@@ -3,19 +3,81 @@ name: Delivery
33on :
44 push :
55 branches : [main]
6- tags : ['v[0-9]+.[0-9]+.[0-9]+']
76 pull_request :
87 branches : [main]
98 workflow_dispatch :
109
11- permissions :
12- contents : read
13- packages : write
14- security-events : write
15-
1610jobs :
11+ release-plz :
12+ if : github.event_name != 'pull_request'
13+ runs-on : ubuntu-latest
14+ permissions :
15+ contents : write
16+ pull-requests : write
17+ id-token : write
18+ outputs :
19+ tag : ${{ steps.tag.outputs.tag }}
20+ is_release : ${{ steps.tag.outputs.is_release }}
21+ steps :
22+ - name : Checkout repository
23+ uses : actions/checkout@v6
24+ with :
25+ fetch-depth : 0
26+ persist-credentials : false
27+
28+ - name : Install Rust toolchain
29+ uses : dtolnay/rust-toolchain@stable
30+
31+ - name : Run release-plz release
32+ uses : release-plz/action@v0.5
33+ with :
34+ command : release
35+ env :
36+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
37+ # CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
38+
39+ - name : Detect release tag
40+ id : tag
41+ run : |
42+ git fetch --tags
43+ TAG=$(git tag --points-at HEAD | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+' | head -1)
44+ echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
45+ echo "is_release=$([[ -n "${TAG}" ]] && echo true || echo false)" >> "$GITHUB_OUTPUT"
46+
47+ release-plz-pr :
48+ needs : release-plz
49+ runs-on : ubuntu-latest
50+ permissions :
51+ contents : write
52+ pull-requests : write
53+ concurrency :
54+ group : release-plz-${{ github.ref }}
55+ cancel-in-progress : false
56+ steps :
57+ - name : Checkout repository
58+ uses : actions/checkout@v6
59+ with :
60+ fetch-depth : 0
61+ persist-credentials : false
62+
63+ - name : Install Rust toolchain
64+ uses : dtolnay/rust-toolchain@stable
65+
66+ - name : Run release-plz release-pr
67+ uses : release-plz/action@v0.5
68+ with :
69+ command : release-pr
70+ env :
71+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
72+ # CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
73+
1774 build-amd64 :
1875 runs-on : ubuntu-latest
76+ needs : [release-plz]
77+ if : always() && (needs.release-plz.result == 'success' || needs.release-plz.result == 'skipped')
78+ permissions :
79+ packages : write
80+ security-events : write
1981 outputs :
2082 digest : ${{ steps.build.outputs.digest }}
2183 steps :
2789 - name : Select build profile
2890 id : config
2991 run : |
30- if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
92+ if [[ "${{ needs.release-plz.outputs.is_release }}" == "true" ]]; then
3193 echo "profile=release" >> "$GITHUB_OUTPUT"
3294 else
3395 echo "profile=edge" >> "$GITHUB_OUTPUT"
54116 tags : ghcr.io/${{ github.repository }}:build-${{ github.run_id }}-amd64
55117 build-args : CARGO_PROFILE=${{ steps.config.outputs.profile }}
56118 cache-from : type=gha,scope=build-amd64
57- cache-to : type=gha,mode=max,scope=build-arm64
119+ cache-to : type=gha,mode=max,scope=build-amd64
58120
59121 - name : Scan image
60122 uses : anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7.3.2
@@ -74,6 +136,10 @@ jobs:
74136
75137 build-arm64 :
76138 runs-on : ubuntu-24.04-arm
139+ needs : [release-plz]
140+ if : always() && (needs.release-plz.result == 'success' || needs.release-plz.result == 'skipped')
141+ permissions :
142+ packages : write
77143 outputs :
78144 digest : ${{ steps.build.outputs.digest }}
79145 steps :
85151 - name : Select build profile
86152 id : config
87153 run : |
88- if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
154+ if [[ "${{ needs.release-plz.outputs.is_release }}" == "true" ]]; then
89155 echo "profile=release" >> "$GITHUB_OUTPUT"
90156 else
91157 echo "profile=edge" >> "$GITHUB_OUTPUT"
@@ -116,33 +182,20 @@ jobs:
116182
117183 merge :
118184 runs-on : ubuntu-latest
119- needs : [build-amd64, build-arm64]
185+ needs : [release-plz, build-amd64, build-arm64]
186+ if : always() && (needs.build-amd64.result == 'success' && needs.build-arm64.result == 'success')
187+ permissions :
188+ packages : write
120189 steps :
121- - name : Checkout
122- uses : actions/checkout@v6
123- with :
124- fetch-depth : 0
125-
126- - name : Detect release tag on HEAD
127- id : release
128- run : |
129- if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
130- TAG="${{ github.ref_name }}"
131- else
132- TAG=""
133- fi
134- echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
135- echo "is_release=$([[ -n "${TAG}" ]] && echo true || echo false)" >> "$GITHUB_OUTPUT"
136-
137190 - name : Docker meta
138191 id : meta
139192 uses : docker/metadata-action@v6
140193 with :
141194 images : ghcr.io/${{ github.repository }}
142195 tags : |
143- type=semver,pattern={{version}},value=${{ steps .release.outputs.tag }},enable=${{ steps .release.outputs.is_release == 'true' }}
144- type=semver,pattern={{major}}.{{minor}},value=${{ steps .release.outputs.tag }},enable=${{ steps .release.outputs.is_release == 'true' }}
145- type=edge,enable=${{ steps .release.outputs.is_release != 'true' }}
196+ type=semver,pattern={{version}},value=${{ needs .release-plz .outputs.tag }},enable=${{ needs .release-plz .outputs.is_release == 'true' }}
197+ type=semver,pattern={{major}}.{{minor}},value=${{ needs .release-plz .outputs.tag }},enable=${{ needs .release-plz .outputs.is_release == 'true' }}
198+ type=edge,enable=${{ needs .release-plz .outputs.is_release != 'true' }}
146199 type=ref,event=pr
147200 type=ref,event=branch,enable=${{ github.event_name == 'workflow_dispatch' }}
148201
0 commit comments