-
Notifications
You must be signed in to change notification settings - Fork 0
102 lines (99 loc) · 4.24 KB
/
release.yml
File metadata and controls
102 lines (99 loc) · 4.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
name: Release
on:
push:
tags: ["v*"]
permissions:
contents: write
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true
- name: Configure Go private modules
run: git config --global url."https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@github.com/".insteadOf "https://github.com/"
- name: Install wfctl v0.63.2
run: |
mkdir -p "${RUNNER_TEMP}/wfctl-bin"
curl -sSfL -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-o "${RUNNER_TEMP}/wfctl-bin/wfctl" \
"https://github.com/GoCodeAlone/workflow/releases/download/v0.63.2/wfctl-linux-amd64"
chmod +x "${RUNNER_TEMP}/wfctl-bin/wfctl"
- name: Validate plugin contract for publish (pre-build)
run: "${{ runner.temp }}/wfctl-bin/wfctl plugin validate-contract --for-publish --tag ${{ github.ref_name }} ."
- uses: goreleaser/goreleaser-action@v7
with:
version: "~> v2"
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOPRIVATE: github.com/GoCodeAlone/*
GONOSUMCHECK: github.com/GoCodeAlone/*
# workflow#765: runtime truth-check via plugin verify-capabilities.
- name: Verify capabilities (runtime truth-check)
run: |
RUNNER_ARCH=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/')
BIN=$(jq -r --arg arch "$RUNNER_ARCH" \
'[.[] | select(.type=="Binary" and .goos=="linux" and .goarch==$arch and (.name|startswith("workflow-plugin-openlms")))] | .[0].path // ""' \
dist/artifacts.json)
if [ -z "$BIN" ] || [ "$BIN" = "null" ]; then
echo "::warning::No matching linux/$RUNNER_ARCH binary in dist/artifacts.json; skipping verify-capabilities"
jq '.[] | {name, type, goos, goarch, path}' dist/artifacts.json
exit 0
fi
"${{ runner.temp }}/wfctl-bin/wfctl" plugin verify-capabilities --binary "$BIN" .
- name: Verify shipped plugin.json carries tag (post-build)
run: |
"${{ runner.temp }}/wfctl-bin/wfctl" plugin validate-contract --for-publish --tag ${{ github.ref_name }} --release-dir . .
- name: Publish GitHub release
uses: actions/github-script@v7
with:
github-token: ${{ secrets.RELEASES_TOKEN || github.token }}
script: |
const tag = context.ref.replace('refs/tags/', '');
const { owner, repo } = context.repo;
// GoReleaser creates draft releases; listReleases sees drafts while
// getReleaseByTag can 404. Retry because the release can be
// eventually visible after asset uploads finish.
let release;
for (let attempt = 0; attempt < 12; attempt++) {
const { data: releases } = await github.rest.repos.listReleases({ owner, repo, per_page: 100 });
release = releases.find(r => r.tag_name === tag);
if (release) break;
await new Promise(resolve => setTimeout(resolve, 5000));
}
if (!release) {
throw new Error(`release for tag ${tag} not found in repo listing (latest 100 releases)`);
}
if (release.draft) {
await github.rest.repos.updateRelease({
owner,
repo,
release_id: release.id,
draft: false,
});
}
notify-workflow-registry:
name: Notify workflow-registry
runs-on: ubuntu-latest
permissions:
contents: read
needs: release
if: >-
!github.event.deleted
&& !contains(github.ref_name, '-')
&& github.repository == 'GoCodeAlone/workflow-plugin-openlms'
steps:
- name: Trigger registry manifest sync
uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4
with:
token: ${{ secrets.repo_dispatch_token }}
repository: GoCodeAlone/workflow-registry
event-type: plugin-release
client-payload: |-
{"plugin": "openlms", "tag": "${{ github.ref_name }}"}