docs: Fix release documentation #105
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release | |
on: | |
push: | |
tags: | |
- "v*" | |
permissions: {} | |
defaults: | |
run: | |
shell: bash | |
env: | |
SKIP_INTEGRATION_TESTS: 'non-required' # 'none', 'non-required', 'all' | |
jobs: | |
conditionals: | |
runs-on: ubuntu-latest | |
outputs: | |
skip_integration_tests: ${{ steps.conditionals.outputs.skip_integration_tests }} | |
steps: | |
- name: CI conditionals | |
id: conditionals | |
run: | | |
echo "skip_integration_tests=${SKIP_INTEGRATION_TESTS}" >> ${GITHUB_OUTPUT} | |
build: | |
uses: ./.github/workflows/.reusable-build.yml | |
permissions: | |
packages: write | |
secrets: inherit | |
version-match: | |
runs-on: ubuntu-latest | |
needs: [build] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- name: Ensure version equality | |
run: | | |
IMAGE_TAG=${{ needs.build.outputs.original_tag }} | |
for COMMIT_TAG in $(git tag --points-at $(git rev-parse HEAD)); do | |
if [[ "$IMAGE_TAG" == "$COMMIT_TAG" ]]; then | |
exit 0 | |
fi | |
done | |
echo "Tag '$IMAGE_TAG' is not within tags of commit: $(git tag --points-at $(git rev-parse HEAD))" | |
exit 1 | |
integration-test: | |
uses: ./.github/workflows/.reusable-integration-test.yml | |
needs: [conditionals, build, version-match] | |
if: needs.conditionals.outputs.skip_integration_tests != 'all' | |
permissions: | |
packages: read | |
secrets: inherit | |
with: | |
build_registry: ${{ needs.build.outputs.build_registry }} | |
repo_owner: ${{ github.repository_owner }} | |
build_image_repository: ${{ needs.build.outputs.build_registry }}/${{ needs.build.outputs.build_repo }} | |
build_tag: ${{ needs.build.outputs.build_tag }} | |
skip_integration_tests: ${{ needs.conditionals.outputs.skip_integration_tests }} | |
cosign_public_key: ${{ needs.build.outputs.cosign_public_key }} | |
publish_chart: | |
runs-on: ubuntu-latest | |
needs: [build, version-match, integration-test] | |
permissions: | |
contents: write | |
steps: | |
- name: Install Helm and Git | |
run: | | |
curl https://baltocdn.com/helm/signing.asc | sudo apt-key add - | |
sudo apt-get install apt-transport-https --yes | |
echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list | |
sudo apt-get update | |
sudo apt-get install helm git | |
- name: Checkout code | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
with: | |
fetch-depth: 0 | |
- name: Lint Helm chart | |
run: helm lint helm | |
- name: Package and upload Helm chart | |
run: | | |
git config user.name "versioning_user" | |
git config user.email "connaisseur@securesystems.dev" | |
CHART_VERSION="${{ needs.build.outputs.chart_version }}" | |
helm package helm | |
mkdir -p charts | |
mv connaisseur*.tgz ./charts | |
git checkout gh-pages | |
cd charts | |
helm repo index . --url https://sse-secure-systems.github.io/connaisseur/charts | |
cd .. | |
git add ./charts | |
git commit -m "Publish helm chart ${CHART_VERSION}" | |
git push https://${{ secrets.GITHUB_TOKEN }}@github.com/sse-secure-systems/connaisseur.git | |
publish_docs: | |
needs: [build, version-match, integration-test] | |
uses: ./.github/workflows/.reusable-docs.yaml | |
permissions: | |
contents: write |