oasf-sdk/.github/workflows/release.yaml at main · agntcy/oasf-sdk · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# Copyright AGNTCY Contributors (https://github.com/agntcy)
# SPDX-License-Identifier: Apache-2.0

name: Release pipeline

on:
  push:
    tags:
      - "v*.*.*"

jobs:
  sdk-binaries:
    name: Build SDK binaries
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
        with:
          fetch-depth: 0

      - name: Setup Taskfile
        shell: bash
        run: sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b ~/.local/bin

      - name: Build
        run: |
          task compile:all

      - name: Upload artifact
        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: binaries
          path: bin
          if-no-files-found: error

  docker-image:
    name: Build & Push Docker Images
    runs-on: ubuntu-latest
    permissions:
      packages: write
    steps:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3

      - name: Log in to GitHub Container Registry
        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push Docker images
        uses: docker/bake-action@5be5f02ff8819ecd3092ea6b2e6261c31774f2b4 # v6
        with:
          files: docker-bake.hcl
          provenance: false
          push: true
          set: |
            oasf-sdk.tags=ghcr.io/${{ github.repository_owner }}/oasf-sdk:${{ github.ref_name }}
            oasf-sdk.tags=ghcr.io/${{ github.repository_owner }}/oasf-sdk:latest

  helm-chart:
    name: Build & Push Helm Chart
    runs-on: ubuntu-latest
    permissions:
      packages: write
    steps:
      - name: Checkout code
        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
        with:
          fetch-depth: 0

      - name: Setup Taskfile
        shell: bash
        run: sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b ~/.local/bin

      - name: Log in to GitHub Container Registry
        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Lint Helm chart
        run: task helm:lint

      - name: Package Helm chart
        run: task helm:package VERSION="${{ github.ref_name }}"

      - name: Push Helm chart to GHCR
        run: task helm:push VERSION="${{ github.ref_name }}"


  release:
    name: Release
    needs:
      - sdk-binaries
      - docker-image
      - helm-chart
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Download artifacts
        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
        with:
          name: binaries
          path: bin

      - name: Create GitHub Release
        uses: softprops/action-gh-release@26994186c0ac3ef5cae75ac16aa32e8153525f77 # v1
        with:
          files: bin/**
          generate_release_notes: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  find-modules:
    name: Find modules
    runs-on: ubuntu-latest
    outputs:
      modules: ${{ steps.modules.outputs.modules }}
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Get modules
        id: modules
        run: |
          # shellcheck disable=SC2016
          echo "modules=$(find . -name go.mod -type f -print0 | xargs -0 awk '/module/ {print $2}' | jq -c -R '[.,inputs] | map(sub("^github.com\/agntcy\/oasf-sdk\/";""))')" >> "$GITHUB_OUTPUT"

  create-module-tags:
    name: Create module tags
    needs: find-modules
    runs-on: ubuntu-latest
    permissions:
      contents: write
    strategy:
      matrix:
        tags: ${{ fromJson(needs.find-modules.outputs.modules) }}
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Create tags
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            github.rest.git.createRef({
              owner: context.repo.owner,
              repo: context.repo.repo,
              ref: 'refs/tags/${{ matrix.tags }}/${{ github.ref_name }}',
              sha: context.sha
            })