fix(artifacts): Automated triggers with artifact constraints are brok… #86
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
tags: | |
- "v[0-9]+.[0-9]+.[0-9]+" | |
- "v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+" | |
env: | |
GRADLE_OPTS: -Dorg.gradle.daemon=false -Xmx6g -Xms6g -Dorg.gradle.internal.http.socketTimeout=120000 -Dorg.gradle.internal.http.connectionTimeout=120000 -Dorg.gradle.internal.remote.repository.deploy.max.attempts=6 | |
CONTAINER_REGISTRY: us-docker.pkg.dev/spinnaker-community/docker | |
jobs: | |
release: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
# Given a tag, determine what branch we are on, so we can bump dependencies in the correct branch | |
- name: Get Branch | |
run: | | |
BRANCHES=$(git branch -r --contains ${{ github.ref }}) | |
echo "BRANCHES is '${BRANCHES}'" | |
# Check for no branches explicitly...Otherwise echo adds a newline so wc thinks there's | |
# one branch. And echo -n makes it appears that there's one less branch than there | |
# actually is. | |
if [ -z "$BRANCHES" ]; then | |
echo "exactly one branch required to release orca, but there are none" | |
exit 1 | |
fi | |
NUM_BRANCHES=$(($(echo "$BRANCHES" | wc -l))) | |
echo "NUM_BRANCHES is '${NUM_BRANCHES}'" | |
if [ $NUM_BRANCHES -ne 1 ]; then | |
echo "exactly one branch required to release orca, but there are $NUM_BRANCHES ($BRANCHES)" | |
exit 1 | |
fi | |
echo "exactly one branch ($BRANCHES)" | |
echo BRANCH=$BRANCHES >> $GITHUB_ENV | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- uses: actions/setup-java@v3 | |
with: | |
java-version: 11 | |
distribution: 'zulu' | |
cache: 'gradle' | |
- name: Assemble release info | |
id: release_info | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
. .github/workflows/release_info.sh ${{ github.event.repository.full_name }} | |
echo CHANGELOG=$(echo -e "${CHANGELOG}") >> $GITHUB_OUTPUT | |
echo SKIP_RELEASE="${SKIP_RELEASE}" >> $GITHUB_OUTPUT | |
echo IS_CANDIDATE="${IS_CANDIDATE}" >> $GITHUB_OUTPUT | |
echo RELEASE_VERSION="${RELEASE_VERSION}" >> $GITHUB_OUTPUT | |
- name: Prepare build variables | |
id: build_variables | |
run: | | |
echo REPO="${GITHUB_REPOSITORY##*/}" >> $GITHUB_OUTPUT | |
echo VERSION="$(git rev-parse --short HEAD)-$(date --utc +'%Y%m%d%H%M')" >> $GITHUB_OUTPUT | |
- name: Release build | |
env: | |
ORG_GRADLE_PROJECT_version: ${{ steps.release_info.outputs.RELEASE_VERSION }} | |
ORG_GRADLE_PROJECT_nexusPublishEnabled: true | |
ORG_GRADLE_PROJECT_nexusUsername: ${{ secrets.NEXUS_USERNAME }} | |
ORG_GRADLE_PROJECT_nexusPassword: ${{ secrets.NEXUS_PASSWORD }} | |
ORG_GRADLE_PROJECT_nexusPgpSigningKey: ${{ secrets.NEXUS_PGP_SIGNING_KEY }} | |
ORG_GRADLE_PROJECT_nexusPgpSigningPassword: ${{ secrets.NEXUS_PGP_SIGNING_PASSWORD }} | |
run: | | |
./gradlew --info build ${{ steps.build_variables.outputs.REPO }}-web:installDist publishToNexus closeAndReleaseNexusStagingRepository | |
- name: Publish apt packages to Google Artifact Registry | |
env: | |
ORG_GRADLE_PROJECT_version: ${{ steps.release_info.outputs.RELEASE_VERSION }} | |
ORG_GRADLE_PROJECT_artifactRegistryPublishEnabled: true | |
GAR_JSON_KEY: ${{ secrets.GAR_JSON_KEY }} | |
run: | | |
./gradlew --info publish | |
- name: Login to Google Cloud | |
# Only run this on repositories in the 'spinnaker' org, not on forks. | |
if: startsWith(github.repository, 'spinnaker/') | |
uses: 'google-github-actions/auth@v1' | |
# use service account flow defined at: https://github.com/google-github-actions/upload-cloud-storage#authenticating-via-service-account-key-json | |
with: | |
credentials_json: '${{ secrets.GAR_JSON_KEY }}' | |
- name: Upload halconfig profiles to GCS | |
# https://console.cloud.google.com/storage/browser/halconfig | |
# Only run this on repositories in the 'spinnaker' org, not on forks. | |
if: startsWith(github.repository, 'spinnaker/') | |
uses: 'google-github-actions/upload-cloud-storage@v1' | |
with: | |
path: 'halconfig/' | |
destination: 'halconfig/${{ steps.build_variables.outputs.REPO }}/${{ steps.release_info.outputs.RELEASE_VERSION }}' | |
parent: false | |
- name: Login to GAR | |
# Only run this on repositories in the 'spinnaker' org, not on forks. | |
if: startsWith(github.repository, 'spinnaker/') | |
uses: docker/login-action@v2 | |
# use service account flow defined at: https://github.com/docker/login-action#service-account-based-authentication-1 | |
with: | |
registry: us-docker.pkg.dev | |
username: _json_key | |
password: ${{ secrets.GAR_JSON_KEY }} | |
- name: Build and publish slim container image | |
# Only run this on repositories in the 'spinnaker' org, not on forks. | |
if: startsWith(github.repository, 'spinnaker/') | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
file: Dockerfile.slim | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: | | |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-unvalidated" | |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-unvalidated-slim" | |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-${{ steps.build_variables.outputs.VERSION }}-unvalidated-slim" | |
- name: Build and publish ubuntu container image | |
# Only run this on repositories in the 'spinnaker' org, not on forks. | |
if: startsWith(github.repository, 'spinnaker/') | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
file: Dockerfile.ubuntu | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: | | |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-unvalidated-ubuntu" | |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-${{ steps.build_variables.outputs.VERSION }}-unvalidated-ubuntu" | |
- name: Create release | |
if: steps.release_info.outputs.SKIP_RELEASE == 'false' | |
uses: softprops/action-gh-release@v1 | |
with: | |
body: | | |
${{ steps.release_info.outputs.CHANGELOG }} | |
draft: false | |
name: ${{ github.event.repository.name }} ${{ github.ref_name }} | |
prerelease: ${{ steps.release_info.outputs.IS_CANDIDATE }} | |
tag_name: ${{ github.ref }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Pause before dependency bump | |
run: sleep 900 | |
- name: Trigger dependency bump workflow | |
uses: peter-evans/repository-dispatch@v2 | |
with: | |
token: ${{ secrets.SPINNAKER_GITHUB_TOKEN }} | |
event-type: bump-dependencies | |
client-payload: '{"ref": "${{ github.ref }}", "branch": "${{ env.BRANCH}}"}' |