Skip to content

Release

Release #1343

Workflow file for this run

# Copyright The Enterprise Contract Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
---
name: Release
"on":
workflow_run:
workflows: [Checks]
types: [completed]
branches: [main]
workflow_dispatch:
permissions:
contents: read
jobs:
info:
name: Info
runs-on: ubuntu-latest
outputs:
head_sha: ${{ steps.head_sha.outputs.head_sha }}
timestamp: ${{ steps.timestamp.outputs.timestamp }}
steps:
- name: Git Info
id: head_sha
env:
GH_TOKEN: ${{ github.token }}
GH_COBRA: 1
run: |
echo head_sha=$(gh api /repos/enterprise-contract/ec-cli/git/matching-refs/heads/main --jq '.[0].object.sha') | tee -a "$GITHUB_OUTPUT"
- name: Timestamp
id: timestamp
run: |
echo timestamp=$(date '+%s') | tee -a "$GITHUB_OUTPUT"
release:
permissions:
contents: write # for Git to git push & cache write
pages: write # Needed for GitHub Pages deployment
id-token: write # Needed for GitHub Pages deployment
name: Release
runs-on: ubuntu-latest
needs: info
if: ${{ (github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_sha == needs.info.outputs.head_sha) || github.event_name == 'workflow_dispatch' }}
env:
IMAGE_REPO: quay.io/enterprise-contract/ec-cli
TAG: ${{ github.sha }}
TAG_TIMESTAMP: ${{ github.sha }}-${{ needs.info.outputs.timestamp }}
steps:
# TODO: Enabling this seems to cause the host to run out of disk space.
# - name: Harden Runner
# uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
# with:
# egress-policy: audit
# disable-telemetry: true
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
docker-images: false
swap-storage: false
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Update podman
run: |
"${GITHUB_WORKSPACE}/hack/ubuntu-podman-update.sh"
- name: Cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: main
- name: Setup Go environment
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version-file: go.mod
cache: false
- name: Download go dependencies
run: |
go mod download
(cd tools && go mod download)
(cd acceptance && go mod download)
- name: Build distribution
run: make dist
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Registry login (quay.io/enterprise-contract)
run: podman login -u ${{ secrets.BUNDLE_PUSH_USER_EC }} -p ${{ secrets.BUNDLE_PUSH_PASS_EC }} quay.io
- name: Create and push image (quay.io/enterprise-contract/ec-cli)
run: make dist-image-push IMAGE_TAG=$TAG IMAGE_REPO=$IMAGE_REPO ADD_IMAGE_TAG="snapshot $TAG_TIMESTAMP"
- name: Create and push the tekton bundle (quay.io/enterprise-contract/ec-task-bundle)
env:
TASK_REPO: quay.io/enterprise-contract/ec-task-bundle
TASKS: "tasks/verify-enterprise-contract/0.1/verify-enterprise-contract.yaml"
run: make task-bundle-snapshot TASK_REPO=$TASK_REPO TASK_TAG=$TAG ADD_TASK_TAG="$TAG_TIMESTAMP" TASKS=<( yq e ".spec.steps[].image? = \"$IMAGE_REPO:$TAG\"" $TASKS | yq 'select(. != null)')
- name: Download statistics
env:
GH_TOKEN: ${{ github.token }}
run: hack/stats.sh
- name: Configure statistics pages
uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
- name: Upload statistics
uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
with:
path: stats
- name: Deploy statistics
uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
- name: Delete snapshot release and tag
id: add_tags
run: |
echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token
RELEASE_ID=$(gh api \
-H 'Accept: application/vnd.github.v3+json' \
/repos/${{ github.repository }}/releases \
-q '.[] | select(.tag_name == "snapshot") | .id')
[[ -n "${RELEASE_ID}" ]] && gh api --method DELETE \
-H 'Accept: application/vnd.github.v3+json' \
"/repos/${{ github.repository }}/releases/${RELEASE_ID}"
git config --local user.email "[email protected]"
git config --local user.name "GitHub Action"
git tag -a -f -m 'Development snapshot' snapshot
source hack/add-auto-tag.sh
echo "tag_name=$( source hack/derive-version.sh )" | tee -a "$GITHUB_OUTPUT"
git push -f --tags
- name: Rolling release
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
with:
make_latest: true
name: Rolling release
body: Stable rolling release, currently the same as `${{ steps.add_tags.outputs.tag_name }}`.
tag_name: snapshot
generate_release_notes: false
files: dist/*
- name: Versioned release
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
with:
make_latest: false
name: ${{ steps.add_tags.outputs.tag_name }}
tag_name: ${{ steps.add_tags.outputs.tag_name }}
generate_release_notes: false
files: dist/*