Bump certificates to 0.27.5 (#1299) #254
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create Release & Upload Assets | |
on: | |
push: | |
# Sequence of patterns matched against refs/tags | |
tags: | |
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10 | |
jobs: | |
ci: | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
uses: smallstep/cli/.github/workflows/ci.yml@master | |
secrets: inherit | |
create_release: | |
name: Create Release | |
needs: ci | |
runs-on: ubuntu-latest | |
env: | |
DOCKER_IMAGE: smallstep/step-cli | |
DEBIAN_TAG: bookworm | |
outputs: | |
version: ${{ steps.extract-tag.outputs.VERSION }} | |
vversion: ${{ steps.extract-tag.outputs.VVERSION }} | |
is_prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }} | |
docker_tags: ${{ env.DOCKER_TAGS }} | |
docker_tags_debian: ${{ env.DOCKER_TAGS_DEBIAN }} | |
steps: | |
- name: Is Pre-release | |
id: is_prerelease | |
run: | | |
set +e | |
echo ${{ github.ref }} | grep "\-rc.*" | |
OUT=$? | |
if [ $OUT -eq 0 ]; then IS_PRERELEASE=true; else IS_PRERELEASE=false; fi | |
echo "IS_PRERELEASE=${IS_PRERELEASE}" >> "${GITHUB_OUTPUT}" | |
- name: Extract Tag Names | |
id: extract-tag | |
run: | | |
VVERSION=${GITHUB_REF#refs/tags/} | |
VERSION=${GITHUB_REF#refs/tags/v} | |
echo "VVERSION=${VVERSION}" >> "${GITHUB_OUTPUT}" | |
echo "VERSION=${VERSION}" >> "${GITHUB_OUTPUT}" | |
echo "DOCKER_TAGS=${{ env.DOCKER_IMAGE }}:${VERSION}" >> "${GITHUB_ENV}" | |
echo "DOCKER_TAGS_DEBIAN=${{ env.DOCKER_IMAGE }}:${VERSION}-${DEBIAN_TAG}" >> "${GITHUB_ENV}" | |
- name: Add Latest Tag | |
if: steps.is_prerelease.outputs.IS_PRERELEASE == 'false' | |
run: | | |
echo "DOCKER_TAGS=${{ env.DOCKER_TAGS }},${{ env.DOCKER_IMAGE }}:latest" >> "${GITHUB_ENV}" | |
echo "DOCKER_TAGS_DEBIAN=${{ env.DOCKER_TAGS_DEBIAN }},${{ env.DOCKER_IMAGE }}:${DEBIAN_TAG}" >> "${GITHUB_ENV}" | |
- name: Create Release | |
id: create_release | |
uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ github.ref_name }} | |
name: Release ${{ github.ref_name }} | |
draft: false | |
prerelease: ${{ steps.is_prerelease.outputs.IS_PRERELEASE }} | |
goreleaser: | |
needs: create_release | |
permissions: | |
id-token: write | |
contents: write | |
packages: write | |
uses: smallstep/workflows/.github/workflows/goreleaser.yml@main | |
with: | |
enable-packages-upload: true | |
is-prerelease: ${{ needs.create_release.outputs.is_prerelease == 'true' }} | |
secrets: inherit | |
build_upload_docker: | |
name: Build & Upload Docker Images | |
needs: create_release | |
permissions: | |
id-token: write | |
contents: write | |
uses: smallstep/workflows/.github/workflows/docker-buildx-push.yml@main | |
with: | |
platforms: linux/amd64,linux/386,linux/arm,linux/arm64 | |
tags: ${{ needs.create_release.outputs.docker_tags }} | |
docker_image: smallstep/step-cli | |
docker_file: docker/Dockerfile | |
secrets: inherit | |
build_upload_docker_debian: | |
name: Build & Upload Docker Images using Debian | |
needs: create_release | |
permissions: | |
id-token: write | |
contents: write | |
uses: smallstep/workflows/.github/workflows/docker-buildx-push.yml@main | |
with: | |
platforms: linux/amd64,linux/386,linux/arm,linux/arm64 | |
tags: ${{ needs.create_release.outputs.docker_tags_debian }} | |
docker_image: smallstep/step-cli | |
docker_file: docker/Dockerfile.debian | |
secrets: inherit | |
# All jobs below this are for full releases (non release candidates e.g. *-rc.*) | |
update_reference_docs: | |
name: Update Reference Docs | |
runs-on: ubuntu-latest | |
needs: create_release | |
if: needs.create_release.outputs.is_prerelease == 'false' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
- name: Setup Go | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: 'stable' | |
check-latest: true | |
- name: Build | |
id: build | |
run: V=1 make build | |
- name: Checkout Docs | |
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
with: | |
repository: smallstep/docs | |
token: ${{ secrets.DOCS_PAT }} | |
path: './docs' | |
- name: Setup bot SSH signing key | |
uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 | |
env: | |
HAS_SSH_PRIVATE_KEY: ${{ secrets.STEP_TRAVIS_CI_GH_PRIVATE_SIGNING_KEY != '' }} | |
if: ${{ env.HAS_SSH_PRIVATE_KEY == 'true' }} | |
with: | |
ssh-private-key: | | |
${{ secrets.STEP_TRAVIS_CI_GH_PRIVATE_SIGNING_KEY }} | |
- name: Update Reference | |
id: update_reference | |
run: | | |
cd ./docs | |
git config user.email "[email protected]" | |
git config user.name "step-travis-ci" | |
# Configure GH commit signing key. | |
git config --global commit.gpgsign true | |
git config --global gpg.format ssh | |
git config --global user.signingkey "${{ secrets.STEP_TRAVIS_CI_GH_PUBLIC_SIGNING_KEY }}" | |
# Remove old docs | |
git rm -rf ./step-cli/reference | |
# Build fresh docs | |
../bin/step help --markdown ./step-cli/reference | |
# Generate new route manifest for the docs | |
find step-cli/reference -mindepth 2 -type f | jq -R -s '[ | |
split("\n")[:-1][] | |
| {hideFromSidebar: true, | |
title: "", | |
path: ("/" + .)} | |
]' > "$RUNNER_TEMP/reference-routes.json" | |
# Replace old route manifest with new | |
jq --argfile newRoutes "$RUNNER_TEMP/reference-routes.json" 'walk( | |
if type == "object" and .isStepReference == true then | |
.routes = $newRoutes | |
else . end | |
)' < manifest.json > manifest.json.new | |
mv manifest.json.new manifest.json | |
git add . && git commit -a -m "step-cli ${{ needs.create_release.outputs.vversion }} reference update" | |
- name: Push changes | |
uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # v0.8.0 | |
with: | |
github_token: ${{ secrets.DOCS_PAT }} | |
branch: 'main' | |
directory: './docs' | |
repository: 'smallstep/docs' |