From fe4bdc6dce3069c1a65098cc4e78732dcadf544f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 26 Aug 2025 15:16:30 -0500 Subject: [PATCH] fix: add a new workflow for release candidates (#93) (#96) (cherry picked from commit f50cbceeeeeb177fc4504bb5a639a042e5b09258) Signed-off-by: matttrach Co-authored-by: Matt Trachier --- .github/workflows/release-candidate.yml | 70 +++++++++++++++++++++++++ .github/workflows/release.yml | 40 +------------- .goreleaser.yml | 4 -- release-please-config-rc.json | 14 +++++ release-please-config.json | 1 + 5 files changed, 86 insertions(+), 43 deletions(-) create mode 100644 .github/workflows/release-candidate.yml create mode 100644 release-please-config-rc.json diff --git a/.github/workflows/release-candidate.yml b/.github/workflows/release-candidate.yml new file mode 100644 index 0000000..65243d1 --- /dev/null +++ b/.github/workflows/release-candidate.yml @@ -0,0 +1,70 @@ +name: release-candidate + +on: + push: + branches: + - release/v* + +jobs: + release: + runs-on: ubuntu-latest + permissions: + contents: write + id-token: write + issues: write + pull-requests: write + actions: read + steps: + - uses: googleapis/release-please-action@c2a5a2bd6a758a0937f1ddb1e8950609867ed15c # v4.3.0 https://github.com/googleapis/release-please-action/commits/main/ + name: release-please + id: release-please + with: + skip-github-pull-request: true + config-file: release-please-config-rc.json + manifest-file: .release-please-manifest.json + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 https://github.com/actions/checkout + if: steps.release-please.outputs.version + with: + fetch-depth: 0 + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 https://github.com/actions/setup-go + if: steps.release-please.outputs.version + with: + go-version-file: 'go.mod' + cache: true + - name: retrieve GPG Credentials + if: steps.release-please.outputs.version + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/signing/gpg passphrase | GPG_PASSPHRASE ; + secret/data/github/repo/${{ github.repository }}/signing/gpg privateKeyId | GPG_KEY_ID ; + secret/data/github/repo/${{ github.repository }}/signing/gpg privateKey | GPG_KEY + - name: import_gpg_key + if: steps.release-please.outputs.version + env: + GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }} + GPG_KEY_ID: ${{ env.GPG_KEY_ID }} + GPG_KEY: ${{ env.GPG_KEY }} + run: | + cleanup() { + # clear history just in case + history -c + } + trap cleanup EXIT TERM + + # sanitize variables + if [ -z "${GPG_PASSPHRASE}" ]; then echo "gpg passphrase empty"; exit 1; fi + if [ -z "${GPG_KEY_ID}" ]; then echo "key id empty"; exit 1; fi + if [ -z "${GPG_KEY}" ]; then echo "key contents empty"; exit 1; fi + + echo "Importing gpg key" + echo "${GPG_KEY}" | gpg --import --batch > /dev/null || { echo "Failed to import GPG key"; exit 1; } + - name: Run GoReleaser + if: steps.release-please.outputs.version + uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 + with: + args: release --clean + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GPG_KEY_ID: ${{ env.GPG_KEY_ID }} + GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ee67c7c..5099dc7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,8 +14,6 @@ jobs: issues: write pull-requests: write actions: read - outputs: - release_pr: ${{ steps.release-please.outputs.pr }} steps: - uses: googleapis/release-please-action@c2a5a2bd6a758a0937f1ddb1e8950609867ed15c # v4.3.0 https://github.com/googleapis/release-please-action/commits/main/ name: release-please @@ -24,6 +22,7 @@ jobs: target-branch: ${{ github.ref_name }} config-file: release-please-config.json manifest-file: .release-please-manifest.json + # These run only if a release PR was opened or modified, so not when the PR is merged - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 https://github.com/actions/github-script/commits/main name: wait-for-e2e @@ -86,43 +85,6 @@ jobs: repo: "${{ github.event.repository.name }}", body: "Tests Failed!" }) - - name: retrieve GPG Credentials - if: steps.release-please.outputs.pr && (steps.run-unit-tests.conclusion == 'success') - uses: rancher-eio/read-vault-secrets@main - with: - secrets: | - secret/data/github/repo/${{ github.repository }}/signing/gpg passphrase | GPG_PASSPHRASE ; - secret/data/github/repo/${{ github.repository }}/signing/gpg privateKeyId | GPG_KEY_ID ; - secret/data/github/repo/${{ github.repository }}/signing/gpg privateKey | GPG_KEY - - name: import_gpg_key - if: steps.release-please.outputs.pr && (steps.run-unit-tests.conclusion == 'success') - env: - GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }} - GPG_KEY_ID: ${{ env.GPG_KEY_ID }} - GPG_KEY: ${{ env.GPG_KEY }} - run: | - cleanup() { - # clear history just in case - history -c - } - trap cleanup EXIT TERM - - # sanitize variables - if [ -z "${GPG_PASSPHRASE}" ]; then echo "gpg passphrase empty"; exit 1; fi - if [ -z "${GPG_KEY_ID}" ]; then echo "key id empty"; exit 1; fi - if [ -z "${GPG_KEY}" ]; then echo "key contents empty"; exit 1; fi - - echo "Importing gpg key" - echo "${GPG_KEY}" | gpg --import --batch > /dev/null || { echo "Failed to import GPG key"; exit 1; } - - name: Run GoReleaser - if: steps.release-please.outputs.pr && (steps.run-unit-tests.conclusion == 'success') - uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 https://github.com/goreleaser/goreleaser-action - with: - args: release --snapshot --clean - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GPG_KEY_ID: ${{ env.GPG_KEY_ID }} - GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }} # These run after release-please generates a release, so when the release PR is merged - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 https://github.com/actions/checkout diff --git a/.goreleaser.yml b/.goreleaser.yml index 2ed6f07..710ce1d 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -50,10 +50,6 @@ signs: - "${signature}" - "--sign" - "${artifact}" -snapshot: - # "snapshot" is the type of release we use for release candidates - # that are generated when a release branch gets a new merge - name_template: "{{ .ProjectName }}_{{ .ShortCommit }}" release: extra_files: - glob: 'terraform-registry-manifest.json' diff --git a/release-please-config-rc.json b/release-please-config-rc.json new file mode 100644 index 0000000..3305eba --- /dev/null +++ b/release-please-config-rc.json @@ -0,0 +1,14 @@ +{ + "packages": { + ".": { + "release-type": "go", + "prerelease": true, + "include-v-in-tag": true, + "include-component-in-tag": false, + "always-update": true, + "skip-changelog": true, + "versioning": "prerelease" + } + }, + "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json" +} diff --git a/release-please-config.json b/release-please-config.json index 864ca4d..91a2d2f 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -4,6 +4,7 @@ "release-type": "go", "prerelease": true, "include-v-in-tag": true, + "include-component-in-tag": false, "always-update": true, "initial-version": "v0.1.0" }