fix(ci): update release workflow to use release events

This fixes issues with pre-releases where the git tag may not match the previous filter we had. We now check if the github release is a "pre-release" and also check if the Poetry version is also a pre-release or dev-release one. If the github release is not pre-release, we ensure that the Poetry version is also not a pre-release one. We also fix a potential issue where the "latest" Docker tag would be added to older versions. Leverage the GitHub "latest" release flag to solve that. Signed-off-by: Fatih Acar <[email protected]>
opsmill · Dec 3, 2024 · 8a70afb · 8a70afb
1 parent ae93ec4
commit 8a70afb
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 56 deletions.
diff --git a/.github/workflows/release-preview.yml b/.github/workflows/release-preview.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -3,13 +3,79 @@
 name: New Release
 
 on:
-  push:
-    tags:
-      - 'infrahub-v*'
-      - '!infrahub-v*-*'
+  release:
+    types:
+      - published
 
 jobs:
+  check_release:
+    runs-on: ubuntu-22.04
+    outputs:
+      is_prerelease: ${{ steps.release.outputs.is_prerelease }}
+      is_devrelease: ${{ steps.release.outputs.is_devrelease }}
+      version: ${{ steps.release.outputs.version }}
+      major_minor_version: ${{ steps.release.outputs.major_minor_version }}
+      latest_tag: ${{ steps.release.outputs.latest_tag }}
+    steps:
+      - name: "Check out repository code"
+        uses: "actions/checkout@v4"
+        with:
+          submodules: true
+
+      - name: "Set up Python"
+        uses: "actions/setup-python@v5"
+        with:
+          python-version: "3.12"
+
+      - name: "Install Poetry"
+        uses: "snok/install-poetry@v1"
+        with:
+          virtualenvs-create: true
+          virtualenvs-in-project: true
+          installer-parallel: true
+
+      - name: "Setup Python environment"
+        run: |
+          poetry config virtualenvs.create true --local
+          poetry env use 3.12
+      - name: "Install dependencies"
+        run: "poetry install --no-interaction --no-ansi"
+
+      - name: "Check prerelease type"
+        id: release
+        run: |
+          echo is_prerelease=$(poetry run python -c "from packaging.version import Version; print(int(Version('$(poetry version -s)').is_prerelease))") >> "$GITHUB_OUTPUT"
+          echo is_devrelease=$(poetry run python -c "from packaging.version import Version; print(int(Version('$(poetry version -s)').is_devrelease))") >> "$GITHUB_OUTPUT"
+          echo "version=$(poetry version -s)" >> "$GITHUB_OUTPUT"
+          echo major_minor_version=$(poetry run python -c "from packaging.version import Version; print(f\"{Version('$(poetry version -s)').major}.{Version('$(poetry version -s)').minor}\")") >> "$GITHUB_OUTPUT"
+          echo latest_tag=$(curl -L \
+              -H "Accept: application/vnd.github+json" \
+              -H "Authorization: Bearer ${{ github.token }}" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              https://api.github.com/repos/${{ github.repository }}/releases/latest \
+              | jq -r '.tag_name') >> "$GITHUB_OUTPUT"
+
+      - name: Check tag version
+        if: github.event.release.tag_name != format('infrahub-v{0}', steps.release.outputs.version)
+        run: |
+          echo "Tag version does not match python project version"
+          exit 1
+
+      - name: Check prerelease and project version
+        if: github.event.release.prerelease == true && steps.release.outputs.is_prerelease == 0 && steps.release.outputs.is_devrelease == 0
+        run: |
+          echo "Cannot pre-release a non pre-release or non dev-release version (${{ steps.release.outputs.version }})"
+          exit 1
+
+      - name: Check release and project version
+        if: github.event.release.prerelease == false && (steps.release.outputs.is_prerelease == 1 || steps.release.outputs.is_devrelease == 1)
+        run: |
+          echo "Cannot release a pre-release or dev-release version (${{ steps.release.outputs.version }})"
+          exit 1
+
+
   meta_data:
+    needs: check_release
     runs-on: ubuntu-22.04
     outputs:
       tags: ${{ steps.meta.outputs.tags }}
@@ -22,11 +88,13 @@ jobs:
           images: |
             ${{ vars.HARBOR_HOST }}/${{ github.repository }}
           tags: |
-            type=match,pattern=infrahub-v(\d+\.\d+\.\d+),group=1
-            type=match,pattern=infrahub-v(\d+\.\d+),group=1
-            type=raw,value=stable
+            type=raw,value=${{ needs.check_release.outputs.version }}
+            type=raw,value=${{ github.event.release.prerelease == false && needs.check_release.outputs.major_minor_version || '' }}
+            type=raw,value=${{ github.event.release.prerelease == true && 'preview' || 'stable' }}
           labels: |
             org.opencontainers.image.source=${{ github.repository }}
+          flavor: |
+            latest=${{ needs.check_release.outputs.latest_tag == github.event.release.tag_name }}
 
   publish-docker-image:
     uses: ./.github/workflows/ci-docker-image.yml
@@ -40,14 +108,16 @@ jobs:
       labels: ${{ needs.meta_data.outputs.labels }}
 
   publish-helm-chart:
+    needs: check_release
+    if: github.event.release.prerelease == false
     uses: ./.github/workflows/publish-helm-chart.yml
     secrets: inherit
     with:
       publish: true
 
   publish-pypi:
+    needs: check_release
     uses: ./.github/workflows/publish-pypi.yml
     secrets: inherit
     with:
       publish: true
-      version: ${{ github.ref_name }}