This repository has been archived by the owner on Aug 3, 2023. It is now read-only.
Release Next #312
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release Next | |
on: | |
schedule: | |
- cron: '0 1 * * *' | |
workflow_dispatch: | |
inputs: | |
ui_bundle_url: | |
description: "ui_bundle_url" | |
required: false | |
type: string | |
env: | |
SETUP_GO_VERSION: '1.18' | |
SETUP_NODE_VERSION: '16' | |
jobs: | |
release-next: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write # This is the key for OIDC! | |
contents: write | |
packages: write | |
steps: | |
- | |
name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
fetch-depth: 0 | |
- | |
name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
cache: false | |
go-version: ${{ env.SETUP_GO_VERSION }} | |
- | |
name: Set up Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ env.SETUP_NODE_VERSION }} | |
- | |
name: Install yarn | |
run: npm install --global yarn | |
- | |
uses: anchore/sbom-action/download-syft@v0.13.1 | |
- | |
uses: sigstore/cosign-installer@v2.8.1 | |
- | |
name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- | |
name: Login to GitHub Docker Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- | |
name: Get latest tag | |
id: get_latest_tag | |
run: echo "LATEST_TAG=$(git describe --tags --abbrev=0)" >> $GITHUB_OUTPUT | |
- | |
name: Tag current commit as latest-next | |
run: git tag ${{ steps.get_latest_tag.outputs.LATEST_TAG }}-next | |
# if the ui_bundle_url is defined download and unpack the dashboard | |
- | |
name: Download dashboard | |
if: ${{ github.event.inputs.ui_bundle_url != '' }} | |
run: | | |
mkdir ui | |
wget "${{ github.event.inputs.ui_bundle_url }}" | |
tar xfz *.tar.gz -C ui | |
# otherwise fetch and build the latest dashboard from the repository | |
- | |
name: Checkout Rancher Dashboard UI | |
if: ${{ github.event.inputs.ui_bundle_url == '' }} | |
uses: actions/checkout@v3 | |
with: | |
repository: epinio/ui | |
ref: main | |
submodules: recursive | |
fetch-depth: 0 | |
path: epinio-ui | |
- | |
name: Build Epinio dashboard | |
if: ${{ github.event.inputs.ui_bundle_url == '' }} | |
# go to the repo's directory, build the ui, move the build to `ui` in the workflow root (as per location when downloading from url) | |
run: | | |
pushd epinio-ui | |
./.github/workflows/scripts/build-ui.sh | |
mv dashboard/$OUTPUT_DIR/$ARTIFACT_NAME ../ui | |
popd | |
rm -rf epinio-ui | |
env: | |
RANCHER_ENV: epinio | |
EXCLUDES_PKG: rancher-components,harvester | |
EXCLUDE_OPERATOR_PKG: true | |
OUTPUT_DIR: dist | |
RELEASE_DIR: release | |
ARTIFACT_NAME: rancher-dashboard-epinio-standalone | |
NODE_OPTIONS: "--max-old-space-size=4096" | |
LOGIN_LOCALE_SELECTOR: false | |
################# | |
- | |
name: Run GoReleaser Cross | |
run: ./build/bk-release.sh release --rm-dist -f .goreleaser-next.yml | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
UI_BUNDLE_URL: "${{ github.event.inputs.ui_bundle_url || 'dev' }}" | |
# The "id-token: write" permission for the OIDC will set the ACTIONS_ID_TOKEN_REQUEST_URL and ACTIONS_ID_TOKEN_REQUEST_TOKEN | |
# environment variables. Since we are running goreleaser-cross from a Docker image we need to pass those to the script and the container. | |
# See: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#updating-your-actions-for-oidc | |
ACTIONS_ID_TOKEN_REQUEST_URL: ${{ env.ACTIONS_ID_TOKEN_REQUEST_URL }} | |
ACTIONS_ID_TOKEN_REQUEST_TOKEN: ${{ env.ACTIONS_ID_TOKEN_REQUEST_TOKEN }} | |
- | |
name: Verify signatures on the generated docker images and manifests | |
id: verify_signatures | |
run: | | |
cosign verify ghcr.io/epinio/epinio-ui:latest-next | |
env: | |
DOCKER_CLI_EXPERIMENTAL: enabled | |
COSIGN_EXPERIMENTAL: 1 | |
- | |
name: Cleanup the latest-next tag | |
run: git tag -d ${{ steps.get_latest_tag.outputs.LATEST_TAG }}-next |