feat: provide uds-releaser option for publishing uds packages

.github/workflows/callable-publish.yaml

@@ -26,6 +26,9 @@ on:
       timeout:
         type: number
         default: 40
+      uds-releaser:
+        type: boolean
+        default: false
 
 # Permissions for the GITHUB_TOKEN used by the workflow.
 permissions:
@@ -38,12 +41,14 @@ jobs:
     runs-on: ${{ inputs.runsOn }}
     timeout-minutes: ${{ inputs.timeout }}
     permissions:
-      contents: read
+      contents: write
       packages: write
       id-token: write
 
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
 
       - name: Install UDS CLI
         uses: defenseunicorns/setup-uds@b987a32bac3baeb67bfb08f5e1544e2f9076ee8a # v1.0.0
@@ -60,14 +65,35 @@ jobs:
             --set CHAINGUARD_IDENTITY="${{ secrets.CHAINGUARD_IDENTITY }}"
         shell: bash
 
-      - name: Publish Packages/Bundles
+      - name: Publish Packages/Bundles - release-please
+        if: ${{ inputs.uds-releaser == false }}
         run: |
           if uds run --list | grep -q 'publish-package'; then
             UDS_USE_CHECKPOINT=false uds run publish-package --set FLAVOR=${{ inputs.flavor }} --no-progress ${{ inputs.options }}
           else
             UDS_USE_CHECKPOINT=false uds run publish-release --set FLAVOR=${{ inputs.flavor }} --no-progress ${{ inputs.options }}
           fi
 
+      - name: Publish Packages/Bundles - uds-releaser
+        if: ${{ inputs.uds-releaser == true }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          if uds-releaser check "${{ inputs.flavor }}"; then
+            uds-releaser update-yaml ${{ inputs.flavor }}
+            if uds run --list | grep -q 'publish-package'; then
+              uds run publish-package \
+                --set FLAVOR=${{ inputs.flavor }} \
+                --set ENABLE_UDS_RELEASER=true \
+                --no-progress ${{ inputs.options }}
+            else
+              uds run publish-release \
+                --set FLAVOR=${{ inputs.flavor }} \
+                --set ENABLE_UDS_RELEASER=true \
+                --no-progress ${{ inputs.options }}
+            fi
+          fi
+
       - name: Save logs
         if: ${{ always() }}
         run: uds run actions:save-logs

.github/workflows/release-uds.yaml

@@ -0,0 +1,35 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+
+# Permissions for the GITHUB_TOKEN used by the workflow.
+permissions:
+  contents: read # Allows reading the content of the repository.
+  packages: read # Allows reading the content of the repository's packages.
+  id-token: write
+
+jobs:
+  publish:
+    permissions:
+      contents: read # Allows reading the content of the repository.
+      packages: write # Allows reading the content of the repository's packages.
+      id-token: write
+    strategy:
+      matrix:
+        flavor: [upstream, registry1, unicorn]
+        architecture: [amd64, arm64]
+        exclude:
+          - flavor: registry1
+            architecture: arm64
+    uses: ./.github/workflows/callable-publish.yaml
+    with:
+      flavor: ${{ matrix.flavor }}
+      runsOn: ${{ matrix.architecture == 'arm64' && 'uds-swf-ubuntu-arm64-4-core' || 'ubuntu-latest' }}
+      uds-releaser: true
+    secrets: inherit # Inherits all secrets from the parent workflow.

.github/workflows/release.yaml

@@ -26,23 +26,3 @@ jobs:
         uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4.1.3
       - id: release-flag
         run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> "$GITHUB_OUTPUT"
-
-  publish:
-    permissions:
-      contents: read # Allows reading the content of the repository.
-      packages: write # Allows reading the content of the repository's packages.
-      id-token: write
-    needs: tag-new-version
-    if: ${{ needs.tag-new-version.outputs.release_created == 'true' }}
-    strategy:
-      matrix:
-        flavor: [upstream, registry1, unicorn]
-        architecture: [amd64, arm64]
-        exclude:
-          - flavor: registry1
-            architecture: arm64
-    uses: ./.github/workflows/callable-publish.yaml
-    with:
-      flavor: ${{ matrix.flavor }}
-      runsOn: ${{ matrix.architecture == 'arm64' && 'uds-swf-ubuntu-arm64-4-core' || 'ubuntu-latest' }}
-    secrets: inherit # Inherits all secrets from the parent workflow.

