Release kuberpult with semantic versioning #221
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release kuberpult with semantic versioning | |
on: | |
workflow_dispatch: | |
jobs: | |
release: | |
name: Release kuberpult with semantic versioning | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install earthly | |
uses: earthly/actions-setup@v1 | |
with: | |
version: v0.8.13 | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # needed for git describe/VERSION in Makefile | |
- name: Identify version to create | |
uses: go-semantic-release/action@v1 | |
id: new-semrel-version | |
with: | |
dry: true | |
ghr: true | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the Container registry | |
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run helm chart tests | |
run: | | |
make -C charts/kuberpult test-helm | |
- name: Create helm chart for release | |
run: | | |
make -C charts/kuberpult release-tag VERSION=v${{ steps.new-semrel-version.outputs.version }} | |
- name: Login to Google Artifact Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: europe-west3-docker.pkg.dev | |
username: _json_key | |
password: ${{ secrets.GCP_ARTIFACT_REGISTRY_PUSH_JSON_KEY }} | |
- name: Re-tag service images with release version for google docker registry | |
run: | | |
echo 'If this step fails, ensure that the main github action is done. We rely on it to get the docker images.' | |
git fetch --tags # this should have been done by the checkout action before. | |
make tag-release-images RELEASE_IMAGE_TAG=v$RELEASE_IMAGE_VERSION | |
env: | |
RELEASE_IMAGE_VERSION: ${{ steps.new-semrel-version.outputs.version }} | |
- name: Re-tag CLI service image with release version for google docker registry | |
run: | | |
echo 'If this step fails, ensure that the main github action is done. We rely on it to get the docker images.' | |
git fetch --tags # this should have been done by the checkout action before. | |
make tag-cli-release-image RELEASE_IMAGE_TAG=v$RELEASE_IMAGE_VERSION | |
env: | |
RELEASE_IMAGE_VERSION: ${{ steps.new-semrel-version.outputs.version }} | |
- name: Re-tag service images with release version for github docker registry | |
run: | | |
make tag-release-images RELEASE_IMAGE_TAG=v$RELEASE_IMAGE_VERSION DOCKER_REGISTRY_URI=ghcr.io/freiheit-com/kuberpult | |
env: | |
RELEASE_IMAGE_VERSION: ${{ steps.new-semrel-version.outputs.version }} | |
- name: Create release | |
uses: go-semantic-release/action@v1 | |
id: semrel | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
changelog-generator-opt: "emojis=true" | |
# By default, every release is a "pre-release" from now on. | |
# Setting this flag to true will happen manually (after testing). | |
prerelease: true | |
- name: Append helm chart to release | |
run: | | |
echo $VERSION | |
gh release upload v$VERSION charts/kuberpult/kuberpult-v$VERSION.tgz | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VERSION: ${{ steps.semrel.outputs.version }} | |
- name: Append vulnerability reports to release | |
run: | | |
echo $VERSION | |
earthly ./trivy+scan-all --kuberpult_version=v${VERSION} | |
gh release upload v$VERSION trivy/kuberpult-v${VERSION}-reports.tar.gz | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VERSION: ${{ steps.semrel.outputs.version }} | |
- name: Append postgres migrations to release | |
run: | | |
cd database/migrations | |
tar -czhf postgres_migrations.tar.gz postgres/ | |
gh release upload v$VERSION ./postgres_migrations.tar.gz | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VERSION: ${{ steps.semrel.outputs.version }} | |
- name: Renovate standard-setup dev-env | |
run: | | |
curl -X POST -H "Content-type: application/json" "${{ format('https://cloudbuild.googleapis.com/v1/projects/fdc-standard-setup-dev-env/locations/europe-west1/triggers/fdc-standard-setup-dev-env-upgrade-dependencies-trigger:webhook?key={0}&secret={1}&trigger=fdc-standard-setup-dev-env-upgrade-dependencies-trigger&projectId=fdc-standard-setup-dev-env', secrets.DEV_ENV_CLOUD_BUILD_API_KEY, secrets.DEV_ENV_RENOVATE_WEBHOOK_KEY) }}" -d "{}" |