Skip to content

Release with Platform builds #30

Release with Platform builds

Release with Platform builds #30

name: Release with Platform builds
on:
workflow_dispatch:
inputs:
skip_signing:
description: 'Skip code signing'
required: true
default: false
type: boolean
release_tag:
description: 'Release tag'
required: true
type: string
push:
tags:
- 'v*'
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
INIT_IMAGE_NAME: ${{ github.repository }}-init
permissions:
contents: write
pull-requests: write
packages: write
id-token: write
attestations: write
jobs:
build-macos:
runs-on: macos-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
## install build dependencies for frontend generation
- name: Install Node.js
uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
with:
node-version-file: './frontend/dev-mode/.nvmrc'
- name: Install pnpm
uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0
with:
version: 8.0.0
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version-file: 'go.mod'
- name: Import Apple Code Signing Certificates
if: ${{ github.event_name != 'workflow_dispatch' || !inputs.skip_signing }}
uses: Apple-Actions/import-codesign-certs@63fff01cd422d4b7b855d40ca1e9d34d2de9427d # v3.0.0
with:
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }}
p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 #v6.0.0
with:
version: latest
distribution: goreleaser
args: release --clean --snapshot --config ./.goreleaser.darwin.yaml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
APPLE_DEVELOPER_ID: ${{ secrets.APPLICATION_IDENTITY}}
APPLE_ID: ${{ vars.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD}}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID}}
- name: Notarize the macOS binary
env:
APPLE_DEVELOPER_ID: ${{ secrets.APPLICATION_IDENTITY}}
APPLE_ID: ${{ vars.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD}}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID}}
shell: bash
run: |
./build/scripts/sign ./dist/kitops-darwin-arm64.zip
./build/scripts/sign ./dist/kitops-darwin-x86_64.zip
- name: Upload macOS artifacts
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: dist-macos
if-no-files-found: error
retention-days: 7
path: |
./dist/*.zip
./dist/*.tar.gz
build-windows:
runs-on: windows-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version-file: 'go.mod'
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 #v6.0.0
with:
version: latest
distribution: goreleaser
args: release --clean --snapshot --config ./.goreleaser.windows.yaml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Windows artifacts
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: dist-windows
if-no-files-found: error
retention-days: 7
path: |
./dist/*.zip
build-linux:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version-file: 'go.mod'
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 #v6.0.0
with:
version: latest
distribution: goreleaser
args: release --clean --snapshot --config ./.goreleaser.linux.yaml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Linux artifacts
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: dist-linux
if-no-files-found: error
retention-days: 7
path: |
./dist/*.tar.gz
# Creates a release with the artifacts from the previous steps.
# workflow_dispatch triggered versions will be draft releases.
# CLI docs are not updated for workflow_dispatch triggered versions.
release:
runs-on: ubuntu-latest
needs: [build-linux, build-macos, build-windows]
steps:
# checkout the current repository
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# checkout the homebrew-kitops repository (jozu-ai/homebrew-kitops)
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
###### CHANGE THIS TO jozu-ai/homebrew-kitops ######
repository: brett-hodges/homebrew-kitops
path: homebrew-kitops
- name: List Directory
run: ls
- name: Merge built artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.3
with:
path: dist
pattern: dist-*
merge-multiple: true
- name: Create Checksums
env:
TAG_NAME: ${{ github.ref_name}}
run: |
shopt -s failglob
pushd dist
shasum -a 256 kitops-* > checksums.txt
mv checksums.txt kitops_${TAG_NAME}_checksums.txt
popd
# uses the checksums created above to generate the homebrew recipe
# file needed for the homebrew tap 'jozu-ai/homebrew-kitops'
- name: Create Homebrew Formula
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG_NAME: ${{ github.ref_name}}
REPO: ${{ github.repository }}
run: |
shopt -s failglob
pushd dist
awk '
BEGIN { tag_name = ENVIRON["TAG_NAME"]; repo = ENVIRON["REPO"];}
/.tar.gz$/ {
print "\""$1"\"",
"\"https://github.com/" repo "/releases/download/" tag_name "/" $2 "\"",
$2,
tag_name }' kitops_${TAG_NAME}_checksums.txt |
awk '{ sub(/.tar.gz/, "", $3); print $1, $2, $3, $4 }' |
awk '{ sub(/kitops-/, "", $3); print $1, $2, $3, $4 }' |
awk '{sub(/v/, "", $4); print $1, $2, $3, $4 }' > homebrew-metadata.txt
mv homebrew-metadata.txt ../build/homebrew/homebrew-metadata.txt
popd
pushd build/homebrew
awk -f create-homebrew-recipe.awk homebrew-metadata.txt
cp kitops.rb ../../homebrew-kitops/.
popd
