Merge pull request #747 from jvanz/main #93
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: kwctl release | |
on: | |
push: | |
tags: | |
- "v*" | |
# Declare default permissions as read only. | |
permissions: read-all | |
env: | |
CARGO_TERM_COLOR: always | |
jobs: | |
ci: | |
uses: ./.github/workflows/ci.yml | |
permissions: read-all | |
build: | |
name: Build kwctl, sign it, and generate SBOMs | |
uses: ./.github/workflows/build.yml | |
permissions: | |
id-token: write | |
packages: write | |
release: | |
name: Create release | |
needs: | |
- ci | |
- build | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: Retrieve tag name | |
if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
run: | | |
echo TAG_NAME=$(echo ${{ github.ref_name }}) >> $GITHUB_ENV | |
- name: Get latest release tag | |
id: get_last_release_tag | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
with: | |
script: | | |
let release = await github.rest.repos.getLatestRelease({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
}); | |
if (release.status === 200 ) { | |
core.setOutput('old_release_tag', release.data.tag_name) | |
return | |
} | |
core.setFailed("Cannot find latest release") | |
- name: Get release ID from the release created by release drafter | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
with: | |
script: | | |
let releases = await github.rest.repos.listReleases({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
}); | |
for (const release of releases.data) { | |
if (release.draft) { | |
core.info(release) | |
core.exportVariable('RELEASE_ID', release.id) | |
return | |
} | |
} | |
core.setFailed(`Draft release not found`) | |
- name: Download all artifacts | |
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 | |
# no name provided, download all artifacts. Puts them in folders. | |
- name: Display structure of downloaded files | |
run: ls -R | |
- name: Upload release assets | |
id: upload_release_assets | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
with: | |
script: | | |
let fs = require('fs'); | |
let path = require('path'); | |
let files = [ | |
'./kwctl-airgap-scripts/kubewarden-load-policies.sh', | |
'./kwctl-airgap-scripts/kubewarden-save-policies.sh', | |
'./kwctl-darwin-aarch64/kwctl-darwin-aarch64.zip', | |
'./kwctl-darwin-aarch64-sbom/kwctl-darwin-aarch64-sbom.spdx', | |
'./kwctl-darwin-aarch64-sbom/kwctl-darwin-aarch64-sbom.spdx.cert', | |
'./kwctl-darwin-aarch64-sbom/kwctl-darwin-aarch64-sbom.spdx.sig', | |
'./kwctl-darwin-x86_64/kwctl-darwin-x86_64.zip', | |
'./kwctl-darwin-x86_64-sbom/kwctl-darwin-x86_64-sbom.spdx', | |
'./kwctl-darwin-x86_64-sbom/kwctl-darwin-x86_64-sbom.spdx.cert', | |
'./kwctl-darwin-x86_64-sbom/kwctl-darwin-x86_64-sbom.spdx.sig', | |
'./kwctl-linux-aarch64/kwctl-linux-aarch64.zip', | |
'./kwctl-linux-aarch64-sbom/kwctl-linux-aarch64-sbom.spdx', | |
'./kwctl-linux-aarch64-sbom/kwctl-linux-aarch64-sbom.spdx.cert', | |
'./kwctl-linux-aarch64-sbom/kwctl-linux-aarch64-sbom.spdx.sig', | |
'./kwctl-linux-x86_64/kwctl-linux-x86_64.zip', | |
'./kwctl-linux-x86_64-sbom/kwctl-linux-x86_64-sbom.spdx', | |
'./kwctl-linux-x86_64-sbom/kwctl-linux-x86_64-sbom.spdx.cert', | |
'./kwctl-linux-x86_64-sbom/kwctl-linux-x86_64-sbom.spdx.sig', | |
'./kwctl-windows-x86_64/kwctl-windows-x86_64.exe.zip', | |
'./kwctl-windows-x86_64-sbom/kwctl-windows-x86_64-sbom.spdx', | |
'./kwctl-windows-x86_64-sbom/kwctl-windows-x86_64-sbom.spdx.cert', | |
'./kwctl-windows-x86_64-sbom/kwctl-windows-x86_64-sbom.spdx.sig', | |
] | |
const {RELEASE_ID} = process.env | |
for (const file of files) { | |
let file_data = fs.readFileSync(file); | |
let response = await github.rest.repos.uploadReleaseAsset({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
release_id: `${RELEASE_ID}`, | |
name: path.basename(file), | |
data: file_data, | |
}); | |
} | |
- name: Publish release | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
with: | |
script: | | |
const {RELEASE_ID} = process.env | |
const {TAG_NAME} = process.env | |
github.rest.repos.updateRelease({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
release_id: `${RELEASE_ID}`, | |
draft: false, | |
tag_name: `${TAG_NAME}`, | |
name: `${TAG_NAME}`, | |
prerelease: `${{ contains(github.event.workflow_run.head_branch, '-alpha') || contains(github.event.workflow_run.head_branch, '-beta') || contains(github.event.workflow_run.head_branch, '-rc') }}` | |
}); | |
- name: Trigger chart update | |
uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0 | |
with: | |
token: ${{ secrets.WORKFLOW_PAT }} | |
repository: "${{github.repository_owner}}/helm-charts" | |
event-type: update-chart | |
client-payload: '{"version": "${{ github.ref_name }}", "oldVersion": "${{ steps.get_last_release_tag.outputs.old_release_tag }}", "repository": "${{ github.repository }}"}' |