diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml new file mode 100644 index 00000000..2ea7b857 --- /dev/null +++ b/.github/workflows/create-release.yml @@ -0,0 +1,87 @@ +name: Creates a tag and upload release +on: workflow_dispatch + +jobs: + validate: + permissions: + contents: read + runs-on: ubuntu-latest + timeout-minutes: 10 + container: + image: rancher/dapper:v0.6.0 + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Validate + run: dapper validate + + tag: + permissions: + contents: write + needs: validate + runs-on: ubuntu-latest + outputs: + generated-tag: ${{ steps.generate_tag.outputs.generated-tag }} + steps: + - name: Check out repository code + uses: actions/checkout@v4 + - name: Run tests + id: generate_tag + run: | + tag=$(bash scripts/generate-release-tag) + echo "generated-tag=$tag" >> $GITHUB_OUTPUT + - uses: actions/github-script@v7.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const tag = '${{ steps.generate_tag.outputs.generated-tag }}' + + const branch = '${{ github.ref_name }}' + + try { + const resp = await github.rest.git.getRef({...context.repo, ref: `tags/${tag}`}); + return core.setFailed(`the tag ${tag} already exists on ${resp.data.object.type} ${resp.data.object.sha}`); + } catch(err) { + if(err.status !== 404){ + throw err; + } + } + + github.rest.git.createRef({ + owner: context.repo.owner, + repo: context.repo.repo, + ref: `refs/tags/${tag}`, + sha: context.sha + }) + + upload: + permissions: + contents: read + id-token: write + needs: [validate,tag] + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Add tag to version file + run: | + echo "{\"version\": \"${{ needs.tag.outputs.generated-tag }}\"}" > dist/VERSION + - name: Retrieve Google auth from vault + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/google-auth/rancher/credentials token | GOOGLE_AUTH + - name: Authenticate with Google Cloud + uses: 'google-github-actions/auth@v2' + with: + credentials_json: '${{ env.GOOGLE_AUTH }}' + - name: Upload to Google Cloud Storage + uses: google-github-actions/upload-cloud-storage@v2 + with: + path: dist/ + destination: releases.rancher.com/install-docker + parent: false + predefinedAcl: publicRead + headers: |- + cache-control: public,no-cache,proxy-revalidate diff --git a/.github/workflows/create-tag.yml b/.github/workflows/create-tag.yml deleted file mode 100644 index 888974e8..00000000 --- a/.github/workflows/create-tag.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: Create release tag -on: workflow_dispatch - -permissions: - contents: write - -jobs: - tag: - name: Create tag - runs-on: ubuntu-latest - steps: - - name: Check out repository code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - - name: Run tests - run: | - tag=$(bash scripts/generate-release-tag) - echo "generated-tag=$tag" >> $GITHUB_OUTPUT - id: generate_tag - - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const tag = '${{ steps.generate_tag.outputs.generated-tag }}' - - const branch = '${{ github.ref_name }}' - - try { - const resp = await github.rest.git.getRef({...context.repo, ref: `tags/${tag}`}); - return core.setFailed(`the tag ${tag} already exists on ${resp.data.object.type} ${resp.data.object.sha}`); - } catch(err) { - if(err.status !== 404){ - throw err; - } - } - - github.rest.git.createRef({ - owner: context.repo.owner, - repo: context.repo.repo, - ref: `refs/tags/${tag}`, - sha: context.sha - }) diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 8660fd1a..8f5f7860 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -4,8 +4,6 @@ on: push: branches: - master - tags: - - '*' pull_request: branches: - master @@ -69,38 +67,5 @@ jobs: destination: releases.rancher.com/install-docker-dev parent: false predefinedAcl: publicRead - headers: |- - cache-control: public,no-cache,proxy-revalidate - - upload: - permissions: - contents: read - id-token: write - needs: validate - runs-on: ubuntu-latest - timeout-minutes: 10 - if: github.event_name == 'push' && github.ref_type == 'tag' - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Add tag to version file - run: | - echo "{\"version\": \"${{ github.ref_name }}\"}" > dist/VERSION - - name: Retrieve Google auth from vault - uses: rancher-eio/read-vault-secrets@main - with: - secrets: | - secret/data/github/repo/${{ github.repository }}/google-auth/rancher/credentials token | GOOGLE_AUTH - - name: Authenticate with Google Cloud - uses: 'google-github-actions/auth@v2' - with: - credentials_json: '${{ env.GOOGLE_AUTH }}' - - name: Upload to Google Cloud Storage - uses: google-github-actions/upload-cloud-storage@v2 - with: - path: dist/ - destination: releases.rancher.com/install-docker - parent: false - predefinedAcl: publicRead headers: |- cache-control: public,no-cache,proxy-revalidate \ No newline at end of file