-
Notifications
You must be signed in to change notification settings - Fork 109
120 lines (111 loc) · 4.4 KB
/
release-process.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
name: kapp-controller release
on:
workflow_dispatch:
push:
tags:
- 'v*'
jobs:
kapp-controller-release:
name: kapp-controller release
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/[email protected]
with:
fetch-depth: 0
- name: Install Carvel Tools
run: ./hack/install-deps.sh
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Go 1.x
uses: actions/setup-go@v3
with:
go-version: 1.20.10
- name: Run release script
run: |
set -e -x
minikube start --driver=docker --wait=all
docker buildx create minikube --use --driver=kubernetes --bootstrap
./hack/build-release.sh
cd cli
./hack/build-binaries.sh
shasum -a 256 ./kctrl-* | tee -a ../tmp/checksums.txt
echo "# :open_file_folder: Files Checksum" | tee ../tmp/checksums-formatted.txt
echo '```' | tee -a ../tmp/checksums-formatted.txt
cat ../tmp/checksums.txt | tee -a ../tmp/checksums-formatted.txt
echo '```' | tee -a ../tmp/checksums-formatted.txt
- name: Create release draft and upload release yaml
uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5
with:
name: ${{ github.ref_name }}
token: ${{ secrets.GITHUB_TOKEN }}
body_path: ./tmp/checksums-formatted.txt
files: |
./cli/kctrl-*
./tmp/release.yml
./tmp/checksums.txt
draft: true
prerelease: true
- name: Get uploaded release YAML checksum
uses: actions/github-script@v6
id: get-checksums-from-draft-release
if: startsWith(github.ref, 'refs/tags/')
with:
github-token: ${{secrets.GITHUB_TOKEN}}
result-encoding: string
script: |
var crypto = require('crypto');
const { owner, repo } = context.repo;
// https://docs.github.com/en/rest/reference/repos#list-releases
// https://octokit.github.io/rest.js/v18#repos-list-releases
var releases = await github.rest.repos.listReleases({
owner: owner,
repo: repo
});
var crypto = require('crypto')
var fs = require('fs')
const url = require('url');
const https = require('https');
checksums = {}
for (const r of releases["data"]) {
if (r.draft && `refs/tags/${r.tag_name}` == "${{ github.ref }}") {
for (const asset of r.assets) {
var release_asset = await github.rest.repos.getReleaseAsset({ headers: {accept: `application/octet-stream`}, accept: `application/octet-stream`, owner: owner, repo: repo, asset_id: asset.id });
const hash = crypto.createHash('sha256');
let http_promise = new Promise((resolve, reject) => {
https.get(release_asset.url, (stream) => {
stream.on('data', function (data) {
hash.update(data);
});
stream.on('end', function () {
checksums[asset.name]= hash.digest('hex');
resolve(`${asset.name}`);
});
});
});
await http_promise;
}
}
}
console.log(checksums)
return `${checksums['release.yml']} ./tmp/release.yml
${checksums['kctrl-darwin-amd64']} ./kctrl-darwin-amd64
${checksums['kctrl-darwin-arm64']} ./kctrl-darwin-arm64
${checksums['kctrl-linux-amd64']} ./kctrl-linux-amd64
${checksums['kctrl-linux-arm64']} ./kctrl-linux-arm64
${checksums['kctrl-windows-amd64.exe']} ./kctrl-windows-amd64.exe`
- name: Verify uploaded artifacts
if: startsWith(github.ref, 'refs/tags/')
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: |
set -e -x
cat ./tmp/checksums.txt
diff ./tmp/checksums.txt <(cat <<EOF
${{steps.get-checksums-from-draft-release.outputs.result}}
EOF
)