Release #26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release: | |
| description: 'Desired tag' | |
| required: true | |
| tags: | |
| description: 'Previous tag' | |
| required: true | |
| git-ref: | |
| description: 'Git reference to checkout. Use an appropriate release-v* branch name, tag, or commit SHA.' | |
| required: true | |
| jobs: | |
| release: | |
| if: ${{ github.repository == 'shipwright-io/build' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write # To be able to get OIDC ID token to sign images. | |
| contents: write # To be able to update releases. | |
| packages: write # To be able to push images and signatures. | |
| pull-requests: write # To be able to create pull requests | |
| env: | |
| IMAGE_HOST: ghcr.io | |
| IMAGE_NAMESPACE: ${{ github.repository }} | |
| TAG: ${{ inputs.release }} | |
| steps: | |
| - name: Setup release ${{ inputs.release }} | |
| run: | | |
| echo "Creating release ${{ inputs.release }} from previous tag ${{ inputs.tags }} with ref ${{ inputs.git-ref }}" | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.git-ref }} | |
| fetch-depth: 0 # Fetch all history, needed for release note generation. | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.22.x' | |
| cache: true | |
| check-latest: true | |
| # Install tools | |
| - uses: ko-build/setup-ko@v0.7 | |
| with: | |
| version: v0.17.1 | |
| - uses: sigstore/cosign-installer@v3 | |
| - name: Build Release Changelog | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PREVIOUS_TAG: ${{ inputs.tags }} | |
| run: | | |
| # might not be necessary but make sure | |
| chmod +x "${GITHUB_WORKSPACE}/.github/draft_release_notes.sh" | |
| export GITHUB_TOKEN | |
| export PREVIOUS_TAG | |
| "${GITHUB_WORKSPACE}/.github/draft_release_notes.sh" | |
| - name: Draft release | |
| id: draft_release | |
| # TODO: This action is no longer mainained. We should use a different action | |
| # or the gh command line directly. | |
| uses: actions/create-release@v1 | |
| with: | |
| release_name: "Shipwright Build release ${{ inputs.release }}" | |
| tag_name: ${{ inputs.release }} | |
| body_path: Changes.md | |
| draft: true | |
| prerelease: true | |
| # create-release assumes one of two things if commitish is not set | |
| # 1. Release is from the "latest commit" on the repo's default branch. | |
| # 2. Release is for an existing tag with the same name | |
| commitish: ${{ inputs.git-ref }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate and upload release.yaml | |
| env: | |
| REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
| REGISTRY_USERNAME: ${{ github.repository_owner }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| make release | |
| gh release upload ${TAG} release.yaml | |
| gh release upload ${TAG} sample-strategies.yaml | |
| - name: Sign released images | |
| # Updated to use the git SHA of the checked out commit. The SHA for | |
| # workflow_dispatch events is the latest SHA of the _branch_ where the | |
| # action was invoked. | |
| run: | | |
| gitsha=$(git rev-parse --verify HEAD) | |
| grep -o "ghcr.io[^\"]*" release.yaml | xargs cosign sign --yes \ | |
| -a sha=${gitsha} \ | |
| -a run_id=${{ github.run_id }} \ | |
| -a run_attempt=${{ github.run_attempt }} | |
| - name: Update docs after release creation | |
| env: | |
| PREVIOUS_TAG: ${{ inputs.tags }} | |
| NEW_TAG: ${{ inputs.release }} | |
| run: | | |
| # Update README.md with new tag | |
| sed -i 's#https://github.com/shipwright-io/build/releases/download/'"$PREVIOUS_TAG"'/release.yaml#https://github.com/shipwright-io/build/releases/download/'"$NEW_TAG"'/release.yaml#g' README.md | |
| sed -i 's#https://github.com/shipwright-io/build/releases/download/'"$PREVIOUS_TAG"'/sample-strategies.yaml#https://github.com/shipwright-io/build/releases/download/'"$NEW_TAG"'/sample-strategies.yaml#g' README.md | |
| sed -i 's#https://raw.githubusercontent.com/shipwright-io/build/'"$PREVIOUS_TAG"'/hack/setup-webhook-cert.sh#https://raw.githubusercontent.com/shipwright-io/build/'"$NEW_TAG"'/hack/setup-webhook-cert.sh#g' README.md | |
| sed -i '/Examples @ HEAD/a | ['"$NEW_TAG"'](https://github.com/shipwright-io/build/releases/tag/'"$NEW_TAG"') | [Docs @ '"$NEW_TAG"'](https://github.com/shipwright-io/build/tree/'"$NEW_TAG"'/docs) | [Examples @ '"$NEW_TAG"'](https://github.com/shipwright-io/build/tree/'"$NEW_TAG"'/samples) |' README.md | |
| - name: Create Readme commits | |
| run: | | |
| git config user.name ${{ github.actor }} | |
| git config user.email ${{ github.actor }}@users.noreply.github.com | |
| git add README.md | |
| git commit -m "Update Readme with new Tag ${{ inputs.release }}" | |
| git clean -f | |
| - name: Create Readme PR | |
| uses: peter-evans/create-pull-request@v7 | |
| with: | |
| commit-message: Update Readme with new Tag | |
| author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com> | |
| signoff: false | |
| labels: | | |
| kind/documentation | |
| branch: update-readme-tag-refs | |
| delete-branch: true | |
| title: 'Update Readme with new tag' | |
| body: | | |
| Update README.md | |
| # Changes | |
| - Bump tag references to ${{ inputs.release }} | |
| # Submitter Checklist | |
| - [ ] Includes tests if functionality changed/was added | |
| - [x] Includes docs if changes are user-facing | |
| - [x] [Set a kind label on this PR](https://prow.k8s.io/command-help#kind) | |
| - [x] Release notes block has been filled in, or marked NONE | |
| # Release Notes | |
| ```release-note | |
| None | |
| ``` | |
| draft: false |