diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index faca65e9e..b81d3f356 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,30 +11,25 @@ jobs: permissions: contents: write steps: - - - name: Checkout + - name: Checkout uses: actions/checkout@v2 with: fetch-depth: 0 - - - name: Set up Go + - name: Set up Go uses: actions/setup-go@v2 with: go-version: 1.17.0 - - - name: Run GoReleaser + - name: Run GoReleaser uses: goreleaser/goreleaser-action@5e15885530fb01d81d1f24e8a6f54ebbd0fed7eb if: startsWith(github.ref, 'refs/tags/') with: version: 0.162.0 - args: release --rm-dist --debug + args: release --rm-dist --debug ${{ env.SKIP_PUBLISH }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - - uses: actions/github-script@v4 + - uses: actions/github-script@v4 id: get-checksums-from-draft-release - if: startsWith(github.ref, 'refs/tags/') + if: startsWith(github.ref, 'refs/tags/') && ${{ !env.ACT }} with: github-token: ${{secrets.GITHUB_TOKEN}} result-encoding: string @@ -83,9 +78,8 @@ jobs: ${checksums['imgpkg-linux-amd64']} ./imgpkg-linux-amd64 ${checksums['imgpkg-windows-amd64.exe']} ./imgpkg-windows-amd64.exe` - - - name: verify uploaded artifacts - if: startsWith(github.ref, 'refs/tags/') + - name: verify uploaded artifacts + if: startsWith(github.ref, 'refs/tags/') && ${{ !env.ACT }} env: GITHUB_CONTEXT: ${{ toJson(github) }} run: | @@ -98,3 +92,118 @@ jobs: ${{steps.get-checksums-from-draft-release.outputs.result}} EOF ) + + - name: Upload Checksums + uses: actions/upload-artifact@v2 + with: + name: checksums + path: ./go-checksums + + carvel-release-scripts: + needs: goreleaser + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token + repository: vmware-tanzu/carvel-release-scripts + ref: main + ssh-key: ${{ secrets.CARVEL_RELEASE_SCRIPTS_DEPLOY_PRIVATE_KEY }} + - name: Download checksums + uses: actions/download-artifact@v2 + id: download-checksums + with: + name: checksums + path: ~/checksums + - name: generate homebrew ytt datavalue file + run: | + VERSION=`echo ${{ github.ref }} | grep -Eo '[0-9].*'` + + # EXAMPLE checksum line: + # 0837efa4e30fc3f934479d1bd183cfd97ec96f7f3cfab0892be7f39308908993 ./imgpkg-linux-amd64 + function map_checksums_to_assets() { + cat ${{steps.download-checksums.outputs.download-path}}/go-checksums | while read line; do + filename=$(echo $line | awk '{print $2}' | sed -e "s#^\.\/##") + os=$(echo $filename | awk -F\- '{print $2}') + arch=$(echo $filename | awk -F\- '{print $3}' | sed -e "s/\..*$//") + sha256=$(echo $line | awk '{print $1}') + + echo " + - os: ${os} + arch: ${arch} + shasum: ${sha256} + filename: ${filename}" + done + } + + cat <releases/imgpkg/$VERSION.yml + #@data/values + --- + version: v${VERSION} + assets: + $(map_checksums_to_assets) + + github: + url: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY + EOF + + cat releases/imgpkg/$VERSION.yml + + - name: Commit & Push ytt datavalue to carvel-release-scripts + if: ${{ !env.ACT }} + env: + AUTHOR_NAME: "k8slt" + AUTHOR_EMAIL: "klt@groups.vmware.com" + REPOSITORY: "vmware-tanzu/carvel-release-scripts" + BRANCH: "imgpkg-homebrew" + FORCE: true + GITHUB_TOKEN: ${{ secrets.CARVEL_RELEASE_SCRIPTS_TOKEN }} + GITHUB_DEPLOY_PRIVATE_KEY: ${{ secrets.CARVEL_RELEASE_SCRIPTS_DEPLOY_PRIVATE_KEY }} + run: | + set -e + + timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ") + + AUTHOR_EMAIL=${AUTHOR_EMAIL:-'github-actions[bot]@users.noreply.github.com'} + AUTHOR_NAME=${AUTHOR_NAME:-'github-actions[bot]'} + MESSAGE=${MESSAGE:-"chore: autopublish ${timestamp}"} + FORCE=${FORCE:-false} + REPOSITORY=${REPOSITORY:-$GITHUB_REPOSITORY} + + echo "Push to branch $BRANCH"; + [ -z "${BRANCH}" ] && { + echo 'Missing branch'; + exit 1; + }; + + if [ -z "${GITHUB_TOKEN}" ] && [ -z "${GITHUB_DEPLOY_PRIVATE_KEY}" ]; then + echo 'Missing required input "github_token: ${{ secrets.GITHUB_TOKEN }} OR "github_deploy_private_key: ${{ secrets.GITHUB_DEPLOY_PRIVATE_KEY }}".'; + exit 1; + fi + + if ${FORCE}; then + _FORCE_OPTION='--force' + fi + + remote_repo="https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@github.com/${REPOSITORY}.git" + + if [ -n "${GITHUB_DEPLOY_PRIVATE_KEY}" ]; then + remote_repo="git@github.com:${REPOSITORY}" + + tempkey=`basename $0` + TMP_DEPLOY_PRIV_KEY=`mktemp /tmp/${tempkey}.XXXXXX` || exit 1 + echo "${GITHUB_DEPLOY_PRIVATE_KEY}" > $TMP_DEPLOY_PRIV_KEY + eval $(ssh-agent -s) + ssh-add ${TMP_DEPLOY_PRIV_KEY} + fi + + git config http.sslVerify true + git config --local user.email "${AUTHOR_EMAIL}" + git config --local user.name "${AUTHOR_NAME}" + + git add -A + + git commit -m "${MESSAGE}" $_EMPTY || exit 0 + + git push "${remote_repo}" HEAD:"${BRANCH}" --follow-tags $_FORCE_OPTION; \ No newline at end of file diff --git a/hack/test-gh-actions-local.sh b/hack/test-gh-actions-local.sh new file mode 100755 index 000000000..6f432487f --- /dev/null +++ b/hack/test-gh-actions-local.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +set -xeu + +if ! type act; then + echo 'Install act via https://github.com/nektos/act#installation-through-package-managers' + exit 1 +fi + +# SECRETS: +# CARVEL_RELEASE_SCRIPTS_PAT / Push access to vmware-tanzu/carvel-release-scripts + +# https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads +act push -e <(cat <