diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml index 13474534e4..dab999d152 100644 --- a/.github/workflows/chart-release.yaml +++ b/.github/workflows/chart-release.yaml @@ -12,6 +12,9 @@ on: pull_request: types: - labeled + push: + branches: + - release-please--branches--main concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} @@ -21,139 +24,139 @@ permissions: contents: read jobs: - release: - if: ${{ contains(github.event.*.labels.*.name, 'release') || github.event.inputs.trigger }} - runs-on: ubuntu-latest - permissions: - contents: write - id-token: write - steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - with: - fetch-depth: 0 - - name: Install env dependencies - uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3 - - name: Remove Dev Comments - run: | - TARGET_FILES=( - "charts/camunda-platform-*/values*.yaml" - "charts/camunda-platform-*/Chart.yaml" - ) - for FILE in "${TARGET_FILES[@]}"; do - sed -i '/# START DEV COMMENT/,/# END DEV COMMENT/d' $FILE - done - echo "Dev comments removed:" - git --no-pager diff - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 - with: - path: | - ~/.cache/go-build - ~/go/pkg/mod - ~/.asdf/installs/golang/*/packages/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - name: Install Chart Releaser - uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 - with: - install_only: true - env: - CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' - CR_SKIP_EXISTING: 'true' - - name: Add Helm repos - run: | - make helm.repos-add - - name: Update Helm dependency - run: | - chartPath="$(ct list-changed | tr '\n' ' ')" \ - make helm.dependency-update - - name: cosign-installer - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 - - name: Tidy up - run: | - # Clean up badges from readme to avoid showing them in Artifact Hub. - sed -ri '/Badge .+/d' charts/camunda-platform-latest/README.md - mkdir release-packages + # release: + # if: ${{ contains(github.event.*.labels.*.name, 'release') || github.event.inputs.trigger }} + # runs-on: ubuntu-latest + # permissions: + # contents: write + # id-token: write + # steps: + # - name: Checkout + # uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + # with: + # fetch-depth: 0 + # - name: Install env dependencies + # uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3 + # - name: Remove Dev Comments + # run: | + # TARGET_FILES=( + # "charts/camunda-platform-*/values*.yaml" + # "charts/camunda-platform-*/Chart.yaml" + # ) + # for FILE in "${TARGET_FILES[@]}"; do + # sed -i '/# START DEV COMMENT/,/# END DEV COMMENT/d' $FILE + # done + # echo "Dev comments removed:" + # git --no-pager diff + # - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + # with: + # path: | + # ~/.cache/go-build + # ~/go/pkg/mod + # ~/.asdf/installs/golang/*/packages/pkg/mod + # key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + # restore-keys: | + # ${{ runner.os }}-go- + # - name: Configure Git + # run: | + # git config user.name "$GITHUB_ACTOR" + # git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + # - name: Install Chart Releaser + # uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 + # with: + # install_only: true + # env: + # CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + # CR_SKIP_EXISTING: 'true' + # - name: Add Helm repos + # run: | + # make helm.repos-add + # - name: Update Helm dependency + # run: | + # chartPath="$(ct list-changed | tr '\n' ' ')" \ + # make helm.dependency-update + # - name: cosign-installer + # uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 + # - name: Tidy up + # run: | + # # Clean up badges from readme to avoid showing them in Artifact Hub. + # sed -ri '/Badge .+/d' charts/camunda-platform-latest/README.md + # mkdir release-packages - # - # We run Chart Releaser twice as a workaround because it's not possible to control the release order. - # CR by default will release "camunda-platform-10.x.x" first then "camunda-platform-8.x.x", - # however, we want the latest version to show as the latest release in GitHub releases. - # + # # + # # We run Chart Releaser twice as a workaround because it's not possible to control the release order. + # # CR by default will release "camunda-platform-10.x.x" first then "camunda-platform-8.x.x", + # # however, we want the latest version to show as the latest release in GitHub releases. + # # - # Release previous versions. - - name: Pre-Release - Previous versions - run: | - rm -rf charts/camunda-platform-latest - - name: Run Chart Releaser - Previous versions - uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 - with: - config: .github/config/chart-releaser.yaml - env: - CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' - CR_SKIP_EXISTING: 