-
Notifications
You must be signed in to change notification settings - Fork 0
99 lines (94 loc) · 3.91 KB
/
push-tag-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
name: push-tag-release
on:
# This is _ONLY_ for manually creating an image
# for a tag that already exists. You would do this if
# for some reason CD fails, and you need to try to
# manually rebuild and publish the image.
workflow_dispatch:
inputs:
tag:
description: "Tag to build and publish"
required: true
type: string
# This trigger is called from "push-main", and is _ONLY_ for
# creating docker images for newly tagged releases.
workflow_call:
inputs:
tag:
required: true
type: string
# This trigger is _ONLY_ for helm chart publishing and deployment.
# See jobs ci-lint-charts, cicd-build-publish-charts, cd-deploy-testnet
push:
tags:
# Root tag versions (e.g. v1.0.0) to kick off the helm chart publish and deploy.
- "v*.*.*"
jobs:
check-tags:
name: Parse and validate ${{ inputs.tag || github.ref_name }} tag
runs-on: ubuntu-latest
outputs:
tag-name: ${{ steps.tag-parse.outputs.name }}
tag-version: ${{ steps.tag-parse.outputs.version }}
release: ${{ steps.tag-parse.outputs.release }}
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
ref: ${{ inputs.tag }} # This will evaluate to "" in the case of a tag push
# which is what we want. Since the tag will exist on the default branch.
# - name: Fail if git tag is not from allowed branches
# if: startsWith(github.ref, 'refs/tags/')
# uses: goplugin/.github/actions/guard-tag-from-branch@main
# with:
# tag: ${{ github.ref_name }}
# branch-regex: '^(main|release\/.*)'
- name: Validate and Parse Tag
id: tag-parse
uses: goplugin/.github/actions/check-git-tag-for-monorepo@9e7cc0779934cae4a9028b8588c9adb64d8ce68c # [email protected]
with:
tag-ref: ${{ inputs.tag || github.ref_name }}
cicd-build-publish-artifacts-release:
name: Publish ${{ needs.check-tags.outputs.tag-name }}:${{ needs.check-tags.outputs.tag-version }} Image
runs-on: ubuntu-latest
needs: [check-tags]
if: needs.check-tags.outputs.release == 'true'
permissions:
id-token: write
contents: write
actions: read
steps:
- name: cicd-build-publish-artifacts-release
uses: goplugin/.github/actions/cicd-build-publish-artifacts-go@5b1046c28343660ecb84844c6fa95a66d1cdb52e # [email protected]
with:
# general inputs
app-name: plugin-feeds-${{ needs.check-tags.outputs.tag-name }}
publish: "true"
# if ref is empty do to a tag push, it will be an empty string that will checkout the HEAD
checkout-ref: ${{ inputs.tag }}
# grafana inputs
metrics-job-name: cicd-build-publish-artifacts-release
gc-basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
gc-host: ${{ secrets.GRAFANA_INTERNAL_HOST }}
gc-org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
# aws inputs
aws-region: ${{ secrets.AWS_REGION }}
aws-role-arn: ${{ secrets.AWS_OIDC_IAM_ROLE_ARN }}
aws-account-number: ${{ secrets.AWS_ACCOUNT_NUMBER_PROD }}
# gati inputs
use-gati: "true"
aws-role-arn-gati: ${{ secrets.AWS_OIDC_PLUGIN_FEEDS_CI_CHANGESET_TOKEN_ISSUER_ROLE_ARN }}
aws-lambda-url-gati: ${{ secrets.AWS_FOUNDATIONS_GATI_URL }}
# golang inputs
go-version-file: go.mod
# goreleaser inputs
goreleaser-args: "--config ./${{ needs.check-tags.outputs.tag-name }}/.goreleaser.ci.yaml"
goreleaser-dist: goreleaser-pro
goreleaser-key: ${{ secrets.GORELEASER_KEY }}
# zig inputs
use-zig: "true"
zig-version: "0.11.0"
# docker inputs
docker-registry: aws
docker-image-tag: devel