Release #1313

Summary
Jobs
- Info
- Release
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/release.yaml at b49422d

	# Copyright The Enterprise Contract Contributors
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#
	# SPDX-License-Identifier: Apache-2.0

	---
	name: Release

	"on":
	workflow_run:
	workflows: [Checks]
	types: [completed]
	branches: [main]
	workflow_dispatch:

	permissions:
	contents: read

	jobs:
	info:
	name: Info
	runs-on: ubuntu-latest
	outputs:
	head_sha: ${{ steps.head_sha.outputs.head_sha }}
	timestamp: ${{ steps.timestamp.outputs.timestamp }}

	steps:
	- name: Git Info
	id: head_sha
	env:
	GH_TOKEN: ${{ github.token }}
	GH_COBRA: 1
	run: \|
	echo head_sha=$(gh api /repos/enterprise-contract/ec-cli/git/matching-refs/heads/main --jq '.[0].object.sha') \| tee -a "$GITHUB_OUTPUT"
	- name: Timestamp
	id: timestamp
	run: \|
	echo timestamp=$(date '+%s') \| tee -a "$GITHUB_OUTPUT"

	release:

	permissions:
	contents: write # for Git to git push & cache write
	pages: write # Needed for GitHub Pages deployment
	id-token: write # Needed for GitHub Pages deployment
	name: Release
	runs-on: ubuntu-latest
	needs: info
	if: ${{ (github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_sha == needs.info.outputs.head_sha) \|\| github.event_name == 'workflow_dispatch' }}

	env:
	IMAGE_REPO: quay.io/enterprise-contract/ec-cli
	TAG: ${{ github.sha }}
	TAG_TIMESTAMP: ${{ github.sha }}-${{ needs.info.outputs.timestamp }}

	steps:
	# TODO: Enabling this seems to cause the host to run out of disk space.
	# - name: Harden Runner
	# uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
	# with:
	# egress-policy: audit
	# disable-telemetry: true

	- name: Free Disk Space (Ubuntu)
	uses: jlumbroso/free-disk-space@main
	with:
	docker-images: false
	swap-storage: false

	- name: Checkout repository
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
	with:
	fetch-depth: 0

	- name: Update podman
	run: \|
	"${GITHUB_WORKSPACE}/hack/ubuntu-podman-update.sh"

	- name: Cache
	uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: main

	- name: Setup Go environment
	uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
	with:
	go-version-file: go.mod
	cache: false

	- name: Download go dependencies
	run: \|
	go mod download
	(cd tools && go mod download)
	(cd acceptance && go mod download)

	- name: Build distribution
	run: make dist

	- name: Set up QEMU
	uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0

	- name: Registry login (quay.io/enterprise-contract)
	run: podman login -u ${{ secrets.BUNDLE_PUSH_USER_EC }} -p ${{ secrets.BUNDLE_PUSH_PASS_EC }} quay.io

	- name: Create and push image (quay.io/enterprise-contract/ec-cli)
	run: make dist-image-push IMAGE_TAG=$TAG IMAGE_REPO=$IMAGE_REPO ADD_IMAGE_TAG="snapshot $TAG_TIMESTAMP"

	- name: Create and push the tekton bundle (quay.io/enterprise-contract/ec-task-bundle)
	env:
	TASK_REPO: quay.io/enterprise-contract/ec-task-bundle
	TASKS: "tasks/verify-enterprise-contract/0.1/verify-enterprise-contract.yaml"
	run: make task-bundle-snapshot TASK_REPO=$TASK_REPO TASK_TAG=$TAG ADD_TASK_TAG="$TAG_TIMESTAMP" TASKS=<( yq e ".spec.steps[].image? = \"$IMAGE_REPO:$TAG\"" $TASKS \| yq 'select(. != null)')

	- name: Download statistics
	env:
	GH_TOKEN: ${{ github.token }}
	run: hack/stats.sh

	- name: Configure statistics pages
	uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0

	- name: Upload statistics
	uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
	with:
	path: stats

	- name: Deploy statistics
	uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5

	- name: Delete snapshot release and tag
	id: add_tags
	run: \|
	echo ${{ secrets.GITHUB_TOKEN }} \| gh auth login --with-token
	RELEASE_ID=$(gh api \
	-H 'Accept: application/vnd.github.v3+json' \
	/repos/${{ github.repository }}/releases \
	-q '.[] \| select(.tag_name == "snapshot") \| .id')
	[[ -n "${RELEASE_ID}" ]] && gh api --method DELETE \
	-H 'Accept: application/vnd.github.v3+json' \
	"/repos/${{ github.repository }}/releases/${RELEASE_ID}"

	git config --local user.email "[email protected]"
	git config --local user.name "GitHub Action"
	git tag -a -f -m 'Development snapshot' snapshot

	source hack/add-auto-tag.sh
	echo "tag_name=$( source hack/derive-version.sh )" \| tee -a "$GITHUB_OUTPUT"

	git push -f --tags

	- name: Rolling release
	uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
	with:
	make_latest: true
	name: Rolling release
	body: Stable rolling release, currently the same as `${{ steps.add_tags.outputs.tag_name }}`.
	tag_name: snapshot
	generate_release_notes: false
	files: dist/*

	- name: Versioned release
	uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
	with:
	make_latest: false
	name: ${{ steps.add_tags.outputs.tag_name }}
	tag_name: ${{ steps.add_tags.outputs.tag_name }}
	generate_release_notes: false
	files: dist/*

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release #1313

Workflow file

Release #1313

Jobs

Run details

Workflow file for this run