Release - mock-rock - refs/heads/main #354

Workflow file for this run

.github/workflows/Release.yaml at 1d0f3c2

	name: Release
	run-name: 'Release - ${{ inputs.oci-image-name }} - ${{ github.ref }}'

	on:
	workflow_dispatch:
	inputs:
	oci-image-name:
	description: 'OCI image to run releases for'
	required: true
	image-trigger-cache-key:
	description: 'Cache key (to fetch image trigger from cache)'
	required: false
	type: string
	external_ref_id: # (1)
	description: 'Optional ID for unique run detection'
	required: false
	type: string
	default: "default-id"
	workflow_call:
	inputs:
	oci-image-name:
	description: 'OCI image to run releases for'
	required: true
	type: string
	image-trigger-cache-key:
	description: 'Cache key (to fetch image trigger from cache)'
	required: false
	type: string

	jobs:
	validate-push-release-request:
	runs-on: ubuntu-22.04
	name: Validate push release request
	outputs:
	oci-image-name: ${{ steps.get-image-name.outputs.img-name }}
	steps:
	- name: ${{ inputs.external_ref_id }} # (2)
	run: echo 'Started by ${{ inputs.external_ref_id }}' >> "$GITHUB_STEP_SUMMARY"

	- uses: actions/checkout@v4

	- name: Validate access to triggered image
	uses: ./.github/actions/validate-actor
	if: ${{ github.repository == 'canonical/oci-factory' }}
	with:
	admin-only: true
	image-path: "oci/${{ inputs.oci-image-name }}"
	github-token: ${{ secrets.ROCKSBOT_TOKEN }}

	- name: Infer number of image triggers
	uses: tj-actions/changed-files@v35
	id: changed-files
	with:
	dir_names: "true"
	separator: ","
	files: \|
	oci//image.yml
	- name: Fail if more than one image
	id: get-image-name
	run: \|
	set -ex
	img_dir="${{ steps.changed-files.outputs.all_changed_files }}"
	occurrences="${img_dir//[^,]}"
	if [ ${#occurrences} -ne 0 ]
	then
	echo "ERR: can only release 1 image at a time, but trying to release ${img_dir}"
	exit 1
	fi
	echo "img-name=$(basename ${img_dir})" >> "$GITHUB_OUTPUT"


	do-releases:
	runs-on: ubuntu-22.04
	name: Release
	needs: [validate-push-release-request]
	outputs:
	gh-releases-matrix: ${{ steps.release-image.outputs.gh-releases-matrix }}
	release-commit-sha: ${{ steps.release-commit-sha.outputs.release-commit-sha }}
	env:
	IS_PROD: ${{ ! startsWith(inputs.oci-image-name, 'mock-') }}
	steps:
	- uses: actions/checkout@v4

	- uses: actions/cache/restore@v4
	if: ${{ inputs.image-trigger-cache-key != '' }}
	with:
	path: oci/${{ inputs.oci-image-name }}/image.yaml
	key: ${{ inputs.image-trigger-cache-key }}
	fail-on-cache-miss: true

	- uses: actions/setup-python@v5
	with:
	python-version: "3.x"

	- env:
	ROCKS_DEV_LP_SSH_PRIVATE: ${{ secrets.ROCKS_DEV_LP_SSH_PRIVATE }}
	ROCKS_DEV_LP_USERNAME: ${{ secrets.ROCKS_DEV_LP_USERNAME }}
	CPC_BUILD_TOOLS_REPO: git.launchpad.net/~cloudware/cloudware/+git/cpc_build_tools
	# CPC_BUILD_TOOLS_REPO_REF: 9b716ed8a8ba728d036b54b1bb17a8f49dbda434
	SKOPEO_BRANCH: 'v1.9.1'
	SKOPEO_URL: 'https://github.com/containers/skopeo'
	run: \|
	./src/image/requirements.sh
	pip install -r src/image/requirements.txt
	- name: Get all revisions per track
	id: get-all-canonical-tags
	env:
	OS_USERNAME: ${{ secrets.SWIFT_OS_USERNAME }}
	OS_TENANT_NAME: ${{ secrets.SWIFT_OS_TENANT_NAME }}
	OS_PASSWORD: ${{ secrets.SWIFT_OS_PASSWORD }}
	OS_REGION_NAME: ${{ secrets.SWIFT_OS_REGION_NAME }}
	OS_STORAGE_URL: ${{ secrets.SWIFT_OS_STORAGE_URL }}
	IMAGE_NAME: ${{ inputs.oci-image-name }}
	SWIFT_CONTAINER_NAME: ${{ vars.SWIFT_CONTAINER_NAME }}
	run: ./src/image/get_canonical_tags_from_swift.sh

