Chris Farhood
10ed01439c
GitHub's immutable releases feature locks releases upon publication, preventing asset uploads. This fix uses a two-step process: 1. Create draft release (mutable) and upload tarball 2. Publish release after assets are attached Also adds validation to ensure tarball name matches package.json, preventing future naming mismatch issues. Changes: - Upgrade from softprops/action-gh-release@v1 to @v2 - Create release as draft initially (draft: true) - Add separate publish step after asset upload - Add tarball name validation step Fixes release workflow failures that occurred with v0.3.6 and v0.3.7. Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
130 lines
4.6 KiB
YAML
130 lines
4.6 KiB
YAML
name: Release
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'v*'
|
|
|
|
jobs:
|
|
release:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
packages: write
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Check if release is already finalized
|
|
run: |
|
|
VERSION=${GITHUB_REF_NAME#v}
|
|
TARBALL_URL="https://github.com/${{ github.repository }}/releases/download/${GITHUB_REF_NAME}/polaris-${VERSION}.tar.gz"
|
|
HTTP_CODE=$(curl -sL -o /tmp/release.tar.gz -w "%{http_code}" "$TARBALL_URL" 2>/dev/null)
|
|
if [ "$HTTP_CODE" = "200" ]; then
|
|
ACTUAL="sha256:$(sha256sum /tmp/release.tar.gz | awk '{print $1}')"
|
|
EXPECTED=$(grep 'archive-checksum' artifacthub-pkg.yml | awk '{print $2}')
|
|
echo "Release tarball checksum: $ACTUAL"
|
|
echo "Metadata checksum: $EXPECTED"
|
|
if [ "$ACTUAL" = "$EXPECTED" ]; then
|
|
echo "SKIP_BUILD=true" >> $GITHUB_ENV
|
|
echo "Checksums match - release is finalized, nothing to do"
|
|
fi
|
|
else
|
|
echo "No existing release (HTTP $HTTP_CODE) - will build"
|
|
fi
|
|
rm -f /tmp/release.tar.gz
|
|
|
|
- name: Setup Node.js
|
|
if: env.SKIP_BUILD != 'true'
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '20'
|
|
|
|
- name: Install dependencies
|
|
if: env.SKIP_BUILD != 'true'
|
|
run: npm ci
|
|
|
|
- name: Build plugin
|
|
if: env.SKIP_BUILD != 'true'
|
|
run: npx @kinvolk/headlamp-plugin build
|
|
|
|
- name: Package tarball
|
|
if: env.SKIP_BUILD != 'true'
|
|
run: npx @kinvolk/headlamp-plugin package
|
|
|
|
- name: Validate tarball name matches package.json
|
|
if: env.SKIP_BUILD != 'true'
|
|
run: |
|
|
PACKAGE_NAME=$(jq -r '.name' package.json)
|
|
VERSION=${GITHUB_REF_NAME#v}
|
|
EXPECTED_TARBALL="${PACKAGE_NAME}-${VERSION}.tar.gz"
|
|
ACTUAL_TARBALL=$(ls *.tar.gz)
|
|
|
|
if [ "$EXPECTED_TARBALL" != "$ACTUAL_TARBALL" ]; then
|
|
echo "::error::Tarball name mismatch!"
|
|
echo "Expected: $EXPECTED_TARBALL"
|
|
echo "Actual: $ACTUAL_TARBALL"
|
|
echo "Update workflow to use correct tarball name pattern"
|
|
exit 1
|
|
fi
|
|
echo "✓ Tarball name validation passed: $ACTUAL_TARBALL"
|
|
|
|
- name: Compute tarball checksum
|
|
if: env.SKIP_BUILD != 'true'
|
|
run: |
|
|
TARBALL=$(ls *.tar.gz)
|
|
CHECKSUM=$(sha256sum "$TARBALL" | awk '{print $1}')
|
|
echo "TARBALL=$TARBALL" >> $GITHUB_ENV
|
|
echo "CHECKSUM=$CHECKSUM" >> $GITHUB_ENV
|
|
echo "Tarball: $TARBALL"
|
|
echo "Checksum: sha256:$CHECKSUM"
|
|
|
|
- name: Create draft release and upload tarball
|
|
if: env.SKIP_BUILD != 'true'
|
|
uses: softprops/action-gh-release@v2
|
|
with:
|
|
files: ${{ env.TARBALL }}
|
|
fail_on_unmatched_files: true
|
|
draft: true
|
|
prerelease: false
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Publish release
|
|
if: env.SKIP_BUILD != 'true'
|
|
uses: softprops/action-gh-release@v2
|
|
with:
|
|
draft: false
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Update metadata and align tag
|
|
if: env.SKIP_BUILD != 'true'
|
|
run: |
|
|
VERSION=${GITHUB_REF_NAME#v}
|
|
git config user.name "github-actions[bot]"
|
|
git config user.email "github-actions[bot]@users.noreply.github.com"
|
|
|
|
# Update metadata
|
|
git fetch origin main
|
|
git checkout origin/main -B temp-update
|
|
sed -i "s|headlamp/plugin/archive-checksum:.*|headlamp/plugin/archive-checksum: sha256:${CHECKSUM}|" artifacthub-pkg.yml
|
|
sed -i "s|headlamp/plugin/archive-url:.*|headlamp/plugin/archive-url: \"https://github.com/${{ github.repository }}/releases/download/${GITHUB_REF_NAME}/polaris-${VERSION}.tar.gz\"|" artifacthub-pkg.yml
|
|
sed -i "s|^version:.*|version: ${VERSION}|" artifacthub-pkg.yml
|
|
git add artifacthub-pkg.yml
|
|
|
|
if ! git diff --cached --quiet; then
|
|
git commit -m "ci: update artifact hub metadata for ${GITHUB_REF_NAME}"
|
|
git push origin temp-update:main
|
|
fi
|
|
|
|
# Force-move tag to the commit with correct checksum.
|
|
# This triggers a new CI run, but the guard step will detect
|
|
# that the release checksum already matches and skip the build.
|
|
git tag -f ${GITHUB_REF_NAME}
|
|
git push -f origin ${GITHUB_REF_NAME}
|
|
echo "Tag ${GITHUB_REF_NAME} aligned with updated metadata"
|