cloud-release #45
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: cloud-release | |
on: | |
push: | |
tags: | |
- release/cloud/** | |
permissions: | |
contents: read | |
env: | |
VERSIONS_FILE: "VERSIONS.json" | |
jobs: | |
get-dev-image: | |
uses: ./.github/workflows/get_image.yaml | |
with: | |
image-base-name: "dev_image_with_extras" | |
build-release: | |
name: Build Release | |
runs-on: ubuntu-latest-16-cores | |
needs: get-dev-image | |
container: | |
image: ${{ needs.get-dev-image.outputs.image-with-tag }} | |
steps: | |
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 | |
with: | |
fetch-depth: 0 | |
- name: Add pwd to git safe dir | |
run: git config --global --add safe.directory `pwd` | |
- name: Use github bazel config | |
uses: ./.github/actions/bazelrc | |
with: | |
download_toplevel: 'true' | |
BB_API_KEY: ${{ secrets.BB_IO_API_KEY }} | |
- id: gcloud-creds | |
uses: ./.github/actions/gcloud_creds | |
with: | |
SERVICE_ACCOUNT_KEY: ${{ secrets.GH_RELEASE_SA_PEM_B64 }} | |
- name: Import GPG key | |
env: | |
BUILDBOT_GPG_KEY_B64: ${{ secrets.BUILDBOT_GPG_KEY_B64 }} | |
run: | | |
echo "${BUILDBOT_GPG_KEY_B64}" | base64 --decode | gpg --no-tty --batch --import | |
- name: Build & Push Artifacts | |
env: | |
REF: ${{ github.event.ref }} | |
BUILD_NUMBER: ${{ github.run_attempt }} | |
JOB_NAME: ${{ github.job }} | |
GH_API_KEY: ${{ secrets.GITHUB_TOKEN }} | |
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} | |
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}} | |
GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.gcloud-creds.outputs.gcloud-creds }} | |
BUILDBOT_GPG_KEY_ID: ${{ secrets.BUILDBOT_GPG_KEY_ID }} | |
shell: bash | |
run: | | |
export TAG_NAME="${REF#*/tags/}" | |
export ARTIFACTS_DIR="$(pwd)/artifacts" | |
mkdir -p "${ARTIFACTS_DIR}" | |
./ci/save_version_info.sh | |
./ci/cloud_build_release.sh | |
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
with: | |
name: cloud-artifacts | |
path: artifacts/ | |
create-github-release: | |
if: ${{ !contains(github.event.ref, '-') }} | |
name: Create Release on Github | |
runs-on: ubuntu-latest | |
needs: build-release | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 | |
with: | |
fetch-depth: 0 | |
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
- name: Create Release | |
env: | |
REF: ${{ github.event.ref }} | |
GH_TOKEN: ${{ secrets.BUILDBOT_GH_API_TOKEN }} | |
OWNER: pixie-io | |
REPO: pixie | |
shell: bash | |
run: | | |
export TAG_NAME="${REF#*/tags/}" | |
# actions/checkout doesn't get the tag annotation properly. | |
git fetch origin tag "${TAG_NAME}" -f | |
export changelog="$(git tag -l --format='%(contents)' "${TAG_NAME}")" | |
gh release create "${TAG_NAME}" --title "Cloud ${TAG_NAME#release/cloud/}" \ | |
--notes $'Pixie Cloud Release:\n'"${changelog}" | |
gh release upload "${TAG_NAME}" cloud-artifacts/* |