-
Notifications
You must be signed in to change notification settings - Fork 21
169 lines (162 loc) · 6.12 KB
/
publish-latest.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
name: publish as latest
on:
# publish on pushes to the main branch (image tagged as "latest")
# https://ocm.software/ocm/pkgs/container/ocm
push:
branches:
- main
paths:
- '**/*.go'
- '**/*.mod'
- '**/*.sum'
- 'resources/**'
- '.github/config/latest.yml'
jobs:
docker_publish:
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
packages: write
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@v2
with:
app_id: ${{ secrets.OCMBOT_APP_ID }}
private_key: ${{ secrets.OCMBOT_PRIV_KEY }}
- name: Checkout
uses: actions/checkout@v4
with:
token: ${{ steps.generate_token.outputs.token }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker Login
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ github.repository }}
- name: Go Build Cache for Docker
uses: actions/cache@v4
with:
path: go-build-cache
key: ${{ runner.os }}-go-build-cache-${{ hashFiles('**/go.sum') }}
- name: inject go-build-cache into docker
uses: reproducible-containers/buildkit-cache-dance@v3
with:
cache-source: go-build-cache
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
# supported platforms: https://github.com/GoogleContainerTools/distroless?tab=readme-ov-file#what-images-are-available
platforms: linux/amd64,linux/arm64 #linux/arm,linux/ppc64le,linux/s390x
push: true
tags: |
ghcr.io/open-component-model/ocm:latest
ghcr.io/open-component-model/ocm/ocm.software/ocmcli/ocmcli-image:latest
${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
ocm-cli-latest:
name: Build latest ocm-cli
runs-on: large_runner
permissions:
contents: write
id-token: write
packages: write
steps:
- name: Self hosted runner post job cleanup
uses: TooMuch4U/actions-clean@v2.2
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@v2
with:
app_id: ${{ secrets.OCMBOT_APP_ID }}
private_key: ${{ secrets.OCMBOT_PRIV_KEY }}
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ steps.generate_token.outputs.token }}
- name: Enable github-cli
uses: actions4gh/setup-gh@v1.0.2
with:
token: ${{ steps.generate_token.outputs.token }}
- name: Move tag to latest commit
run: |
gh api -X PATCH -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/open-component-model/ocm/git/refs/tags/ocm-cli/latest -f "sha=${{ github.sha }}" -F "force=true"
- name: Setup go
uses: actions/setup-go@v5
with:
go-version-file: '${{ github.workspace }}/go.mod'
check-latest: false
cache: false
- name: Get go environment for use with cache
run: |
echo "go_cache=$(go env GOCACHE)" >> $GITHUB_ENV
echo "go_modcache=$(go env GOMODCACHE)" >> $GITHUB_ENV
# This step will only reuse the go mod and build cache from main made during the Build,
# see push_ocm.yaml => "ocm-cli-latest" Job
# This means it never caches by itself and PRs cannot cause cache pollution / thrashing
# This is because we have huge storage requirements for our cache because of the mass of dependencies
- name: Restore / Reuse Cache from central build
id: cache-golang-restore
uses: actions/cache/restore@v4 # Only Restore, not build another cache (too big)
with:
path: |
${{ env.go_cache }}
${{ env.go_modcache }}
key: ${{ env.cache_name }}-${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ hashFiles('**/go.mod') }}
restore-keys: |
${{ env.cache_name }}-${{ runner.os }}-go-
env:
cache_name: ocm-cli-latest-go-cache # needs to be the same key in the end as in the build step
- name: Goreleaser release snapshot
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser
version: 2.2.0
args: release --clean --timeout 60m --snapshot --skip=validate --config=.github/config/latest.yml
env:
GITHUBORG: ${{ github.repository_owner }}
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
GORELEASER_CURRENT_TAG: v0.0.0
GORELEASER_PREVIOUS_TAG: v0.0.0
- name: Create or update release
uses: ncipollo/release-action@v1
with:
name: latest ocm-cli
tag: ocm-cli/latest
artifacts: "dist/*.tar.gz, dist/*.zip, dist/*.sha256"
token: ${{ steps.generate_token.outputs.token }}
allowUpdates: true
omitBodyDuringUpdate: true
omitNameDuringUpdate: true
prerelease: true
draft: false
removeArtifacts: true
replacesArtifacts: true
skipIfReleaseExists: false
body: |
holds always the latest ocm-cli binaries
# This step is actually responsible for populating our build cache for the next runs in PRs or on main.
- name: Save Cache of Build (only on main)
id: cache-golang-save
uses: actions/cache/save@v4 # Only save build cache once
with:
path: |
${{ env.go_cache }}
${{ env.go_modcache }}
key: ${{ env.cache_name }}-${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ hashFiles('**/go.mod') }}
upload-chunk-size: 256000000 # default of 32MB is not really optimal for our large cache, choose 256MB instead
env:
cache_name: ocm-cli-latest-go-cache # needs to be the same key in the end as in the build step