Skip to content

Commit

Permalink
quick fix
Browse files Browse the repository at this point in the history
Signed-off-by: Ahmed AbouZaid <[email protected]>
  • Loading branch information
aabouzaid committed Jun 28, 2024
1 parent 68da6c1 commit d750277
Showing 1 changed file with 130 additions and 128 deletions.
258 changes: 130 additions & 128 deletions .github/workflows/chart-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@ on:
pull_request:
types:
- labeled
push:
branches:
- release-please--branches--main

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
Expand All @@ -21,139 +24,139 @@ permissions:
contents: read

jobs:
release:
if: ${{ contains(github.event.*.labels.*.name, 'release') || github.event.inputs.trigger }}
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
fetch-depth: 0
- name: Install env dependencies
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
- name: Remove Dev Comments
run: |
TARGET_FILES=(
"charts/camunda-platform-*/values*.yaml"
"charts/camunda-platform-*/Chart.yaml"
)
for FILE in "${TARGET_FILES[@]}"; do
sed -i '/# START DEV COMMENT/,/# END DEV COMMENT/d' $FILE
done
echo "Dev comments removed:"
git --no-pager diff
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
~/.asdf/installs/golang/*/packages/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Install Chart Releaser
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
with:
install_only: true
env:
CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
CR_SKIP_EXISTING: 'true'
- name: Add Helm repos
run: |
make helm.repos-add
- name: Update Helm dependency
run: |
chartPath="$(ct list-changed | tr '\n' ' ')" \
make helm.dependency-update
- name: cosign-installer
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
- name: Tidy up
run: |
# Clean up badges from readme to avoid showing them in Artifact Hub.
sed -ri '/Badge .+/d' charts/camunda-platform-latest/README.md
mkdir release-packages
# release:
# if: ${{ contains(github.event.*.labels.*.name, 'release') || github.event.inputs.trigger }}
# runs-on: ubuntu-latest
# permissions:
# contents: write
# id-token: write
# steps:
# - name: Checkout
# uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
# with:
# fetch-depth: 0
# - name: Install env dependencies
# uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
# - name: Remove Dev Comments
# run: |
# TARGET_FILES=(
# "charts/camunda-platform-*/values*.yaml"
# "charts/camunda-platform-*/Chart.yaml"
# )
# for FILE in "${TARGET_FILES[@]}"; do
# sed -i '/# START DEV COMMENT/,/# END DEV COMMENT/d' $FILE
# done
# echo "Dev comments removed:"
# git --no-pager diff
# - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
# with:
# path: |
# ~/.cache/go-build
# ~/go/pkg/mod
# ~/.asdf/installs/golang/*/packages/pkg/mod
# key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
# restore-keys: |
# ${{ runner.os }}-go-
# - name: Configure Git
# run: |
# git config user.name "$GITHUB_ACTOR"
# git config user.email "[email protected]"
# - name: Install Chart Releaser
# uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
# with:
# install_only: true
# env:
# CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
# CR_SKIP_EXISTING: 'true'
# - name: Add Helm repos
# run: |
# make helm.repos-add
# - name: Update Helm dependency
# run: |
# chartPath="$(ct list-changed | tr '\n' ' ')" \
# make helm.dependency-update
# - name: cosign-installer
# uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
# - name: Tidy up
# run: |
# # Clean up badges from readme to avoid showing them in Artifact Hub.
# sed -ri '/Badge .+/d' charts/camunda-platform-latest/README.md
# mkdir release-packages

#
# We run Chart Releaser twice as a workaround because it's not possible to control the release order.
# CR by default will release "camunda-platform-10.x.x" first then "camunda-platform-8.x.x",
# however, we want the latest version to show as the latest release in GitHub releases.
#
# #
# # We run Chart Releaser twice as a workaround because it's not possible to control the release order.
# # CR by default will release "camunda-platform-10.x.x" first then "camunda-platform-8.x.x",
# # however, we want the latest version to show as the latest release in GitHub releases.
# #

# Release previous versions.
- name: Pre-Release - Previous versions
run: |
rm -rf charts/camunda-platform-latest
- name: Run Chart Releaser - Previous versions
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
with:
config: .github/config/chart-releaser.yaml
env:
CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
CR_SKIP_EXISTING: 'true'
- name: Post-Release - Previous versions
run: |
mv .cr-release-packages/* release-packages/
git checkout :/
# # Release previous versions.
# - name: Pre-Release - Previous versions
# run: |
# rm -rf charts/camunda-platform-latest
# - name: Run Chart Releaser - Previous versions
# uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
# with:
# config: .github/config/chart-releaser.yaml
# env:
# CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
# CR_SKIP_EXISTING: 'true'
# - name: Post-Release - Previous versions
# run: |
# mv .cr-release-packages/* release-packages/
# git checkout :/

