diff --git a/.github/workflows/cheetah-release.yaml b/.github/workflows/cheetah-release.yaml new file mode 100644 index 000000000..07ed3b0ae --- /dev/null +++ b/.github/workflows/cheetah-release.yaml @@ -0,0 +1,21 @@ +name: Cheetah Release +on: + workflow_dispatch: + push: + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +permissions: + contents: read + packages: write + +jobs: + create-snapshot: + uses: ./.github/workflows/docker-create-snapshot.yaml + with: + context: opensearch-operator + image-name: opensearch-k8s-operator + secrets: + TRIFORK_GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/docker-create-snapshot.yaml b/.github/workflows/docker-create-snapshot.yaml new file mode 100644 index 000000000..88265cb8f --- /dev/null +++ b/.github/workflows/docker-create-snapshot.yaml @@ -0,0 +1,140 @@ +name: Docker Create Release + +on: + workflow_call: + inputs: + image-name: + description: The name of the image to create a release for + required: true + type: string + context: + description: The directory to run the workflow inside + required: false + type: string + default: . + dockerfile-path: + description: The path to the Dockerfile. Defaults to {context}/Dockerfile + required: false + type: string + platforms: + description: The platforms to build the docker image for. Defaults to linux/amd64,linux/arm64 + required: false + type: string + default: "linux/amd64,linux/arm64" + secrets: + GITHUB_PUSH_PAT: + description: A personal access token for pushing to a protected branch + required: false + TRIFORK_GITHUB_PAT: + description: A personal access token with permission to publish a package to the Trifork GitHub container registry + required: true + KAMSTRUP_GITLAB_PAT: + description: A personal access token with permission to publish a package to the Kamstrup GitLab container registry. If left empty, the image will not be pushed to Kamstrup GitLab container registry + required: false + KAMSTRUP_AZURE_PAT: + description: A personal access token with permission to publish a package to the Kamstrup Azure container registry. If left empty, the image will not be pushed to Kamstrup Azure container registry + required: false + +jobs: + verify-release-branch: + runs-on: ubuntu-latest + steps: + - name: "Success" + if: ${{ startsWith(github.ref_name, 'release/') }} + run: | + echo "Creating a release candidate for branch '${{ github.ref_name }}'" + exit 0 + + - name: "Error" + if: ${{ !startsWith(github.ref_name, 'release/') }} + run: | + echo "::error::Cannot create release candidate from branch '${{ github.ref_name }}' since it does not start with 'release/'" + exit 1 + + create-release: + needs: verify-release-branch + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_PUSH_PAT || github.token }} + + - name: Get images + id: get-images + uses: trifork/cheetah-infrastructure-utils/.github/actions/docker/get-images@main + with: + image-name: ${{ inputs.image-name }} + TRIFORK_GITHUB_PAT: ${{ secrets.TRIFORK_GITHUB_PAT }} + + - name: Get version + id: get-version + uses: trifork/cheetah-infrastructure-utils-workflows/.github/actions/versioning/get-version@main + with: + file-path: ${{ inputs.dockerfile-path || format('{0}/Dockerfile', inputs.context) }} + prefix: 'LABEL version=\"' + suffix: '\"' + + - name: Extract metadata (tags, labels) for Docker + id: metadata + uses: docker/metadata-action@879dcbb708d40f8b8679d4f7941b938a086e23a7 + with: + images: ${{ steps.get-images.outputs.images }} + labels: | + org.opencontainers.image.vendor=Trifork + org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }} + tags: ${{ steps.get-version.outputs.version }} + flavor: latest=true + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3 + + - name: Build and push Docker image + id: build-image + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5 + with: + context: ${{ inputs.context }} + file: ${{ inputs.dockerfile-path }} + platforms: ${{ inputs.platforms }} + tags: ${{ steps.metadata.outputs.tags }} + labels: ${{ steps.metadata.outputs.labels }} + sbom: true + provenance: mode=min + cache-from: type=gha + cache-to: type=gha,mode=max + push: true + secrets: | + GITHUB_ACTOR=${{ github.actor }} + GITHUB_TOKEN=${{ secrets.TRIFORK_GITHUB_PAT }} + + - name: Generate checksum + run: "echo ${{ steps.build-image.outputs.digest }} >> digest.txt" + + - name: Get release tag + id: get-release-tag + uses: trifork/cheetah-infrastructure-utils-workflows/.github/actions/versioning/get-release-tag@main + with: + version: ${{ steps.get-version.outputs.version }} + + - name: Create release + uses: softprops/action-gh-release@v2 + with: + generate_release_notes: true + tag_name: ${{ steps.get-release-tag.outputs.release-tag }} + files: digest.txt + target_commitish: ${{ github.ref }} + + - name: Bump release branch patch version + id: bump-version + uses: trifork/cheetah-infrastructure-utils-workflows/.github/actions/versioning/bump-version@main + with: + file-path: ${{ inputs.dockerfile-path || format('{0}/Dockerfile', inputs.context) }} + prefix: 'LABEL version=\"' + suffix: '\"' + bump-type: patch + + - name: Commit minor version bump + uses: EndBug/add-and-commit@v9 + with: + commit: -a + message: Bump release branch patch version \ No newline at end of file