-
Notifications
You must be signed in to change notification settings - Fork 423
136 lines (128 loc) · 4.59 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: Release
on:
release:
types: [created]
jobs:
publish:
if: startsWith(github.ref, 'refs/tags/v') == true
name: Publish vcluster
runs-on: ubuntu-22.04
permissions:
id-token: write # This is the key for OIDC cosign!
packages: write
contents: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- run: git fetch --force --tags
- name: Set up Go
uses: actions/setup-go@v5
with:
cache: false
go-version: "1.22"
- name: Setup Just
uses: extractions/setup-just@v2
- name: Setup Cosgin
uses: sigstore/cosign-installer@main
with:
cosign-release: "v2.2.3"
- name: Setup Syft
uses: anchore/sbom-action/download-syft@v0.16.0
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- uses: azure/setup-helm@v4
with:
version: "v3.0.2"
- id: get_version
run: |
RELEASE_VERSION=$(echo $GITHUB_REF | sed -nE 's!refs/tags/!!p')
echo "release_version=$RELEASE_VERSION" >> "$GITHUB_OUTPUT"
echo "previous_tag=$(git describe --abbrev=0 --tags $(git rev-list --tags --skip=1 --max-count=1))" >> "$GITHUB_OUTPUT"
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to ghcr.io
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: "goreleaser/goreleaser-action@v6"
with:
args: release --clean --timeout 60m
version: '~> v2'
env:
GITHUB_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}
TELEMETRY_PRIVATE_KEY: ${{ secrets.VCLUSTER_TELEMETRY_PRIVATE_KEY }}
GORELEASER_CURRENT_TAG: ${{ steps.get_version.outputs.release_version }}
GORELEASER_PREVIOUS_TAG: ${{ steps.get_version.outputs.previous_tag }}
- name: Save release assets
uses: actions/upload-artifact@v4
with:
name: release-assets
path: release/
- name: Attach assets to release
uses: FabianKramm/release-asset-action@v1
with:
pattern: "release/*"
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Trigger docs-runme workflow
uses: actions/github-script@v7
continue-on-error: true
with:
github-token: ${{ secrets.GH_ACCESS_TOKEN }}
script: |
const version = '${{ steps.get_version.outputs.release_version }}';
const response = await github.rest.actions.createWorkflowDispatch({
owner: 'loft-sh',
repo: 'vcluster-docs',
workflow_id: 'e2e-examples.yml',
ref: 'main',
inputs: {
version: version
}
});
console.log(response);
- name: Trigger cli-docs workflow
uses: actions/github-script@v7
continue-on-error: true
with:
github-token: ${{ secrets.GH_ACCESS_TOKEN }}
script: |
const version = '${{ steps.get_version.outputs.release_version }}';
const ref = '${{ github.ref }}';
const response = await github.rest.actions.createWorkflowDispatch({
owner: 'loft-sh',
repo: 'vcluster-docs',
workflow_id: 'cluster-docs.yaml',
ref: 'main',
inputs: {
version,
ref,
}
});
console.log(response);
publish-chart:
if: startsWith(github.ref, 'refs/tags/v') == true
needs: [publish]
runs-on: ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v4
- uses: azure/setup-helm@v4
with:
version: "v3.0.2"
- run: |
RELEASE_VERSION=$(echo $GITHUB_REF | sed -nE 's!refs/tags/v!!p')
helm plugin install https://github.com/chartmuseum/helm-push.git
helm repo add chartmuseum $CHART_MUSEUM_URL --username $CHART_MUSEUM_USER --password $CHART_MUSEUM_PASSWORD
helm cm-push --force --version="$RELEASE_VERSION" --app-version="$RELEASE_VERSION" chart chartmuseum
env:
CHART_MUSEUM_URL: "https://charts.loft.sh/"
CHART_MUSEUM_USER: ${{ secrets.CHART_MUSEUM_USER }}
CHART_MUSEUM_PASSWORD: ${{ secrets.CHART_MUSEUM_PASSWORD }}