Skip to content
Release

Release - 0.4.0 #38

Sign in to view logs

Release - 0.4.0

Release - 0.4.0 #38

Workflow file for this run

.github/workflows/release.yml at 46d6174
# SPDX-FileCopyrightText: © 2024 Christopher Woods <[email protected]>
# SPDX-FileCopyrightText: © 2024 Matt Williams <[email protected]>
# SPDX-License-Identifier: MIT
name: Release
run-name: Release - ${{ inputs.version }}
on:
workflow_dispatch:
inputs:
version:
description: The new version, can be "patch", "minor", "major", or a valid semver string
type: string
required: true
concurrency:
group: ${{ github.workflow }}
permissions: {}
jobs:
check-inputs:
name: Check inputs
runs-on: ubuntu-latest
steps:
- name: Check release branch
if: github.ref_name != 'main'
run: |
echo "::error::Release must be made on the main branch"
exit 1
- name: Check version format
shell: bash
if: ${{ !contains(fromJSON('["major", "minor", "patch"]'), inputs.version) }}
run: |
if ! [[ '${{ inputs.version }}' =~ [[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+ ]]; then
echo "::error::Version string must be a valid semver string"
exit 1
fi
check:
name: Check
needs: check-inputs
uses: ./.github/workflows/check.yml
with:
ref: "${{ github.sha }}"
permissions:
contents: read
tag-release:
name: Tag release
needs: check
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
ref: "${{ steps.get_version.outputs.version }}"
changelog: "${{ steps.changelog.outputs.changelog }}"
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.ref }} # Use ref here since we must commit on a branch
ssh-key: ${{secrets.DEPLOY_KEY}}
- name: Install kacl
run: |
python -m venv ~/venv
~/venv/bin/pip install python-kacl
- name: Install toolchain
uses: dtolnay/rust-toolchain@stable
with:
target: ${{ matrix.target }}
- name: Install cargo-edit tool
uses: taiki-e/install-action@v2
with:
tool: cargo-edit
- name: Update version string
run: |
echo Version input is '${{ inputs.version }}'
if [ '${{ contains(fromJSON('["major", "minor", "patch"]'), inputs.version) }}' = 'true' ]; then
echo 'Setting based on update spec'
cargo set-version --bump ${{ inputs.version }}
elif [ -n '${{ inputs.version }}' ]; then
echo 'Updating based on explicit version'
cargo set-version ${{ inputs.version }}
fi
git add Cargo.toml
- name: Save the version
id: get_version
run: echo version="$(cargo metadata --format-version 1 --no-deps | jq --raw-output '.packages[0].version')" >> "${GITHUB_OUTPUT}"
- name: Update version in changelog
id: changelog
run: |
~/venv/bin/kacl-cli release --allow-dirty --no-commit --modify --link "https://github.com/${{ github.repository }}/releases/tag/${{ steps.get_version.outputs.version }}" "${{ steps.get_version.outputs.version }}"
git add CHANGELOG.md
{
echo 'changelog<<EOF'
~/venv/bin/kacl-cli get "${{ steps.get_version.outputs.version }}" | tail -n+2
echo EOF
} >> "${GITHUB_OUTPUT}"
- name: Tag release
run: |
git config --global user.name "GitHub Action"
git config --global user.email "[email protected]"
git commit -m "Release ${{ steps.get_version.outputs.version }}"
git tag -a -m "Release ${{ steps.get_version.outputs.version }}" "${{ steps.get_version.outputs.version }}"
git push --atomic --tags origin HEAD
build-release:
name: "Build release (${{ matrix.target }})"
needs: tag-release
uses: ./.github/workflows/build.yml
with:
ref: ${{ needs.tag-release.outputs.ref }}
permissions:
contents: read
packages: write
attestations: write
id-token: write
attest-bridge:
name: Attest Bridge
needs: build-release
runs-on: ubuntu-latest
permissions:
contents: read
attestations: write
id-token: write
steps:
- uses: actions/checkout@v4
- name: Install toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-sbom
uses: taiki-e/install-action@v2
with:
tool: cargo-sbom
- name: Generate SBOM
run: cargo sbom --cargo-package op-bridge --output-format=spdx_json_2_3 > sbom-bridge.spdx.json
- name: Fetch release artefacts
uses: actions/download-artifact@v4
with:
pattern: op-bridge
merge-multiple: true
- name: Attest SBOM
uses: actions/attest-sbom@v1
with:
subject-path: op-bridge
sbom-path: sbom-bridge.spdx.json
- name: Store SBOM
uses: actions/upload-artifact@v4
with:
name: sbom-bridge.spdx.json
path: sbom-bridge.spdx.json
attest-cluster:
name: Attest Cluster
needs: build-release
runs-on: ubuntu-latest
permissions:
contents: read
attestations: write
id-token: write
steps:
- uses: actions/checkout@v4
- name: Install toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-sbom
uses: taiki-e/install-action@v2
with:
tool: cargo-sbom
- name: Generate SBOM
run: cargo sbom --cargo-package op-cluster --output-format=spdx_json_2_3 > sbom-cluster.spdx.json
- name: Fetch release artefacts
uses: actions/download-artifact@v4
with:
pattern: op-cluster
merge-multiple: true
- name: Attest SBOM
uses: actions/attest-sbom@v1
with:
subject-path: op-cluster
sbom-path: sbom-cluster.spdx.json
- name: Store SBOM
uses: actions/upload-artifact@v4
with:
name: sbom-cluster.spdx.json
path: sbom-cluster.spdx.json
attest-clusters:
name: Attest Clusters
needs: build-release
runs-on: ubuntu-latest
permissions:
contents: read
