func-operator/.github/workflows/release.yml at main · functions-dev/func-operator · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
name: Release Build and Publish

# This workflow is triggered in two ways:
# 1. Automatically when a semver tag is pushed (e.g., git push origin v1.0.0)
# 2. Via workflow_dispatch from manage-release-tags.yml
#    (needed because tags created with GITHUB_TOKEN don't trigger on.push.tags events)
on:
  push:
    tags:
      - 'v*.*.*'
  workflow_dispatch:
    inputs:
      tag:
        description: 'Tag to release (e.g., v1.0.0)'
        required: true
        type: string

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}
  BUNDLE_IMAGE_NAME: ${{ github.repository }}-bundle

jobs:
  build-push-release:
    name: Build and Push Release Image
    runs-on: ubuntu-latest
    permissions:
      contents: write
      packages: write

    steps:
      - name: Checkout code
        uses: actions/checkout@v6
        with:
          fetch-depth: 0
          # Use tag from workflow_dispatch input, otherwise use the git ref from tag push
          ref: ${{ inputs.tag || github.ref }}

      - name: Free up disk space
        run: |
          sudo rm -rf /usr/share/dotnet
          sudo rm -rf /usr/local/lib/android
          sudo rm -rf /opt/ghc
          sudo rm -rf /opt/hostedtoolcache
          df -h

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v4

      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v4
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Parse version from tag
        id: version
        run: |
          # Handle both trigger types: workflow_dispatch (from manage-release-tags) and tag push
          if [ -n "${{ inputs.tag }}" ]; then
            TAG="${{ inputs.tag }}"
            TAG=${TAG#v}
          else
            TAG=${GITHUB_REF#refs/tags/v}
          fi
          echo "full=$TAG" >> $GITHUB_OUTPUT

          MAJOR=$(echo $TAG | cut -d. -f1)
          MINOR=$(echo $TAG | cut -d. -f2)
          PATCH=$(echo $TAG | cut -d. -f3)

          echo "major=$MAJOR" >> $GITHUB_OUTPUT
          echo "minor=$MINOR" >> $GITHUB_OUTPUT
          echo "patch=$PATCH" >> $GITHUB_OUTPUT
          echo "major_minor=$MAJOR.$MINOR" >> $GITHUB_OUTPUT

          # Check if this is the latest version
          LATEST_TAG=$(git tag -l 'v*.*.*' | sort -V | tail -n1)
          if [ "v$TAG" = "$LATEST_TAG" ]; then
            echo "is_latest=true" >> $GITHUB_OUTPUT
          else
            echo "is_latest=false" >> $GITHUB_OUTPUT
          fi

      - name: Build and push image (latest version)
        id: build_latest
        if: steps.version.outputs.is_latest == 'true'
        uses: docker/build-push-action@v7
        with:
          context: .
          target: prod
          platforms: linux/amd64,linux/arm64
          push: true
          tags: |
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.full }}
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.major_minor }}
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.major }}
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest

      - name: Build and push image (none latest version)
        id: build_non_latest
        if: steps.version.outputs.is_latest == 'false'
        uses: docker/build-push-action@v7
        with:
          context: .
          target: prod
          platforms: linux/amd64,linux/arm64
          push: true
          tags: |
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.full }}
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.major_minor }}
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.major }}

      - name: Set up Go
        uses: actions/setup-go@v6
        with:
          go-version-file: 'go.mod'

      - name: Generate installation manifest
        run: |
          GIT_SHA=$(git rev-parse --short HEAD)

          # Use digest from whichever build step ran (latest or non-latest)
          if [ "${{ steps.version.outputs.is_latest }}" == "true" ]; then
            IMAGE_DIGEST="${{ steps.build_latest.outputs.digest }}"
          else
            IMAGE_DIGEST="${{ steps.build_non_latest.outputs.digest }}"
          fi

          make build-installer \
            IMG=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${IMAGE_DIGEST} \
            VERSION_LABEL=v${{ steps.version.outputs.full }} \
            GIT_SHA_LABEL=${GIT_SHA}

          mv dist/install.yaml func-operator.yaml

      - name: Generate bundle manifests
        run: |
          # Use digest from whichever build step ran (latest or non-latest)
          if [ "${{ steps.version.outputs.is_latest }}" == "true" ]; then
            IMAGE_DIGEST="${{ steps.build_latest.outputs.digest }}"
          else
            IMAGE_DIGEST="${{ steps.build_non_latest.outputs.digest }}"
          fi

          make bundle \
            IMG=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${IMAGE_DIGEST} \
            VERSION=${{ steps.version.outputs.full }} \
            USE_IMAGE_DIGESTS=true

      - name: Build and push bundle image (latest version)
        if: steps.version.outputs.is_latest == 'true'
        uses: docker/build-push-action@v7
        with:
          context: .
          file: bundle.Dockerfile
          platforms: linux/amd64
          push: true
          tags: |
            ${{ env.REGISTRY }}/${{ env.BUNDLE_IMAGE_NAME }}:v${{ steps.version.outputs.full }}
            ${{ env.REGISTRY }}/${{ env.BUNDLE_IMAGE_NAME }}:v${{ steps.version.outputs.major_minor }}
            ${{ env.REGISTRY }}/${{ env.BUNDLE_IMAGE_NAME }}:v${{ steps.version.outputs.major }}
            ${{ env.REGISTRY }}/${{ env.BUNDLE_IMAGE_NAME }}:latest

      - name: Build and push bundle image (non-latest version)
        if: steps.version.outputs.is_latest == 'false'
        uses: docker/build-push-action@v7
        with:
          context: .
          file: bundle.Dockerfile
          platforms: linux/amd64
          push: true
          tags: |
            ${{ env.REGISTRY }}/${{ env.BUNDLE_IMAGE_NAME }}:v${{ steps.version.outputs.full }}
            ${{ env.REGISTRY }}/${{ env.BUNDLE_IMAGE_NAME }}:v${{ steps.version.outputs.major_minor }}
            ${{ env.REGISTRY }}/${{ env.BUNDLE_IMAGE_NAME }}:v${{ steps.version.outputs.major }}

      - name: Create GitHub Release
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          gh release create "v${{ steps.version.outputs.full }}" \
            --generate-notes \
            --latest=${{ steps.version.outputs.is_latest }} \
            func-operator.yaml