constellation/.github/workflows/on-release.yml

name: Make updated OS images available on release

on:
  release:
    types: [published]
  workflow_dispatch:
    inputs:
      tag:
        description: "Semantic version tag of the release (vX.Y.Z)."
        required: true
      latest:
        description: "Whether to update the latest tag."
        type: boolean
        default: false

env:
  REPO: edgelesssys/constellation
  TAG: ${{ github.event.release.tag_name }}${{ github.event.inputs.tag }}

jobs:
  update:
    runs-on: ubuntu-22.04
    permissions:
      id-token: write
      contents: read
    steps:
      - name: Checkout
        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
        with:
          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

      - name: Override latest
        id: override
        if: github.event.inputs.latest == 'true'
        run: echo "LATEST=true" >> "$GITHUB_ENV"

      - name: Check if should mark latest
        if: github.event.inputs.latest != 'true'
        env:
          GH_TOKEN: ${{ github.token }}
        run: |
          latest_release_tag=$(gh api \
            -H "Accept: application/vnd.github+json" \
            "/repos/${REPO}/releases/latest" \
            | jq -r '.tag_name')
          echo "Latest release tag: ${latest_release_tag}"
          echo "Current tag: ${TAG}"
          if [[ "${latest_release_tag}" == "${TAG}" ]]; then
            echo "LATEST=true" >> "$GITHUB_ENV"
          else
            echo "LATEST=false" >> "$GITHUB_ENV"
          fi          

      - name: Setup Go environment
        uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
        with:
          go-version: "1.20.3"
          cache: true

      - name: Login to AWS
        uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
        with:
          role-to-assume: arn:aws:iam::795746500882:role/GithubAddReleaseVersion
          aws-region: eu-central-1

  add-image-version-to-versionsapi:
    needs: [update]
    name: "Add image version to versionsapi"
    permissions:
      contents: read
      id-token: write
    uses: ./.github/workflows/versionsapi.yml
    with:
      command: add
      add_release: true
      stream: stable
      version: ${{ inputs.tag }}
      kind: image
      add_latest: true

  add-cli-version-to-versionsapi:
    needs: [update]
    name: "Add CLI version to versionsapi"
    permissions:
      contents: read
      id-token: write
    uses: ./.github/workflows/versionsapi.yml
    with:
      command: add
      add_release: true
      stream: stable
      version: ${{ inputs.tag }}
      kind: cli
      add_latest: true