Skip to content

Release

Release #1009

Workflow file for this run

# Copyright The Enterprise Contract Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
---
name: Release
"on":
workflow_run:
workflows: [Checks]
types: [completed]
branches: [main]
workflow_dispatch:
permissions:
contents: read
jobs:
info:
name: Info
runs-on: ubuntu-latest
outputs:
head_sha: ${{ steps.head_sha.outputs.head_sha }}
timestamp: ${{ steps.timestamp.outputs.timestamp }}
steps:
- name: Git Info
id: head_sha
env:
GH_TOKEN: ${{ github.token }}
GH_COBRA: 1
run: |
echo head_sha=$(gh api /repos/enterprise-contract/ec-cli/git/matching-refs/heads/main --jq '.[0].object.sha') >> "$GITHUB_OUTPUT"
- name: Timestamp
id: timestamp
run: |
echo timestamp=$(date '+%s') >> "$GITHUB_OUTPUT"
release:
permissions:
contents: write # for Git to git push & cache write
pages: write # Needed for GitHub Pages deployment
id-token: write # Needed for GitHub Pages deployment
name: Release
runs-on: ubuntu-latest
needs: info
if: ${{ (github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_sha == needs.info.outputs.head_sha) || github.event.workflow_dispatch }}
env:
IMAGE_REPO: quay.io/hacbs-contract/ec-cli
EC_IMAGE_REPO: quay.io/enterprise-contract/ec-cli
TAG: ${{ github.sha }}
TAG_TIMESTAMP: ${{ github.sha }}-${{ needs.info.outputs.timestamp }}
steps:
# TODO: Enabling this seems to cause the host to run out of disk space.
# - name: Harden Runner
# uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
# with:
# egress-policy: audit
# disable-telemetry: true
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
docker-images: false
swap-storage: false
- name: Checkout repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: |
~/.cache/go-build
~/go/pkg/mod
.npm
key: main
- name: Setup Go environment
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version-file: go.mod
cache: false
- name: Download go dependencies
run: |
go mod download
(cd tools && go mod download)
(cd acceptance && go mod download)
- name: Setup Node.js environment
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
node-version-file: 'package.json'
- name: Download NPM dependencies
run: npm ci
- name: Build distribution
run: make dist
# TODO: Remove this once all references to quay.io/hacbs-contract are removed
- name: Registry login
run: podman login -u ${{ secrets.BUNDLE_PUSH_USER }} -p ${{ secrets.BUNDLE_PUSH_PASS }} quay.io
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
# TODO: Remove this once all references to quay.io/hacbs-contract are removed
- name: Create and push image
run: make dist-image-push IMAGE_TAG=$TAG IMAGE_REPO=$IMAGE_REPO ADD_IMAGE_TAG="snapshot $TAG_TIMESTAMP"
# TODO: Remove this once all references to quay.io/hacbs-contract are removed
- name: Create and push the tekton bundle
env:
TASKS: "tasks/verify-enterprise-contract/0.1/verify-enterprise-contract.yaml tasks/verify-definition/0.1/verify-definition.yaml"
run: make task-bundle-snapshot TASK_REPO=quay.io/hacbs-contract/ec-task-bundle TASK_TAG=$TAG TASKS=<( yq e ".spec.steps[].image? = \"$EC_IMAGE_REPO:$TAG\"" $TASKS | yq 'select(. != null)')
- name: Registry login (quay.io/enterprise-contract)
run: podman login -u ${{ secrets.BUNDLE_PUSH_USER_EC }} -p ${{ secrets.BUNDLE_PUSH_PASS_EC }} quay.io
- name: Create and push image (quay.io/enterprise-contract/ec-cli)
run: make dist-image-push IMAGE_TAG=$TAG IMAGE_REPO=$EC_IMAGE_REPO ADD_IMAGE_TAG="snapshot $TAG_TIMESTAMP"
- name: Create and push the tekton bundle (quay.io/enterprise-contract/ec-task-bundle)
env:
TASK_REPO: quay.io/enterprise-contract/ec-task-bundle
TASKS: "tasks/verify-enterprise-contract/0.1/verify-enterprise-contract.yaml tasks/verify-definition/0.1/verify-definition.yaml"
run: make task-bundle-snapshot TASK_REPO=$TASK_REPO TASK_TAG=$TAG ADD_TASK_TAG="$TAG_TIMESTAMP" TASKS=<( yq e ".spec.steps[].image? = \"$EC_IMAGE_REPO:$TAG\"" $TASKS | yq 'select(. != null)')
- name: Download statistics
env:
GH_TOKEN: ${{ github.token }}
run: hack/stats.sh
- name: Configure statistics pages
uses: actions/configure-pages@f156874f8191504dae5b037505266ed5dda6c382 # v3.0.6
- name: Upload statistics
uses: actions/upload-pages-artifact@a753861a5debcf57bf8b404356158c8e1e33150c # v2.0.0
with:
path: stats
- name: Deploy statistics
uses: actions/deploy-pages@9dbe3824824f8a1377b8e298bafde1a50ede43e5 # v2.0.4
- name: Delete snapshot release and tag
run: |
echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token
RELEASE_ID=$(gh api \
-H 'Accept: application/vnd.github.v3+json' \
/repos/${{ github.repository }}/releases \
-q '.[] | select(.tag_name == "snapshot") | .id')
[[ -n "${RELEASE_ID}" ]] && gh api --method DELETE \
-H 'Accept: application/vnd.github.v3+json' \
"/repos/${{ github.repository }}/releases/${RELEASE_ID}"
git config --local user.email "[email protected]"
git config --local user.name "GitHub Action"
git tag -a -f -m 'Development snapshot' snapshot
git push -f --tags
- name: Release
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
with:
prerelease: true
name: Rolling release
body: Stable rolling release. Version can be determined by running `ec version`
tag_name: snapshot
generate_release_notes: false
files: dist/*