rancher
/
terraform-provider-file
mirror of https://github.com/rancher/terraform-provider-file.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: add a new workflow for release candidates (#93) (#96) 

(cherry picked from commit f50cbceeee)

Signed-off-by: matttrach <matt.trachier@suse.com>
Co-authored-by: Matt Trachier <matt.trachier@suse.com>
This commit is contained in:
github-actions[bot] 2025-08-26 15:16:30 -05:00 committed by GitHub
parent 911c134974
commit fe4bdc6dce
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 86 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
.github/workflows/release-candidate.yml vendored Normal file
View File

@ -0,0 +1,70 @@
name: release-candidate
on:
push:
branches:
- release/v*
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
issues: write
pull-requests: write
actions: read
steps:
- uses: googleapis/release-please-action@c2a5a2bd6a758a0937f1ddb1e8950609867ed15c # v4.3.0 https://github.com/googleapis/release-please-action/commits/main/
name: release-please
id: release-please
with:
skip-github-pull-request: true
config-file: release-please-config-rc.json
manifest-file: .release-please-manifest.json
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 https://github.com/actions/checkout
if: steps.release-please.outputs.version
with:
fetch-depth: 0
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 https://github.com/actions/setup-go
if: steps.release-please.outputs.version
with:
go-version-file: 'go.mod'
cache: true
- name: retrieve GPG Credentials
if: steps.release-please.outputs.version
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/signing/gpg passphrase | GPG_PASSPHRASE ;
secret/data/github/repo/${{ github.repository }}/signing/gpg privateKeyId | GPG_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/signing/gpg privateKey | GPG_KEY
- name: import_gpg_key
if: steps.release-please.outputs.version
env:
GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
GPG_KEY_ID: ${{ env.GPG_KEY_ID }}
GPG_KEY: ${{ env.GPG_KEY }}
run: |
cleanup() {
# clear history just in case
history -c
}
trap cleanup EXIT TERM
# sanitize variables
if [ -z "${GPG_PASSPHRASE}" ]; then echo "gpg passphrase empty"; exit 1; fi
if [ -z "${GPG_KEY_ID}" ]; then echo "key id empty"; exit 1; fi
if [ -z "${GPG_KEY}" ]; then echo "key contents empty"; exit 1; fi
echo "Importing gpg key"
echo "${GPG_KEY}" | gpg --import --batch > /dev/null || { echo "Failed to import GPG key"; exit 1; }
- name: Run GoReleaser
if: steps.release-please.outputs.version
uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0
with:
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GPG_KEY_ID: ${{ env.GPG_KEY_ID }}
GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}

40
.github/workflows/release.yml vendored
View File

@ -14,8 +14,6 @@ jobs:
issues: write issues: write
pull-requests: write pull-requests: write
actions: read actions: read
outputs:
release_pr: ${{ steps.release-please.outputs.pr }}
steps: steps:
- uses: googleapis/release-please-action@c2a5a2bd6a758a0937f1ddb1e8950609867ed15c # v4.3.0 https://github.com/googleapis/release-please-action/commits/main/ - uses: googleapis/release-please-action@c2a5a2bd6a758a0937f1ddb1e8950609867ed15c # v4.3.0 https://github.com/googleapis/release-please-action/commits/main/
name: release-please name: release-please
@ -24,6 +22,7 @@ jobs:
target-branch: ${{ github.ref_name }} target-branch: ${{ github.ref_name }}
config-file: release-please-config.json config-file: release-please-config.json
manifest-file: .release-please-manifest.json manifest-file: .release-please-manifest.json
# These run only if a release PR was opened or modified, so not when the PR is merged # These run only if a release PR was opened or modified, so not when the PR is merged
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 https://github.com/actions/github-script/commits/main - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 https://github.com/actions/github-script/commits/main
name: wait-for-e2e name: wait-for-e2e
@ -86,43 +85,6 @@ jobs:
repo: "${{ github.event.repository.name }}", repo: "${{ github.event.repository.name }}",
body: "Tests Failed!" body: "Tests Failed!"
}) })
- name: retrieve GPG Credentials
if: steps.release-please.outputs.pr && (steps.run-unit-tests.conclusion == 'success')
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/signing/gpg passphrase | GPG_PASSPHRASE ;
secret/data/github/repo/${{ github.repository }}/signing/gpg privateKeyId | GPG_KEY_ID ;
secret/data/github/repo/${{ github.repository }}/signing/gpg privateKey | GPG_KEY
- name: import_gpg_key
if: steps.release-please.outputs.pr && (steps.run-unit-tests.conclusion == 'success')
env:
GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
GPG_KEY_ID: ${{ env.GPG_KEY_ID }}
GPG_KEY: ${{ env.GPG_KEY }}
run: |
cleanup() {
# clear history just in case
history -c
}
trap cleanup EXIT TERM
# sanitize variables
if [ -z "${GPG_PASSPHRASE}" ]; then echo "gpg passphrase empty"; exit 1; fi
if [ -z "${GPG_KEY_ID}" ]; then echo "key id empty"; exit 1; fi
if [ -z "${GPG_KEY}" ]; then echo "key contents empty"; exit 1; fi
echo "Importing gpg key"
echo "${GPG_KEY}" | gpg --import --batch > /dev/null || { echo "Failed to import GPG key"; exit 1; }
- name: Run GoReleaser
if: steps.release-please.outputs.pr && (steps.run-unit-tests.conclusion == 'success')
uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 https://github.com/goreleaser/goreleaser-action
with:
args: release --snapshot --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GPG_KEY_ID: ${{ env.GPG_KEY_ID }}
GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
# These run after release-please generates a release, so when the release PR is merged # These run after release-please generates a release, so when the release PR is merged
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 https://github.com/actions/checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 https://github.com/actions/checkout

4
.goreleaser.yml
View File

@ -50,10 +50,6 @@ signs:
- "${signature}" - "${signature}"
- "--sign" - "--sign"
- "${artifact}" - "${artifact}"
snapshot:
# "snapshot" is the type of release we use for release candidates
# that are generated when a release branch gets a new merge
name_template: "{{ .ProjectName }}_{{ .ShortCommit }}"
release: release:
extra_files: extra_files:
- glob: 'terraform-registry-manifest.json' - glob: 'terraform-registry-manifest.json'

14
release-please-config-rc.json Normal file
View File

@ -0,0 +1,14 @@
{
"packages": {
".": {
"release-type": "go",
"prerelease": true,
"include-v-in-tag": true,
"include-component-in-tag": false,
"always-update": true,
"skip-changelog": true,
"versioning": "prerelease"
}
},
"$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json"
}

1
release-please-config.json
View File

@ -4,6 +4,7 @@
"release-type": "go", "release-type": "go",
"prerelease": true, "prerelease": true,
"include-v-in-tag": true, "include-v-in-tag": true,
"include-component-in-tag": false,
"always-update": true, "always-update": true,
"initial-version": "v0.1.0" "initial-version": "v0.1.0"
} }