-
Notifications
You must be signed in to change notification settings - Fork 0
64 lines (54 loc) · 1.89 KB
/
release.yml
File metadata and controls
64 lines (54 loc) · 1.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
name: Release
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
permissions:
contents: write
packages: read
jobs:
create-release:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Extract version from tag
id: version
run: |
TAG="${GITHUB_REF_NAME}"
echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
echo "version=${TAG#v}" >> "$GITHUB_OUTPUT"
echo "major=v$(echo "${TAG#v}" | cut -d. -f1)" >> "$GITHUB_OUTPUT"
- name: Create GitHub Release
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ steps.version.outputs.tag }}
name: ${{ steps.version.outputs.tag }}
generate_release_notes: true
body: |
## Container Image
Pull the image:
```bash
# Exact version (immutable)
docker pull ghcr.io/devrail-dev/dev-toolchain:${{ steps.version.outputs.version }}
# Major version (floating, always latest v${{ steps.version.outputs.major }}.x.x)
docker pull ghcr.io/devrail-dev/dev-toolchain:${{ steps.version.outputs.major }}
```
## Verify Image Signature
```bash
cosign verify \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-identity-regexp 'github.com/devrail-dev/dev-toolchain' \
ghcr.io/devrail-dev/dev-toolchain:${{ steps.version.outputs.version }}
```
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Update major version tag
run: |
MAJOR_TAG="${{ steps.version.outputs.major }}"
git tag -f "${MAJOR_TAG}"
git push origin "${MAJOR_TAG}" --force
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}