tutorials/.github/workflows/release.yaml at main · spectrocloud/tutorials · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
name: Release to Production

on:
  push:
    branches: [main]

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  PALETTE_CLI_VERSION: 4.6.6
  PALETTE_EDGE_VERSION: 4.6.21
  PACKER_VERSION: 1.11.0
  ORAS_VERSION: 1.0.0
  TERRAFORM_VERSION: 1.9.0
  PALETTE_REGISTRY_CLI_VERSION: 4.6.1
  K9S_VERSION: 0.32.5
  SPECTRO_CLI_VERSION: 4.6.0
  NODE_VERSION: "22"

jobs:
  docker:
    name: "Release Docker image"
    runs-on: ubuntu-latest
    outputs:
      VERSION: ${{ steps.get-version.outputs.version }}
    steps:
      - name: Setup nodeJs
        uses: actions/setup-node@v6
        with:
          node-version: ${{ env.NODE_VERSION }}

      - name: Check out code into the Go module directory
        uses: actions/checkout@v6

      - name: "Get dependencies"
        id: dependencies
        run: |
          npm ci
          npx semantic-release --dry-run
          cat VERSION.env
          source VERSION.env
          echo "version=$VERSION" >> $GITHUB_OUTPUT

      - name: Set up QEMU
        if: ${{ steps.dependencies.outputs.VERSION != ''}}
        uses: docker/setup-qemu-action@v4

      - name: "Set up Docker Buildx"
        if: ${{ steps.dependencies.outputs.VERSION != ''}}
        uses: docker/setup-buildx-action@v4.0.0

      - name: Login to GHCR
        if: ${{ steps.dependencies.outputs.VERSION != ''}}
        uses: docker/login-action@v4.1.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push
        if: ${{ steps.dependencies.outputs.VERSION != ''}}
        uses: docker/build-push-action@v7.1.0
        id: build-and-push
        with:
          context: .
          build-args: |
            PALETTE_CLI_VERSION=${{env.PALETTE_CLI_VERSION}}
            PALETTE_EDGE_VERSION=${{env.PALETTE_EDGE_VERSION}}
            PACKER_VERSION=${{env.PACKER_VERSION}}
            ORAS_VERSION=${{env.ORAS_VERSION}}
            TERRAFORM_VERSION=${{env.TERRAFORM_VERSION}}
            PALETTE_REGISTRY_CLI_VERSION=${{env.PALETTE_REGISTRY_CLI_VERSION}}
            K9S_VERSION=${{env.K9S_VERSION}}
            SPECTRO_CLI_VERSION=${{env.SPECTRO_CLI_VERSION}}
          platforms: linux/amd64,linux/arm64
          push: true
          tags: ghcr.io/${{ github.repository }}:${{steps.dependencies.outputs.VERSION}}

      - uses: sigstore/cosign-installer@v4.1.1

      - name: Image Signing
        if: ${{ steps.dependencies.outputs.VERSION != ''}}
        run: |
          cosign sign --yes \
          -a "repo=${{ github.repository }}" \
          -a "workflow=${{ github.workflow }}" \
          -a "ref=${{ github.sha }}" \
          -a "owner=Spectro Cloud" \
          --key env://COSIGN_PRIVATE_KEY --recursive "${TAGS}@${DIGEST}"
        env:
          TAGS: ghcr.io/${{ github.repository }}:${{steps.dependencies.outputs.VERSION}}
          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
          DIGEST: ${{ steps.build-and-push.outputs.digest }}

  release:
    name: "Release"
    needs: [docker]
    runs-on: ubuntu-latest
    steps:
      - id: checkout
        name: Checkout Repository
        uses: actions/checkout@v6

      - name: Setup Nodejs
        uses: actions/setup-node@v6
        with:
          node-version: ${{ env.NODE_VERSION }}

      - name: Install dependencies
        run: npm ci
      - name: "release"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          npx semantic-release