Skip to content
Release

v1.45.0 #90

Sign in to view logs

v1.45.0

v1.45.0 #90

Workflow file for this run

.github/workflows/release.yaml at 4d4081d
name: Release
on:
release:
types:
- released
workflow_dispatch:
inputs:
tag_name:
description: "Tag to release"
required: true
permissions:
contents: read
jobs:
image:
runs-on: ubuntu-24.04
name: Release Actions
permissions:
contents: read
packages: write
env:
GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
persist-credentials: true
- name: Check tofu actions are up to date
run: |
python3 tofu/tofuize.py
git diff --exit-code
- name: Registry login
env:
GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
run: |
echo $GITHUB_TOKEN | docker login ghcr.io --username dflook --password-stdin
echo $DOCKER_TOKEN | docker login --username danielflook --password-stdin
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build action image
id: image_build
env:
RELEASE_TAG: "${{ github.event.release.tag_name }}${{ github.event.inputs.tag_name }}"
run: |
docker buildx build \
--build-arg FETCH_CHECKSUMS=yes \
--build-arg VERSION="${RELEASE_TAG:1}" \
--tag "danielflook/terraform-github-actions:$RELEASE_TAG" \
--tag "ghcr.io/dflook/terraform-github-actions:$RELEASE_TAG" \
--platform linux/amd64,linux/arm64 \
--attest type=provenance,mode=max,builder-id=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID \
--push \
--iidfile manifest-list-digest.txt \
image
echo "digest=$(<manifest-list-digest.txt)" >> "$GITHUB_OUTPUT"
- name: Release actions
env:
RELEASE_TAG: "${{ github.event.release.tag_name }}${{ github.event.inputs.tag_name }}"
IMAGE_DIGEST: ${{ steps.image_build.outputs.digest }}
run: |
export major=$(echo "$RELEASE_TAG" | cut -d. -f1)
export minor=$(echo "$RELEASE_TAG" | cut -d. -f2)
git config --global user.name "Daniel Flook"
git config --global user.email "[email protected]"
function prepare_release() {
rsync -r "$GITHUB_WORKSPACE/$action/" "$HOME/$action"
rm -rf "$HOME/$action/.github"
mkdir "$HOME/$action/.github"
cp "$GITHUB_WORKSPACE/.github/FUNDING.yml" "$HOME/$action/.github/FUNDING.yml"
}
for action in $(cd "$GITHUB_WORKSPACE" && find . -name action.yaml -printf "%h\n" | sed 's/^.\///'); do
if git clone "https://dflook:[email protected]/dflook/$action.git" "$HOME/$action"; then
echo "Releasing dflook/$action@$RELEASE_TAG"
# git tags that use DockerHub for the image
prepare_release
sed -i "s| image:.*| image: docker://danielflook/terraform-github-actions@$IMAGE_DIGEST|" "$HOME/$action/action.yaml"
git -C "$HOME/$action" add -A
git -C "$HOME/$action" commit -m "$RELEASE_TAG"
git -C "$HOME/$action" tag --force -a -m"$RELEASE_TAG" "$RELEASE_TAG"
git -C "$HOME/$action" tag --force -a -m"$RELEASE_TAG" "$major"
git -C "$HOME/$action" tag --force -a -m"$RELEASE_TAG" "$major.$minor"
git -C "$HOME/$action" push --force
git -C "$HOME/$action" push --force --tags
# git tags that use GitHub Container Registry for the image
git -C "$HOME/$action" checkout ghcr || git -C "$HOME/$action" checkout -b ghcr
prepare_release
sed -i "s| image:.*| image: docker://ghcr.io/dflook/terraform-github-actions@$IMAGE_DIGEST|" "$HOME/$action/action.yaml"
git -C "$HOME/$action" add -A
git -C "$HOME/$action" commit -m "$RELEASE_TAG-ghcr"
git -C "$HOME/$action" tag --force -a -m"$RELEASE_TAG" "$RELEASE_TAG-ghcr"
git -C "$HOME/$action" tag --force -a -m"$RELEASE_TAG" "$major-ghcr"
git -C "$HOME/$action" tag --force -a -m"$RELEASE_TAG" "$major.$minor-ghcr"
git -C "$HOME/$action" push --set-upstream origin ghcr --force
git -C "$HOME/$action" push --force --tags
# Create the github release
cat "$GITHUB_WORKSPACE/.github/release_template.md" \
| envsubst \
| jq --slurp --raw-input --arg RELEASE_TAG "$RELEASE_TAG" '{"tag_name": $RELEASE_TAG, "name": $RELEASE_TAG, "body": . }' \
| curl -X POST \
--user "dflook:$GITHUB_TOKEN" \
--header "Content-Type: application/json" \
--data-binary @- \
"https://api.github.com/repos/dflook/$action/releases"
else
echo "Skipping dflook/$action"
fi
done