-
Notifications
You must be signed in to change notification settings - Fork 1
100 lines (88 loc) · 3.87 KB
/
release-workflow.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: Release
on:
push:
branches:
- 'releases/v**'
permissions:
contents: read
jobs:
Release:
name: Release Workflow
runs-on: ubuntu-latest
permissions:
# write permission is required to create a github release
contents: write
pull-requests: write
id-token: write # needed for cosign keyless signing with OIDC
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Extract build info
id: extract_build_info
run: |
echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT
echo "commit_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Install cosign
uses: sigstore/[email protected]
- name: Login to registry.cloud.qdrant.io
uses: docker/login-action@v3
with:
registry: registry.cloud.qdrant.io
username: ${{ secrets.HARBOR_USERNAME }}
password: ${{ secrets.HARBOR_TOKEN }}
- name: Package helm chart (CRDs)
run: |
# Ensure correct versions in Chart.yaml
sed -i "s/version:.*/version: ${{ steps.extract_build_info.outputs.tag }}/g" charts/qdrant-operator-crds/Chart.yaml
sed -i "s/appVersion:.*/appVersion: ${{ steps.extract_build_info.outputs.tag }}/g" charts/qdrant-operator-crds/Chart.yaml
helm package charts/qdrant-operator-crds/
- name: Tag Release
shell: bash
run: |
git tag ${{ steps.extract_build_info.outputs.tag }}
git push origin ${{ steps.extract_build_info.outputs.tag }}
- name: Publish Release Notes
uses: release-drafter/release-drafter@v6
with:
disable-autolabeler: true
commitish: ${{ github.ref }}
tag: ${{ steps.extract_build_info.outputs.tag }}
publish: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Push helm (CRDs) chart to registry.cloud.qdrant.io
id: push-helm-chart-crds
env:
HARBOR_USERNAME: ${{ secrets.HARBOR_USERNAME }}
HARBOR_TOKEN: ${{ secrets.HARBOR_TOKEN }}
run: |
helm registry login registry.cloud.qdrant.io -u "${HARBOR_USERNAME}" --password "${HARBOR_TOKEN}"
push_output=$(helm push qdrant-operator-crds-${{ steps.extract_build_info.outputs.tag }}.tgz oci://registry.cloud.qdrant.io/qdrant-charts 2>&1)
echo $push_output
digest=$(echo $push_output | grep -oP '(?<=Digest: ).*')
echo $digest
echo "digest=${digest}" >> $GITHUB_OUTPUT
- name: Push helm (CRDs) chart to registry.cloud.qdrant.io to public repo
id: push-helm-chart-crds-public
env:
HARBOR_USERNAME: ${{ secrets.HARBOR_USERNAME }}
HARBOR_TOKEN: ${{ secrets.HARBOR_TOKEN }}
run: |
helm registry login registry.cloud.qdrant.io -u "${HARBOR_USERNAME}" --password "${HARBOR_TOKEN}"
push_output=$(helm push qdrant-operator-crds-${{ steps.extract_build_info.outputs.tag }}.tgz oci://registry.cloud.qdrant.io/library 2>&1)
echo $push_output
public_digest=$(echo $push_output | grep -oP '(?<=Digest: ).*')
echo $public_digest
echo "public_digest=${public_digest}" >> $GITHUB_OUTPUT
- name: Sign helm chart (CRDs) at registry.cloud.qdrant.io
run: |
cosign sign --yes "${TAGS}@${DIGEST}"
env:
TAGS: registry.cloud.qdrant.io/qdrant-charts/qdrant-operator-crds:${{ steps.extract_build_info.outputs.tag }}
DIGEST: ${{ steps.push-helm-chart-crds.outputs.digest }}
- name: Sign helm chart (CRDs) at registry.cloud.qdrant.io in public repo
run: |
cosign sign --yes "${TAGS}@${DIGEST}"
env:
TAGS: registry.cloud.qdrant.io/library/qdrant-operator-crds:${{ steps.extract_build_info.outputs.tag }}
DIGEST: ${{ steps.push-helm-chart-crds-public.outputs.public_digest }}