Release with Platform builds #27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release with Platform builds | |
on: | |
workflow_dispatch: | |
inputs: | |
skip_signing: | |
description: 'Skip code signing' | |
required: true | |
default: false | |
type: boolean | |
release_tag: | |
description: 'Release tag' | |
required: true | |
type: string | |
push: | |
tags: | |
- 'v*' | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
INIT_IMAGE_NAME: ${{ github.repository }}-init | |
permissions: | |
contents: write | |
pull-requests: write | |
packages: write | |
id-token: write | |
attestations: write | |
jobs: | |
build-macos: | |
runs-on: macos-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
## install build dependencies for frontend generation | |
- name: Install Node.js | |
uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 | |
with: | |
node-version-file: './frontend/dev-mode/.nvmrc' | |
- name: Install pnpm | |
uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 | |
with: | |
version: 8.0.0 | |
- name: Setup Go | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version-file: 'go.mod' | |
- name: Import Apple Code Signing Certificates | |
if: ${{ github.event_name != 'workflow_dispatch' || !inputs.skip_signing }} | |
uses: Apple-Actions/import-codesign-certs@63fff01cd422d4b7b855d40ca1e9d34d2de9427d # v3.0.0 | |
with: | |
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }} | |
p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 #v6.0.0 | |
with: | |
version: latest | |
distribution: goreleaser | |
args: release --clean --snapshot --config ./.goreleaser.darwin.yaml | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
APPLE_DEVELOPER_ID: ${{ secrets.APPLICATION_IDENTITY}} | |
APPLE_ID: ${{ vars.APPLE_ID }} | |
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD}} | |
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID}} | |
- name: Notarize the macOS binary | |
env: | |
APPLE_DEVELOPER_ID: ${{ secrets.APPLICATION_IDENTITY}} | |
APPLE_ID: ${{ vars.APPLE_ID }} | |
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD}} | |
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID}} | |
shell: bash | |
run: | | |
./build/scripts/sign ./dist/kitops-darwin-arm64.zip | |
./build/scripts/sign ./dist/kitops-darwin-x86_64.zip | |
- name: Upload macOS artifacts | |
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
with: | |
name: dist-macos | |
if-no-files-found: error | |
retention-days: 7 | |
path: | | |
./dist/*.zip | |
./dist/*.tar.gz | |
build-windows: | |
runs-on: windows-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Setup Go | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version-file: 'go.mod' | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 #v6.0.0 | |
with: | |
version: latest | |
distribution: goreleaser | |
args: release --clean --snapshot --config ./.goreleaser.windows.yaml | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Upload Windows artifacts | |
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
with: | |
name: dist-windows | |
if-no-files-found: error | |
retention-days: 7 | |
path: | | |
./dist/*.zip | |
build-linux: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Setup Go | |
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version-file: 'go.mod' | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 #v6.0.0 | |
with: | |
version: latest | |
distribution: goreleaser | |
args: release --clean --snapshot --config ./.goreleaser.linux.yaml | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Upload Linux artifacts | |
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
with: | |
name: dist-linux | |
if-no-files-found: error | |
retention-days: 7 | |
path: | | |
./dist/*.tar.gz | |
# Creates a release with the artifacts from the previous steps. | |
# workflow_dispatch triggered versions will be draft releases. | |
# CLI docs are not updated for workflow_dispatch triggered versions. | |
release: | |
runs-on: ubuntu-latest | |
needs: [build-linux, build-macos, build-windows] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: List Directory | |
run: ls | |
- name: Merge built artifacts | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.3 | |
with: | |
path: dist | |
pattern: dist-* | |
merge-multiple: true | |
- name: Create Checksums | |
env: | |
TAG_NAME: ${{ github.ref_name}} | |
run: | | |
shopt -s failglob | |
pushd dist | |
shasum -a 256 kitops-* > checksums.txt | |
mv checksums.txt kitops_${TAG_NAME}_checksums.txt | |
popd | |
- name: Create Homebrew Formula | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TAG_NAME: ${{ github.ref_name}} | |
REPO: ${{ github.repository }} | |
run: | | |
shopt -s failglob | |
pushd dist | |
awk ' | |
BEGIN { tag_name = ENVIRON["TAG_NAME"]; repo = ENVIRON["REPO"];} | |
/.tar.gz$/ { | |
print "\""$1"\"", | |
"\"https://github.com/" repo "/releases/download/" tag_name "/" $2 "\"", | |
$2, | |
tag_name }' kitops_${TAG_NAME}_checksums.txt | | |
