Skip to content
This repository has been archived by the owner on Aug 3, 2023. It is now read-only.

Release Next

Release Next #312

Workflow file for this run

name: Release Next
on:
schedule:
- cron: '0 1 * * *'
workflow_dispatch:
inputs:
ui_bundle_url:
description: "ui_bundle_url"
required: false
type: string
env:
SETUP_GO_VERSION: '1.18'
SETUP_NODE_VERSION: '16'
jobs:
release-next:
runs-on: ubuntu-latest
permissions:
id-token: write # This is the key for OIDC!
contents: write
packages: write
steps:
-
name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
fetch-depth: 0
-
name: Set up Go
uses: actions/setup-go@v4
with:
cache: false
go-version: ${{ env.SETUP_GO_VERSION }}
-
name: Set up Node
uses: actions/setup-node@v3
with:
node-version: ${{ env.SETUP_NODE_VERSION }}
-
name: Install yarn
run: npm install --global yarn
-
uses: anchore/sbom-action/download-syft@v0.13.1
-
uses: sigstore/cosign-installer@v2.8.1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
-
name: Login to GitHub Docker Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Get latest tag
id: get_latest_tag
run: echo "LATEST_TAG=$(git describe --tags --abbrev=0)" >> $GITHUB_OUTPUT
-
name: Tag current commit as latest-next
run: git tag ${{ steps.get_latest_tag.outputs.LATEST_TAG }}-next
# if the ui_bundle_url is defined download and unpack the dashboard
-
name: Download dashboard
if: ${{ github.event.inputs.ui_bundle_url != '' }}
run: |
mkdir ui
wget "${{ github.event.inputs.ui_bundle_url }}"
tar xfz *.tar.gz -C ui
# otherwise fetch and build the latest dashboard from the repository
-
name: Checkout Rancher Dashboard UI
if: ${{ github.event.inputs.ui_bundle_url == '' }}
uses: actions/checkout@v3
with:
repository: epinio/ui
ref: main
submodules: recursive
fetch-depth: 0
path: epinio-ui
-
name: Build Epinio dashboard
if: ${{ github.event.inputs.ui_bundle_url == '' }}
# go to the repo's directory, build the ui, move the build to `ui` in the workflow root (as per location when downloading from url)
run: |
pushd epinio-ui
./.github/workflows/scripts/build-ui.sh
mv dashboard/$OUTPUT_DIR/$ARTIFACT_NAME ../ui
popd
rm -rf epinio-ui
env:
RANCHER_ENV: epinio
EXCLUDES_PKG: rancher-components,harvester
EXCLUDE_OPERATOR_PKG: true
OUTPUT_DIR: dist
RELEASE_DIR: release
ARTIFACT_NAME: rancher-dashboard-epinio-standalone
NODE_OPTIONS: "--max-old-space-size=4096"
LOGIN_LOCALE_SELECTOR: false
#################
-
name: Run GoReleaser Cross
run: ./build/bk-release.sh release --rm-dist -f .goreleaser-next.yml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
UI_BUNDLE_URL: "${{ github.event.inputs.ui_bundle_url || 'dev' }}"
# The "id-token: write" permission for the OIDC will set the ACTIONS_ID_TOKEN_REQUEST_URL and ACTIONS_ID_TOKEN_REQUEST_TOKEN
# environment variables. Since we are running goreleaser-cross from a Docker image we need to pass those to the script and the container.
# See: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#updating-your-actions-for-oidc
ACTIONS_ID_TOKEN_REQUEST_URL: ${{ env.ACTIONS_ID_TOKEN_REQUEST_URL }}
ACTIONS_ID_TOKEN_REQUEST_TOKEN: ${{ env.ACTIONS_ID_TOKEN_REQUEST_TOKEN }}
-
name: Verify signatures on the generated docker images and manifests
id: verify_signatures
run: |
cosign verify ghcr.io/epinio/epinio-ui:latest-next
env:
DOCKER_CLI_EXPERIMENTAL: enabled
COSIGN_EXPERIMENTAL: 1
-
name: Cleanup the latest-next tag
run: git tag -d ${{ steps.get_latest_tag.outputs.LATEST_TAG }}-next