diff options
Diffstat (limited to '.github/workflows/release.yml')
-rw-r--r-- | .github/workflows/release.yml | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..807860b --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,68 @@ +name: release +on: + push: + tags: + # this is a glob, not a regexp + - '[0-9]*' +jobs: + source: + runs-on: ubuntu-latest + container: + image: quay.io/cockpit/tasks:latest + options: --user root + permissions: + # create GitHub release + contents: write + steps: + - name: Clone repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + # https://github.blog/2022-04-12-git-security-vulnerability-announced/ + - name: Pacify git's permission check + run: git config --global --add safe.directory /__w/cockpit-podman/cockpit-podman + + - name: Workaround for https://github.com/actions/checkout/pull/697 + run: git fetch --force origin $(git describe --tags):refs/tags/$(git describe --tags) + + - name: Build release + run: make dist + + - name: Publish GitHub release + uses: cockpit-project/action-release@7d2e2657382e8d34f88a24b5987f2b81ea165785 + with: + filename: "cockpit-podman-${{ github.ref_name }}.tar.xz" + + node-cache: + # doesn't depend on it, but let's make sure the build passes before we do this + needs: [source] + runs-on: ubuntu-latest + environment: node-cache + # done via deploy key, token needs no write permissions at all + permissions: {} + steps: + - name: Clone repository + uses: actions/checkout@v4 + + - name: Set up git + run: | + git config user.name "GitHub Workflow" + git config user.email "cockpituous@cockpit-project.org" + + - name: Tag node-cache + run: | + set -eux + # this is a shared repo, prefix with project name + TAG="${GITHUB_REPOSITORY#*/}-$(basename $GITHUB_REF)" + make tools/node-modules + tools/node-modules checkout + cd node_modules + git tag "$TAG" + git remote add cache "ssh://git@github.com/${GITHUB_REPOSITORY%/*}/node-cache" + eval $(ssh-agent) + ssh-add - <<< '${{ secrets.DEPLOY_KEY }}' + # make this idempotent: delete an existing tag + git push cache :"$TAG" || true + git push cache tag "$TAG" + ssh-add -D |