.github/workflows/release.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

name: Deploy Released Assets

on:
  release:
    types: [published]

permissions:
  contents: write
  pull-requests: write
  packages: write

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: false

jobs:
  deploy-alpine:
    runs-on: ubuntu-latest
    environment:
      name: aports
    env:
      TAG_NAME: ${{ github.event.release.tag_name }}
    steps:
      - uses: actions/create-github-app-token@v2
        id: app-token
        with:
          app-id: ${{ vars.APP_ID }}
          private-key: ${{ secrets.PRIVATE_KEY }}
      - uses: actions/checkout@v4
      - name: install lab
        env:
          GH_TOKEN: ${{ steps.app-token.outputs.token }}
        run: |
          gh release download --repo zaquestion/lab v0.25.1 -p lab_0.25.1_linux_amd64.tar.gz
          tar -xzf lab_0.25.1_linux_amd64.tar.gz
          ./lab --version
      - name: Retrieve release artifacts
        id: artifacts
        env:
          GH_TOKEN: ${{ steps.app-token.outputs.token }}
        run: |
          # need the checksums
          gh release download ${TAG_NAME} --skip-existing -p "${TAG_NAME}.sha*"

          echo "sha256sum=$(cat ${TAG_NAME}.sha256)" >> $GITHUB_OUTPUT
          echo "sha512sum=$(cat ${TAG_NAME}.sha512)" >> $GITHUB_OUTPUT

          # need gomplate to template the APKBUILD!
          gh release download ${TAG_NAME} --skip-existing -p gomplate_linux-amd64
          chmod 755 gomplate_linux-amd64
      - name: checkout alpinelinux/aports
        run: |
          set -ex
          git config --global user.name "${{ github.actor }}"
          git config --global user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com"
          git clone -v https://gitlab.alpinelinux.org/hairyhenderson/aports.git
          cd aports
          # note: this token expires, so needs to be rotated periodically
          git remote set-url origin "https://oauth2:${{ secrets.GITLAB_ACCESS_TOKEN }}@gitlab.alpinelinux.org/hairyhenderson/aports.git"
          git remote add upstream https://gitlab.alpinelinux.org/alpine/aports.git
          git checkout master
      - name: update fork
        run: |
          set -ex
          cd aports
          git fetch -v upstream
          git rebase upstream/master
          git push
      - name: upgrade gomplate in aports
        run: |
          set -ex
          export VERSION=${TAG_NAME#v}

          cd aports/community/gomplate
          git checkout -b upgrade-gomplate-aport-${VERSION}

          export ENVJSON="{\"version\": \"${VERSION}\", \"sha512\": \"${{ steps.artifacts.outputs.sha512sum }}\" }"
          ../../../gomplate_linux-amd64 -c .=env:///ENVJSON\?type=application/json \
            -f ../../../packaging/alpine/APKBUILD.tmpl \
            -o APKBUILD

          git add APKBUILD
          git commit -sm "community/gomplate: upgrade to ${VERSION}"
          git push -u origin upgrade-gomplate-aport-${VERSION}

          # open a PR
          ../../../lab mr create --allow-collaboration \
            -m "community/gomplate: upgrade to ${VERSION}" \
            -m "https://github.com/${{ github.repository }}/releases/tag/${TAG_NAME}"
  deploy-docker:
    runs-on: ubuntu-latest
    env:
      TAG_NAME: ${{ github.event.release.tag_name }}
    steps:
    - name: Set up QEMU
      uses: docker/setup-qemu-action@v3.6.0
    - name: Set up Docker Buildx
      id: buildx
      uses: docker/setup-buildx-action@v3.11.1
      with:
        version: v0.19.3
        driver-opts: |
          image=moby/buildkit:buildx-stable-1
          network=host
    - uses: actions/checkout@v4
      with:
        fetch-depth: 0
    - name: Login to GHCR
      uses: docker/login-action@v3.4.0
      with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
    - name: Login to DockerHub
      uses: docker/login-action@v3.4.0
      with:
          # NOTE: DOCKERHUB_TOKEN and DOCKERHUB_USERNAME must be present in https://github.com/hairyhenderson/gomplate/settings
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
    - name: Build & Push
      run: |
        set -ex

        # seed from the last ghcr.io image(s)
        docker pull ghcr.io/hairyhenderson/gomplate:latest
        docker pull ghcr.io/hairyhenderson/gomplate:alpine

        export srcrepo=ghcr.io/${{ github.repository}}
        export COMMIT=${{ github.sha }}

        make docker-multi COMMIT=${COMMIT} DOCKER_REPO=${srcrepo} BUILDX_ACTION=--push

        set -x
        export git_tag=${TAG_NAME}
        export major_version=${git_tag%\.*}
        
        # Push tags first to GHCR, then to DockerHub (last in case of rate-limiting)
        for repo in "${srcrepo}" "gomplate/gomplate" "hairyhenderson/gomplate"; do
          for tag in "stable" "${git_tag}" "${major_version}"; do
            docker buildx imagetools create -t ${repo}:${tag} ${srcrepo}:latest
            docker buildx imagetools create -t ${repo}:${tag}-alpine ${srcrepo}:alpine
          done
        done

        # also push latest and alpine tags to the other repos
        for repo in "gomplate/gomplate" "hairyhenderson/gomplate"; do
          docker buildx imagetools create -t ${repo}:latest ${srcrepo}:latest
          docker buildx imagetools create -t ${repo}:alpine ${srcrepo}:alpine
        done