Skip to content

chore: release v0.3.2 — bump Chart.yaml to fix Helm chart publishing #9

chore: release v0.3.2 — bump Chart.yaml to fix Helm chart publishing

chore: release v0.3.2 — bump Chart.yaml to fix Helm chart publishing #9

Workflow file for this run

name: Release
on:
push:
tags:
- 'v*'
permissions:
contents: read
packages: write
id-token: write # For cosign OIDC keyless signing
env:
REGISTRY: ghcr.io
CONTROLLER_IMAGE: ghcr.io/${{ github.repository }}/controller
ENGINE_CLAUDE_CODE_IMAGE: ghcr.io/${{ github.repository }}/engine-claude-code
ENGINE_CODEX_IMAGE: ghcr.io/${{ github.repository }}/engine-codex
ENGINE_OPENCODE_IMAGE: ghcr.io/${{ github.repository }}/engine-opencode
ENGINE_CLINE_IMAGE: ghcr.io/${{ github.repository }}/engine-cline
jobs:
release-controller:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.CONTROLLER_IMAGE }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=raw,value=latest
type=sha
- name: Build and push controller image
uses: docker/build-push-action@v6
with:
context: .
file: docker/controller/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Install cosign
uses: sigstore/cosign-installer@v3
- name: Sign image with cosign (keyless)
run: |
echo "${{ steps.meta.outputs.tags }}" | while read -r tag; do
cosign sign --yes "$tag"
done
- name: Install syft
uses: anchore/sbom-action/download-syft@v0
- name: Generate SBOM
run: |
VERSION_TAG=$(echo "${{ steps.meta.outputs.tags }}" | head -1)
syft "$VERSION_TAG" -o cyclonedx-json > controller-sbom.json
- name: Upload SBOM
uses: actions/upload-artifact@v4
with:
name: controller-sbom
path: controller-sbom.json
release-engine-claude-code:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.ENGINE_CLAUDE_CODE_IMAGE }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=raw,value=latest
type=sha
- name: Build and push engine image
uses: docker/build-push-action@v6
with:
context: docker/engine-claude-code
file: docker/engine-claude-code/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Install cosign
uses: sigstore/cosign-installer@v3
- name: Sign image with cosign (keyless)
run: |
echo "${{ steps.meta.outputs.tags }}" | while read -r tag; do
cosign sign --yes "$tag"
done
release-engine-codex:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.ENGINE_CODEX_IMAGE }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=raw,value=latest
type=sha
- name: Build and push engine image
uses: docker/build-push-action@v6
with:
context: docker/engine-codex
file: docker/engine-codex/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Install cosign
uses: sigstore/cosign-installer@v3
- name: Sign image with cosign (keyless)
run: |
echo "${{ steps.meta.outputs.tags }}" | while read -r tag; do
cosign sign --yes "$tag"
done
release-engine-opencode:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.ENGINE_OPENCODE_IMAGE }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=raw,value=latest
type=sha
- name: Build and push engine image
uses: docker/build-push-action@v6
with:
context: docker/engine-opencode
file: docker/engine-opencode/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Install cosign
uses: sigstore/cosign-installer@v3
- name: Sign image with cosign (keyless)
run: |
echo "${{ steps.meta.outputs.tags }}" | while read -r tag; do
cosign sign --yes "$tag"
done
# engine-cline omitted: see images.yaml for explanation.
helm-chart:
name: Release Helm chart
runs-on: ubuntu-latest
permissions:
contents: write # chart-releaser creates GitHub Releases
needs:
- release-controller
- release-engine-claude-code
- release-engine-codex
- release-engine-opencode
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- uses: azure/setup-helm@v4
- uses: helm/chart-releaser-action@v1.6.0
with:
config: .github/cr.yaml
env:
CR_TOKEN: ${{ secrets.GITHUB_TOKEN }}