per location when downloading from url)
run: |
pushd epinio-ui
./.github/workflows/scripts/build-ui.sh
mv dashboard/$OUTPUT_DIR/$ARTIFACT_NAME ../ui
popd
rm -rf epinio-ui
env:
RANCHER_ENV: epinio
EXCLUDES_PKG: rancher-components,harvester
EXCLUDE_OPERATOR_PKG: true
OUTPUT_DIR: dist
RELEASE_DIR: release
ARTIFACT_NAME: rancher-dashboard-epinio-standalone
NODE_OPTIONS: "--max-old-space-size=4096"
LOGIN_LOCALE_SELECTOR: false
-
name: Run GoReleaser Cross
run: ./build/bk-release.sh release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
UI_BUNDLE_URL: "${{ github.event.inputs.ui_bundle_url }}"
# The "id-token: write" permission for the OIDC will set the ACTIONS_ID_TOKEN_REQUEST_URL and ACTIONS_ID_TOKEN_REQUEST_TOKEN
# environment variables. Since we are running goreleaser-cross from a Docker image we need to pass those to the script and the container.
# See: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#updating-your-actions-for-oidc
ACTIONS_ID_TOKEN_REQUEST_URL: ${{ env.ACTIONS_ID_TOKEN_REQUEST_URL }}
ACTIONS_ID_TOKEN_REQUEST_TOKEN: ${{ env.ACTIONS_ID_TOKEN_REQUEST_TOKEN }}
-
name: Verify signatures on the generated docker images and manifests
id: verify_signatures
run: |
cosign verify ghcr.io/epinio/epinio-ui:${{ steps.get_tag.outputs.TAG }}
cosign verify ghcr.io/epinio/epinio-ui:latest
env:
DOCKER_CLI_EXPERIMENTAL: enabled
COSIGN_EXPERIMENTAL: 1
# Allow to release Epinio UI Helm chart automatically when we release Epinio.
# The tag is sent to the Helm chart repo.
-
name: Repository Dispatch
uses: peter-evans/repository-dispatch@v1
with:
token: ${{ secrets.CHART_REPO_ACCESS_TOKEN }}
repository: epinio/helm-charts
event-type: epinio-ui-release
client-payload: '{"ref": "${{ steps.get_tag.outputs.TAG }}"}'