Publish a release #16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish a release | |
| on: | |
| # Trigger this release via the GitHub Actions interface for this workflow | |
| workflow_dispatch: | |
| env: | |
| PUBLISH_GIT_USERNAME: "AppSignal release bot" | |
| PUBLISH_GIT_EMAIL: "[email protected]" | |
| PUBLISH_GIT_SSH_PATH: "/home/runner/.ssh" | |
| PUBLISH_GIT_SIGN_KEY_PATH: "/home/runner/.ssh/sign_key" | |
| jobs: | |
| publish: | |
| name: "Publish the release" | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: "Checkout the project" | |
| uses: actions/checkout@v4 | |
| with: | |
| ssh-key: "${{secrets.PUBLISH_DEPLOY_KEY}}" | |
| fetch-depth: 0 # Check out all commits because we want to check out the gh-pages branch too | |
| - name: "Checkout Mono" | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: "appsignal/mono" | |
| path: "tmp/mono" | |
| - name: "Configure Git" | |
| run: | | |
| mkdir -p "$PUBLISH_GIT_SSH_PATH" | |
| echo "${{secrets.PUBLISH_GIT_SIGN_KEY}}" > "$PUBLISH_GIT_SIGN_KEY_PATH" | |
| echo "${{secrets.PUBLISH_GIT_SIGN_PUBLIC_KEY}}" > "$PUBLISH_GIT_SIGN_KEY_PATH.pub" | |
| chmod 600 "$PUBLISH_GIT_SIGN_KEY_PATH" | |
| git config --global user.name "$PUBLISH_GIT_USERNAME (as ${{github.actor}})" | |
| git config --global user.email "$PUBLISH_GIT_EMAIL" | |
| git config --global gpg.format ssh | |
| git config --global commit.gpgsign true | |
| touch ~/.ssh/allowed_signers | |
| echo "$(git config --get user.email) namespaces=\"git\" $(cat $PUBLISH_GIT_SIGN_KEY_PATH.pub)" >> ~/.ssh/allowed_signers | |
| git config --global user.signingkey "$PUBLISH_GIT_SIGN_KEY_PATH" | |
| - name: "Install Helm" | |
| uses: azure/setup-helm@v4 | |
| with: | |
| version: 'v3.14.0' | |
| - name: "Create version" | |
| id: version | |
| run: | | |
| tmp/mono/bin/mono publish --no-git --no-package-push --yes | |
| export RELEASE_VERSION="$(script/read_version)" | |
| echo "RELEASE_VERSION=$RELEASE_VERSION" >> "$GITHUB_OUTPUT" | |
| - name: "Login to Docker Hub" | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{secrets.PUBLISH_DOCKERHUB_USERNAME}} | |
| password: ${{secrets.PUBLISH_DOCKERHUB_TOKEN}} | |
| - name: "Build and publish to Docker Hub" | |
| run: rake publish | |
| - name: "Git commit changes" | |
| run: | | |
| git add . | |
| git commit \ | |
| --gpg-sign \ | |
| --message "Release version ${{steps.version.outputs.RELEASE_VERSION}}" \ | |
| --message "Update version number and CHANGELOG.md." | |
| git tag "v${{steps.version.outputs.RELEASE_VERSION}}" | |
| - name: "Push release to repository" | |
| run: git push origin ${{github.ref_name}} "v${{steps.version.outputs.RELEASE_VERSION}}" | |
| - name: "Create a release on the repository" | |
| run: | | |
| gh release create v${{steps.version.outputs.RELEASE_VERSION}} \ | |
| --title "Release v${{steps.version.outputs.RELEASE_VERSION}}" \ | |
| --verify-tag \ | |
| --notes-from-tag | |
| env: | |
| GH_TOKEN: ${{github.token}} | |
| # The Helm chart releaser needs the Git remote to be a HTTPS URL. | |
| # We check out the repository with SSH using a deploy key at the start of the workflow, | |
| # because any other workflows that depend on `push` events to trigger them | |
| # need to be pushed with a deploy key. | |
| # | |
| # Update the remote here so it works with the Helm releaser. | |
| - name: "Update Git remote for Helm chart releaser" | |
| run: "git remote set-url origin https://github.com/appsignal/appsignal-kubernetes" | |
| - name: Run chart-releaser | |
| uses: helm/[email protected] | |
| env: | |
| CR_TOKEN: "${{github.token}}" |