fix: create a common chart per deployment if needed #123
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Release new version | |
| on: | |
| pull_request: | |
| types: | |
| - closed | |
| branches: | |
| - main | |
| paths: | |
| - src/** | |
| - actions/** | |
| - Dockerfile | |
| - Pipfile | |
| - Pipfile.lock | |
| # if multiple pull requests are merged while this workflow is still running, cancel this one and build the last one | |
| # to include all changes | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| cancel-in-progress: true | |
| jobs: | |
| release: | |
| if: github.event.pull_request.merged == true | |
| runs-on: ubuntu-latest | |
| env: | |
| image-name: gh-mpyl | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/[email protected] | |
| - name: Compute the next version to release | |
| id: semver | |
| uses: ietf-tools/[email protected] | |
| with: | |
| token: ${{ github.token }} | |
| noVersionBumpBehavior: patch | |
| - name: Configure AWS credentials | |
| uses: aws-actions/[email protected] | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_ECR_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Login to Amazon ECR Public | |
| id: login-ecr-public | |
| uses: aws-actions/[email protected] | |
| with: | |
| registry-type: public | |
| - name: Create repository in ECR | |
| uses: int128/[email protected] | |
| with: | |
| repository: ${{ env.image-name }} | |
| public: true | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| uses: docker/[email protected] | |
| - name: Build and push | |
| id: docker-build-push | |
| uses: docker/[email protected] | |
| with: | |
| file: Dockerfile | |
| context: . | |
| tags: ${{ steps.login-ecr-public.outputs.registry }}/${{ vars.AWS_ECR_PUBLIC_ALIAS }}/${{ env.image-name }}:${{ steps.semver.outputs.next }} | |
| platforms: |- | |
| linux/amd64 | |
| linux/arm64 | |
| provenance: false | |
| push: true | |
| - name: Install Cosign | |
| uses: sigstore/[email protected] | |
| - name: Sign Docker image | |
| env: | |
| COSIGN_KEY: ${{ secrets.COSIGN_KEY }} | |
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| IMAGE: ${{ steps.login-ecr-public.outputs.registry }}/${{ vars.AWS_ECR_PUBLIC_ALIAS }}/${{ env.image-name }} | |
| VERSION: ${{ steps.semver.outputs.next }} | |
| DIGEST: ${{ steps.docker-build-push.outputs.digest }} | |
| run: |- | |
| echo "$COSIGN_KEY" > cosign.key | |
| cosign sign --key cosign.key "$IMAGE:$VERSION@$DIGEST" --tlog-upload=false | |
| - name: Point all action.yaml files to the new version | |
| env: | |
| IMAGE: docker://${{ steps.login-ecr-public.outputs.registry }}/vdb-public/${{ env.image-name }}:${{ steps.semver.outputs.next }} | |
| run: |- | |
| for file in actions/**/action.yaml; do | |
| yq -i '.runs.image = strenv(IMAGE)' "$file" | |
| done | |
| - name: Generate token to commit to main | |
| uses: actions/[email protected] | |
| id: commit-token | |
| with: | |
| repositories: gh-mpyl | |
| app-id: ${{ vars.AUTOMATION_APP_ID }} | |
| private-key: ${{ secrets.AUTOMATION_APP_PRIVATE_KEY }} | |
| - name: Commit changes | |
| uses: ryancyq/[email protected] | |
| id: commit | |
| env: | |
| GH_TOKEN: ${{ steps.commit-token.outputs.token }} | |
| with: | |
| files: actions/**/action.yaml | |
| commit-message: 'chore: point Docker container actions to ${{ env.image-name }}:${{ steps.semver.outputs.next }}' | |
| - name: Tag version ${{ steps.semver.outputs.next }} | |
| uses: actions/[email protected] | |
| with: | |
| script: | | |
| github.rest.git.createRef({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| ref: 'refs/tags/${{ steps.semver.outputs.next }}', | |
| sha: '${{ steps.commit.outputs.commit-sha }}' | |
| }) | |
| - name: Generate changelog | |
| id: changelog | |
| uses: requarks/[email protected] | |
| with: | |
| token: ${{ github.token }} | |
| fromTag: ${{ steps.semver.outputs.next }} | |
| toTag: ${{ steps.semver.outputs.current }} | |
| writeToFile: false | |
| includeInvalidCommits: true | |
| - name: Create Release | |
| uses: ncipollo/[email protected] | |
| with: | |
| draft: false | |
| makeLatest: true | |
| tag: ${{ steps.semver.outputs.next }} | |
| name: ${{ steps.semver.outputs.next }} | |
| body: ${{ steps.changelog.outputs.changes }} | |
| commit: ${{ steps.commit.outputs.commit-sha }} | |
| token: ${{ github.token }} | |
| - name: Update Tags | |
| env: | |
| SHORT_VERSION: ${{ steps.semver.outputs.nextMajor }} | |
| GITHUB_TOKEN: ${{ steps.commit-token.outputs.token }} | |
| run: |- | |
| git tag -f "${SHORT_VERSION}" | |
| git push origin --tags --force |