Promote Downstream Releases #12
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Promote Downstream Releases | |
on: | |
# may be triggered manually on a release tag that represents a prerelease to promote it to a release in the downstream package repositories and Docker Hub | |
workflow_dispatch: | |
# automatically trigger if an existing GitHub release is marked "latest" | |
release: | |
types: [released] # this release event activity type excludes prereleases | |
# cancel older, redundant runs of same workflow on same branch | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} | |
cancel-in-progress: true | |
env: | |
RELEASE_REF: ${{ github.ref}} | |
jobs: | |
wait_for_release: | |
name: Wait for Release Builds to Succeed | |
runs-on: ubuntu-latest | |
steps: | |
- name: Debug action | |
uses: hmarr/debug-action@v3 | |
- name: Wait for all checks on this ref | |
uses: lewagon/[email protected] | |
with: | |
ref: ${{ env.RELEASE_REF }} | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
# seconds between polling the checks api for job statuses | |
wait-interval: 20 | |
# confusingly, this means "pause this step until all jobs from all workflows in same run have completed" | |
running-workflow-name: Wait for Release Builds to Succeed | |
ignore-checks: SDK Terminator Validation,Always Fail # comma-separated list of check names (job.<id>.name) to ignore | |
parse_version: | |
needs: wait_for_release | |
name: Parse Release Version | |
runs-on: ubuntu-latest | |
outputs: | |
version: ${{ steps.parse.outputs.version }} | |
steps: | |
- name: Parse Release Version | |
id: parse | |
shell: bash | |
run: | | |
if [[ "${RELEASE_REF}" =~ ^refs\/tags\/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
echo "RELEASE_REF=${RELEASE_REF} is a semver release ref" | |
echo "version=${RELEASE_REF#refs/tags/v}" | tee -a $GITHUB_OUTPUT | |
else | |
echo "RELEASE_REF=${RELEASE_REF} is not a semver release ref" >&2 | |
exit 1 | |
fi | |
promote_docker: | |
name: Tag Container Image ${{ matrix.image.repo }}:latest | |
needs: parse_version | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: true | |
matrix: | |
image: | |
- repo: ${{ vars.ZITI_CLI_IMAGE || 'docker.io/openziti/ziti-cli' }} | |
- repo: ${{ vars.ZITI_CONTROLLER_IMAGE || 'docker.io/openziti/ziti-controller' }} | |
- repo: ${{ vars.ZITI_ROUTER_IMAGE || 'docker.io/openziti/ziti-router' }} | |
- repo: ${{ vars.ZITI_TUNNEL_IMAGE || 'docker.io/openziti/ziti-tunnel' }} | |
steps: | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ vars.DOCKER_HUB_API_USER || secrets.DOCKER_HUB_API_USER }} | |
password: ${{ secrets.DOCKER_HUB_API_TOKEN }} | |
- name: Tag Latest | |
shell: bash | |
run: > | |
docker buildx imagetools create --tag | |
${{ matrix.image.repo }}:latest | |
${{ matrix.image.repo }}:${{ needs.parse_version.outputs.version }} | |
promote_artifactory: | |
name: Promote ${{ matrix.package_name }}-${{ matrix.arch.rpm }}.${{ matrix.nfpm_packager }} | |
needs: parse_version | |
strategy: | |
fail-fast: true | |
matrix: | |
package_name: | |
- openziti | |
- openziti-controller | |
- openziti-router | |
arch: | |
- deb: amd64 | |
rpm: x86_64 | |
- deb: arm64 | |
rpm: aarch64 | |
- deb: armv7 | |
rpm: armv7 | |
nfpm_packager: | |
- rpm | |
- deb | |
runs-on: ubuntu-latest | |
env: | |
ZITI_DEB_TEST_REPO: ${{ vars.ZITI_DEB_TEST_REPO || 'zitipax-openziti-deb-test' }} | |
ZITI_RPM_TEST_REPO: ${{ vars.ZITI_RPM_TEST_REPO || 'zitipax-openziti-rpm-test' }} | |
ZITI_DEB_PROD_REPO: ${{ vars.ZITI_DEB_PROD_REPO || 'zitipax-openziti-deb-stable' }} | |
ZITI_RPM_PROD_REPO: ${{ vars.ZITI_RPM_PROD_REPO || 'zitipax-openziti-rpm-stable' }} | |
steps: | |
- name: Configure jFrog CLI | |
uses: jfrog/setup-jfrog-cli@v4 | |
env: | |
JF_ENV_1: ${{ secrets.ZITI_ARTIFACTORY_CLI_CONFIG_PACKAGE_UPLOAD }} | |
- name: Copy RPM from test repo to stable repo with jFrog CLI | |
if: matrix.nfpm_packager == 'rpm' | |
shell: bash | |
run: > | |
jf rt copy | |
--recursive=false | |
--flat=true | |
${{ env.ZITI_RPM_TEST_REPO }}/redhat/${{ matrix.arch.rpm }}/${{ matrix.package_name }}-${{ needs.parse_version.outputs.version }}.${{ matrix.arch.rpm }}.rpm | |
${{ env.ZITI_RPM_PROD_REPO }}/redhat/${{ matrix.arch.rpm }}/ | |
- name: Copy DEB from test repo to stable repo with jFrog CLI | |
if: matrix.nfpm_packager == 'deb' | |
shell: bash | |
run: > | |
jf rt copy | |
--recursive=false | |
--flat=true | |
${{ env.ZITI_DEB_TEST_REPO }}/pool/${{ matrix.package_name }}/${{ matrix.arch.deb }}/${{ matrix.package_name }}_${{ needs.parse_version.outputs.version }}_*.deb | |
${{ env.ZITI_DEB_PROD_REPO }}/pool/${{ matrix.package_name }}/${{ matrix.arch.deb }}/ |