Chris Farhood
9ee113e583
Merged prepare-release and release workflows into a single workflow that handles everything in one job. This eliminates the need for separate tokens or manual intervention. Single workflow now: - Validates version format - Updates package.json and artifacthub-pkg.yml - Builds and packages plugin (with type check and linting) - Computes checksum - Verifies tarball contents - Updates metadata with real checksum - Commits all changes to main - Creates and pushes tag - Creates GitHub release with tarball No more tag push triggers, no separate tokens needed. Everything runs in one workflow_dispatch job. Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
160 lines
5.7 KiB
YAML
160 lines
5.7 KiB
YAML
name: Release
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
description: 'Version to release (without v prefix, e.g., 0.2.5)'
|
|
required: true
|
|
type: string
|
|
|
|
jobs:
|
|
release:
|
|
runs-on: local-ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
steps:
|
|
- name: Validate version format
|
|
run: |
|
|
if ! echo "${{ inputs.version }}" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$'; then
|
|
echo "::error::Version must be in format X.Y.Z (e.g., 0.2.5)"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Configure git
|
|
run: |
|
|
git config user.name "github-actions[bot]"
|
|
git config user.email "github-actions[bot]@users.noreply.github.com"
|
|
|
|
- name: Update package.json version
|
|
working-directory: ./headlamp-sealed-secrets
|
|
run: |
|
|
jq --arg version "${{ inputs.version }}" '.version = $version' package.json > package.json.tmp
|
|
mv package.json.tmp package.json
|
|
|
|
- name: Update artifacthub-pkg.yml version
|
|
run: |
|
|
VERSION="${{ inputs.version }}"
|
|
RELEASE_URL="https://github.com/${{ github.repository }}/releases/download/v${VERSION}/headlamp-sealed-secrets-${VERSION}.tar.gz"
|
|
|
|
sed -i "s|^version:.*|version: ${VERSION}|" artifacthub-pkg.yml
|
|
sed -i "s|^appVersion:.*|appVersion: ${VERSION}|" artifacthub-pkg.yml
|
|
sed -i "s|headlamp/plugin/archive-url:.*|headlamp/plugin/archive-url: \"${RELEASE_URL}\"|" artifacthub-pkg.yml
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '20'
|
|
cache: 'npm'
|
|
cache-dependency-path: headlamp-sealed-secrets/package-lock.json
|
|
|
|
- name: Install dependencies
|
|
working-directory: ./headlamp-sealed-secrets
|
|
run: npm ci
|
|
|
|
- name: Run type check
|
|
working-directory: ./headlamp-sealed-secrets
|
|
run: npm run tsc
|
|
|
|
- name: Run linter
|
|
working-directory: ./headlamp-sealed-secrets
|
|
run: npm run lint
|
|
|
|
- name: Build plugin
|
|
working-directory: ./headlamp-sealed-secrets
|
|
run: npx @kinvolk/headlamp-plugin build
|
|
|
|
- name: Package plugin
|
|
working-directory: ./headlamp-sealed-secrets
|
|
run: npx @kinvolk/headlamp-plugin package
|
|
|
|
- name: Move tarball to root
|
|
working-directory: ./headlamp-sealed-secrets
|
|
run: |
|
|
TARBALL="headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
|
if [ ! -f "${TARBALL}" ]; then
|
|
echo "::error::Expected tarball ${TARBALL} not found"
|
|
ls -la *.tar.gz
|
|
exit 1
|
|
fi
|
|
mv "${TARBALL}" "../${TARBALL}"
|
|
echo "Moved tarball: ${TARBALL}"
|
|
|
|
- name: Validate tarball name
|
|
run: |
|
|
EXPECTED="headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
|
ACTUAL=$(ls *.tar.gz)
|
|
if [ "$EXPECTED" != "$ACTUAL" ]; then
|
|
echo "::error::Tarball name mismatch! Expected: $EXPECTED, Got: $ACTUAL"
|
|
exit 1
|
|
fi
|
|
echo "✓ Tarball name validated: $ACTUAL"
|
|
|
|
- name: Compute checksum
|
|
id: compute_checksum
|
|
run: |
|
|
TARBALL="headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
|
CHECKSUM=$(sha256sum "$TARBALL" | awk '{print $1}')
|
|
echo "checksum=${CHECKSUM}" >> $GITHUB_OUTPUT
|
|
echo "Checksum: sha256:${CHECKSUM}"
|
|
|
|
- name: Verify tarball contents
|
|
run: |
|
|
TARBALL="headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
|
echo "Tarball contents:"
|
|
tar -tzf "${TARBALL}" | head -20
|
|
|
|
# Verify main.js exists (structure is headlamp-sealed-secrets/main.js)
|
|
if ! tar -tzf "${TARBALL}" | grep -q "headlamp-sealed-secrets/main.js"; then
|
|
echo "::error::main.js not found in tarball"
|
|
exit 1
|
|
fi
|
|
echo "✓ Tarball contents validated"
|
|
|
|
- name: Update checksum in metadata
|
|
run: |
|
|
CHECKSUM="${{ steps.compute_checksum.outputs.checksum }}"
|
|
sed -i "s|headlamp/plugin/archive-checksum:.*|headlamp/plugin/archive-checksum: sha256:${CHECKSUM}|" artifacthub-pkg.yml
|
|
|
|
- name: Commit version bump and metadata
|
|
run: |
|
|
git add headlamp-sealed-secrets/package.json artifacthub-pkg.yml
|
|
git commit -m "chore: release v${{ inputs.version }}"
|
|
git push origin main
|
|
|
|
- name: Create and push tag
|
|
run: |
|
|
git tag "v${{ inputs.version }}"
|
|
git push origin "v${{ inputs.version }}"
|
|
|
|
- name: Create GitHub Release
|
|
uses: softprops/action-gh-release@v2
|
|
with:
|
|
tag_name: "v${{ inputs.version }}"
|
|
files: headlamp-sealed-secrets-${{ inputs.version }}.tar.gz
|
|
fail_on_unmatched_files: true
|
|
draft: false
|
|
prerelease: false
|
|
generate_release_notes: true
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Summary
|
|
run: |
|
|
echo "Release Summary:"
|
|
echo "=================="
|
|
echo "Version: v${{ inputs.version }}"
|
|
echo "Tarball: headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
|
echo "Checksum: sha256:${{ steps.compute_checksum.outputs.checksum }}"
|
|
echo "Archive URL: https://github.com/${{ github.repository }}/releases/download/v${{ inputs.version }}/headlamp-sealed-secrets-${{ inputs.version }}.tar.gz"
|
|
echo ""
|
|
echo "✓ Version bumped to ${{ inputs.version }}"
|
|
echo "✓ Metadata updated with checksum"
|
|
echo "✓ Tag v${{ inputs.version }} created"
|
|
echo "✓ GitHub release published with tarball"
|
|
echo ""
|
|
echo "Artifact Hub will sync within 5-10 minutes."
|