Release with Platform builds #44
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release with Platform builds | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| skip_signing: | |
| description: 'Skip code signing' | |
| required: true | |
| default: false | |
| type: boolean | |
| release_tag: | |
| description: 'Release tag' | |
| required: true | |
| type: string | |
| push: | |
| tags: | |
| - 'v*' | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| INIT_IMAGE_NAME: ${{ github.repository }}-init | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| packages: write | |
| id-token: write | |
| attestations: write | |
| jobs: | |
| build-macos: | |
| runs-on: macos-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| ## install build dependencies for frontend generation | |
| - name: Install Node.js | |
| uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 | |
| with: | |
| node-version-file: './frontend/dev-mode/.nvmrc' | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 | |
| with: | |
| version: 8.0.0 | |
| - name: Setup Go | |
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Import Apple Code Signing Certificates | |
| if: ${{ github.event_name != 'workflow_dispatch' || !inputs.skip_signing }} | |
| uses: Apple-Actions/import-codesign-certs@63fff01cd422d4b7b855d40ca1e9d34d2de9427d # v3.0.0 | |
| with: | |
| p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_BASE64 }} | |
| p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 #v6.0.0 | |
| with: | |
| version: latest | |
| distribution: goreleaser | |
| args: release --clean --snapshot --config ./.goreleaser.darwin.yaml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| APPLE_DEVELOPER_ID: ${{ secrets.APPLICATION_IDENTITY}} | |
| APPLE_ID: ${{ vars.APPLE_ID }} | |
| APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD}} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID}} | |
| - name: Notarize the macOS binary | |
| env: | |
| APPLE_DEVELOPER_ID: ${{ secrets.APPLICATION_IDENTITY}} | |
| APPLE_ID: ${{ vars.APPLE_ID }} | |
| APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD}} | |
| APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID}} | |
| shell: bash | |
| run: | | |
| ./build/scripts/sign ./dist/kitops-darwin-arm64.zip | |
| ./build/scripts/sign ./dist/kitops-darwin-x86_64.zip | |
| - name: Upload macOS artifacts | |
| uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
| with: | |
| name: dist-macos | |
| if-no-files-found: error | |
| retention-days: 7 | |
| path: | | |
| ./dist/*.zip | |
| ./dist/*.tar.gz | |
| build-windows: | |
| runs-on: windows-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup Go | |
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 #v6.0.0 | |
| with: | |
| version: latest | |
| distribution: goreleaser | |
| args: release --clean --snapshot --config ./.goreleaser.windows.yaml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload Windows artifacts | |
| uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
| with: | |
| name: dist-windows | |
| if-no-files-found: error | |
| retention-days: 7 | |
| path: | | |
| ./dist/*.zip | |
| build-linux: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup Go | |
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 #v6.0.0 | |
| with: | |
| version: latest | |
| distribution: goreleaser | |
| args: release --clean --snapshot --config ./.goreleaser.linux.yaml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload Linux artifacts | |
| uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
| with: | |
| name: dist-linux | |
| if-no-files-found: error | |
| retention-days: 7 | |
| path: | | |
| ./dist/*.tar.gz | |
| release: | |
| runs-on: ubuntu-latest | |
| needs: [build-linux, build-macos, build-windows] | |
| steps: | |
| - name: Merge built artifacts | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.3 | |
| with: | |
| path: dist | |
| pattern: dist-* | |
| merge-multiple: true | |
| - name: Create Checksums | |
| env: | |
| TAG_NAME: ${{ github.ref_name}} | |
| run: | | |
| shopt -s failglob | |
| pushd dist | |