# Commit the Homebrew Formula to the current repo: jozu-ai/kitops
- name: Commit Homebrew Formula
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG_NAME: ${{ github.ref_name}}
REPO: ${{ github.repository }}
run: |
CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
PR_BRANCH="${{ github.ref_name }}-homebrew-update"
git fetch origin main
git branch "$PR_BRANCH"
git checkout "$PR_BRANCH"
git pull origin --ff-only "${PR_BRANCH}" || true
git config --global user.name "${GITHUB_ACTOR}"
git config --global user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com"
cd build/homebrew
git add --all
git commit -m "homebrew: update Homebrew Formula for ${{ github.ref_name }}"
git push origin "${PR_BRANCH}"
gh pr create --fill --base main --head "${PR_BRANCH}"
git checkout "${CURRENT_BRANCH}"
# Commit the Homebrew Formula to the repo: jozu-ai/homebrew-kitops
##### CHANGE REPO TO jozu-ai/homebrew-kitops
- name: Commit Homebrew Formula to Tap
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG_NAME: ${{ github.ref_name}}
REPO: "brett-hodges/homebrew-kitops"
run: |
cd homebrew-kitops
CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
PR_BRANCH="${{ github.ref_name }}-homebrew-tap-update"
git fetch origin main
git branch "$PR_BRANCH"
git checkout "$PR_BRANCH"
git pull origin --ff-only "${PR_BRANCH}" || true
git config --global user.name "${GITHUB_ACTOR}"
git config --global user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com"
git add --all
git commit -m "homebrew: update Homebrew Tap Formula for ${{ github.ref_name }}"
git push origin "${PR_BRANCH}"
gh pr create --fill --base main --head "${PR_BRANCH}"
git checkout "${CURRENT_BRANCH}"
- name: Create Release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG_NAME: ${{ inputs.release_tag || github.ref_name}}
REPO: ${{ github.repository }}
DRAFT_RELEASE: ${{ github.event_name == 'workflow_dispatch' }}
run: |
echo "Creating release for ${TAG_NAME}"
release_args=(
${TAG_NAME}
./dist/*.*
--title "Release ${TAG_NAME}"
--generate-notes
--repo ${REPO}
)
if [[ "${DRAFT_RELEASE}" == "false" ]]; then
previous_release="$(gh release list --repo $REPO --limit 1 --json tagName --jq '.[] | .tagName ')"
echo "Previous release: ${previous_release}"
release_args+=( --latest )
release_args+=( --verify-tag )
release_args+=( --notes-start-tag "${previous_release}" )
else
release_args+=( --draft )
fi
gh release create "${release_args[@]}"
- name: Generate CLI documentation
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG_NAME: ${{ inputs.release_tag || github.ref_name}}
run: |
CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
PR_BRANCH="${{ github.ref_name }}-docs-update"
git fetch origin main
git branch "$PR_BRANCH"
git checkout "$PR_BRANCH"
git pull origin --ff-only "${PR_BRANCH}" || true
git config --global user.name "${GITHUB_ACTOR}"
git config --global user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com"
(cd docs; npm pkg set version=$TAG_NAME)
./docs/src/docs/cli/generate.sh > /dev/null
git add --all
git commit -m "docs: update CLI documentation for ${{ github.ref_name }}"
git push origin "${PR_BRANCH}"
gh pr create --fill --base main --head "${PR_BRANCH}"
git checkout "${CURRENT_BRANCH}"
docker-image-build:
runs-on: ubuntu-latest
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
- name: Login to ghcr.io
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Build and push base Kit container
id: build-kit-container
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
with:
platforms: linux/amd64,linux/arm64
push: true
context: build/dockerfiles
file: build/dockerfiles/release.Dockerfile
build-args: |
KIT_VERSION=${{ github.ref_name }}
tags: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
annotations: |
index:org.opencontainers.image.description=Official release Kit CLI container
index:org.opencontainers.image.source=https://github.com/jozu-ai/kitops
index:org.opencontainers.image.licenses=Apache-2.0
- name: Build and push Kit init container
id: build-kit-init-container
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
with:
platforms: linux/amd64,linux/arm64
push: true
context: build/dockerfiles/init
file: build/dockerfiles/init/Dockerfile
build-args: |
KIT_BASE_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-kit-container.outputs.digest }}
tags: |
${{ env.REGISTRY }}/${{ env.INIT_IMAGE_NAME }}:latest
${{ env.REGISTRY }}/${{ env.INIT_IMAGE_NAME }}:${{ github.ref_name }}
annotations: |
index:org.opencontainers.image.description=Kit CLI init container
index:org.opencontainers.image.source=https://github.com/jozu-ai/kitops
index:org.opencontainers.image.licenses=Apache-2.0
- name: Generate artifact attestation for base container
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
subject-digest: ${{ steps.build-kit-container.outputs.digest }}
push-to-registry: true
- name: Generate artifact attestation for base container
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
with:
subject-name: ${{ env.REGISTRY }}/${{ env.INIT_IMAGE_NAME }}
subject-digest: ${{ steps.build-kit-init-container.outputs.digest }}
push-to-registry: true