14e323200c
The metadata update step was hardcoded to push to the stable repo,
causing dev releases to pollute the stable repo's main branch.
Changes:
- Use ${GITHUB_REPO} in archive-url instead of hardcoded stable repo
- Use ${GITHUB_REPO} in git remote instead of hardcoded stable repo
- Determine GITEA_BRANCH dynamically (dev/namespace-drawer for dev, main for stable)
- Push the correct Gitea branch to GitHub main branch
- Use temp branch to avoid conflicts
Now dev releases only touch the dev repo, and stable releases only
touch the stable repo.
193 lines
9.0 KiB
YAML
193 lines
9.0 KiB
YAML
name: Release
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'v*'
|
|
|
|
jobs:
|
|
release:
|
|
runs-on: ubuntu-latest
|
|
container: node:20
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Check if release is already finalized
|
|
run: |
|
|
VERSION=${GITHUB_REF_NAME#v}
|
|
TARBALL_URL="https://github.com/cpfarhood/headlamp-polaris-plugin/releases/download/${GITHUB_REF_NAME}/headlamp-polaris-plugin-${VERSION}.tar.gz"
|
|
HTTP_CODE=$(curl -sL -o /tmp/release.tar.gz -w "%{http_code}" "$TARBALL_URL" 2>/dev/null)
|
|
if [ "$HTTP_CODE" = "200" ]; then
|
|
ACTUAL="sha256:$(sha256sum /tmp/release.tar.gz | awk '{print $1}')"
|
|
EXPECTED=$(grep 'archive-checksum' artifacthub-pkg.yml | awk '{print $2}')
|
|
echo "Release tarball checksum: $ACTUAL"
|
|
echo "Metadata checksum: $EXPECTED"
|
|
if [ "$ACTUAL" = "$EXPECTED" ]; then
|
|
echo "SKIP_BUILD=true" >> $GITHUB_ENV
|
|
echo "Checksums match - release is finalized, nothing to do"
|
|
fi
|
|
else
|
|
echo "No existing release (HTTP $HTTP_CODE) - will build"
|
|
fi
|
|
rm -f /tmp/release.tar.gz
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
[ "$SKIP_BUILD" = "true" ] && exit 0
|
|
npm ci
|
|
|
|
- name: Build plugin
|
|
run: |
|
|
[ "$SKIP_BUILD" = "true" ] && exit 0
|
|
npx @kinvolk/headlamp-plugin build
|
|
|
|
- name: Package tarball
|
|
run: |
|
|
[ "$SKIP_BUILD" = "true" ] && exit 0
|
|
npx @kinvolk/headlamp-plugin package
|
|
|
|
- name: Compute tarball checksum
|
|
run: |
|
|
[ "$SKIP_BUILD" = "true" ] && exit 0
|
|
TARBALL=$(ls *.tar.gz)
|
|
CHECKSUM=$(sha256sum "$TARBALL" | awk '{print $1}')
|
|
echo "TARBALL=$TARBALL" >> $GITHUB_ENV
|
|
echo "CHECKSUM=$CHECKSUM" >> $GITHUB_ENV
|
|
echo "Tarball: $TARBALL"
|
|
echo "Checksum: sha256:$CHECKSUM"
|
|
|
|
- name: Install Docker CLI
|
|
run: |
|
|
[ "$SKIP_BUILD" = "true" ] && exit 0
|
|
apt-get update && apt-get install -y docker.io
|
|
|
|
- name: Build and push Docker image
|
|
run: |
|
|
[ "$SKIP_BUILD" = "true" ] && exit 0
|
|
docker build -t git.farh.net/${{ github.repository }}:${{ github.ref_name }} -t git.farh.net/${{ github.repository }}:latest .