'true' - - name: Post-Release - Previous versions - run: | - mv .cr-release-packages/* release-packages/ - git checkout :/ + # # Release previous versions. + # - name: Pre-Release - Previous versions + # run: | + # rm -rf charts/camunda-platform-latest + # - name: Run Chart Releaser - Previous versions + # uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 + # with: + # config: .github/config/chart-releaser.yaml + # env: + # CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + # CR_SKIP_EXISTING: 'true' + # - name: Post-Release - Previous versions + # run: | + # mv .cr-release-packages/* release-packages/ + # git checkout :/ - # Release the latest version. - - name: Pre-Release - Latest version - run: | - rm -rf charts/camunda-platform-8* - - name: Run Chart Releaser - Latest version - uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 - with: - config: .github/config/chart-releaser.yaml - env: - CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' - CR_SKIP_EXISTING: 'true' - - name: Post-Release - Latest version - run: | - mv .cr-release-packages/* release-packages/ - git checkout :/ + # # Release the latest version. + # - name: Pre-Release - Latest version + # run: | + # rm -rf charts/camunda-platform-8* + # - name: Run Chart Releaser - Latest version + # uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 + # with: + # config: .github/config/chart-releaser.yaml + # env: + # CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + # CR_SKIP_EXISTING: 'true' + # - name: Post-Release - Latest version + # run: | + # mv .cr-release-packages/* release-packages/ + # git checkout :/ - # Sign and upload the signature of the chart package. - - name: Set Helm chart vars - run: | - CHART_PACKAGES="$(find release-packages -maxdepth 1 -name "camunda-platform*.tgz" \ - -exec basename {} \; | xargs)" - echo "CHART_PACKAGES=${CHART_PACKAGES}" | tee -a $GITHUB_ENV - - name: Sign Helm chart with Cosign - run: | - for chart_package in ${CHART_PACKAGES}; do - echo "Package: ${chart_package}" - cosign sign-blob -y release-packages/${chart_package} \ - --bundle "${chart_package%.*}.cosign.bundle" - done - - name: Verify signed Helm chart with Cosign - run: | - for chart_package in ${CHART_PACKAGES}; do - echo "Package: ${chart_package}" - cosign verify-blob release-packages/${chart_package} \ - --bundle "${chart_package%.*}.cosign.bundle" \ - --certificate-identity "https://github.com/${GITHUB_WORKFLOW_REF}" \ - --certificate-oidc-issuer "https://token.actions.githubusercontent.com" - done - - name: Upload Helm chart signature bundle - run: | - for chart_package in ${CHART_PACKAGES}; do - echo "Package: ${chart_package}" - gh release upload "${chart_package%.*}" \ - "${chart_package%.*}.cosign.bundle" \ - --repo "${GITHUB_REPOSITORY}" - done - env: - GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + # # Sign and upload the signature of the chart package. + # - name: Set Helm chart vars + # run: | + # CHART_PACKAGES="$(find release-packages -maxdepth 1 -name "camunda-platform*.tgz" \ + # -exec basename {} \; | xargs)" + # echo "CHART_PACKAGES=${CHART_PACKAGES}" | tee -a $GITHUB_ENV + # - name: Sign Helm chart with Cosign + # run: | + # for chart_package in ${CHART_PACKAGES}; do + # echo "Package: ${chart_package}" + # cosign sign-blob -y release-packages/${chart_package} \ + # --bundle "${chart_package%.*}.cosign.bundle" + # done + # - name: Verify signed Helm chart with Cosign + # run: | + # for chart_package in ${CHART_PACKAGES}; do + # echo "Package: ${chart_package}" + # cosign verify-blob release-packages/${chart_package} \ + # --bundle "${chart_package%.*}.cosign.bundle" \ + # --certificate-identity "https://github.com/${GITHUB_WORKFLOW_REF}" \ + # --certificate-oidc-issuer "https://token.actions.githubusercontent.com" + # done + # - name: Upload Helm chart signature bundle + # run: | + # for chart_package in ${CHART_PACKAGES}; do + # echo "Package: ${chart_package}" + # gh release upload "${chart_package%.*}" \ + # "${chart_package%.*}.cosign.bundle" \ + # --repo "${GITHUB_REPOSITORY}" + # done + # env: + # GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}' post-release: - if: ${{ contains(github.event.*.labels.*.name, 'release') || github.event.inputs.trigger }} - needs: release + # if: ${{ contains(github.event.*.labels.*.name, 'release') || github.event.inputs.trigger }} + #needs: release runs-on: ubuntu-latest permissions: contents: write @@ -162,7 +165,6 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: # The verification step happens in the "release" branch before merging into the "main" branch. - ref: release fetch-depth: 0 - name: Install env dependencies uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3