mirror of
https://github.com/rancher/k3k.git
synced 2026-02-14 18:10:01 +00:00
511be5aa4e
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
91 lines
2.8 KiB
YAML
91 lines
2.8 KiB
YAML
name: Release
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- "v*"
|
|
workflow_dispatch:
|
|
inputs:
|
|
commit:
|
|
type: string
|
|
description: Checkout a specific commit
|
|
|
|
permissions:
|
|
contents: write
|
|
packages: write
|
|
id-token: write
|
|
|
|
jobs:
|
|
release:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
|
|
with:
|
|
fetch-depth: 0
|
|
fetch-tags: true
|
|
|
|
- name: Checkout code at the specific commit
|
|
if: inputs.commit != ''
|
|
run: git checkout ${{ inputs.commit }}
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
|
|
with:
|
|
go-version-file: go.mod
|
|
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
|
|
|
|
- name: "Read secrets"
|
|
uses: rancher-eio/read-vault-secrets@main
|
|
if: github.repository_owner == 'rancher'
|
|
with:
|
|
secrets: |
|
|
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials username | DOCKER_USERNAME ;
|
|
secret/data/github/repo/${{ github.repository }}/dockerhub/${{ github.repository_owner }}/credentials password | DOCKER_PASSWORD ;
|
|
|
|
# Manually dispatched workflows (or forks) will use ghcr.io
|
|
- name: Setup ghcr.io
|
|
if: github.event_name == 'workflow_dispatch' || github.repository_owner != 'rancher'
|
|
run: |
|
|
echo "REGISTRY=ghcr.io" >> $GITHUB_ENV
|
|
echo "DOCKER_USERNAME=${{ github.actor }}" >> $GITHUB_ENV
|
|
echo "DOCKER_PASSWORD=${{ github.token }}" >> $GITHUB_ENV
|
|
|
|
- name: Login to container registry
|
|
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: ${{ env.DOCKER_USERNAME }}
|
|
password: ${{ env.DOCKER_PASSWORD }}
|
|
|
|
# If the tag does not exists the workflow was manually triggered.
|
|
# That means we are creating temporary nightly builds, with a "fake" local tag
|
|
- name: Check release tag
|
|
id: release-tag
|
|
run: |
|
|
CURRENT_TAG=$(git describe --tag --always --match="v[0-9]*")
|
|
|
|
if git show-ref --tags ${CURRENT_TAG} --quiet; then
|
|
echo "tag ${CURRENT_TAG} already exists";
|
|
else
|
|
echo "tag ${CURRENT_TAG} does not exist"
|
|
git tag ${CURRENT_TAG}
|
|
fi
|
|
|
|
echo "CURRENT_TAG=${CURRENT_TAG}" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Run GoReleaser
|
|
uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6
|
|
with:
|
|
distribution: goreleaser
|
|
version: v2
|
|
args: --clean
|
|
env:
|
|
GITHUB_TOKEN: ${{ github.token }}
|
|
GORELEASER_CURRENT_TAG: ${{ steps.release-tag.outputs.CURRENT_TAG }}
|
|
REGISTRY: ${{ env.REGISTRY }}
|
|
REPO: ${{ github.repository }}
|