diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..3f2a4e1 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,102 @@ +name: Release + +on: + push: + tags: + - 'v*' + +jobs: + release: + runs-on: ubuntu-latest + permissions: + contents: write + packages: write + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Check if release is already finalized + run: | + VERSION=${GITHUB_REF_NAME#v} + TARBALL_URL="https://github.com/${{ github.repository }}/releases/download/${GITHUB_REF_NAME}/headlamp-polaris-plugin-${VERSION}.tar.gz" + HTTP_CODE=$(curl -sL -o /tmp/release.tar.gz -w "%{http_code}" "$TARBALL_URL" 2>/dev/null) + if [ "$HTTP_CODE" = "200" ]; then + ACTUAL="sha256:$(sha256sum /tmp/release.tar.gz | awk '{print $1}')" + EXPECTED=$(grep 'archive-checksum' artifacthub-pkg.yml | awk '{print $2}') + echo "Release tarball checksum: $ACTUAL" + echo "Metadata checksum: $EXPECTED" + if [ "$ACTUAL" = "$EXPECTED" ]; then + echo "SKIP_BUILD=true" >> $GITHUB_ENV + echo "Checksums match - release is finalized, nothing to do" + fi + else + echo "No existing release (HTTP $HTTP_CODE) - will build" + fi + rm -f /tmp/release.tar.gz + + - name: Setup Node.js + if: env.SKIP_BUILD != 'true' + uses: actions/setup-node@v4 + with: + node-version: '20' + + - name: Install dependencies + if: env.SKIP_BUILD != 'true' + run: npm ci + + - name: Build plugin + if: env.SKIP_BUILD != 'true' + run: npx @kinvolk/headlamp-plugin build + + - name: Package tarball + if: env.SKIP_BUILD != 'true' + run: npx @kinvolk/headlamp-plugin package + + - name: Compute tarball checksum + if: env.SKIP_BUILD != 'true' + run: | + TARBALL=$(ls *.tar.gz) + CHECKSUM=$(sha256sum "$TARBALL" | awk '{print $1}') + echo "TARBALL=$TARBALL" >> $GITHUB_ENV + echo "CHECKSUM=$CHECKSUM" >> $GITHUB_ENV + echo "Tarball: $TARBALL" + echo "Checksum: sha256:$CHECKSUM" + + - name: Create GitHub release and upload tarball + if: env.SKIP_BUILD != 'true' + uses: softprops/action-gh-release@v1 + with: + files: ${{ env.TARBALL }} + fail_on_unmatched_files: true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Update metadata and align tag + if: env.SKIP_BUILD != 'true' + run: | + VERSION=${GITHUB_REF_NAME#v} + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + # Update metadata + git fetch origin main + git checkout origin/main -B temp-update + sed -i "s|headlamp/plugin/archive-checksum:.*|headlamp/plugin/archive-checksum: sha256:${CHECKSUM}|" artifacthub-pkg.yml + sed -i "s|headlamp/plugin/archive-url:.*|headlamp/plugin/archive-url: \"https://github.com/${{ github.repository }}/releases/download/${GITHUB_REF_NAME}/headlamp-polaris-plugin-${VERSION}.tar.gz\"|" artifacthub-pkg.yml + sed -i "s|^version:.*|version: ${VERSION}|" artifacthub-pkg.yml + git add artifacthub-pkg.yml + + if ! git diff --cached --quiet; then + git commit -m "ci: update artifact hub metadata for ${GITHUB_REF_NAME}" + git push origin temp-update:main + fi + + # Force-move tag to the commit with correct checksum. + # This triggers a new CI run, but the guard step will detect + # that the release checksum already matches and skip the build. + git tag -f ${GITHUB_REF_NAME} + git push -f origin ${GITHUB_REF_NAME} + echo "Tag ${GITHUB_REF_NAME} aligned with updated metadata" diff --git a/artifacthub-pkg.yml b/artifacthub-pkg.yml index 00583f8..e404f28 100644 --- a/artifacthub-pkg.yml +++ b/artifacthub-pkg.yml @@ -30,5 +30,5 @@ maintainers: annotations: headlamp/plugin/archive-url: "https://github.com/cpfarhood/headlamp-polaris-plugin/releases/download/v0.2.0/headlamp-polaris-plugin-0.2.0.tar.gz" headlamp/plugin/version-compat: ">=0.26" - headlamp/plugin/archive-checksum: sha256:f2e81af7b9e200cda2791baca284b6b06f48f2d662a04e9ef5a9d421757e5963 + headlamp/plugin/archive-checksum: sha256:c73a754ecbb5ecdefa1ba4c12365aca0131a4b161825d4849339bf2aa24090f2 headlamp/plugin/distro-compat: in-cluster