create release #167
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: create release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| name: | |
| description: 'Release name ( e.g. "2.1.3" )' | |
| default: "" | |
| required: true | |
| latest_release: | |
| description: "Latest release" | |
| type: boolean | |
| default: false | |
| jobs: | |
| verify-head-status: | |
| name: Verify HEAD | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Verify github actions | |
| run: ./.github/scripts/verify-actions-status.sh ${{ github.ref_name }} | |
| upgrade-images: | |
| name: Upgrade main images | |
| needs: verify-head-status | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.BOT_TOKEN }} | |
| fetch-depth: 0 | |
| - uses: ./.github/actions/setup-libgit2 | |
| - name: Bump values.yaml | |
| run: | | |
| ./hack/replace_serverless_chart_images.sh all . | |
| ./hack/replace_serverless_crd_version.sh | |
| env: | |
| IMG_DIRECTORY: "prod" | |
| IMG_VERSION: ${{ github.event.inputs.name }} | |
| PROJECT_ROOT: "." | |
| - name: Bump sec-scanners-config.yaml based on values.yaml | |
| run: ./.github/scripts/upgrade-sec-scanners-config.sh | |
| env: | |
| IMG_VERSION: ${{ github.event.inputs.name }} | |
| - name: Commit&Push | |
| run: | | |
| git config --local user.email "[email protected]" | |
| git config --local user.name "ottersbot" | |
| git add . | |
| git commit --allow-empty -m "upgrade dependencies" | |
| git push origin ${{ github.ref_name }} | |
| create-tag: | |
| name: Create tag | |
| needs: upgrade-images | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.BOT_TOKEN }} | |
| fetch-depth: 0 | |
| ref: ${{ github.ref_name }} # Checkout to latest branch changes | |
| - name: Tag latest | |
| if: ${{ github.event.inputs.latest_release }} | |
| # tag commit to inform another workload, responsible for creating right release | |
| # that this release should be the latest one | |
| run: | | |
| git tag --force latest | |
| git push --force origin latest | |
| - name: Create tag | |
| run: | | |
| git tag ${{ github.event.inputs.name }} | |
| git push origin ${{ github.event.inputs.name }} | |
| # this workload ends on creating the right tag | |
| # the next steps are located in the .github/workloads/create-release-on-tag.yaml file |