	- name: Do releases from ${{ inputs.oci-image-name }}
	id: release-image
	env:
	# GH has issues with boolean expressions
	# https://github.com/actions/runner/issues/1483
	DOCKER_HUB_CREDS_PSW: ${{ env.IS_PROD == 'true' && secrets.DOCKER_HUB_CREDS_PSW \|\| secrets.DOCKER_HUB_CREDS_PSW_DEV }}
	DOCKER_HUB_CREDS_USR: ${{ env.IS_PROD == 'true' && secrets.DOCKER_HUB_CREDS_USR \|\| secrets.DOCKER_HUB_CREDS_USR_DEV }}
	# ACR_CREDS_USR: ${{ env.IS_PROD == 'true' && secrets.ACR_CREDS_USR \|\| secrets.ACR_CREDS_USR_DEV }}
	# ACR_CREDS_PSW: ${{ env.IS_PROD == 'true' && secrets.ACR_CREDS_PSW \|\| secrets.ACR_CREDS_PSW_DEV }}
	ECR_CREDS_USR: ${{ env.IS_PROD == 'true' && secrets.ECR_CREDS_USR \|\| secrets.ECR_CREDS_USR_DEV }}
	ECR_CREDS_PSW: ${{ env.IS_PROD == 'true' && secrets.ECR_CREDS_PSW \|\| secrets.ECR_CREDS_PSW_DEV }}
	# ECR_LTS_CREDS_USR: ${{ env.IS_PROD == 'true' && secrets.ECR_LTS_CREDS_USR \|\| secrets.ECR_LTS_CREDS_USR_DEV }}
	# ECR_LTS_CREDS_PSW: ${{ env.IS_PROD == 'true' && secrets.ECR_LTS_CREDS_PSW \|\| secrets.ECR_LTS_CREDS_PSW_DEV }}

	# ACR_NAMESPACE: ${{ env.IS_PROD == 'true' && 'ubuntu.azurecr.io' \|\| secrets.ACR_NAMESPACE_DEV }}
	DOCKER_HUB_NAMESPACE: ${{ env.IS_PROD == 'true' && 'docker.io/ubuntu' \|\| secrets.DOCKER_HUB_NAMESPACE_DEV }}
	ECR_NAMESPACE: ${{ env.IS_PROD == 'true' && 'ubuntu' \|\| secrets.ECR_NAMESPACE_DEV }}
	# ECR_LTS_NAMESPACE: ${{ env.IS_PROD == 'true' && 'lts' \|\| secrets.ECR_LTS_NAMESPACE_DEV }}

	PYTHONUNBUFFERED: 1
	run: \|
	set -ex
	echo "Running in production? ${{ env.IS_PROD == 'true' && 'YES' \|\| 'NO' }}"

	python3 -m src.image.release \
	--image-trigger oci/${{ inputs.oci-image-name }}/image.yaml \
	--image-name ${{ inputs.oci-image-name }} \
	--all-releases oci/${{ inputs.oci-image-name }}/_releases.json \
	--all-revision-tags "${{ steps.get-all-canonical-tags.outputs.canonical-tags-file }}" \
	--ghcr-repo "${{ github.repository_owner }}/oci-factory"

	- run: git pull --quiet

	- name: Commit oci/${{ inputs.oci-image-name }}/_releases.json
	uses: actions-x/commit@v6
	with:
	token: ${{ secrets.ROCKSBOT_TOKEN }}
	branch: ${{ github.ref }}
	message: 'ci: automatically update oci/${{ inputs.oci-image-name }}/_releases.json, from ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'
	files: oci/${{ inputs.oci-image-name }}/_releases.json

	- name: Get commit SHA of _release.json update
	id: release-commit-sha
	run: \|
	set -ex
	echo "release-commit-sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"


	update-documentation:
	name: Update documentation
	needs: [do-releases]
	uses: ./.github/workflows/Documentation.yaml
	with:
	oci-image-name: "${{ inputs.oci-image-name }}"
	release-commit-sha: "${{ needs.do-releases.outputs.release-commit-sha }}"
	secrets: inherit


	do-github-release:
	runs-on: ubuntu-22.04
	name: Github-Release
	needs: [do-releases]
	strategy:
	fail-fast: true
	matrix: ${{ fromJSON(needs.do-releases.outputs.gh-releases-matrix) }}
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	ref: ${{ matrix.canonical-tag }}

	- uses: dev-drprasad/[email protected]
	# We force delete an existing tag because otherwise we won't get
	# an email notification and the GH release will have the date from when
	# it was created the first time (i.e. force-push won't update the date)
	continue-on-error: true
	with:
	tag_name: ${{ matrix.release-name }}
	github_token: ${{ secrets.GITHUB_TOKEN }}

	- name: Create Git tag
	uses: rickstaa/action-create-tag@v1
	with:
	tag: "${{ matrix.release-name }}"
	message: "release(${{ matrix.name }}): Release image revision ${{ matrix.revision }} to ${{ matrix.channel }}"
	github_token: ${{ secrets.ROCKSBOT_TOKEN }}
	commit_sha: ${{ matrix.canonical-tag }}
	force_push_tag: true

	- uses: "softprops/action-gh-release@v1"
	with:
	name: "${{ matrix.release-name }}"
	tag_name: "${{ matrix.release-name }}"
	token: "${{ secrets.ROCKSBOT_TOKEN }}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release - mock-rock - refs/heads/main #354

Workflow file

Release - mock-rock - refs/heads/main #354

Jobs

Run details

Workflow file for this run