|
|
echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.farh.net -u ${{ github.actor }} --password-stdin
|
|
docker push git.farh.net/${{ github.repository }}:${{ github.ref_name }}
|
|
docker push git.farh.net/${{ github.repository }}:latest
|
|
|
|
- name: Create Gitea release
|
|
run: |
|
|
[ "$SKIP_BUILD" = "true" ] && exit 0
|
|
API_URL="${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}"
|
|
# Create release (or get existing)
|
|
RELEASE=$(curl -s -X POST \
|
|
-H "Authorization: token ${{ github.token }}" \
|
|
-H "Content-Type: application/json" \
|
|
"${API_URL}/releases" \
|
|
-d "{\"tag_name\":\"${GITHUB_REF_NAME}\",\"name\":\"${GITHUB_REF_NAME}\"}")
|
|
RELEASE_ID=$(echo "$RELEASE" | node -e "process.stdin.resume();let d='';process.stdin.on('data',c=>d+=c);process.stdin.on('end',()=>console.log(JSON.parse(d).id))")
|
|
if [ "$RELEASE_ID" = "undefined" ]; then
|
|
RELEASE=$(curl -sf \
|
|
-H "Authorization: token ${{ github.token }}" \
|
|
"${API_URL}/releases/tags/${GITHUB_REF_NAME}")
|
|
RELEASE_ID=$(echo "$RELEASE" | node -e "process.stdin.resume();let d='';process.stdin.on('data',c=>d+=c);process.stdin.on('end',()=>console.log(JSON.parse(d).id))")
|
|
fi
|
|
echo "Gitea Release ID: $RELEASE_ID"
|
|
# Delete existing assets
|
|
ASSETS=$(curl -sf \
|
|
-H "Authorization: token ${{ github.token }}" \
|
|
"${API_URL}/releases/${RELEASE_ID}/assets")
|
|
echo "$ASSETS" | node -e "
|
|
process.stdin.resume();let d='';
|
|
process.stdin.on('data',c=>d+=c);
|
|
process.stdin.on('end',()=>{
|
|
JSON.parse(d).forEach(a=>console.log(a.id));
|
|
})" | while read -r ASSET_ID; do
|
|
curl -sf -X DELETE \
|
|
-H "Authorization: token ${{ github.token }}" \
|
|
"${API_URL}/releases/${RELEASE_ID}/assets/${ASSET_ID}"
|
|
done
|
|
# Upload tarball
|
|
curl -sf -X POST \
|
|
-H "Authorization: token ${{ github.token }}" \
|
|
-F "attachment=@${TARBALL}" \
|
|
"${API_URL}/releases/${RELEASE_ID}/assets?name=${TARBALL}"
|
|
echo "Gitea release updated"
|
|
|
|
- name: Create GitHub release
|
|
continue-on-error: true
|
|
run: |
|
|
[ "$SKIP_BUILD" = "true" ] && exit 0
|
|
GH_API="https://api.github.com/repos/cpfarhood/headlamp-polaris-plugin"
|
|
# Create release or fetch existing one
|
|
BODY=$(curl -s -X POST \
|
|
-H "Authorization: token ${{ secrets.GH_PAT }}" \
|
|
-H "Accept: application/vnd.github+json" \
|
|
"${GH_API}/releases" \
|
|
-d "{\"tag_name\":\"${GITHUB_REF_NAME}\",\"name\":\"${GITHUB_REF_NAME}\",\"generate_release_notes\":true}")
|
|
RELEASE_ID=$(echo "$BODY" | node -e "process.stdin.resume();let d='';process.stdin.on('data',c=>d+=c);process.stdin.on('end',()=>console.log(JSON.parse(d).id))")
|
|
if [ "$RELEASE_ID" = "undefined" ]; then
|
|
echo "Release already exists, fetching it..."