bundle/uds-bundle.yaml

@@ -5,13 +5,9 @@ kind: UDSBundle
 metadata:
   name: test
   description: The testing UDS bundle
-  # x-release-please-start-version
-  version: 1.4.0
-  # x-release-please-end
+  version: dev
 
 packages:
   - name: nginx
     path: ../
-    # x-release-please-start-version
-    ref: 1.4.0
-    # x-release-please-end
+    ref: dev

releaser.yaml

@@ -3,14 +3,11 @@
 
 flavors:
   - name: upstream
-    # x-release-please-start-version
-    version: 1.4.0
-    # x-release-please-end
+    # renovate: datasource=docker depName=nginx versioning=semver-coerced
+    version: 1.27.3
   - name: registry1
-    # x-release-please-start-version
-    version: 1.4.0
-    # x-release-please-end
+    # renovate: datasource=docker depName=registry1.dso.mil/ironbank/opensource/nginx/nginx versioning=semver-coerced
+    version: 1.27.3
   - name: unicorn
-    # x-release-please-start-version
-    version: 1.4.0
-    # x-release-please-end
+    # renovate: datasource=docker depName=cgr.dev/du-uds-defenseunicorns/nginx versioning=semver-coerced
+    version: 1.27.3

src/nginx/Chart.yaml

@@ -24,6 +24,5 @@ version: 0.1.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-# x-release-please-start-version
-appVersion: "0.12.0"
-# x-release-please-end
+# renovate: datasource=docker depName=nginx versioning=semver-coerced
+appVersion: "1.27.3"

tasks.yaml

@@ -13,12 +13,6 @@ includes:
   - badge: ./tasks/badge.yaml
   - actions: ./tasks/actions.yaml
 
-variables:
-  - name: VERSION
-    # x-release-please-start-version
-    default: 1.4.0
-    # x-release-please-end
-
 tasks:
   - name: default
     description: Create and deploy the nginx package on a fresh cluster

tasks/README.md

@@ -59,6 +59,8 @@ There are multiple task files available in this repository with different object
 | Name | Description |
 |------|-------------|
 | **package** | Publish the UDS package for the supplied architecture |
+| **release-please-publish** | Publish the UDS package using release-please based workflows |
+| **uds-releaser-publish** | Publish the UDS package using uds-releaser based workflows |
 | **test-bundle** | Publish the test bundle for the supplied architecture |
 
 ### [pull.yaml](./tasks/remove.yaml)

tasks/actions.yaml

@@ -129,6 +129,15 @@ tasks:
           "https://github.com/defenseunicorns/lula/releases/download/${LULA_VERSION}/lula_${LULA_VERSION}_$(uname -s)_${{ .variables.ARCH }}" \
           && chmod +x /usr/local/bin/lula
 
+      - description: Install uds-releaser
+        env:
+          # renovate: datasource=github-tags depName=defenseunicorns/uds-releaser versioning=semver-coerced
+          - UDS_RELEASER_VERSION=v0.0.6
+        cmd: |
+          curl -o /usr/local/bin/uds-releaser -L \
+          "https://github.com/defenseunicorns/uds-releaser/releases/download/${UDS_RELEASER_VERSION}/uds-releaser_${UDS_RELEASER_VERSION}_$(uname -s)_${{ .variables.ARCH }}" \
+          && chmod +x /usr/local/bin/uds-releaser
+
   - name: authenticate-registries
     description: Log in to the registries for testing and publishing UDS Packages
     actions:

tasks/publish.yaml

@@ -9,10 +9,47 @@ variables:
     default: upstream
   - name: TEAM
     default: uds
+  - name: ENABLE_UDS_RELEASER
+    default: "false"
 