| shasum -a 256 kitops-* > checksums.txt | |
| mv checksums.txt kitops_${TAG_NAME}_checksums.txt | |
| popd | |
| # checkout the current repository | |
| - name: Checkout kitops | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| # uses the checksums created above to generate the homebrew recipe | |
| # file needed for the homebrew tap 'jozu-ai/homebrew-kitops' | |
| - name: Create Homebrew Formula | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| TAG_NAME: ${{ github.ref_name}} | |
| REPO: ${{ github.repository }} | |
| run: | | |
| shopt -s failglob | |
| ls | |
| pushd dist | |
| awk ' | |
| BEGIN { tag_name = ENVIRON["TAG_NAME"]; repo = ENVIRON["REPO"];} | |
| /.tar.gz$/ { | |
| print "\""$1"\"", | |
| "\"https://github.com/" repo "/releases/download/" tag_name "/" $2 "\"", | |
| $2, | |
| tag_name }' kitops_${TAG_NAME}_checksums.txt | | |
| awk '{ sub(/.tar.gz/, "", $3); print $1, $2, $3, $4 }' | | |
| awk '{ sub(/kitops-/, "", $3); print $1, $2, $3, $4 }' | | |
| awk '{sub(/v/, "", $4); print $1, $2, $3, $4 }' > homebrew-metadata.txt | |
| mv homebrew-metadata.txt ../build/homebrew/homebrew-metadata.txt | |
| popd | |
| pushd build/homebrew | |
| awk -f create-homebrew-recipe.awk homebrew-metadata.txt | |
| popd | |
| - name: Upload Homebrew Formula As Artifact | |
| uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | |
| with: | |
| name: homebrew-formula | |
| if-no-files-found: error | |
| retention-days: 7 | |
| path: | | |
| ./build/homebrew/kitops.rb | |
| # Commit the Homebrew Formula to the current repo: jozu-ai/kitops | |
| - name: Commit Homebrew Formula | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| TAG_NAME: ${{ github.ref_name}} | |
| REPO: ${{ github.repository }} | |
| run: | | |
| CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD) | |
| PR_BRANCH="${{ github.ref_name }}-homebrew-update" | |
| git fetch origin main | |
| git branch "$PR_BRANCH" | |
| git checkout "$PR_BRANCH" | |
| git pull origin --ff-only "${PR_BRANCH}" || true | |
| git config --global user.name "${GITHUB_ACTOR}" | |
| git config --global user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com" | |
| cd build/homebrew | |
| git add --all | |
| git commit -m "homebrew: update Homebrew Formula for ${{ github.ref_name }}" | |
| git push origin "${PR_BRANCH}" | |
| gh pr create --fill --base main --head "${PR_BRANCH}" | |
| git checkout "${CURRENT_BRANCH}" | |
| - name: Create Release | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| TAG_NAME: ${{ inputs.release_tag || github.ref_name}} | |
| REPO: ${{ github.repository }} | |
| DRAFT_RELEASE: ${{ github.event_name == 'workflow_dispatch' }} | |
| run: | | |
| echo "Creating release for ${TAG_NAME}" | |
| release_args=( | |
| ${TAG_NAME} | |
| ./dist/*.* | |
| --title "Release ${TAG_NAME}" | |
| --generate-notes | |
| --repo ${REPO} | |
| ) | |
| if [[ "${DRAFT_RELEASE}" == "false" ]]; then | |
| previous_release="$(gh release list --repo $REPO --limit 1 --json tagName --jq '.[] | .tagName ')" | |
| echo "Previous release: ${previous_release}" | |
| release_args+=( --latest ) | |
| release_args+=( --verify-tag ) | |
| release_args+=( --notes-start-tag "${previous_release}" ) | |
| else | |
| release_args+=( --draft ) | |
| fi | |
| gh release create "${release_args[@]}" | |
| - name: Generate CLI documentation | |
| shell: bash | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| TAG_NAME: ${{ inputs.release_tag || github.ref_name}} | |
| run: | | |
| CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD) | |
| PR_BRANCH="${{ github.ref_name }}-docs-update" | |
| git fetch origin main | |
| git branch "$PR_BRANCH" | |
| git checkout "$PR_BRANCH" | |
| git pull origin --ff-only "${PR_BRANCH}" || true | |
| git config --global user.name "${GITHUB_ACTOR}" | |
| git config --global user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com" | |
| (cd docs; npm pkg set version=$TAG_NAME) | |
| ./docs/src/docs/cli/generate.sh > /dev/null | |
| git add --all | |
| git commit -m "docs: update CLI documentation for ${{ github.ref_name }}" | |
| git push origin "${PR_BRANCH}" | |
