create-release.yaml

name: "Create release"

on:
  workflow_dispatch:
    inputs:
      name:
        description: 'Release name ( e.g. "2.1.3" )'
        default: ""
        required: true
      latest_release:
        description: 'Latest release'
        type: boolean
        default: false

jobs:
  verify-head-status:
    name: Verify HEAD
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Verify prow post jobs
        run: ./.github/scripts/verify-serverless-jobs-status.sh ${{ github.ref_name }}

      - name: Verify github actions
        run: ./.github/scripts/verify-actions-status.sh ${{ github.ref_name }}

  upgrade-images:
    name: Upgrade main images
    needs: verify-head-status
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          token: ${{ secrets.BOT_TOKEN }}
          fetch-depth: 0

      - name: Bump values.yaml
        run: |
          ./hack/replace_serverless_chart_images.sh all .
        env:
          IMG_DIRECTORY: "prod"
          IMG_VERSION: ${{ github.event.inputs.name }}
          PROJECT_ROOT: "."

      - name: Bump sec-scanners-config.yaml based on values.yaml
        run: ./.github/scripts/upgrade-sec-scanners-config.sh
        env:
          IMG_VERSION: ${{ github.event.inputs.name }}
      
      - name: Commit&Push
        run: |
          git config --local user.email "team-otters@sap.com"
          git config --local user.name "ottersbot"

          git add .
          git commit --allow-empty -m "upgrade dependencies"
          git push origin ${{ github.ref_name }}

  create-draft:
    name: Create draft release
    needs: upgrade-images
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: ${{ github.ref_name }} # checkout to latest branch changes ( by default this action checkouts to the SHA that triggers action )

      - name: Create changelog
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PULL_BASE_REF: ${{ github.event.inputs.name }}
        run: ./.github/scripts/create_changelog.sh ${{ github.event.inputs.name }}

      - name: Create draft release
        id: create-draft
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          RELEASE_ID=$(./.github/scripts/create_draft_release.sh ${{ github.event.inputs.name }})
          echo "release_id=$RELEASE_ID" >> $GITHUB_OUTPUT

      - name: Create lightweight tag
        run: |
          git tag ${{ github.event.inputs.name }}
          git push origin ${{ github.event.inputs.name }}

      - name: Create release assets
        id: create-assets
        env:
          IMG: "europe-docker.pkg.dev/kyma-project/prod/serverless-operator:${{ github.event.inputs.name }}"
          PULL_BASE_REF: ${{ github.event.inputs.name }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: ./.github/scripts/release.sh

      - name: Verify prow release jobs
        run: ./.github/scripts/verify-serverless-jobs-status.sh ${{ github.ref_name }}

    outputs:
      release_id: ${{ steps.create-draft.outputs.release_id }}

  publish-release:
    name: Publish release
    needs: create-draft
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: ${{ github.event.inputs.name }} # checkout to latest branch changes ( by default this action checkouts to the SHA that triggers action )
          
      - name: Publish release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: ./.github/scripts/publish_release.sh ${{ needs.create-draft.outputs.release_id }} ${{ github.event.inputs.latest_release }}