forked from armadaproject/armada
-
Notifications
You must be signed in to change notification settings - Fork 0
156 lines (131 loc) · 5.31 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
name: Release Armada components
on:
workflow_run:
types: [completed]
workflows: [CI]
branches:
- v*
permissions:
contents: write
jobs:
validate:
if: github.event.workflow_run.event == 'push' && github.event.workflow_run.conclusion == 'success' && github.repository_owner == 'armadaproject'
name: "Validate revision"
runs-on: ubuntu-22.04
steps:
- name: "Checkout"
uses: "actions/checkout@v4"
with:
fetch-depth: 0
# The given ref should belong to the master branch.
# If it starts with 'v', it should be a tag, belong to the master branch and match the semver regex.
# Anything else is invalid.
- name: Validate ref
run: |
ref='${{ github.event.workflow_run.head_branch }}'
sha='${{ github.event.workflow_run.head_sha }}'
echo "Validating ref: $ref, sha: $sha"
# Check if it's a valid tag format
if [[ ! $ref =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-patch[0-9]+)?$ ]]; then
echo "::error::Invalid tag format: $ref"
exit 1
fi
# Check if the tag points to the current SHA
if [ $(git tag --points-at $sha | grep -E "^$ref\$" | wc -l) -ne 1 ]; then
echo "::error::Tag $ref does not point to the current SHA $sha"
exit 1
fi
# Fetch all branches to ensure we have the necessary information
git fetch --all
# Check if it's from master branch or a patch branch
if [ $(git branch -r --contains=$sha | grep -E "origin/(master|patch/v[0-9]+\.[0-9]+\.[0-9]+.*)$" | wc -l) -eq 0 ]; then
echo "::error::$sha is not in master or any patch branch"
echo "Branches containing this SHA:"
git branch -r --contains=$sha
exit 1
fi
echo "Validation successful"
release:
name: "Release"
needs: validate
runs-on: ubuntu-22.04
environment: armada-dockerhub
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
# Checkout the tag that triggered the workflow.
ref: ${{ github.event.workflow_run.head_branch }}
- name: Fetch Git tags
run: git fetch --force --tags
- name: Setup Go
uses: ./.github/actions/setup-go-cache
with:
cache-prefix: release
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: "Docker login"
uses: "docker/login-action@v3"
with:
username: "${{ secrets.DOCKERHUB_USER }}"
password: "${{ secrets.DOCKERHUB_PASS }}"
- name: Set up Syft
run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
- name: Set current and previous tag # Workaround, GoReleaser uses 'git-describe' to determine a previous tag.
run: |
current_tag='${{ github.event.workflow_run.head_branch }}'
echo "GORELEASER_CURRENT_TAG=$current_tag" >> $GITHUB_ENV
# Function to extract base version
get_base_version() {
echo "$1" | sed -E 's/^v?([0-9]+\.[0-9]+\.[0-9]+).*$/\1/'
}
# Check if current tag is a patch release
if [[ $current_tag =~ ^v?[0-9]+\.[0-9]+\.[0-9]+-patch[0-9]+$ ]]; then
# For patch releases, find the previous patch or the base version
base_version=$(get_base_version "$current_tag")
previous_tag=$(git tag --list "v${base_version}*" --sort=-v:refname | grep -v "$current_tag" | head -n1)
else
# For master releases, find the previous master release
previous_tag=$(git tag --list 'v*' --sort=-v:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | grep -v "$current_tag" | head -n1)
fi
echo "GORELEASER_PREVIOUS_TAG=$previous_tag" >> $GITHUB_ENV
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
with:
distribution: goreleaser
version: v1.24.0
args: "-f ./.goreleaser.yml release --clean"
env:
FULL_RELEASE: true
DOCKER_REPO: "gresearch"
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
DOCKER_BUILDX_BUILDER: "${{ steps.buildx.outputs.name }}"
invoke-chart-push:
name: Invoke Chart push
needs: release
uses: G-Research/charts/.github/workflows/invoke-push.yaml@master
secrets:
APP_ID: ${{ secrets.APP_ID }}
APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }}
push-nuget:
name: Push nuget clients
needs: validate
runs-on: ubuntu-22.04
environment: nuget-release
steps:
- name: Setup the latest .NET 7 SDK
uses: actions/setup-dotnet@v4
with:
dotnet-version: 7.0.x
- name: Download artifact
run: gh run download ${{ github.event.workflow_run.id }} --repo ${{ github.event.workflow_run.repository.full_name }} --name nupkg-artifacts --dir ./bin/client/DotNet
env:
GH_TOKEN: ${{ github.token }}
- name: Push nuget clients
env:
TAG: ${{ github.event.workflow_run.head_branch }}
run: |
VERSION=${TAG#v}
dotnet nuget push ./bin/client/DotNet/ArmadaProject.Io.Client.$VERSION.nupkg -k ${{ secrets.NUGET_API_KEY }} -s https://api.nuget.org/v3/index.json