-
Notifications
You must be signed in to change notification settings - Fork 21
167 lines (140 loc) · 4.9 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
name: release
on:
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+*"
permissions:
contents: write
jobs:
init:
runs-on: ubuntu-22.04
outputs:
version: ${{steps.version.outputs.version}}
prerelease: ${{steps.state.outputs.prerelease}}
steps:
- name: Evaluate pre-release state
id: state
env:
HEAD_REF: ${{github.head_ref}}
run: |
test -z "${HEAD_REF}" && (echo 'do-publish=true' >> $GITHUB_OUTPUT)
if [[ "${{ github.event.ref }}" =~ ^refs/tags/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo release=true >> $GITHUB_OUTPUT
echo release=true >> $GITHUB_ENV
elif [[ "${{ github.event.ref }}" =~ ^refs/tags/v.*$ ]]; then
echo prerelease=true >> $GITHUB_OUTPUT
echo prerelease=true >> $GITHUB_ENV
fi
- name: Set version
id: version
run: |
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
[ "$VERSION" == "main" ] && VERSION=latest
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "version=$VERSION" >> $GITHUB_ENV
- name: Show result
run: |
echo "Version: $version"
echo "Release: $release"
echo "Pre-release: $prerelease"
# ensure that the version of the tag is the version of the crates
ensure-version:
runs-on: ubuntu-22.04
needs:
- init
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup cargo-binstall
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash
- name: Setup cargo-workspaces
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
cargo binstall -y cargo-workspaces
- name: Set version
run: |
cargo ws version custom ${{ needs.init.outputs.version }} --all --no-git-commit --force "*" --yes
- name: Ensure this did not change anything
run: |
git diff --exit-code
if [ $? -gt 0 ]; then
echo "::error::Uncommitted changes after setting the version. This indicates that the version of the tag does not align with the version of the crates."
exit 1
fi
build:
needs:
- init
- ensure-version
uses: ./.github/workflows/build-binary.yaml
with:
version: ${{ needs.init.outputs.version }}
publish:
needs: [ init, build ]
runs-on: ubuntu-22.04
permissions:
contents: write
packages: write
id-token: write
attestations: write
env:
IMAGE_NAME: trustd
IMAGE_TAG: ${{ needs.init.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install convco
run: |
curl -sLO https://github.com/convco/convco/releases/download/v0.5.1/convco-ubuntu.zip
unzip convco-ubuntu.zip
sudo install convco /usr/local/bin
- name: Generate changelog
run: |
convco changelog -s --max-majors=1 --max-minors=1 --max-patches=1 -n > /tmp/changelog.md
- uses: actions/download-artifact@v4
with:
path: ${{ github.workspace }}/download
- name: Display downloaded content
run: ls -R ${{ github.workspace }}/download
- name: Stage release
run: |
mkdir -p staging
cp -pv ${{ github.workspace }}/download/*/* staging/
- name: Display staging area
run: ls -R staging
- uses: actions/attest-build-provenance@v1
with:
subject-path: 'staging/*'
# Build the container
- uses: ./.github/actions/build-container
with:
image_name: ${{ env.IMAGE_NAME }}
image_tag: ${{ env.IMAGE_TAG }}
# From here on, we start pushing artifacts
# Push to ghcr.io
- name: Push to ghcr.io
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ env.IMAGE_NAME }}
tags: ${{ needs.init.outputs.version }}
registry: ghcr.io/${{ github.repository_owner }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
# Final step, create the GitHub release, attaching the files
- name: Create Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG: v${{ needs.init.outputs.version }}
run: |
OPTS=""
if [[ "${{ needs.init.outputs.prerelease }}" == "true" ]]; then
OPTS="${OPTS} -p"
fi
gh release create ${OPTS} --title "${{ needs.init.outputs.version }}" -F /tmp/changelog.md ${TAG} \
$(find staging -type f)