-
Notifications
You must be signed in to change notification settings - Fork 8
209 lines (182 loc) · 6.06 KB
/
release.yml
File metadata and controls
209 lines (182 loc) · 6.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
name: "Release"
on:
workflow_call:
workflow_dispatch:
defaults:
run:
shell: bash
permissions:
contents: write
packages: write
jobs:
release-guard:
name: "Check release condition"
runs-on: ubuntu-latest
outputs:
RELEASE_VERSION: ${{ steps.set-version.outputs.RELEASE_VERSION }}
EXECUTE_RELEASE: ${{ steps.execute-release.outputs.EXECUTE_RELEASE }}
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0 # Required to fetch version
persist-credentials: false
# Node.js setup is needed to run Semantic Release
- uses: actions/setup-node@v6
with:
node-version: 22
cache: 'npm'
# Required for short-lived token provided to Semantic Release
- name: "Obtain Github App token"
id: app-token
uses: getsentry/action-github-app-token@v3
with:
app_id: ${{ secrets.BOT_APP_ID }}
private_key: ${{ secrets.BOT_APP_PRIVATE_KEY }}
- name: "Install Semantic Release dependencies"
run: npm ci
- name: "Execute Semantic Release"
run: npx semantic-release
env:
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
# If there is tag inserting starting with 'v', prevent release-binary & release-docker from running
- name: Check whether to execute release
id: execute-release
run: |
tag=$(git describe --tags --exact-match) || exit 0
if [[ $tag =~ ^v ]]; then
echo "EXECUTE_RELEASE=true" >> "$GITHUB_OUTPUT"
else
echo "EXECUTE_RELEASE=false" >> "$GITHUB_OUTPUT"
exit 0
fi
# Set release version number
- name: Set release version number
id: set-version
if: steps.execute-release.outputs.EXECUTE_RELEASE == 'true'
run: |
RELEASE_VERSION=$( git describe --tags "${{ github.sha }}")
echo "RELEASE_VERSION=$RELEASE_VERSION" >> "$GITHUB_OUTPUT"
release-binary:
name: "Release Binary"
needs: release-guard
runs-on: ubuntu-latest
# Only run if release-guard outputs EXECUTE_RELEASE=true
if: needs.release-guard.outputs.EXECUTE_RELEASE == 'true'
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
persist-credentials: false
- uses: actions/setup-go@v6
with:
go-version-file: ./go.mod
cache: true
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v7
with:
distribution: goreleaser
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build-docker:
name: Build Docker image
needs: release-guard
runs-on: ${{ matrix.runs-on }}
if: ${{ github.ref_name == 'main' }}
env:
IMAGE_NAME: ${{ github.repository }}
environment:
name: production
url: https://resolver.cheqd.net
strategy:
matrix:
arch: [amd64, arm64]
include:
- arch: amd64
runs-on: ubuntu-24.04
- arch: arm64
runs-on: ubuntu-24.04-arm
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
version: latest
- name: Build and cache image
uses: docker/build-push-action@v6
with:
context: .
push: false
file: docker/Dockerfile
platforms: linux/${{ matrix.arch }}
cache-from: type=gha,scope=docker-release-${{ matrix.arch }}
cache-to: type=gha,scope=docker-release-${{ matrix.arch }},mode=max
release-docker:
name: Release Docker image
needs:
- release-guard
- build-docker
runs-on: ubuntu-latest
if: ${{ github.ref_name == 'main' }}
env:
IMAGE_NAME: ${{ github.repository }}
environment:
name: production
url: https://resolver.cheqd.net
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
id: buildx
with:
version: latest
- name: Install DigitalOcean CLI
uses: digitalocean/action-doctl@v2
with:
token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to DigitalOcean Container Registry
run: doctl registry login --expiry-seconds 600
- name: Configure Docker image metadata
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ env.IMAGE_NAME }}
registry.digitalocean.com/${{ env.IMAGE_NAME }}
flavor: |
latest=auto
tags: |
type=semver,pattern={{version}},value=${{ needs.release-guard.outputs.RELEASE_VERSION }}
type=raw,value=production-latest
type=sha,format=long
labels: |
org.opencontainers.image.title="cheqd DID Resolver"
org.opencontainers.image.description="DID Resolver for the did:cheqd method"
org.opencontainers.image.source="https://github.com/cheqd/did-resolver"
org.opencontainers.image.vendor="Cheqd Foundation Limited"
org.opencontainers.image.created={{date 'dddd, MMMM Do YYYY, h:mm:ss a'}}
org.opencontainers.image.documentation="https://docs.cheqd.io/identity"
- name: Build and push image
uses: docker/build-push-action@v6
with:
context: .
push: true
file: docker/Dockerfile
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: |
type=gha,scope=docker-release-amd64
type=gha,scope=docker-release-arm64