attestations: write
id-token: write
steps:
- uses: actions/checkout@v4
- name: Install toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-sbom
uses: taiki-e/install-action@v2
with:
tool: cargo-sbom
- name: Generate SBOM
run: cargo sbom --cargo-package op-clusters --output-format=spdx_json_2_3 > sbom-clusters.spdx.json
- name: Fetch release artefacts
uses: actions/download-artifact@v4
with:
pattern: op-clusters
merge-multiple: true
- name: Attest SBOM
uses: actions/attest-sbom@v1
with:
subject-path: op-clusters
sbom-path: sbom-clusters.spdx.json
- name: Store SBOM
uses: actions/upload-artifact@v4
with:
name: sbom-clusters.spdx.json
path: sbom-clusters.spdx.json
attest-filesystem:
name: Attest Filesystem
needs: build-release
runs-on: ubuntu-latest
permissions:
contents: read
attestations: write
id-token: write
steps:
- uses: actions/checkout@v4
- name: Install toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-sbom
uses: taiki-e/install-action@v2
with:
tool: cargo-sbom
- name: Generate SBOM
run: cargo sbom --cargo-package op-filesystem --output-format=spdx_json_2_3 > sbom-filesystem.spdx.json
- name: Fetch release artefacts
uses: actions/download-artifact@v4
with:
pattern: op-filesystem
merge-multiple: true
- name: Attest SBOM
uses: actions/attest-sbom@v1
with:
subject-path: op-filesystem
sbom-path: sbom-filesystem.spdx.json
- name: Store SBOM
uses: actions/upload-artifact@v4
with:
name: sbom-filesystem.spdx.json
path: sbom-filesystem.spdx.json
attest-freeipa:
name: Attest FreeIPA
needs: build-release
runs-on: ubuntu-latest
permissions:
contents: read
attestations: write
id-token: write
steps:
- uses: actions/checkout@v4
- name: Install toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-sbom
uses: taiki-e/install-action@v2
with:
tool: cargo-sbom
- name: Generate SBOM
run: cargo sbom --cargo-package op-freeipa --output-format=spdx_json_2_3 > sbom-freeipa.spdx.json
- name: Fetch release artefacts
uses: actions/download-artifact@v4
with:
pattern: op-freeipa
merge-multiple: true
- name: Attest SBOM
uses: actions/attest-sbom@v1
with:
subject-path: op-freeipa
sbom-path: sbom-freeipa.spdx.json
- name: Store SBOM
uses: actions/upload-artifact@v4
with:
name: sbom-freeipa.spdx.json
path: sbom-freeipa.spdx.json
attest-portal:
name: Attest Portal
needs: build-release
runs-on: ubuntu-latest
permissions:
contents: read
attestations: write
id-token: write
steps:
- uses: actions/checkout@v4
- name: Install toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-sbom
uses: taiki-e/install-action@v2
with:
tool: cargo-sbom
- name: Generate SBOM
run: cargo sbom --cargo-package op-portal --output-format=spdx_json_2_3 > sbom-portal.spdx.json
- name: Fetch release artefacts
uses: actions/download-artifact@v4
with:
pattern: op-portal
merge-multiple: true
- name: Attest SBOM
uses: actions/attest-sbom@v1
with:
subject-path: op-portal
sbom-path: sbom-portal.spdx.json
- name: Store SBOM
uses: actions/upload-artifact@v4
with:
name: sbom-portal.spdx.json
path: sbom-portal.spdx.json
attest-provider:
name: Attest Provider
needs: build-release
runs-on: ubuntu-latest
permissions:
contents: read
attestations: write
id-token: write
steps:
- uses: actions/checkout@v4
- name: Install toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-sbom
uses: taiki-e/install-action@v2
with:
tool: cargo-sbom
- name: Generate SBOM
run: cargo sbom --cargo-package op-provider --output-format=spdx_json_2_3 > sbom-provider.spdx.json
- name: Fetch release artefacts
uses: actions/download-artifact@v4
with:
pattern: op-provider
merge-multiple: true
- name: Attest SBOM
uses: actions/attest-sbom@v1
with:
subject-path: op-provider
sbom-path: sbom-provider.spdx.json
- name: Store SBOM
uses: actions/upload-artifact@v4
with:
name: sbom-provider.spdx.json
path: sbom-provider.spdx.json
attest-slurm:
name: Attest Slurm
needs: build-release
runs-on: ubuntu-latest
permissions:
contents: read
attestations: write
id-token: write
steps:
- uses: actions/checkout@v4
- name: Install toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-sbom
uses: taiki-e/install-action@v2
with:
tool: cargo-sbom
- name: Generate SBOM
run: cargo sbom --cargo-package op-slurm --output-format=spdx_json_2_3 > sbom-slurm.spdx.json
- name: Fetch release artefacts
uses: actions/download-artifact@v4
with:
pattern: op-slurm
merge-multiple: true
- name: Attest SBOM
uses: actions/attest-sbom@v1
with:
subject-path: op-slurm
sbom-path: sbom-slurm.spdx.json
- name: Store SBOM
uses: actions/upload-artifact@v4
with:
name: sbom-slurm.spdx.json
path: sbom-slurm.spdx.json
make-release:
name: Make release ${{ needs.tag-release.outputs.ref }}
needs: [build-release, tag-release, attest-bridge, attest-cluster,
attest-clusters, attest-filesystem, attest-freeipa,
attest-portal, attest-provider, attest-slurm]
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Fetch release artefacts
uses: actions/download-artifact@v4
with:
pattern: op-*
- name: Release
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ needs.tag-release.outputs.ref }}
files: op-*
body: ${{ needs.tag-release.outputs.changelog }}