ci: run the Release workflow by the push tag event (#211) #81
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| tags: [v*] | |
| permissions: | |
| contents: read | |
| jobs: | |
| quality-gate: | |
| environment: release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v2.5.0 | |
| - name: Check static analysis results | |
| uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 # v1.1.0 | |
| id: static-analysis | |
| with: | |
| token: ${{ secrets.XEOL_GITHUB_TOKEN }} | |
| # This check name is defined as the github action job name (in .github/workflows/testing.yaml) | |
| checkName: "Static analysis" | |
| - name: Check unit test results | |
| uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 # v1.1.0 | |
| id: unit | |
| with: | |
| token: ${{ secrets.XEOL_GITHUB_TOKEN }} | |
| # This check name is defined as the github action job name (in .github/workflows/testing.yaml) | |
| checkName: "Unit tests" | |
| - name: Check integration test results | |
| uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 # v1.1.0 | |
| id: integration | |
| with: | |
| token: ${{ secrets.XEOL_GITHUB_TOKEN }} | |
| # This check name is defined as the github action job name (in .github/workflows/testing.yaml) | |
| checkName: "Integration tests" | |
| - name: Check acceptance test results (linux) | |
| uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 # v1.1.0 | |
| id: acceptance-linux | |
| with: | |
| token: ${{ secrets.XEOL_GITHUB_TOKEN }} | |
| # This check name is defined as the github action job name (in .github/workflows/testing.yaml) | |
| checkName: "Acceptance tests (Linux)" | |
| - name: Check acceptance test results (mac) | |
| uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 # v1.1.0 | |
| id: acceptance-mac | |
| with: | |
| token: ${{ secrets.XEOL_GITHUB_TOKEN }} | |
| # This check name is defined as the github action job name (in .github/workflows/testing.yaml) | |
| checkName: "Acceptance tests (Mac)" | |
| - name: Check cli test results (linux) | |
| uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 # v1.1.0 | |
| id: cli-linux | |
| with: | |
| token: ${{ secrets.XEOL_GITHUB_TOKEN }} | |
| # This check name is defined as the github action job name (in .github/workflows/testing.yaml) | |
| checkName: "CLI tests (Linux)" | |
| - name: Quality gate | |
| if: steps.static-analysis.outputs.conclusion != 'success' || steps.unit.outputs.conclusion != 'success' || steps.cli-linux.outputs.conclusion != 'success' || steps.acceptance-linux.outputs.conclusion != 'success' || steps.acceptance-mac.outputs.conclusion != 'success' | |
| run: | | |
| echo "Static Analysis Status: ${{ steps.static-analysis.conclusion }}" | |
| echo "Unit Test Status: ${{ steps.unit.outputs.conclusion }}" | |
| echo "Acceptance Test (Linux) Status: ${{ steps.acceptance-linux.outputs.conclusion }}" | |
| echo "Acceptance Test (Mac) Status: ${{ steps.acceptance-mac.outputs.conclusion }}" | |
| echo "CLI Test (Linux) Status: ${{ steps.cli-linux.outputs.conclusion }}" | |
| false | |
| release: | |
| needs: [quality-gate] | |
| runs-on: ubuntu-20.04 | |
| permissions: | |
| contents: write | |
| packages: write | |
| outputs: | |
| hashes: ${{ steps.binary.outputs.hashes }} | |
| steps: | |
| - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v2.5.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| # use the same cache we used for building snapshots | |
| build-cache-key-prefix: "snapshot" | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 | |
| with: | |
| username: ${{ secrets.DOCKER_USER }} | |
| password: ${{ secrets.DOCKER_PASS }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.XEOL_GITHUB_TOKEN }} | |
| - name: Build & publish release artifacts | |
| run: make ci-release | |
| env: | |
| # for creating the release (requires write access to packages and content) | |
| GITHUB_TOKEN: ${{ secrets.XEOL_GITHUB_TOKEN }} | |
| # for updating the VERSION file in S3... | |
| AWS_ACCESS_KEY_ID: ${{ secrets.DATA_XEOL_IO_AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.DATA_XEOL_IO_AWS_SECRET_ACCESS_KEY }} | |
| - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
| with: | |
| name: artifacts | |
| path: dist/**/* | |
| - name: Generate binary hashes | |
| id: binary | |
| run: | | |
| set -euo pipefail | |
| # find the checksum file in the dist directory | |
| checksum_file=$(find dist -name '*_checksums.txt') | |
| # get the base64 encoded checksums | |
| hashes=$(cat "$checksum_file" | base64 -w0) | |
| # set the output | |
| echo "hashes=$hashes" >> "$GITHUB_OUTPUT" | |
| echo $hashes | |
| binary-provenance: | |
| needs: [release] | |
| permissions: | |
| actions: read # To read the workflow path. | |
| id-token: write # To sign the provenance. | |
| contents: write # To add assets to a release. | |
| uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | |
| with: | |
| base64-subjects: "${{ needs.release.outputs.hashes }}" | |
| upload-assets: true # upload to a new release |