Bering/.github/workflows/release.yml at main · MB3R-Lab/Bering · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
name: Release

on:
  push:
    tags:
      - "v*.*.*"

permissions:
  contents: write
  packages: write

jobs:
  release:
    runs-on: ubuntu-latest
    env:
      PUBLISH_OCI: "1"
      GORELEASER_VERSION: v2.14.3
      SYFT_VERSION: v1.40.0
      HELM_VERSION: v3.19.1
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup Go
        uses: actions/setup-go@v5
        with:
          go-version-file: go.mod

      - name: Setup Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Install GoReleaser
        run: go install github.com/goreleaser/goreleaser/v2@${{ env.GORELEASER_VERSION }}

      - name: Install Syft
        run: go install github.com/anchore/syft/cmd/syft@${{ env.SYFT_VERSION }}

      - name: Install Helm
        shell: bash
        run: |
          set -euo pipefail
          export DESIRED_VERSION="${HELM_VERSION}"
          curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

      - name: Add Go bin to PATH
        shell: bash
        run: echo "$(go env GOPATH)/bin" >> "$GITHUB_PATH"

      - name: Login to GHCR
        shell: bash
        env:
          GHCR_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
          echo "${GHCR_TOKEN}" | docker login ghcr.io -u "${GITHUB_ACTOR}" --password-stdin
          echo "${GHCR_TOKEN}" | helm registry login ghcr.io -u "${GITHUB_ACTOR}" --password-stdin

      - name: Build Release Payload
        shell: bash
        env:
          VERSION: ${{ github.ref_name }}
          GIT_SHA: ${{ github.sha }}
          IMAGE_REPOSITORY: ghcr.io/${{ github.repository }}
          CHART_OCI_REPOSITORY: oci://ghcr.io/${{ github.repository_owner }}/charts
        run: |
          set -euo pipefail
          VERSION="${VERSION#v}"
          BUILD_DATE="$(git show -s --format=%cI HEAD)"
          IMAGE_REPOSITORY="$(echo "${IMAGE_REPOSITORY}" | tr '[:upper:]' '[:lower:]')"
          CHART_OCI_REPOSITORY="$(echo "${CHART_OCI_REPOSITORY}" | tr '[:upper:]' '[:lower:]')"
          make release-local \
            VERSION="${VERSION}" \
            BUILD_DATE="${BUILD_DATE}" \
            GIT_SHA="${GIT_SHA}" \
            GIT_TAG="v${VERSION}" \
            PUBLISH_OCI="${PUBLISH_OCI}" \
            IMAGE_REPOSITORY="${IMAGE_REPOSITORY}" \
            CHART_OCI_REPOSITORY="${CHART_OCI_REPOSITORY}"

      - name: Publish GitHub Release Assets
        shell: bash
        env:
          GH_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
          mapfile -t assets < dist/release-assets.txt
          args=()
          for asset in "${assets[@]}"; do
            args+=("dist/${asset}")
          done
          if gh release view "${GITHUB_REF_NAME}" >/dev/null 2>&1; then
            gh release upload "${GITHUB_REF_NAME}" "${args[@]}" --clobber
            gh release edit "${GITHUB_REF_NAME}" --title "Bering ${GITHUB_REF_NAME}" --notes-file dist/release-notes.md
          else
            gh release create "${GITHUB_REF_NAME}" \
              "${args[@]}" \
              --title "Bering ${GITHUB_REF_NAME}" \
              --notes-file dist/release-notes.md
          fi