name: Make updated OS images available on release on: release: types: [published] workflow_dispatch: inputs: tag: description: "Semantic version tag of the release (vX.Y.Z)." required: true latest: description: "Whether to update the latest tag." type: boolean default: false jobs: complete-release-branch-transaction: runs-on: ubuntu-22.04 permissions: id-token: write contents: read env: FULL_VERSION: ${{ github.event.release.tag_name }}${{ github.event.inputs.tag }} outputs: RELEASE_BRANCH: ${{ env.RELEASE_BRANCH }} WORKING_BRANCH: ${{ env.WORKING_BRANCH }} steps: - name: Checkout uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 # fetch all history - name: Determine branch names run: | WITHOUT_V=${FULL_VERSION#v} PART_MAJOR=${WITHOUT_V%%.*} PART_MINOR=${WITHOUT_V#*.} MAJOR_MINOR=${PART_MAJOR}.${PART_MINOR} RELEASE_BRANCH="release/v${MAJOR_MINOR}" WORKING_BRANCH="tmp/${FULL_VERSION}" echo "RELEASE_BRANCH=${RELEASE_BRANCH}" | tee -a "$GITHUB_ENV" echo "WORKING_BRANCH=${WORKING_BRANCH}" | tee -a "$GITHUB_ENV" - name: Check if we are strictly ahead of the release branch (if it exists) run: | git fetch git pull git checkout "${RELEASE_BRANCH}" || exit 0 git checkout "${WORKING_BRANCH}" ahead=$(git rev-list HEAD --not "${RELEASE_BRANCH}" | wc -l) if [[ "${ahead}" -gt 0 ]]; then echo "The current branch is not strictly ahead of the release branch. Cannot finish transaction without touching release branch history." exit 1 fi - name: Create or update release branch run: git push origin "${WORKING_BRANCH}":"${RELEASE_BRANCH}" update: runs-on: ubuntu-22.04 outputs: latest: ${{ steps.input-passthrough.outputs.latest }}${{ steps.check-last-release.outputs.latest }} steps: - name: Checkout uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Override latest if: github.event.inputs.latest == 'true' id: input-passthrough run: echo "latest=true" | tee -a "$GITHUB_OUTPUT" - name: Check if should mark latest if: github.event.inputs.latest != 'true' id: check-last-release env: REPO: edgelesssys/constellation GH_TOKEN: ${{ github.token }} run: | latest_release_tag=$( gh api \ -H "Accept: application/vnd.github+json" \ "/repos/${REPO}/releases/latest" \ | jq -r '.tag_name' ) current_tag=${{ github.event.release.tag_name }}${{ github.event.inputs.tag }} echo "Latest release tag: ${latest_release_tag}" echo "Current tag: ${current_tag}" if [[ "${latest_release_tag}" == "${current_tag}" ]]; then echo "latest=true" | tee -a "$GITHUB_OUTPUT" else echo "latest=false" | tee -a "$GITHUB_OUTPUT" fi add-image-version-to-versionsapi: needs: [update] name: "Add image version to versionsapi" permissions: contents: read id-token: write uses: ./.github/workflows/versionsapi.yml with: command: add add_release: true stream: stable version: ${{ github.event.release.tag_name }}${{ github.event.inputs.tag }} kind: image add_latest: ${{ needs.update.outputs.latest == 'true' }} add-cli-version-to-versionsapi: needs: [update, add-image-version-to-versionsapi] # run workflow calls after each other name: "Add CLI version to versionsapi" permissions: contents: read id-token: write uses: ./.github/workflows/versionsapi.yml with: command: add add_release: true stream: stable version: ${{ github.event.release.tag_name }}${{ github.event.inputs.tag }} kind: cli add_latest: ${{ needs.update.outputs.latest == 'true' }} remove-temporary-branch: needs: [ complete-release-branch-transaction, add-image-version-to-versionsapi, add-cli-version-to-versionsapi, ] runs-on: ubuntu-22.04 permissions: id-token: write contents: read steps: - name: Checkout uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Remove temporary branch run: git push origin --delete "${WORKING_BRANCH}"