Skip to content

release

release #84

Workflow file for this run

name: release
on:
push:
tags:
# this is a glob, not a regexp
- '[0-9]*'
jobs:
source:
runs-on: ubuntu-latest
container:
image: ghcr.io/cockpit-project/tasks:latest
options: --user root
permissions:
# create GitHub release
contents: write
steps:
- name: Clone repository
uses: actions/checkout@v4
with:
fetch-depth: 0
# https://github.blog/2022-04-12-git-security-vulnerability-announced/
- name: Pacify git's permission check
run: git config --global --add safe.directory /__w/cockpit-podman/cockpit-podman
- name: Workaround for https://github.com/actions/checkout/pull/697
run: git fetch --force origin $(git describe --tags):refs/tags/$(git describe --tags)
- name: Build release
run: make dist
- name: Publish GitHub release
uses: cockpit-project/action-release@7d2e2657382e8d34f88a24b5987f2b81ea165785
with:
filename: "cockpit-podman-${{ github.ref_name }}.tar.xz"
node-cache:
# doesn't depend on it, but let's make sure the build passes before we do this
needs: [source]
runs-on: ubuntu-latest
environment: node-cache
# done via deploy key, token needs no write permissions at all
permissions: {}
steps:
- name: Clone repository
uses: actions/checkout@v4
- name: Set up git
run: |
git config user.name "GitHub Workflow"
git config user.email "[email protected]"
- name: Tag node-cache
run: |
set -eux
# this is a shared repo, prefix with project name
TAG="${GITHUB_REPOSITORY#*/}-$(basename $GITHUB_REF)"
make tools/node-modules
tools/node-modules checkout
cd node_modules
git tag "$TAG"
git remote add cache "ssh://[email protected]/${GITHUB_REPOSITORY%/*}/node-cache"
eval $(ssh-agent)
ssh-add - <<< '${{ secrets.DEPLOY_KEY }}'
# make this idempotent: delete an existing tag
git push cache :"$TAG" || true
git push cache tag "$TAG"
ssh-add -D