|
|
BODY=$(curl -sf \
|
|
-H "Authorization: token ${{ secrets.GH_PAT }}" \
|
|
-H "Accept: application/vnd.github+json" \
|
|
"${GH_API}/releases/tags/${GITHUB_REF_NAME}")
|
|
RELEASE_ID=$(echo "$BODY" | node -e "process.stdin.resume();let d='';process.stdin.on('data',c=>d+=c);process.stdin.on('end',()=>console.log(JSON.parse(d).id))")
|
|
fi
|
|
echo "GitHub Release ID: $RELEASE_ID"
|
|
# Delete existing assets with the same name
|
|
ASSETS=$(curl -sf \
|
|
-H "Authorization: token ${{ secrets.GH_PAT }}" \
|
|
-H "Accept: application/vnd.github+json" \
|
|
"${GH_API}/releases/${RELEASE_ID}/assets")
|
|
echo "$ASSETS" | node -e "
|
|
process.stdin.resume();let d='';
|
|
process.stdin.on('data',c=>d+=c);
|
|
process.stdin.on('end',()=>{
|
|
const assets=JSON.parse(d);
|
|
assets.filter(a=>a.name==='${TARBALL}').forEach(a=>console.log(a.id));
|
|
})" | while read -r ASSET_ID; do
|
|
echo "Deleting existing asset $ASSET_ID..."
|
|
curl -sf -X DELETE \
|
|
-H "Authorization: token ${{ secrets.GH_PAT }}" \
|
|
"${GH_API}/releases/assets/${ASSET_ID}"
|
|
done
|
|
# Upload tarball
|
|
curl -sf -X POST \
|
|
-H "Authorization: token ${{ secrets.GH_PAT }}" \
|
|
-H "Content-Type: application/gzip" \
|
|
"https://uploads.github.com/repos/cpfarhood/headlamp-polaris-plugin/releases/${RELEASE_ID}/assets?name=${TARBALL}" \
|
|
--data-binary "@${TARBALL}"
|
|
echo "GitHub release updated with same tarball"
|
|
|
|
- name: Update metadata and align tag
|
|
run: |
|
|
[ "$SKIP_BUILD" = "true" ] && exit 0
|
|
VERSION=${GITHUB_REF_NAME#v}
|
|
git config user.name "gitea-actions[bot]"
|
|
git config user.email "gitea-actions[bot]@git.farh.net"
|
|
# Determine which Gitea branch to update based on version suffix
|
|
if [[ "$VERSION" == *"-dev."* ]]; then
|
|
GITEA_BRANCH="dev/namespace-drawer"
|
|
else
|
|
GITEA_BRANCH="main"
|
|
fi
|
|
git fetch origin ${GITEA_BRANCH}
|
|
git checkout origin/${GITEA_BRANCH} -B temp-update
|
|
sed -i "s|headlamp/plugin/archive-checksum:.*|headlamp/plugin/archive-checksum: sha256:${CHECKSUM}|" artifacthub-pkg.yml
|
|
sed -i "s|headlamp/plugin/archive-url:.*|headlamp/plugin/archive-url: \"https://github.com/${GITHUB_REPO}/releases/download/${GITHUB_REF_NAME}/headlamp-polaris-plugin-${VERSION}.tar.gz\"|" artifacthub-pkg.yml
|
|
sed -i "s|^version:.*|version: ${VERSION}|" artifacthub-pkg.yml
|
|
git add artifacthub-pkg.yml
|
|
git diff --cached --quiet || {
|
|
git commit -m "ci: update artifact hub metadata for ${GITHUB_REF_NAME}"
|
|
git push origin temp-update:${GITEA_BRANCH}
|
|
}
|
|
# Force-move tag to the commit with correct checksum.
|
|
# This triggers a new CI run, but the guard step will detect
|
|
# that the release checksum already matches and skip the build.
|
|
git tag -f ${GITHUB_REF_NAME}
|
|
git push -f origin ${GITHUB_REF_NAME}
|
|
# Also push to GitHub directly to avoid waiting for mirror sync
|
|
# Dev versions go to main branch of dev repo, stable versions to main of main repo
|
|
git remote add github https://x-access-token:${{ secrets.GH_PAT }}@github.com/${GITHUB_REPO}.git 2>/dev/null || true
|
|
git push github temp-update:main 2>/dev/null || true
|
|
git push -f github ${GITHUB_REF_NAME} 2>/dev/null || true
|
|
echo "Tag ${GITHUB_REF_NAME} aligned with updated metadata"
|