logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114
							name: Create Release

on:
  workflow_dispatch:
    inputs:
      version:
        description: 'version to release, e.g. v1.5.13'
        required: true
        default: 'v0.1.0'

env:
  GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
  GO_VERSION: '1.17'

jobs:
  release:
    name: Create Release
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Create Release
        uses: softprops/action-gh-release@v1
        with:
          tag_name: ${{ github.event.inputs.version }}
        env:
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

      - name: Build Changelog
        id: build_changelog
        uses: mikepenz/release-changelog-builder-action@v2
        with:
          configuration: "changelog.json"
          toTag: ${{ github.event.inputs.version }}
          commitMode: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: create changelog file
        env:
          VERSION: ${{ github.event.inputs.version }}
          CHANGELOG: ${{ steps.build_changelog.outputs.changelog }}
        run: |
          echo "Image: \`ghcr.io/${GITHUB_REPOSITORY}:${VERSION}\`" >> .changelog
          echo "${CHANGELOG}" >> .changelog

      - name: Update Release
        uses: softprops/action-gh-release@v1
        with:
          tag_name: ${{ github.event.inputs.version }}
          body_path: .changelog
        env:
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

      - name: Setup Go
        uses: actions/setup-go@v2
        with:
          go-version: ${{ env.GO_VERSION }}

      - name: Update Docs
        run: make docs.publish DOCS_VERSION=${{ github.event.inputs.version }} DOCS_ALIAS=latest
        env:
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

  promote:
    name: Promote Container Image
    runs-on: ubuntu-latest

    permissions:
      id-token: write
      contents: read

    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Login to Docker
        uses: docker/login-action@v1
        if: env.GHCR_USERNAME != ''
        with:
          registry: ghcr.io
          username: ${{ secrets.GHCR_USERNAME }}
          password: ${{ secrets.GHCR_TOKEN }}

      - name: Promote Container Image
        if: env.GHCR_USERNAME != ''
        run: make docker.promote
        env:
          RELEASE_TAG: ${{ github.event.inputs.version }}
          SOURCE_TAG: main

      - name: Set up crane
        if: env.GHCR_USERNAME != ''
        run: go install github.com/google/go-containerregistry/cmd/crane@v0.8.0

      - name: Install cosign
        if: env.GHCR_USERNAME != ''
        uses: sigstore/cosign-installer@main
        with:
          cosign-release: 'v1.6.0'

      - name: Sign Container Image
        if: env.GHCR_USERNAME != ''
        run: make docker.sign
        env:
          RELEASE_TAG: ${{ github.event.inputs.version }}
          SOURCE_TAG: main
          COSIGN_EXPERIMENTAL: 1