ci: consolidate release workflow into single step
Merged prepare-release and release workflows into a single workflow that handles everything in one job. This eliminates the need for separate tokens or manual intervention. Single workflow now: - Validates version format - Updates package.json and artifacthub-pkg.yml - Builds and packages plugin (with type check and linting) - Computes checksum - Verifies tarball contents - Updates metadata with real checksum - Commits all changes to main - Creates and pushes tag - Creates GitHub release with tarball No more tag push triggers, no separate tokens needed. Everything runs in one workflow_dispatch job. Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
This commit is contained in:
@@ -1,69 +0,0 @@
|
|||||||
name: Prepare Release
|
|
||||||
|
|
||||||
on:
|
|
||||||
workflow_dispatch:
|
|
||||||
inputs:
|
|
||||||
version:
|
|
||||||
description: 'Version to release (without v prefix, e.g., 0.2.5)'
|
|
||||||
required: true
|
|
||||||
type: string
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
prepare:
|
|
||||||
runs-on: local-ubuntu-latest
|
|
||||||
permissions:
|
|
||||||
contents: write
|
|
||||||
steps:
|
|
||||||
- name: Validate version format
|
|
||||||
run: |
|
|
||||||
if ! echo "${{ inputs.version }}" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then
|
|
||||||
echo "::error::Version must be in format X.Y.Z (e.g., 0.2.5)"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
|
|
||||||
- name: Configure git
|
|
||||||
run: |
|
|
||||||
git config user.name "github-actions[bot]"
|
|
||||||
git config user.email "github-actions[bot]@users.noreply.github.com"
|
|
||||||
|
|
||||||
- name: Update package.json version
|
|
||||||
working-directory: ./headlamp-sealed-secrets
|
|
||||||
run: |
|
|
||||||
jq --arg version "${{ inputs.version }}" '.version = $version' package.json > package.json.tmp
|
|
||||||
mv package.json.tmp package.json
|
|
||||||
|
|
||||||
- name: Update artifacthub-pkg.yml version
|
|
||||||
run: |
|
|
||||||
VERSION="${{ inputs.version }}"
|
|
||||||
RELEASE_URL="https://github.com/${{ github.repository }}/releases/download/v${VERSION}/headlamp-sealed-secrets-${VERSION}.tar.gz"
|
|
||||||
|
|
||||||
sed -i "s|^version:.*|version: ${VERSION}|" artifacthub-pkg.yml
|
|
||||||
sed -i "s|^appVersion:.*|appVersion: ${VERSION}|" artifacthub-pkg.yml
|
|
||||||
sed -i "s|headlamp/plugin/archive-url:.*|headlamp/plugin/archive-url: \"${RELEASE_URL}\"|" artifacthub-pkg.yml
|
|
||||||
|
|
||||||
# Set placeholder checksum - will be updated after release
|
|
||||||
sed -i "s|headlamp/plugin/archive-checksum:.*|headlamp/plugin/archive-checksum: sha256:PLACEHOLDER_WILL_BE_UPDATED_AFTER_RELEASE|" artifacthub-pkg.yml
|
|
||||||
|
|
||||||
- name: Commit version bump
|
|
||||||
run: |
|
|
||||||
git add headlamp-sealed-secrets/package.json artifacthub-pkg.yml
|
|
||||||
git commit -m "chore: bump version to ${{ inputs.version }}"
|
|
||||||
git push origin main
|
|
||||||
|
|
||||||
- name: Create and push tag
|
|
||||||
run: |
|
|
||||||
git tag "v${{ inputs.version }}"
|
|
||||||
git push origin "v${{ inputs.version }}"
|
|
||||||
|
|
||||||
- name: Summary
|
|
||||||
run: |
|
|
||||||
echo "✓ Version bumped to ${{ inputs.version }}"
|
|
||||||
echo "✓ Tag v${{ inputs.version }} created"
|
|
||||||
echo ""
|
|
||||||
echo "The release workflow will now run automatically."
|
|
||||||
echo "After it completes, the checksum will be updated on main."
