ci: on release file #6
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Check Release | ||
on: | ||
push: | ||
tags: | ||
- "*.*.*" | ||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.ref }} | ||
cancel-in-progress: true | ||
env: | ||
SEMVER_PATTERN: '^v([0-9]+)\.([0-9]+)\.([0-9]+)(-rc\.([0-9]+))?$' | ||
REGISTRY: ghcr.io | ||
IMAGE_NAME: ${{ github.repository }} | ||
HELM_REGISTRY: ghcr.io | ||
HELM_REPOSITORY: ${{ github.repository_owner }}/helm-charts | ||
RELEASE_VERSION: ${{ steps.vars.outputs.tag }} | ||
Check failure on line 18 in .github/workflows/release.yaml GitHub Actions / Check ReleaseInvalid workflow file
|
||
jobs: | ||
check: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout source code | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
- name: Check whether version matches semver pattern | ||
env: | ||
run: | | ||
VERSION=$RELEASE_VERSION | ||
if [[ ${VERSION} =~ ${{ env.SEMVER_PATTERN }} ]]; then | ||
echo "Version '${VERSION}' matches semver pattern." | ||
else | ||
echo "Version '${VERSION}' does not match semver pattern." | ||
exit 1 | ||
fi | ||
echo "VERSION=${VERSION}" >> $GITHUB_ENV | ||
- name: Check whether chart version and appVersion matches version | ||
run: | | ||
VERSION=${RELEASE_VERSION} | ||
CHART_VERSION=$(cat charts/spark-connect/Chart.yaml | grep version | awk '{print $2}') | ||
CHART_APP_VERSION=$(cat charts/spark-connect/Chart.yaml | grep appVersion | awk '{print $2}') | ||
if [[ ${CHART_VERSION} == ${VERSION} ]]; then | ||
echo "Chart version '${CHART_VERSION}' matches version '${VERSION}'." | ||
else | ||
echo "Chart version '${CHART_VERSION}' does not match version '${VERSION}'." | ||
exit 1 | ||
fi | ||
if [[ ${CHART_APP_VERSION} == ${VERSION} ]]; then | ||
echo "Chart appVersion '${CHART_APP_VERSION}' matches version '${VERSION}'." | ||
else | ||
echo "Chart appVersion '${CHART_APP_VERSION}' does not match version '${VERSION}'." | ||
exit 1 | ||
fi | ||
- name: Check if tag exists | ||
run: | | ||
git fetch --tags | ||
if git tag -l | grep -q "^${VERSION}$"; then | ||
echo "Tag '${RELEASE_VERSION}' already exists." | ||
exit 1 | ||
else | ||
echo "Tag '${RELEASE_VERSION}' does not exist." | ||
fi | ||
build-publish: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
packages: write | ||
# This is used to complete the identity challenge | ||
# with sigstore/fulcio when running outside of PRs. | ||
id-token: write | ||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v4 | ||
- name: Install cosign | ||
if: github.event_name != 'pull_request' | ||
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0 | ||
with: | ||
cosign-release: 'v2.2.4' | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 | ||
- name: Log into registry ${{ env.REGISTRY }} | ||
if: github.event_name != 'pull_request' | ||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
- name: Extract Docker metadata | ||
id: meta | ||
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 | ||
with: | ||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
- name: Build and push Docker image | ||
id: build-and-push | ||
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 | ||
with: | ||
context: "{{defaultContext}}:docker" | ||
push: ${{ github.event_name != 'pull_request' }} | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
cache-from: type=gha | ||
cache-to: type=gha,mode=max | ||
- name: Sign the published Docker image | ||
if: ${{ github.event_name != 'pull_request' }} | ||
env: | ||
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable | ||
TAGS: ${{ steps.meta.outputs.tags }} | ||
DIGEST: ${{ steps.build-and-push.outputs.digest }} | ||
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} | ||
release_helm_charts: | ||
permissions: | ||
contents: write | ||
packages: write | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout source code | ||
uses: actions/checkout@v4 | ||
- name: Configure Git | ||
run: | | ||
git config user.name "$GITHUB_ACTOR" | ||
git config user.email "[email protected]" | ||
- name: Set up Helm | ||
uses: azure/[email protected] | ||
with: | ||
version: v3.14.4 | ||
- name: Login to GHCR | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ${{ env.HELM_REGISTRY }} | ||
username: ${{ github.repository_owner }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
- name: Read version from VERSION file | ||
run: | | ||
echo "VERSION=${RELEASE_VERSION}" >> $GITHUB_ENV | ||
- name: Package Helm charts | ||
run: | | ||
for chart in $(ls charts); do | ||
helm package charts/${chart} | ||
done | ||
- name: Upload charts to GHCR | ||
run: | | ||
for pkg in $(ls *.tgz); do | ||
helm push ${pkg} oci://${{ env.HELM_REGISTRY }}/${{ env.HELM_REPOSITORY }} | ||
done | ||
- name: Save packaged charts to temp directory | ||
run: | | ||
mkdir -p /tmp/charts | ||
cp *.tgz /tmp/charts | ||
- name: Checkout to branch gh-pages | ||
uses: actions/checkout@v4 | ||
with: | ||
ref: gh-pages | ||
fetch-depth: 0 | ||
- name: Copy packaged charts | ||
run: | | ||
cp /tmp/charts/*.tgz . | ||
- name: Update Helm charts repo index | ||
env: | ||
CHART_URL: https://github.com/${{ github.repository }}/releases/download/${{ github.ref_name }} | ||
run: | | ||
helm repo index --merge index.yaml --url ${CHART_URL} . | ||
git add index.yaml | ||
git commit -s -m "Add index for Spark connect chart ${VERSION}" || exit 0 | ||
git push | ||
- name: Release | ||
id: release | ||
uses: softprops/action-gh-release@v2 | ||
with: | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
name: "Spark connect ${{ env.VERSION }}" | ||
tag_name: ${{ github.tag_name }} | ||
prerelease: ${{ contains(env.VERSION, 'rc') }} | ||
target_commitish: ${{ github.sha }} | ||
files: | | ||
*.tgz |