Skip to content

Bump certificates to 0.27.5 (#1299) #254

Bump certificates to 0.27.5 (#1299)

Bump certificates to 0.27.5 (#1299) #254

Workflow file for this run

name: Create Release & Upload Assets
on:
push:
# Sequence of patterns matched against refs/tags
tags:
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
jobs:
ci:
permissions:
actions: read
contents: read
security-events: write
uses: smallstep/cli/.github/workflows/ci.yml@master
secrets: inherit
create_release:
name: Create Release
needs: ci
runs-on: ubuntu-latest
env:
DOCKER_IMAGE: smallstep/step-cli
DEBIAN_TAG: bookworm
outputs:
version: ${{ steps.extract-tag.outputs.VERSION }}
vversion: ${{ steps.extract-tag.outputs.VVERSION }}
is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
docker_tags: ${{ env.DOCKER_TAGS }}
docker_tags_debian: ${{ env.DOCKER_TAGS_DEBIAN }}
steps:
- name: Is Pre-release
id: is_prerelease
run: |
set +e
echo ${{ github.ref }} | grep "\-rc.*"
OUT=$?
if [ $OUT -eq 0 ]; then IS_PRERELEASE=true; else IS_PRERELEASE=false; fi
echo "IS_PRERELEASE=${IS_PRERELEASE}" >> "${GITHUB_OUTPUT}"
- name: Extract Tag Names
id: extract-tag
run: |
VVERSION=${GITHUB_REF#refs/tags/}
VERSION=${GITHUB_REF#refs/tags/v}
echo "VVERSION=${VVERSION}" >> "${GITHUB_OUTPUT}"
echo "VERSION=${VERSION}" >> "${GITHUB_OUTPUT}"
echo "DOCKER_TAGS=${{ env.DOCKER_IMAGE }}:${VERSION}" >> "${GITHUB_ENV}"
echo "DOCKER_TAGS_DEBIAN=${{ env.DOCKER_IMAGE }}:${VERSION}-${DEBIAN_TAG}" >> "${GITHUB_ENV}"
- name: Add Latest Tag
if: steps.is_prerelease.outputs.IS_PRERELEASE == 'false'
run: |
echo "DOCKER_TAGS=${{ env.DOCKER_TAGS }},${{ env.DOCKER_IMAGE }}:latest" >> "${GITHUB_ENV}"
echo "DOCKER_TAGS_DEBIAN=${{ env.DOCKER_TAGS_DEBIAN }},${{ env.DOCKER_IMAGE }}:${DEBIAN_TAG}" >> "${GITHUB_ENV}"
- name: Create Release
id: create_release
uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref_name }}
name: Release ${{ github.ref_name }}
draft: false
prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }}
goreleaser:
needs: create_release
permissions:
id-token: write
contents: write
packages: write
uses: smallstep/workflows/.github/workflows/goreleaser.yml@main
with:
enable-packages-upload: true
is-prerelease: ${{ needs.create_release.outputs.is_prerelease == 'true' }}
secrets: inherit
build_upload_docker:
name: Build & Upload Docker Images
needs: create_release
permissions:
id-token: write
contents: write
uses: smallstep/workflows/.github/workflows/docker-buildx-push.yml@main
with:
platforms: linux/amd64,linux/386,linux/arm,linux/arm64
tags: ${{ needs.create_release.outputs.docker_tags }}
docker_image: smallstep/step-cli
docker_file: docker/Dockerfile
secrets: inherit
build_upload_docker_debian:
name: Build & Upload Docker Images using Debian
needs: create_release
permissions:
id-token: write
contents: write
uses: smallstep/workflows/.github/workflows/docker-buildx-push.yml@main
with:
platforms: linux/amd64,linux/386,linux/arm,linux/arm64
tags: ${{ needs.create_release.outputs.docker_tags_debian }}
docker_image: smallstep/step-cli
docker_file: docker/Dockerfile.debian
secrets: inherit
# All jobs below this are for full releases (non release candidates e.g. *-rc.*)
update_reference_docs:
name: Update Reference Docs
runs-on: ubuntu-latest
needs: create_release
if: needs.create_release.outputs.is_prerelease == 'false'
steps:
- name: Checkout
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: 'stable'
check-latest: true
- name: Build
id: build
run: V=1 make build
- name: Checkout Docs
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
repository: smallstep/docs
token: ${{ secrets.DOCS_PAT }}
path: './docs'
- name: Setup bot SSH signing key
uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
env:
HAS_SSH_PRIVATE_KEY: ${{ secrets.STEP_TRAVIS_CI_GH_PRIVATE_SIGNING_KEY != '' }}
if: ${{ env.HAS_SSH_PRIVATE_KEY == 'true' }}
with:
ssh-private-key: |
${{ secrets.STEP_TRAVIS_CI_GH_PRIVATE_SIGNING_KEY }}
- name: Update Reference
id: update_reference
run: |
cd ./docs
git config user.email "[email protected]"
git config user.name "step-travis-ci"
# Configure GH commit signing key.
git config --global commit.gpgsign true
git config --global gpg.format ssh
git config --global user.signingkey "${{ secrets.STEP_TRAVIS_CI_GH_PUBLIC_SIGNING_KEY }}"
# Remove old docs
git rm -rf ./step-cli/reference
# Build fresh docs
../bin/step help --markdown ./step-cli/reference
# Generate new route manifest for the docs
find step-cli/reference -mindepth 2 -type f | jq -R -s '[
split("\n")[:-1][]
| {hideFromSidebar: true,
title: "",
path: ("/" + .)}
]' > "$RUNNER_TEMP/reference-routes.json"
# Replace old route manifest with new
jq --argfile newRoutes "$RUNNER_TEMP/reference-routes.json" 'walk(
if type == "object" and .isStepReference == true then
.routes = $newRoutes
else . end
)' < manifest.json > manifest.json.new
mv manifest.json.new manifest.json
git add . && git commit -a -m "step-cli ${{ needs.create_release.outputs.vversion }} reference update"
- name: Push changes
uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # v0.8.0
with:
github_token: ${{ secrets.DOCS_PAT }}
branch: 'main'
directory: './docs'
repository: 'smallstep/docs'