Skip to content

Release Next

Release Next #139

Workflow file for this run

name: Release Next
on:
workflow_dispatch:
schedule:
- cron: '0 1 * * *'
env:
SETUP_GO_VERSION: '1.20'
SETUP_NODE_VERSION: '16'
jobs:
release-next:
runs-on: ubuntu-latest
permissions:
id-token: write # This is the key for OIDC!
contents: write
packages: write
steps:
-
name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
fetch-depth: 0
-
name: Set up Go
uses: actions/setup-go@v4
with:
cache: false
go-version: ${{ env.SETUP_GO_VERSION }}
-
name: Set up Node
uses: actions/setup-node@v3
with:
node-version: ${{ env.SETUP_NODE_VERSION }}
-
name: Install yarn
run: npm install --global yarn
-
uses: anchore/sbom-action/[email protected]
-
uses: sigstore/[email protected]
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
-
name: Login to GitHub Docker Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Get latest tag
id: get_latest_tag
run: echo "LATEST_TAG=$(git describe --tags --abbrev=0)" >> $GITHUB_OUTPUT
-
name: Tag current commit as latest-next
run: git tag ${{ steps.get_latest_tag.outputs.LATEST_TAG }}-next
-
name: Build Epinio dashboard
# build the ui, move the build to `ui` in the workflow root (as per location when downloading from url)
run: |
./.github/workflows/scripts/build-ui.sh
mv dashboard/$OUTPUT_DIR/$ARTIFACT_NAME backend/ui
env:
RANCHER_ENV: epinio
EXCLUDES_PKG: rancher-components,harvester
EXCLUDE_OPERATOR_PKG: true
OUTPUT_DIR: dist
RELEASE_DIR: release
ARTIFACT_NAME: rancher-dashboard-epinio-standalone
NODE_OPTIONS: "--max-old-space-size=4096"
LOGIN_LOCALE_SELECTOR: false
#################
-
name: Run GoReleaser Cross
run: ./backend/build/bk-release.sh release --rm-dist -f ./backend/.goreleaser-next.yml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
UI_BUNDLE_URL: "dev"
# The "id-token: write" permission for the OIDC will set the ACTIONS_ID_TOKEN_REQUEST_URL and ACTIONS_ID_TOKEN_REQUEST_TOKEN
# environment variables. Since we are running goreleaser-cross from a Docker image we need to pass those to the script and the container.
# See: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#updating-your-actions-for-oidc
ACTIONS_ID_TOKEN_REQUEST_URL: ${{ env.ACTIONS_ID_TOKEN_REQUEST_URL }}
ACTIONS_ID_TOKEN_REQUEST_TOKEN: ${{ env.ACTIONS_ID_TOKEN_REQUEST_TOKEN }}
-
name: Verify signatures on the generated docker images and manifests
id: verify_signatures
run: |
cosign verify ghcr.io/epinio/epinio-ui:latest-next
env:
DOCKER_CLI_EXPERIMENTAL: enabled
COSIGN_EXPERIMENTAL: 1
-
name: Cleanup the latest-next tag
run: git tag -d ${{ steps.get_latest_tag.outputs.LATEST_TAG }}-next