|
|
||||||
@@ -1,28 +1,48 @@
|
|||||||
name: Release
|
name: Release
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
workflow_dispatch:
|
||||||
tags:
|
inputs:
|
||||||
- 'v*'
|
version:
|
||||||
|
description: 'Version to release (without v prefix, e.g., 0.2.5)'
|
||||||
|
required: true
|
||||||
|
type: string
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build-and-release:
|
release:
|
||||||
runs-on: local-ubuntu-latest
|
runs-on: local-ubuntu-latest
|
||||||
permissions:
|
permissions:
|
||||||
contents: write
|
contents: write
|
||||||
outputs:
|
|
||||||
version: ${{ steps.extract_version.outputs.version }}
|
|
||||||
checksum: ${{ steps.compute_checksum.outputs.checksum }}
|
|
||||||
steps:
|
steps:
|
||||||
|
- name: Validate version format
|
||||||
|
run: |
|
||||||
|
if ! echo "${{ inputs.version }}" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then
|
||||||
|
echo "::error::Version must be in format X.Y.Z (e.g., 0.2.5)"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
- name: Extract version from tag
|
- name: Configure git
|
||||||
id: extract_version
|
|
||||||
run: |
|
run: |
|
||||||
VERSION=${GITHUB_REF_NAME#v}
|
git config user.name "github-actions[bot]"
|
||||||
echo "version=${VERSION}" >> $GITHUB_OUTPUT
|
git config user.email "github-actions[bot]@users.noreply.github.com"
|
||||||
echo "Version: ${VERSION}"
|
|
||||||
|
- name: Update package.json version
|
||||||
|
working-directory: ./headlamp-sealed-secrets
|
||||||
|
run: |
|
||||||
|
jq --arg version "${{ inputs.version }}" '.version = $version' package.json > package.json.tmp
|
||||||
|
mv package.json.tmp package.json
|
||||||
|
|
||||||
|
- name: Update artifacthub-pkg.yml version
|
||||||
|
run: |
|
||||||
|
VERSION="${{ inputs.version }}"
|
||||||
|
RELEASE_URL="https://github.com/${{ github.repository }}/releases/download/v${VERSION}/headlamp-sealed-secrets-${VERSION}.tar.gz"
|
||||||
|
|
||||||
|
sed -i "s|^version:.*|version: ${VERSION}|" artifacthub-pkg.yml
|
||||||
|
sed -i "s|^appVersion:.*|appVersion: ${VERSION}|" artifacthub-pkg.yml
|
||||||
|
sed -i "s|headlamp/plugin/archive-url:.*|headlamp/plugin/archive-url: \"${RELEASE_URL}\"|" artifacthub-pkg.yml
|
||||||
|
|
||||||
- name: Setup Node.js
|
- name: Setup Node.js
|
||||||
uses: actions/setup-node@v4
|
uses: actions/setup-node@v4
|
||||||
@@ -54,8 +74,7 @@ jobs:
|
|||||||
- name: Move tarball to root
|
- name: Move tarball to root
|
||||||
working-directory: ./headlamp-sealed-secrets
|
working-directory: ./headlamp-sealed-secrets
|
||||||
run: |
|
run: |
|
||||||
# Get the specific tarball created by package command
|
TARBALL="headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
||||||
TARBALL="headlamp-sealed-secrets-${{ steps.extract_version.outputs.version }}.tar.gz"
|
|
||||||
if [ ! -f "${TARBALL}" ]; then
|
if [ ! -f "${TARBALL}" ]; then
|
||||||
echo "::error::Expected tarball ${TARBALL} not found"
|
echo "::error::Expected tarball ${TARBALL} not found"
|
||||||
ls -la *.tar.gz
|
ls -la *.tar.gz
|
||||||
@@ -66,7 +85,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Validate tarball name
|
- name: Validate tarball name
|
||||||
run: |
|
run: |
|
||||||
EXPECTED="headlamp-sealed-secrets-${{ steps.extract_version.outputs.version }}.tar.gz"
|
EXPECTED="headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
||||||
ACTUAL=$(ls *.tar.gz)
|
ACTUAL=$(ls *.tar.gz)
|
||||||
if [ "$EXPECTED" != "$ACTUAL" ]; then
|
if [ "$EXPECTED" != "$ACTUAL" ]; then
|
||||||
echo "::error::Tarball name mismatch! Expected: $EXPECTED, Got: $ACTUAL"
|
echo "::error::Tarball name mismatch! Expected: $EXPECTED, Got: $ACTUAL"
|
||||||
@@ -77,14 +96,14 @@ jobs:
|
|||||||
- name: Compute checksum
|
- name: Compute checksum
|
||||||
id: compute_checksum
|
id: compute_checksum
|
||||||
run: |
|
run: |
|
||||||
TARBALL="headlamp-sealed-secrets-${{ steps.extract_version.outputs.version }}.tar.gz"
|
TARBALL="headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
||||||
CHECKSUM=$(sha256sum "$TARBALL" | awk '{print $1}')
|
CHECKSUM=$(sha256sum "$TARBALL" | awk '{print $1}')
|
||||||
echo "checksum=${CHECKSUM}" >> $GITHUB_OUTPUT
|
echo "checksum=${CHECKSUM}" >> $GITHUB_OUTPUT
|
||||||
echo "Checksum: sha256:${CHECKSUM}"
|
echo "Checksum: sha256:${CHECKSUM}"
|
||||||
|
|
||||||
- name: Verify tarball contents
|
- name: Verify tarball contents
|
||||||
run: |
|
run: |
|
||||||
