Merge pull request #582 from viccuad/main #51
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: policy-server release | |
on: | |
push: | |
tags: | |
- "v*" | |
# Declare default permissions as read only. | |
permissions: read-all | |
jobs: | |
ci: | |
uses: ./.github/workflows/ci.yml | |
permissions: read-all | |
build: | |
name: Build container image, sign it, and generate SBOMs | |
uses: ./.github/workflows/container-build.yml | |
permissions: | |
id-token: write | |
packages: write | |
release: | |
name: Create release | |
needs: | |
- ci | |
- build | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: Retrieve tag name | |
if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
run: | | |
echo TAG_NAME=$(echo ${{ github.ref_name }}) >> $GITHUB_ENV | |
- name: Get latest release tag | |
id: get_last_release_tag | |
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 | |
with: | |
script: | | |
let release = await github.rest.repos.getLatestRelease({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
}); | |
if (release.status === 200 ) { | |
core.setOutput('old_release_tag', release.data.tag_name) | |
return | |
} | |
core.setFailed("Cannot find latest release") | |
- name: Get release ID from the release created by release drafter | |
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 | |
with: | |
script: | | |
let releases = await github.rest.repos.listReleases({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
}); | |
for (const release of releases.data) { | |
if (release.draft) { | |
core.info(release) | |
core.exportVariable('RELEASE_ID', release.id) | |
return | |
} | |
} | |
core.setFailed(`Draft release not found`) | |
- name: Download SBOM artifact | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: sbom | |
- name: Display structure of downloaded files | |
run: ls -R | |
- name: Upload release assets | |
id: upload_release_assets | |
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 | |
with: | |
script: | | |
let fs = require('fs'); | |
let path = require('path'); | |
let files = [ | |
'policy-server-sbom-amd64.spdx', | |
'policy-server-sbom-amd64.spdx.cert', | |
'policy-server-sbom-amd64.spdx.sig', | |
'policy-server-sbom-arm64.spdx', | |
'policy-server-sbom-arm64.spdx.cert', | |
'policy-server-sbom-arm64.spdx.sig'] | |
const {RELEASE_ID} = process.env | |
for (const file of files) { | |
let file_data = fs.readFileSync(file); | |
let response = await github.rest.repos.uploadReleaseAsset({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
release_id: `${RELEASE_ID}`, | |
name: path.basename(file), | |
data: file_data, | |
}); | |
} | |
- name: Publish release | |
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 | |
with: | |
script: | | |
const {RELEASE_ID} = process.env | |
const {TAG_NAME} = process.env | |
github.rest.repos.updateRelease({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
release_id: `${RELEASE_ID}`, | |
draft: false, | |
tag_name: `${TAG_NAME}`, | |
name: `${TAG_NAME}`, | |
prerelease: `${{ contains(github.event.workflow_run.head_branch, '-alpha') || contains(github.event.workflow_run.head_branch, '-beta') || contains(github.event.workflow_run.head_branch, '-rc') }}` | |
}); | |
- name: Trigger chart update | |
uses: peter-evans/repository-dispatch@bf47d102fdb849e755b0b0023ea3e81a44b6f570 # v2.1.2 | |
with: | |
token: ${{ secrets.WORKFLOW_PAT }} | |
repository: "${{github.repository_owner}}/helm-charts" | |
event-type: update-chart | |
client-payload: '{"version": "${{ github.ref_name }}", "oldVersion": "${{ steps.get_last_release_tag.outputs.old_release_tag }}", "repository": "${{ github.repository }}"}' |