Skip to content

chore(dependencies): Autobump fiatVersion (#4674) #95

chore(dependencies): Autobump fiatVersion (#4674)

chore(dependencies): Autobump fiatVersion (#4674) #95

Workflow file for this run

name: Release
on:
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
- "v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+"
env:
GRADLE_OPTS: -Dorg.gradle.daemon=false -Xmx6g -Xms6g -Dorg.gradle.internal.http.socketTimeout=120000 -Dorg.gradle.internal.http.connectionTimeout=120000 -Dorg.gradle.internal.remote.repository.deploy.max.attempts=6
CONTAINER_REGISTRY: us-docker.pkg.dev/spinnaker-community/docker
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
# Given a tag, determine what branch we are on, so we can bump dependencies in the correct branch
- name: Get Branch
run: |
BRANCHES=$(git branch -r --contains ${{ github.ref }})
echo "BRANCHES is '${BRANCHES}'"
# Check for no branches explicitly...Otherwise echo adds a newline so wc thinks there's
# one branch. And echo -n makes it appears that there's one less branch than there
# actually is.
if [ -z "$BRANCHES" ]; then
echo "exactly one branch required to release orca, but there are none"
exit 1
fi
NUM_BRANCHES=$(($(echo "$BRANCHES" | wc -l)))
echo "NUM_BRANCHES is '${NUM_BRANCHES}'"
if [ $NUM_BRANCHES -ne 1 ]; then
echo "exactly one branch required to release orca, but there are $NUM_BRANCHES ($BRANCHES)"
exit 1
fi
echo "exactly one branch ($BRANCHES)"
echo BRANCH=$BRANCHES >> $GITHUB_ENV
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- uses: actions/setup-java@v4
with:
java-version: |
17
11
distribution: 'zulu'
cache: 'gradle'
- name: Assemble release info
id: release_info
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
. .github/workflows/release_info.sh ${{ github.event.repository.full_name }}
echo CHANGELOG=$(echo -e "${CHANGELOG}") >> $GITHUB_OUTPUT
echo SKIP_RELEASE="${SKIP_RELEASE}" >> $GITHUB_OUTPUT
echo IS_CANDIDATE="${IS_CANDIDATE}" >> $GITHUB_OUTPUT
echo RELEASE_VERSION="${RELEASE_VERSION}" >> $GITHUB_OUTPUT
- name: Prepare build variables
id: build_variables
run: |
echo REPO="${GITHUB_REPOSITORY##*/}" >> $GITHUB_OUTPUT
echo VERSION="$(git rev-parse --short HEAD)-$(date --utc +'%Y%m%d%H%M')" >> $GITHUB_OUTPUT
- name: Release build
env:
ORG_GRADLE_PROJECT_version: ${{ steps.release_info.outputs.RELEASE_VERSION }}
ORG_GRADLE_PROJECT_nexusPublishEnabled: true
ORG_GRADLE_PROJECT_nexusUsername: ${{ secrets.NEXUS_USERNAME }}
ORG_GRADLE_PROJECT_nexusPassword: ${{ secrets.NEXUS_PASSWORD }}
ORG_GRADLE_PROJECT_nexusPgpSigningKey: ${{ secrets.NEXUS_PGP_SIGNING_KEY }}
ORG_GRADLE_PROJECT_nexusPgpSigningPassword: ${{ secrets.NEXUS_PGP_SIGNING_PASSWORD }}
run: |
./gradlew --info build ${{ steps.build_variables.outputs.REPO }}-web:installDist publishToNexus closeAndReleaseNexusStagingRepository
- name: Publish apt packages to Google Artifact Registry
env:
ORG_GRADLE_PROJECT_version: ${{ steps.release_info.outputs.RELEASE_VERSION }}
ORG_GRADLE_PROJECT_artifactRegistryPublishEnabled: true
GAR_JSON_KEY: ${{ secrets.GAR_JSON_KEY }}
run: |
./gradlew --info publish
- name: Login to Google Cloud
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
uses: 'google-github-actions/auth@v2'
# use service account flow defined at: https://github.com/google-github-actions/upload-cloud-storage#authenticating-via-service-account-key-json
with:
credentials_json: '${{ secrets.GAR_JSON_KEY }}'
- name: Upload halconfig profiles to GCS
# https://console.cloud.google.com/storage/browser/halconfig
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
uses: 'google-github-actions/upload-cloud-storage@v2'
with:
path: 'halconfig/'
destination: 'halconfig/${{ steps.build_variables.outputs.REPO }}/${{ steps.release_info.outputs.RELEASE_VERSION }}'
parent: false
- name: Login to GAR
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
uses: docker/login-action@v3
# use service account flow defined at: https://github.com/docker/login-action#service-account-based-authentication-1
with:
registry: us-docker.pkg.dev
username: _json_key
password: ${{ secrets.GAR_JSON_KEY }}
- name: Build and publish slim container image
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
uses: docker/build-push-action@v5
with:
context: .
file: Dockerfile.slim
platforms: linux/amd64,linux/arm64
push: true
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-unvalidated"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-unvalidated-slim"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-${{ steps.build_variables.outputs.VERSION }}-unvalidated-slim"
- name: Build and publish ubuntu container image
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
uses: docker/build-push-action@v5
with:
context: .
file: Dockerfile.ubuntu
platforms: linux/amd64,linux/arm64
push: true
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-unvalidated-ubuntu"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-${{ steps.build_variables.outputs.VERSION }}-unvalidated-ubuntu"
- name: Build and publish slim JRE 11 container image
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
uses: docker/build-push-action@v5
with:
context: .
file: Dockerfile.java11.slim
platforms: linux/amd64,linux/arm64
push: true
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-java11-unvalidated"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-java11-unvalidated-slim"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-${{ steps.build_variables.outputs.VERSION }}-java11-unvalidated-slim"
- name: Build and publish ubuntu JRE 11 container image
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
uses: docker/build-push-action@v5
with:
context: .
file: Dockerfile.java11.ubuntu
platforms: linux/amd64,linux/arm64
push: true
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-java11-unvalidated-ubuntu"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-${{ steps.build_variables.outputs.VERSION }}-java11-unvalidated-ubuntu"
- name: Create release
if: steps.release_info.outputs.SKIP_RELEASE == 'false'
uses: softprops/action-gh-release@v1
with:
body: |
${{ steps.release_info.outputs.CHANGELOG }}
draft: false
name: ${{ github.event.repository.name }} ${{ github.ref_name }}
prerelease: ${{ steps.release_info.outputs.IS_CANDIDATE }}
tag_name: ${{ github.ref }}
token: ${{ secrets.GITHUB_TOKEN }}
- name: Pause before dependency bump
run: sleep 900
- name: Trigger dependency bump workflow
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ secrets.SPINNAKER_GITHUB_TOKEN }}
event-type: bump-dependencies
client-payload: '{"ref": "${{ github.ref }}", "branch": "${{ env.BRANCH}}"}'