-
Notifications
You must be signed in to change notification settings - Fork 158
161 lines (154 loc) · 6.36 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
name: release
on:
pull_request_review:
types:
- submitted
permissions:
contents: read # for actions/checkout to fetch code
jobs:
tag-release:
if: github.event.review.state == 'approved' && startsWith(github.event.pull_request.head.ref, 'releases/')
runs-on: ubuntu-latest
outputs:
version: ${{ steps.release-version.outputs.version }}
permissions:
contents: write # for action to git push a tag
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Find release version
id: release-version
env:
GITHUB_EVENT_PULL_REQUEST_HEAD_REF: ${{ github.event.pull_request.head.ref }}
run: |
version=$(echo $GITHUB_EVENT_PULL_REQUEST_HEAD_REF | cut -d'/' -f2)
echo "version=$version" >> $GITHUB_OUTPUT
- name: Set tag
run: |
git config user.name weave-gitops-bot
git config user.email [email protected]
git tag -a ${{ steps.release-version.outputs.version }} -m ${{ steps.release-version.outputs.version }}
git push origin tag ${{ steps.release-version.outputs.version }}
publish_npm_package:
needs: tag-release
runs-on: ubuntu-latest
permissions:
packages: write # needed for GitHub Packages registry access
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Setup Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version-file: package.json
registry-url: "https://npm.pkg.github.com"
scope: "@weaveworks"
- run: yarn
- run: make ui-lib && cd dist && npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build-and-push-image:
needs: tag-release
uses: ./.github/workflows/build-push-image.yaml
with:
file: gitops-server.dockerfile
flavor: |
latest=true
image: ghcr.io/weaveworks/wego-app
platforms: linux/amd64,linux/arm64
push: true
ref: ${{ github.event.pull_request.head.sha }}
tags: |
type=raw,value=${{ needs.tag-release.outputs.version }}
type=semver,pattern={{version}},value=${{ needs.tag-release.outputs.version }}
permissions:
contents: read # for actions/checkout to fetch code
id-token: write # for Cosign to be able to sign images with GHA token
packages: write # for docker/build-push-action to push images
goreleaser:
runs-on: ubuntu-latest
needs:
- publish_npm_package
- build-and-push-image
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Unshallow
run: |
git fetch --prune --unshallow
git fetch --tags -f
- name: Setup Go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version-file: go.mod
- name: Setup Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version-file: package.json
- name: Set env var
env:
GITHUB_EVENT_PULL_REQUEST_HEAD_REF: ${{ github.event.pull_request.head.ref }}
run: |
echo "BRANCH=$GITHUB_EVENT_PULL_REQUEST_HEAD_REF" >> $GITHUB_ENV
echo "GORELEASER_PREVIOUS_TAG=$(git describe --abbrev=0 --tags $(git rev-list --tags --skip=1 --max-count=1))" >> $GITHUB_ENV
echo "GORELEASER_CURRENT_TAG=${{ needs.tag-release.outputs.version }}" >> $GITHUB_ENV
echo "FLUX_VERSION=$(make echo-flux-version)" >> $GITHUB_ENV
echo "CHART_VERSION=$(yq e '.version' charts/gitops-server/Chart.yaml)" >> $GITHUB_ENV
- name: "Make All"
run: make all
- name: Check Git State
run: git diff --no-ext-diff --exit-code
- name: Include brew publishing
run: cat .goreleaser.brew.yml >> .goreleaser.yml
if: ${{ !contains(github.event.pull_request.head.ref, '-') }}
- name: Store changelog
run: |
cat > ${{ runner.temp }}/changelog.md <<'END_OF_CHANGELOG'
${{ github.event.pull_request.body }}
END_OF_CHANGELOG
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
with:
version: latest
args: release --rm-dist --skip-validate --release-notes=${{ runner.temp }}/changelog.md
env:
GITHUB_TOKEN: ${{ secrets.WEAVE_GITOPS_BOT_ACCESS_TOKEN }}
BOT_TOKEN: ${{ secrets.WEAVE_GITOPS_BOT_ACCESS_TOKEN }}
BRANCH: ${{ env.BRANCH }}
GORELEASER_PREVIOUS_TAG: ${{ env.GORELEASER_PREVIOUS_TAG }}
GORELEASER_CURRENT_TAG: ${{ env.GORELEASER_CURRENT_TAG }}
merge-pr:
runs-on: ubuntu-latest
needs: goreleaser
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha }}
# 'Unlock Release PR Merge' sets 'release' status check state to success to unlock merging the release PR. See ../../doc/incidents/issues-3907 for full context.
- name: Unlock Release PR Merge
run: |
curl --fail --request POST \
--url https://api.github.com/repos/${{ github.repository }}/statuses/${{ github.event.pull_request.head.sha }} \
--header 'authorization: Bearer ${{ secrets.WEAVE_GITOPS_BOT_ACCESS_TOKEN }}' \
--header 'content-type: application/json' \
--data '{
"state":"success",
"description":"release happened. PR ready to merge",
"context":"release"
}'
- name: "Merge release"
run: |
curl --request PUT \
--url https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/merge \
--header 'authorization: Bearer ${{ secrets.WEAVE_GITOPS_BOT_ACCESS_TOKEN }}' \
--header 'content-type: application/json' \
--data '{
"merge_method": "merge"
}'