# Release the latest version.
- name: Pre-Release - Latest version
run: |
rm -rf charts/camunda-platform-8*
- name: Run Chart Releaser - Latest version
uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
with:
config: .github/config/chart-releaser.yaml
env:
CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
CR_SKIP_EXISTING: 'true'
- name: Post-Release - Latest version
run: |
mv .cr-release-packages/* release-packages/
git checkout :/
# # Release the latest version.
# - name: Pre-Release - Latest version
# run: |
# rm -rf charts/camunda-platform-8*
# - name: Run Chart Releaser - Latest version
# uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
# with:
# config: .github/config/chart-releaser.yaml
# env:
# CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
# CR_SKIP_EXISTING: 'true'
# - name: Post-Release - Latest version
# run: |
# mv .cr-release-packages/* release-packages/
# git checkout :/

# Sign and upload the signature of the chart package.
- name: Set Helm chart vars
run: |
CHART_PACKAGES="$(find release-packages -maxdepth 1 -name "camunda-platform*.tgz" \
-exec basename {} \; | xargs)"
echo "CHART_PACKAGES=${CHART_PACKAGES}" | tee -a $GITHUB_ENV
- name: Sign Helm chart with Cosign
run: |
for chart_package in ${CHART_PACKAGES}; do
echo "Package: ${chart_package}"
cosign sign-blob -y release-packages/${chart_package} \
--bundle "${chart_package%.*}.cosign.bundle"
done
- name: Verify signed Helm chart with Cosign
run: |
for chart_package in ${CHART_PACKAGES}; do
echo "Package: ${chart_package}"
cosign verify-blob release-packages/${chart_package} \
--bundle "${chart_package%.*}.cosign.bundle" \
--certificate-identity "https://github.com/${GITHUB_WORKFLOW_REF}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com"
done
- name: Upload Helm chart signature bundle
run: |
for chart_package in ${CHART_PACKAGES}; do
echo "Package: ${chart_package}"
gh release upload "${chart_package%.*}" \
"${chart_package%.*}.cosign.bundle" \
--repo "${GITHUB_REPOSITORY}"
done
env:
GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
# # Sign and upload the signature of the chart package.
# - name: Set Helm chart vars
# run: |
# CHART_PACKAGES="$(find release-packages -maxdepth 1 -name "camunda-platform*.tgz" \
# -exec basename {} \; | xargs)"
# echo "CHART_PACKAGES=${CHART_PACKAGES}" | tee -a $GITHUB_ENV
# - name: Sign Helm chart with Cosign
# run: |
# for chart_package in ${CHART_PACKAGES}; do
# echo "Package: ${chart_package}"
# cosign sign-blob -y release-packages/${chart_package} \
# --bundle "${chart_package%.*}.cosign.bundle"
# done
# - name: Verify signed Helm chart with Cosign
# run: |
# for chart_package in ${CHART_PACKAGES}; do
# echo "Package: ${chart_package}"
# cosign verify-blob release-packages/${chart_package} \
# --bundle "${chart_package%.*}.cosign.bundle" \
# --certificate-identity "https://github.com/${GITHUB_WORKFLOW_REF}" \
# --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
# done
# - name: Upload Helm chart signature bundle
# run: |
# for chart_package in ${CHART_PACKAGES}; do
# echo "Package: ${chart_package}"
# gh release upload "${chart_package%.*}" \
# "${chart_package%.*}.cosign.bundle" \
# --repo "${GITHUB_REPOSITORY}"
# done
# env:
# GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}'

post-release:
if: ${{ contains(github.event.*.labels.*.name, 'release') || github.event.inputs.trigger }}
needs: release
# if: ${{ contains(github.event.*.labels.*.name, 'release') || github.event.inputs.trigger }}
#needs: release
runs-on: ubuntu-latest
permissions:
contents: write
Expand All @@ -162,7 +165,6 @@ jobs:
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
# The verification step happens in the "release" branch before merging into the "main" branch.
ref: release
fetch-depth: 0
- name: Install env dependencies
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
Expand Down

0 comments on commit d750277

Please sign in to comment.