| gh pr create --fill --base main --head "${PR_BRANCH}" | |
| git checkout "${CURRENT_BRANCH}" | |
| # Creates a release with the artifacts from the previous steps. | |
| # workflow_dispatch triggered versions will be draft releases. | |
| # CLI docs are not updated for workflow_dispatch triggered versions. | |
| publish-homebrew-tap-formula: | |
| runs-on: ubuntu-latest | |
| needs: [release] | |
| steps: | |
| # checkout the homebrew-kitops repository (jozu-ai/homebrew-kitops) | |
| - name: Checkout homebrew-kitops | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| ###### CHANGE THIS TO jozu-ai/homebrew-kitops ###### | |
| repository: brett-hodges/homebrew-kitops | |
| ref: 'main' | |
| path: homebrew-kitops | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Download homebrew formula | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.3 | |
| with: | |
| path: homebrew-formula | |
| name: homebrew-formula | |
| # Commit the Homebrew Formula to the repo: jozu-ai/homebrew-kitops | |
| - name: Commit Homebrew Formula to Tap | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| TAG_NAME: ${{ github.ref_name}} | |
| ##### CHANGE REPO TO jozu-ai/homebrew-kitops | |
| REPO: "brett-hodges/homebrew-kitops" | |
| run: | | |
| ls | |
| cp homebrew-formula homebrew-kitops/kitops.rb | |
| pushd homebrew-kitops | |
| CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD) | |
| PR_BRANCH="${{ github.ref_name }}-homebrew-tap-update" | |
| git fetch origin main | |
| git branch "$PR_BRANCH" | |
| git checkout "$PR_BRANCH" | |
| git pull origin --ff-only "${PR_BRANCH}" || true | |
| git config --global user.name "${GITHUB_ACTOR}" | |
| git config --global user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com" | |
| git add --all | |
| git commit -m "homebrew: update Homebrew Tap Formula for ${{ github.ref_name }}" | |
| git config --unset-all http.https://github.com/.extraheader | |
| git push origin "${PR_BRANCH}" | |
| gh pr create --fill --base main --head "${PR_BRANCH}" | |
| git checkout "${CURRENT_BRANCH}" | |
| popd | |
| docker-image-build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 | |
| - name: Login to ghcr.io | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Build and push base Kit container | |
| id: build-kit-container | |
| uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 | |
| with: | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| context: build/dockerfiles | |
| file: build/dockerfiles/release.Dockerfile | |
| build-args: | | |
| KIT_VERSION=${{ github.ref_name }} | |
| tags: | | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }} | |
| annotations: | | |
| index:org.opencontainers.image.description=Official release Kit CLI container | |
| index:org.opencontainers.image.source=https://github.com/jozu-ai/kitops | |
| index:org.opencontainers.image.licenses=Apache-2.0 | |
| - name: Build and push Kit init container | |
| id: build-kit-init-container | |
| uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 | |
| with: | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| context: build/dockerfiles/init | |
| file: build/dockerfiles/init/Dockerfile | |
| build-args: | | |
| KIT_BASE_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-kit-container.outputs.digest }} | |
| tags: | | |
| ${{ env.REGISTRY }}/${{ env.INIT_IMAGE_NAME }}:latest | |
| ${{ env.REGISTRY }}/${{ env.INIT_IMAGE_NAME }}:${{ github.ref_name }} | |
| annotations: | | |
| index:org.opencontainers.image.description=Kit CLI init container | |
| index:org.opencontainers.image.source=https://github.com/jozu-ai/kitops | |
| index:org.opencontainers.image.licenses=Apache-2.0 | |
| - name: Generate artifact attestation for base container | |
| uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| subject-digest: ${{ steps.build-kit-container.outputs.digest }} | |
| push-to-registry: true | |
| - name: Generate artifact attestation for base container | |
| uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.INIT_IMAGE_NAME }} | |
| subject-digest: ${{ steps.build-kit-init-container.outputs.digest }} | |
| push-to-registry: true |