Release Armada components #173
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Armada components | |
| on: | |
| workflow_run: | |
| types: [completed] | |
| workflows: [CI] | |
| branches: | |
| - v* | |
| permissions: | |
| contents: write | |
| jobs: | |
| validate: | |
| if: github.event.workflow_run.event == 'push' && github.event.workflow_run.conclusion == 'success' && github.repository_owner == 'armadaproject' | |
| name: "Validate revision" | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: "Checkout" | |
| uses: "actions/checkout@v4" | |
| with: | |
| fetch-depth: 0 | |
| # The given ref should belong to the master branch. | |
| # If it starts with 'v', it should be a tag, belong to the master branch and match the semver regex. | |
| # Anything else is invalid. | |
| - name: Validate ref | |
| run: | | |
| ref='${{ github.event.workflow_run.head_branch }}' | |
| sha='${{ github.event.workflow_run.head_sha }}' | |
| echo "Validating ref: $ref, sha: $sha" | |
| # Check if it's a valid tag format | |
| if [[ ! $ref =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-patch[0-9]+)?$ ]]; then | |
| echo "::error::Invalid tag format: $ref" | |
| exit 1 | |
| fi | |
| # Check if the tag points to the current SHA | |
| if [ $(git tag --points-at $sha | grep -E "^$ref\$" | wc -l) -ne 1 ]; then | |
| echo "::error::Tag $ref does not point to the current SHA $sha" | |
| exit 1 | |
| fi | |
| # Fetch all branches to ensure we have the necessary information | |
| git fetch --all | |
| # Check if it's from master branch or a patch branch | |
| if [ $(git branch -r --contains=$sha | grep -E "origin/(master|patch/v[0-9]+\.[0-9]+\.[0-9]+.*)$" | wc -l) -eq 0 ]; then | |
| echo "::error::$sha is not in master or any patch branch" | |
| echo "Branches containing this SHA:" | |
| git branch -r --contains=$sha | |
| exit 1 | |
| fi | |
| echo "Validation successful" | |
| release: | |
| name: "Release" | |
| needs: validate | |
| runs-on: ubuntu-22.04 | |
| environment: armada-dockerhub | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| # Checkout the tag that triggered the workflow. | |
| ref: ${{ github.event.workflow_run.head_branch }} | |
| - name: Fetch Git tags | |
| run: git fetch --force --tags | |
| - name: Setup Go | |
| uses: ./.github/actions/setup-go-cache | |
| with: | |
| cache-prefix: release | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: "Docker login" | |
| uses: "docker/login-action@v3" | |
| with: | |
| username: "${{ secrets.DOCKERHUB_USER }}" | |
| password: "${{ secrets.DOCKERHUB_PASS }}" | |
| - name: Set up Syft | |
| run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin | |
| - name: Set current and previous tag # Workaround, GoReleaser uses 'git-describe' to determine a previous tag. | |
| run: | | |
| current_tag='${{ github.event.workflow_run.head_branch }}' | |
| echo "GORELEASER_CURRENT_TAG=$current_tag" >> $GITHUB_ENV | |
| # Function to extract base version | |
| get_base_version() { | |
| echo "$1" | sed -E 's/^v?([0-9]+\.[0-9]+\.[0-9]+).*$/\1/' | |
| } | |
| # Check if current tag is a patch release | |
| if [[ $current_tag =~ ^v?[0-9]+\.[0-9]+\.[0-9]+-patch[0-9]+$ ]]; then | |
| # For patch releases, find the previous patch or the base version | |
| base_version=$(get_base_version "$current_tag") | |
| previous_tag=$(git tag --list "v${base_version}*" --sort=-v:refname | grep -v "$current_tag" | head -n1) | |
| else | |
| # For master releases, find the previous master release | |
| previous_tag=$(git tag --list 'v*' --sort=-v:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | grep -v "$current_tag" | head -n1) | |
| fi | |
| echo "GORELEASER_PREVIOUS_TAG=$previous_tag" >> $GITHUB_ENV | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v5 | |
| with: | |
| distribution: goreleaser | |
| version: v1.24.0 | |
| args: "-f ./.goreleaser.yml release --clean" | |
| env: | |
| FULL_RELEASE: true | |
| DOCKER_REPO: "gresearch" | |
| GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| DOCKER_BUILDX_BUILDER: "${{ steps.buildx.outputs.name }}" | |
| invoke-chart-push: | |
| name: Invoke Chart push | |
| needs: release | |
| uses: G-Research/charts/.github/workflows/invoke-push.yaml@master | |
| secrets: | |
| APP_ID: ${{ secrets.APP_ID }} | |
| APP_PRIVATE_KEY: ${{ secrets.APP_PRIVATE_KEY }} | |
| push-nuget: | |
| name: Push nuget clients | |
| needs: validate | |
| runs-on: ubuntu-22.04 | |
| environment: nuget-release | |
| steps: | |
| - name: Setup the latest .NET 7 SDK | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: 7.0.x | |
| - name: Download artifact | |
| run: gh run download ${{ github.event.workflow_run.id }} --repo ${{ github.event.workflow_run.repository.full_name }} --name nupkg-artifacts --dir ./bin/client/DotNet | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| - name: Push nuget clients | |
| env: | |
| TAG: ${{ github.event.workflow_run.head_branch }} | |
| run: | | |
| VERSION=${TAG#v} | |
| dotnet nuget push ./bin/client/DotNet/ArmadaProject.Io.Client.$VERSION.nupkg -k ${{ secrets.NUGET_API_KEY }} -s https://api.nuget.org/v3/index.json |