 tasks:
   - name: package
     description: Publish the UDS package for the supplied architecture
+    inputs:
+      path:
+        description: Path to the zarf package being published
+        default: .
+      version:
+        description: The version of the package to publish
+        required: true
+      architecture:
+        description: The architecture of the package to publish
+        default: ${UDS_ARCH}
+      team:
+        description: The team publishing the package
+        default: uds
+      name:
+        description: The name of the package to publish
+        default: ${PACKAGE_NAME}
+    actions:
+      - if: ${{ eq .variables.ENABLE_UDS_RELEASER "false" }}
+        task: release-please-publish
+        with:
+          path: ${{ .inputs.path }}
+          version: ${{ .inputs.version }}
+          architecture: ${{ .inputs.architecture }}
+          team: ${{ .inputs.team }}
+          name: ${{ .inputs.name }}
+      - if: ${{ eq .variables.ENABLE_UDS_RELEASER true }}
+        task: uds-releaser-publish
+        with:
+          path: ${{ .inputs.path }}
+          architecture: ${{ .inputs.architecture }}
+          team: ${{ .inputs.team }}
+          name: ${{ .inputs.name }}
+
+  - name: release-please-publish
+    description: Publish the UDS package using release-please based workflows
     inputs:
       path:
         description: Path to the zarf package being published
@@ -41,6 +78,43 @@ tasks:
         cmd: |
           ./uds zarf package publish "${{ .inputs.path }}/zarf-package-${{ .inputs.name }}-${{ .inputs.architecture }}-${{ .inputs.version }}.tar.zst" "oci://${TARGET_REPO}"
 
+
+  - name: uds-releaser-publish
+    description: Publish the UDS package using uds-releaser based workflows
+    inputs:
+      path:
+        description: Path to the zarf package being published
+        default: .
+      architecture:
+        description: The architecture of the package to publish
+        default: ${UDS_ARCH}
+      team:
+        description: The team publishing the package
+        default: uds
+      name:
+        description: The name of the package to publish
+        default: ${PACKAGE_NAME}
+    actions:
+      - task: utils:determine-repo
+        with:
+          team: ${{.variables.TEAM}}
+      - description: Get the current Zarf package name
+        cmd: cat ${{ .inputs.path }}/zarf.yaml | ./uds zarf tools yq .metadata.name
+        setVariables:
+          - name: PACKAGE_NAME
+      - description: publish using uds-releaser
+        cmd: |
+          ./uds zarf package publish "${{ .inputs.path }}/zarf-package-${{ .inputs.name }}-${{ .inputs.architecture }}-$(uds-releaser show ${{ .variables.FLAVOR }} --version-only).tar.zst" "oci://${TARGET_REPO}"
+
+          if [ -n "${GITLAB_CI}" ]; then
+            uds-releaser release gitlab "${{ .variables.FLAVOR }}"
+          elif [ -n "${GITHUB_ACTION}" ]; then
+            uds-releaser release github "${{ .variables.FLAVOR }}"
+          else
+            echo "Unsupported platform"
+            exit 11
+          fi
+
   - name: test-bundle
     description: Publish the test bundle for the supplied architecture
     inputs:

templates/publish.yml

@@ -49,6 +49,8 @@ publish:
                                               --set GHCR_REGISTRY_USER="$GH_USER_READ_ONLY" \
                                               --set GHCR_REGISTRY_TOKEN="$GH_PAT_READ_ONLY"
 
+    - sudo uds run actions:install-deps
+
     # Check if release is necessary for flavor and exit early if not
     - |
       if ! uds-releaser check "$[[ inputs.flavor ]]"; then
@@ -69,7 +71,7 @@ publish:
 
         ARGS=(
           --set FLAVOR="$[[ inputs.flavor ]]"
-          --set VERSION="$(uds-releaser show $[[ inputs.flavor ]] --version-only)"
+          --set ENABLE_UDS_RELEASER=true
         )
 
         if [[ -n "$[[ inputs.target-repo ]]" ]]; then
@@ -82,14 +84,6 @@ publish:
 
         UDS_USE_CHECKPOINT=false uds run $TASK_NAME "${ARGS[@]}" ${OPTIONS}
 
-    # Create tag and release
-    - |
-      if [[ "$DRY_RUN" == "true" ]]; then
-        echo "Dry run, skipping release"
-      else
-        uds-releaser release gitlab "$[[ inputs.flavor ]]"
-      fi
-
   after_script:
     # Save logs, which will run even if the script section fails
     - echo -e "\e[0Ksection_start:`date +%s`:afterscript_section[collapsed=true]\r\e[0KAfter Script Output"

zarf.yaml

@@ -6,9 +6,7 @@ kind: ZarfPackageConfig
 metadata:
   name: nginx
   description: UDS nginx package
-  # x-release-please-start-version
-  version: 1.4.0
-  # x-release-please-end
+  version: dev
 
 
 variables: