Skip to content

Release

Release #169

Workflow file for this run

name: "Release"
on:
workflow_call:
workflow_dispatch:
defaults:
run:
shell: bash
jobs:
# Super Linter only runs on diffs in PRs
# For release, we run it on VALIDATE_ALL_CODEBASE=true
# List of languages enabled is smaller than in lint workflow
super-lint:
name: "Super Linter"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Required to fetch version
- name: Run Super Linter
uses: github/super-linter/slim@v7
env:
IGNORE_GITIGNORED_FILES: true
DEFAULT_BRANCH: main
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
LOG_LEVEL: WARN
VALIDATE_ALL_CODEBASE: true
MULTI_STATUS: true
PYTHON_PYLINT_CONFIG_FILE: .pylintrc
VALIDATE_BASH: true
VALIDATE_DOCKERFILE_HADOLINT: true
VALIDATE_ENV: true
VALIDATE_GITHUB_ACTIONS: true
VALIDATE_JSON: true
VALIDATE_MARKDOWN: true
# VALIDATE_OPENAPI: true
VALIDATE_PYTHON_PYLINT: true
VALIDATE_XML: true
VALIDATE_YAML: true
release-guard:
name: "Check release condition"
runs-on: ubuntu-latest
needs: super-lint
outputs:
RELEASE_VERSION: ${{ steps.set-version.outputs.RELEASE_VERSION }}
EXECUTE_RELEASE: ${{ steps.execute-release.outputs.EXECUTE_RELEASE }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Required to fetch version
persist-credentials: false
# Node.js setup is needed to run Semantic Release
- uses: actions/setup-node@v4
with:
node-version: 20
cache: 'npm'
# Required for short-lived token provided to Semantic Release
- name: "Obtain Github App token"
id: app-token
uses: getsentry/action-github-app-token@v3
with:
app_id: ${{ secrets.BOT_APP_ID }}
private_key: ${{ secrets.BOT_APP_PRIVATE_KEY }}
- name: "Install Semantic Release dependencies"
run: npm ci
- name: "Execute Semantic Release"
run: npx semantic-release
env:
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
# If there is tag inserting starting with 'v', prevent release-binary & release-docker from running
- name: Check whether to execute release
id: execute-release
run: |
tag=$(git describe --tags --exact-match) || exit 0
if [[ $tag =~ ^v ]]; then
echo "EXECUTE_RELEASE=true" >> "$GITHUB_OUTPUT"
else
echo "EXECUTE_RELEASE=false" >> "$GITHUB_OUTPUT"
exit 0
fi
# Set release version number
- name: Set release version number
id: set-version
if: steps.execute-release.outputs.EXECUTE_RELEASE == 'true'
run: |
RELEASE_VERSION=$( git describe --tags "${{ github.sha }}")
echo "RELEASE_VERSION=$RELEASE_VERSION" >> "$GITHUB_OUTPUT"
release-binary:
name: "Node binary"
runs-on: ubuntu-24.04
needs: [ super-lint, release-guard ]
# Only run if release-guard outputs EXECUTE_RELEASE=true
if: needs.release-guard.outputs.EXECUTE_RELEASE == 'true'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Required to fetch version
persist-credentials: false
- uses: actions/setup-go@v5
with:
go-version-file: ./go.mod
cache: true
# Setup for pushing to Buf.build later
- uses: bufbuild/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Push Protobufs to Buf.build registry
- uses: bufbuild/buf-push-action@v1
with:
input: proto
buf_token: ${{ secrets.BUF_TOKEN }}
draft: ${{ github.ref_name != 'main'}}
release-docker:
name: "Docker image"
needs: [ super-lint, release-guard ]
runs-on: ubuntu-24.04
# Only run if release-guard outputs EXECUTE_RELEASE=true
if: needs.release-guard.outputs.EXECUTE_RELEASE == 'true'
env:
IMAGE_NAME: ${{ github.repository }}
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
version: latest
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Configure Docker image metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository}}
flavor: |
latest=auto
tags: |
type=semver,pattern={{version}},value=${{ needs.release-guard.outputs.RELEASE_VERSION }}
type=raw,value=production-latest
type=sha,format=long
labels: |
org.opencontainers.image.vendor="Cheqd Foundation Limited"
org.opencontainers.image.created={{date 'dddd, MMMM Do YYYY, h:mm:ss a'}}
org.opencontainers.image.documentation="https://docs.cheqd.io/node"
- name: Build and push image
uses: docker/build-push-action@v6
with:
context: .
file: docker/Dockerfile
platforms: linux/amd64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=min