TARBALL="headlamp-sealed-secrets-${{ steps.extract_version.outputs.version }}.tar.gz"
|
TARBALL="headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
||||||
echo "Tarball contents:"
|
echo "Tarball contents:"
|
||||||
tar -tzf "${TARBALL}" | head -20
|
tar -tzf "${TARBALL}" | head -20
|
||||||
|
|
||||||
@@ -95,10 +114,27 @@ jobs:
|
|||||||
fi
|
fi
|
||||||
echo "✓ Tarball contents validated"
|
echo "✓ Tarball contents validated"
|
||||||
|
|
||||||
|
- name: Update checksum in metadata
|
||||||
|
run: |
|
||||||
|
CHECKSUM="${{ steps.compute_checksum.outputs.checksum }}"
|
||||||
|
sed -i "s|headlamp/plugin/archive-checksum:.*|headlamp/plugin/archive-checksum: sha256:${CHECKSUM}|" artifacthub-pkg.yml
|
||||||
|
|
||||||
|
- name: Commit version bump and metadata
|
||||||
|
run: |
|
||||||
|
git add headlamp-sealed-secrets/package.json artifacthub-pkg.yml
|
||||||
|
git commit -m "chore: release v${{ inputs.version }}"
|
||||||
|
git push origin main
|
||||||
|
|
||||||
|
- name: Create and push tag
|
||||||
|
run: |
|
||||||
|
git tag "v${{ inputs.version }}"
|
||||||
|
git push origin "v${{ inputs.version }}"
|
||||||
|
|
||||||
- name: Create GitHub Release
|
- name: Create GitHub Release
|
||||||
uses: softprops/action-gh-release@v2
|
uses: softprops/action-gh-release@v2
|
||||||
with:
|
with:
|
||||||
files: headlamp-sealed-secrets-${{ steps.extract_version.outputs.version }}.tar.gz
|
tag_name: "v${{ inputs.version }}"
|
||||||
|
files: headlamp-sealed-secrets-${{ inputs.version }}.tar.gz
|
||||||
fail_on_unmatched_files: true
|
fail_on_unmatched_files: true
|
||||||
draft: false
|
draft: false
|
||||||
prerelease: false
|
prerelease: false
|
||||||
@@ -106,47 +142,18 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
update-metadata:
|
- name: Summary
|
||||||
needs: build-and-release
|
|
||||||
runs-on: local-ubuntu-latest
|
|
||||||
permissions:
|
|
||||||
contents: write
|
|
||||||
steps:
|
|
||||||
- name: Checkout main branch
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
ref: main
|
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
|
|
||||||
- name: Configure git
|
|
||||||
run: |
|
|
||||||
git config user.name "github-actions[bot]"
|
|
||||||
git config user.email "github-actions[bot]@users.noreply.github.com"
|
|
||||||
|
|
||||||
- name: Update checksum in metadata
|
|
||||||
run: |
|
|
||||||
VERSION="${{ needs.build-and-release.outputs.version }}"
|
|
||||||
CHECKSUM="${{ needs.build-and-release.outputs.checksum }}"
|
|
||||||
|
|
||||||
sed -i "s|headlamp/plugin/archive-checksum:.*|headlamp/plugin/archive-checksum: sha256:${CHECKSUM}|" artifacthub-pkg.yml
|
|
||||||
|
|
||||||
git add artifacthub-pkg.yml
|
|
||||||
if ! git diff --cached --quiet; then
|
|
||||||
git commit -m "ci: update checksum for v${VERSION}"
|
|
||||||
git push origin main
|
|
||||||
echo "✓ Checksum updated on main branch"
|
|
||||||
else
|
|
||||||
echo "✓ Checksum already up to date"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Release Summary
|
|
||||||
run: |
|
run: |
|
||||||
echo "Release Summary:"
|
echo "Release Summary:"
|
||||||
echo "=================="
|
echo "=================="
|
||||||
echo "Version: v${{ needs.build-and-release.outputs.version }}"
|
echo "Version: v${{ inputs.version }}"
|
||||||
echo "Tarball: headlamp-sealed-secrets-${{ needs.build-and-release.outputs.version }}.tar.gz"
|
echo "Tarball: headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
||||||
echo "Checksum: sha256:${{ needs.build-and-release.outputs.checksum }}"
|
echo "Checksum: sha256:${{ steps.compute_checksum.outputs.checksum }}"
|
||||||
echo "Archive URL: https://github.com/${{ github.repository }}/releases/download/v${{ needs.build-and-release.outputs.version }}/headlamp-sealed-secrets-${{ needs.build-and-release.outputs.version }}.tar.gz"
|
echo "Archive URL: https://github.com/${{ github.repository }}/releases/download/v${{ inputs.version }}/headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
||||||
|
echo ""
|
||||||
|
echo "✓ Version bumped to ${{ inputs.version }}"
|
||||||
|
echo "✓ Metadata updated with checksum"
|
||||||
|
echo "✓ Tag v${{ inputs.version }} created"
|
||||||
|
echo "✓ GitHub release published with tarball"
|
||||||
echo ""
|
echo ""
|
||||||
echo "Metadata updated on main branch."
|
|
||||||
echo "Artifact Hub will sync within 5-10 minutes."
|
echo "Artifact Hub will sync within 5-10 minutes."
|
||||||
|
|||||||
Reference in New Issue
Block a user