Merge pull request #372 from torchiaf/update-doc-helm-values #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| env: | |
| SETUP_GO_VERSION: '1.20' | |
| SETUP_NODE_VERSION: '16' | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write # This is the key for OIDC! | |
| contents: write | |
| packages: write | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| fetch-depth: 0 | |
| - | |
| name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| cache: false | |
| go-version: ${{ env.SETUP_GO_VERSION }} | |
| - | |
| name: Set up Node | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ env.SETUP_NODE_VERSION }} | |
| - | |
| name: Install yarn | |
| run: npm install --global yarn | |
| - | |
| uses: anchore/sbom-action/[email protected] | |
| - | |
| uses: sigstore/[email protected] | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - | |
| name: Login to GitHub Docker Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - | |
| name: Get current tag | |
| id: get_tag | |
| run: echo "TAG=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT | |
| - | |
| name: Build Epinio dashboard | |
| # build the ui, move the build to `ui` in the workflow root (as per location when downloading from url) | |
| run: | | |
| ./.github/workflows/scripts/build-ui.sh | |
| mv dashboard/$OUTPUT_DIR/$ARTIFACT_NAME backend/ui | |
| env: | |
| RANCHER_ENV: epinio | |
| EXCLUDES_PKG: rancher-components,harvester | |
| EXCLUDE_OPERATOR_PKG: true | |
| OUTPUT_DIR: dist | |
| RELEASE_DIR: release | |
| ARTIFACT_NAME: rancher-dashboard-epinio-standalone | |
| NODE_OPTIONS: "--max-old-space-size=4096" | |
| LOGIN_LOCALE_SELECTOR: false | |
| - | |
| name: Run GoReleaser Cross | |
| run: ./backend/build/bk-release.sh release --rm-dist -f ./backend/.goreleaser.yml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| UI_BUNDLE_URL: "" | |
| # The "id-token: write" permission for the OIDC will set the ACTIONS_ID_TOKEN_REQUEST_URL and ACTIONS_ID_TOKEN_REQUEST_TOKEN | |
| # environment variables. Since we are running goreleaser-cross from a Docker image we need to pass those to the script and the container. | |
| # See: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#updating-your-actions-for-oidc | |
| ACTIONS_ID_TOKEN_REQUEST_URL: ${{ env.ACTIONS_ID_TOKEN_REQUEST_URL }} | |
| ACTIONS_ID_TOKEN_REQUEST_TOKEN: ${{ env.ACTIONS_ID_TOKEN_REQUEST_TOKEN }} | |
| - | |
| name: Verify signatures on the generated docker images and manifests | |
| id: verify_signatures | |
| run: | | |
| cosign verify ghcr.io/epinio/epinio-ui:${{ steps.get_tag.outputs.TAG }} | |
| cosign verify ghcr.io/epinio/epinio-ui:latest | |
| env: | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| COSIGN_EXPERIMENTAL: 1 | |
| # Allow to release Epinio UI Helm chart automatically when we release Epinio. | |
| # The tag is sent to the Helm chart repo. | |
| - | |
| name: Repository Dispatch | |
| uses: peter-evans/repository-dispatch@v1 | |
| with: | |
| token: ${{ secrets.CHART_REPO_ACCESS_TOKEN }} | |
| repository: epinio/helm-charts | |
| event-type: epinio-ui-release | |
| client-payload: '{"ref": "${{ steps.get_tag.outputs.TAG }}"}' |