Publish All Operators - Patch Release #43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish All Operators | |
| run-name: ${{ format('Publish All Operators - {0} Release', inputs.release_type) }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release_type: | |
| type: choice | |
| description: 'The type of release' | |
| options: | |
| - Major | |
| - Minor | |
| - Patch | |
| jobs: | |
| start: | |
| name: Start Operator Build | |
| runs-on: ubuntu-latest | |
| outputs: | |
| new_version: ${{ steps.version.outputs.new_version }} | |
| steps: | |
| - name: Show Context | |
| run: | | |
| printenv | |
| echo "$GITHUB_CONTEXT" | |
| shell: bash | |
| env: | |
| GITHUB_CONTEXT: ${{ toJson(github) }} | |
| - name: Check branch and release type | |
| uses: IABTechLab/uid2-shared-actions/actions/check_branch_and_release_type@v2 | |
| with: | |
| release_type: ${{ inputs.release_type }} | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Scan vulnerabilities | |
| uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan_filesystem@v2 | |
| with: | |
| scan_severity: HIGH,CRITICAL | |
| failure_severity: CRITICAL | |
| - name: Set version number | |
| id: version | |
| uses: IABTechLab/uid2-shared-actions/actions/[email protected] | |
| with: | |
| type: ${{ inputs.release_type }} | |
| branch_name: ${{ github.ref }} | |
| - name: Update pom.xml | |
| run: | | |
| current_version=$(grep -o '<version>.*</version>' pom.xml | head -1 | sed 's/<version>\(.*\)<\/version>/\1/') | |
| new_version=${{ steps.version.outputs.new_version }} | |
| sed -i "s/$current_version/$new_version/g" pom.xml | |
| echo "Version number updated from $current_version to $new_version" | |
| - name: Commit pom.xml, version.json and set tag | |
| uses: IABTechLab/uid2-shared-actions/actions/commit_pr_and_merge@v2 | |
| with: | |
| add: 'pom.xml version.json' | |
| message: 'Released ${{ inputs.release_type }} version: ${{ steps.version.outputs.new_version }}' | |
| tag: v${{ steps.version.outputs.new_version }} | |
| buildPublic: | |
| name: Public Operator | |
| needs: start | |
| uses: ./.github/workflows/publish-public-operator-docker-image.yaml | |
| with: | |
| release_type: ${{ inputs.release_type }} | |
| version_number_input: ${{ needs.start.outputs.new_version }} | |
| secrets: inherit | |
| buildGCP: | |
| name: GCP Private Operator | |
| needs: start | |
| uses: ./.github/workflows/publish-gcp-oidc-enclave-docker.yaml | |
| with: | |
| release_type: ${{ inputs.release_type }} | |
| version_number_input: ${{ needs.start.outputs.new_version }} | |
| secrets: inherit | |
| buildAzure: | |
| name: Azure Private Operator | |
| needs: start | |
| uses: ./.github/workflows/publish-azure-cc-enclave-docker.yaml | |
| with: | |
| release_type: ${{ inputs.release_type }} | |
| version_number_input: ${{ needs.start.outputs.new_version }} | |
| secrets: inherit | |
| collectAllArtifacts: | |
| name: Collect All Artifacts | |
| runs-on: ubuntu-latest | |
| needs: [start, buildPublic, buildGCP, buildAzure] | |
| steps: | |
| - name: Download public artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: image-details | |
| path: ./artifacts/public_operator | |
| - name: Download GCP artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: gcp-oidc-deployment-files | |
| path: ./artifacts/gcp_oidc_operator | |
| - name: Download Azure artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: azure-cc-deployment-files | |
| path: ./artifacts/azure_cc_operator | |
| - name: Delete staging artifacts | |
| uses: geekyeggo/delete-artifact@v2 | |
| with: | |
| name: | | |
| image-details | |
| gcp-oidc-deployment-files | |
| azure-cc-deployment-files | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: uid2-operator-release-${{ needs.start.outputs.new_version }} | |
| path: ./artifacts/ | |
| release: | |
| name: Create Release | |
| runs-on: ubuntu-latest | |
| needs: [start, collectAllArtifacts] | |
| steps: | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=${{ needs.start.outputs.new_version }}-<ENCLAVE_PROTOCOL> | |
| - name: Build changelog | |
| id: changelog | |
| uses: mikepenz/release-changelog-builder-action@v3 | |
| with: | |
| toTag: v${{ needs.start.outputs.new_version }} | |
| configurationJson: | | |
| { | |
| "template": "#{{CHANGELOG}}\n## Installation\n```\ndocker pull ${{ steps.meta.outputs.tags }}\n```\n\n## Image reference to deploy: \n```\n${{ steps.meta.outputs.tags }}\n```\n\n## TODO\nPlease upload the zipped AWS artifacts to this draft. (version_number_input: ${{ needs.start.outputs.new_version }})\n```\n\n## Changelog\n#{{UNCATEGORIZED}}", | |
| "pr_template": " - #{{TITLE}} - ( PR: ##{{NUMBER}} )" | |
| } | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create draft release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| name: ${{ needs.start.outputs.new_version }} | |
| body: ${{ steps.changelog.outputs.changelog }} | |
| draft: true | |
| files: | | |
| ./artifacts/uid2-operator-release-${{ needs.start.outputs.new_version }}.zip |