plot_operator/.github/workflows/release.yml at master · tercen/plot_operator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
name:  Release Workflow

on:
  push:
    tags:
      - '[0-9]+.[0-9]+.[0-9]+' # Push events to any matching semantic tag. For example, 1.10.1 or 2.0.0.

# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
jobs:
  build-and-push-image:
    runs-on: ubuntu-latest
    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
    permissions:
      contents: write
      packages: write
      attestations: write
      id-token: write
      #
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Resolve annotated tag SHA
        id: tagsha
        # Tercen's installer derives the container tag from the GitHub
        # zipball directory name, which uses the *tag object* SHA for
        # annotated tags (not the commit SHA). Without this, the image
        # CI pushes (`:<commit-sha>`) and the image Tercen tries to pull
        # (`:<tag-sha>`) don't match.
        #
        # We must use the GitHub API rather than `git rev-parse`:
        # actions/checkout@v4 stores the tag locally as a lightweight
        # ref (pointing straight at the commit), so the annotated tag
        # object isn't available in-tree. The /git/refs/tags endpoint
        # returns .object.sha — the tag-object SHA when annotated, the
        # commit SHA when lightweight — so the same code works for
        # both tag styles.
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          tag="${GITHUB_REF#refs/tags/}"
          sha=$(gh api "repos/${GITHUB_REPOSITORY}/git/refs/tags/${tag}" --jq '.object.sha')
          echo "short=${sha:0:7}" >> "$GITHUB_OUTPUT"
      - name: Update container in operator JSON
        run: |
          jq --arg variable "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${GITHUB_REF##*/}" '.container = $variable' operator.json
      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
      - name: Log in to the Container registry
        uses: docker/login-action@v3.3.0
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@v5.5.1
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          tags: |
            type=pep440,pattern={{version}}
            type=sha,prefix=,format=short
            type=raw,value=${{ steps.tagsha.outputs.short }}
      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
      - name: Build and push Docker image
        id: push
        uses: docker/build-push-action@v6.7.0
        with:
          context: .
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          # A PAT is needed for this action, GITHUB_TOKEN cannot get relevant permission
          # secrets: |
            # github_pat=${{ secrets.GH_PAT }}
      - name: Create required package.json
        run: echo '{}' > package.json
      - name: Build changelog
        id: Changelog
        uses: tercen/generate-changelog-action@master
      - name: Create release
        id: create_release
        uses: actions/create-release@latest
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
        with:
          tag_name: ${{ github.ref }}
          release_name: Release ${{ github.ref }}
          body: ${{steps.Changelog.outputs.changelog}}
          draft: false
          prerelease: false