awk '{ sub(/.tar.gz/, "", $3); print $1, $2, $3, $4 }' | | |
awk '{ sub(/kitops-/, "", $3); print $1, $2, $3, $4 }' | | |
awk '{sub(/v/, "", $4); print $1, $2, $3, $4 }' > homebrew-metadata.txt | |
mv homebrew-metadata.txt ../build/homebrew/homebrew-metadata.txt | |
popd | |
pushd build/homebrew | |
awk -f create-homebrew-recipe.awk homebrew-metadata.txt | |
popd | |
- name: Commit Homebrew Formula | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TAG_NAME: ${{ github.ref_name}} | |
REPO: ${{ github.repository }} | |
run: | | |
CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD) | |
PR_BRANCH="${{ github.ref_name }}-homebrew-update" | |
git fetch origin main | |
git branch "$PR_BRANCH" | |
git checkout "$PR_BRANCH" | |
git pull origin --ff-only "${PR_BRANCH}" || true | |
git config --global user.name "${GITHUB_ACTOR}" | |
git config --global user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com" | |
cd build/homebrew | |
git add --all | |
git commit -m "homebrew: update Homebrew Formula for ${{ github.ref_name }}" | |
git push origin "${PR_BRANCH}" | |
gh pr create --fill --base main --head "${PR_BRANCH}" | |
git checkout "${CURRENT_BRANCH}" | |
- name: Create Release | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TAG_NAME: ${{ inputs.release_tag || github.ref_name}} | |
REPO: ${{ github.repository }} | |
DRAFT_RELEASE: ${{ github.event_name == 'workflow_dispatch' }} | |
run: | | |
echo "Creating release for ${TAG_NAME}" | |
release_args=( | |
${TAG_NAME} | |
./dist/*.* | |
--title "Release ${TAG_NAME}" | |
--generate-notes | |
--repo ${REPO} | |
) | |
if [[ "${DRAFT_RELEASE}" == "false" ]]; then | |
previous_release="$(gh release list --repo $REPO --limit 1 --json tagName --jq '.[] | .tagName ')" | |
echo "Previous release: ${previous_release}" | |
release_args+=( --latest ) | |
release_args+=( --verify-tag ) | |
release_args+=( --notes-start-tag "${previous_release}" ) | |
else | |
release_args+=( --draft ) | |
fi | |
gh release create "${release_args[@]}" | |
- name: Generate CLI documentation | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TAG_NAME: ${{ inputs.release_tag || github.ref_name}} | |
run: | | |
CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD) | |
PR_BRANCH="${{ github.ref_name }}-docs-update" | |
git fetch origin main | |
git branch "$PR_BRANCH" | |
git checkout "$PR_BRANCH" | |
git pull origin --ff-only "${PR_BRANCH}" || true | |
git config --global user.name "${GITHUB_ACTOR}" | |
git config --global user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com" | |
(cd docs; npm pkg set version=$TAG_NAME) | |
./docs/src/docs/cli/generate.sh > /dev/null | |
git add --all | |
git commit -m "docs: update CLI documentation for ${{ github.ref_name }}" | |
git push origin "${PR_BRANCH}" | |
gh pr create --fill --base main --head "${PR_BRANCH}" | |
git checkout "${CURRENT_BRANCH}" | |
docker-image-build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 | |
- name: Login to ghcr.io | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Build and push base Kit container | |
id: build-kit-container | |
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 | |
with: | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
context: build/dockerfiles | |
file: build/dockerfiles/release.Dockerfile | |
build-args: | | |
KIT_VERSION=${{ github.ref_name }} | |
tags: | | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }} | |
annotations: | | |
index:org.opencontainers.image.description=Official release Kit CLI container | |
index:org.opencontainers.image.source=https://github.com/jozu-ai/kitops | |
index:org.opencontainers.image.licenses=Apache-2.0 | |
- name: Build and push Kit init container | |
id: build-kit-init-container | |
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 | |
with: | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
context: build/dockerfiles/init | |
file: build/dockerfiles/init/Dockerfile | |
build-args: | | |
KIT_BASE_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-kit-container.outputs.digest }} | |
tags: | | |
${{ env.REGISTRY }}/${{ env.INIT_IMAGE_NAME }}:latest | |
${{ env.REGISTRY }}/${{ env.INIT_IMAGE_NAME }}:${{ github.ref_name }} | |
annotations: | | |
index:org.opencontainers.image.description=Kit CLI init container | |
index:org.opencontainers.image.source=https://github.com/jozu-ai/kitops | |
index:org.opencontainers.image.licenses=Apache-2.0 | |
- name: Generate artifact attestation for base container | |
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 | |
with: | |
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
subject-digest: ${{ steps.build-kit-container.outputs.digest }} | |
push-to-registry: true | |
- name: Generate artifact attestation for base container | |
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 | |
with: | |
subject-name: ${{ env.REGISTRY }}/${{ env.INIT_IMAGE_NAME }} | |
subject-digest: ${{ steps.build-kit-init-container.outputs.digest }} | |
push-to-registry: true |