Skip to content
release

release #3738

Sign in to view logs

release

release #3738

Workflow file for this run

.github/workflows/release.yaml at 8aa39cc
name: release
on:
pull_request_review:
types:
- submitted
permissions:
contents: read # for actions/checkout to fetch code
jobs:
tag-release:
if: github.event.review.state == 'approved' && startsWith(github.event.pull_request.head.ref, 'releases/')
runs-on: ubuntu-latest
outputs:
version: ${{ steps.release-version.outputs.version }}
permissions:
contents: write # for action to git push a tag
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Find release version
id: release-version
env:
GITHUB_EVENT_PULL_REQUEST_HEAD_REF: ${{ github.event.pull_request.head.ref }}
run: |
version=$(echo $GITHUB_EVENT_PULL_REQUEST_HEAD_REF | cut -d'/' -f2)
echo "version=$version" >> $GITHUB_OUTPUT
- name: Set tag
run: |
git config user.name weave-gitops-bot
git config user.email [email protected]
git tag -a ${{ steps.release-version.outputs.version }} -m ${{ steps.release-version.outputs.version }}
git push origin tag ${{ steps.release-version.outputs.version }}
publish_npm_package:
needs: tag-release
runs-on: ubuntu-latest
permissions:
packages: write # needed for GitHub Packages registry access
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Setup Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version-file: package.json
registry-url: "https://npm.pkg.github.com"
scope: "@weaveworks"
- run: yarn
- run: make ui-lib && cd dist && npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build-and-push-image:
needs: tag-release
uses: ./.github/workflows/build-push-image.yaml
with:
file: gitops-server.dockerfile
flavor: |
latest=true
image: ghcr.io/weaveworks/wego-app
platforms: linux/amd64,linux/arm64
push: true
ref: ${{ github.event.pull_request.head.sha }}
tags: |
type=raw,value=${{ needs.tag-release.outputs.version }}
type=semver,pattern={{version}},value=${{ needs.tag-release.outputs.version }}
permissions:
contents: read # for actions/checkout to fetch code
id-token: write # for Cosign to be able to sign images with GHA token
packages: write # for docker/build-push-action to push images
goreleaser:
runs-on: ubuntu-latest
permissions:
contents: read # for actions/checkout to fetch code
id-token: write # for Cosign to be able to sign release artifacts with GHA token
needs:
- publish_npm_package
- build-and-push-image
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Unshallow
run: |
git fetch --prune --unshallow
git fetch --tags -f
- name: Setup Go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version-file: go.mod
- name: Setup Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version-file: package.json
- name: Set env var
env:
GITHUB_EVENT_PULL_REQUEST_HEAD_REF: ${{ github.event.pull_request.head.ref }}
run: |
echo "BRANCH=$GITHUB_EVENT_PULL_REQUEST_HEAD_REF" >> $GITHUB_ENV
echo "GORELEASER_PREVIOUS_TAG=$(git describe --abbrev=0 --tags $(git rev-list --tags --skip=1 --max-count=1))" >> $GITHUB_ENV
echo "GORELEASER_CURRENT_TAG=${{ needs.tag-release.outputs.version }}" >> $GITHUB_ENV
echo "FLUX_VERSION=$(make echo-flux-version)" >> $GITHUB_ENV
echo "CHART_VERSION=$(yq e '.version' charts/gitops-server/Chart.yaml)" >> $GITHUB_ENV
- name: "Make All"
run: make all
- name: Check Git State
run: git diff --no-ext-diff --exit-code
- name: Include brew publishing
run: cat .goreleaser.brew.yml >> .goreleaser.yml
if: ${{ !contains(github.event.pull_request.head.ref, '-') }}
- name: Store changelog
run: |
cat > ${{ runner.temp }}/changelog.md <<'END_OF_CHANGELOG'
${{ github.event.pull_request.body }}
END_OF_CHANGELOG
- name: Install cosign
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
with:
version: latest
args: release --rm-dist --skip-validate --release-notes=${{ runner.temp }}/changelog.md
env:
GITHUB_TOKEN: ${{ secrets.WEAVE_GITOPS_BOT_ACCESS_TOKEN }}
BOT_TOKEN: ${{ secrets.WEAVE_GITOPS_BOT_ACCESS_TOKEN }}
BRANCH: ${{ env.BRANCH }}
GORELEASER_PREVIOUS_TAG: ${{ env.GORELEASER_PREVIOUS_TAG }}
GORELEASER_CURRENT_TAG: ${{ env.GORELEASER_CURRENT_TAG }}
merge-pr:
runs-on: ubuntu-latest
needs: goreleaser
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
# 'Unlock Release PR Merge' sets 'release' status check state to success to unlock merging the release PR. See ../../doc/incidents/issues-3907 for full context.
- name: Unlock Release PR Merge
run: |
curl --fail --request POST \
--url https://api.github.com/repos/${{ github.repository }}/statuses/${{ github.event.pull_request.head.sha }} \
--header 'authorization: Bearer ${{ secrets.WEAVE_GITOPS_BOT_ACCESS_TOKEN }}' \
--header 'content-type: application/json' \
--data '{
"state":"success",
"description":"release happened. PR ready to merge",
"context":"release"
}'
- name: "Merge release"
run: |
curl --request PUT \
--url https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/merge \
--header 'authorization: Bearer ${{ secrets.WEAVE_GITOPS_BOT_ACCESS_TOKEN }}' \
--header 'content-type: application/json' \
--data '{
"merge_method": "merge"
}'