release #7

Workflow file for this run

.github/workflows/release.yml at b964f0f

	# Creates a GitHub Release.
	# Workflow is manually run.
	# Preselect branch or tag before running this workflow.
	name: release

	on:
	workflow_dispatch:
	inputs:
	prerelease:
	description: "Mark this release as a prerelease"
	required: false
	default: "auto"
	type: choice
	# auto follows semver. Prerelease versions are hyphenated with a label. ex. 0.0.0-alpha, 1.0.0-rc1
	options:
	- auto
	- "true"
	- "false"
	make-latest:
	description: "Latest release"
	required: false
	default: true
	type: boolean
	nightly:
	description: "Mark as nightly build"
	required: true
	default: true
	type: boolean

	permissions:
	contents: write
	id-token: write
	packages: write

	jobs:
	release:
	runs-on: ubuntu-latest
	env:
	DOCKER_CLI_EXPERIMENTAL: "enabled"
	strategy:
	matrix:
	release_os:
	- linux
	- darwin
	- freebsd
	- illumos
	- netbsd
	- openbsd
	- windows
	steps:
	- name: Disable release on nightly repository
	if: ${{ !inputs.nightly }}
	run: \|
	if [ "$GITHUB_REPOSITORY" == "openbao/openbao-nightly" ]; then
	echo "Refusing to run non-nightly release on nightly repo" 1>&2
	exit 1
	fi

	- name: Checkout
	uses: actions/checkout@v4.1.7
	with:
	fetch-depth: 0 # Required by GoRelease

	- name: Disable nightly on primary repository
	if: inputs.nightly
	env:
	PRERELEASE: ${{ inputs.prerelease }}
	run: \|
	if [ "$GITHUB_REPOSITORY" != "openbao/openbao-nightly" ]; then
	echo "Refusing to run nightly release on non-nightly repo" 1>&2
	exit 1
	fi
	# Otherwise, create fake tags that we do not push; this limits the
	# size of the changelog.
	git tag v9999.9999.9998 HEAD~
	git tag v9999.9999.9999-n"$(date +%Y%m%d)"

	- name: Golang Setup
	uses: ./.github/actions/set-up-go

	- name: go-check
	run: go version

	- name: Node setup
	uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
	with:
	node-version-file: "./ui/package.json"

	- name: Yarn setup
	id: install-yarn
	run: \|
	npm install -g yarn

	# Supports syft/sbom generation
	- uses: anchore/sbom-action/download-syft@v0

	# Supports Buildx
	- name: Qemu Setup
	uses: docker/setup-qemu-action@v3

	- name: Buildx Setup
	uses: docker/setup-buildx-action@v3

	- name: Cosign Install
	uses: sigstore/cosign-installer@v3

	- name: GPG Import
	id: gpg-import
	uses: crazy-max/ghaction-import-gpg@v6
	with:
	gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.GPG_PASSWORD }}

	- name: Cache Setup
	uses: actions/cache@v4
	with:
	path: \|
	./dist/**/bao
	./dist/*/.exe
	./dist/*/.deb
	./dist/*/.rpm
	./dist/*.tar.gz
	./dist/*.tar.gz.zst
	./dist/*.zip
	key: ${{ github.ref }}

	- name: "Docker Login: ghcr.io"
	if: startsWith(github.ref, 'refs/tags/') \|\| inputs.nightly
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: "Docker Login: docker.io"
	if: startsWith(github.ref, 'refs/tags/') \|\| inputs.nightly
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_TOKEN }}

	- name: "Docker Login: quay.io"
	if: startsWith(github.ref, 'refs/tags/') \|\| inputs.nightly
	uses: docker/login-action@v3
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_TOKEN }}

	# Needed for nPFM
	- name: Create GPG Signing Key File
	if: startsWith(github.ref, 'refs/tags/') \|\| inputs.nightly
	run: \|
	GPG_KEY_FILE=/tmp/signing-key.gpg
	echo "${{ secrets.GPG_PRIVATE_KEY_BASE64 }}" \| base64 -di > "${GPG_KEY_FILE}"
	echo "GPG_KEY_FILE=${GPG_KEY_FILE}" >> "${GITHUB_ENV}"
	env:
	GPG_TTY: /dev/ttys000 # Set the GPG_TTY to avoid issues with pinentry

	# Before executing binary builds, build the UI.
	- name: Install UI dependencies
	id: ui-dependencies
	working-directory: ./ui
	run: \|
	yarn install --frozen-lockfile
	npm rebuild node-sass

	- name: Build UI
	id: ui-build
	run: \|
	make static-dist

	# Execute Go binary builds
	- name: "Template GoRelaser configuration"
	if: startsWith(github.ref, 'refs/tags/') \|\| inputs.nightly
	run: \|
	sed "s/REPLACE_WITH_RELEASE_GOOS/${{ matrix.release_os }}/g" .goreleaser-template.yaml > .goreleaser.yaml
	sed -i "s/^#OTHERARCH#//g" .goreleaser.yaml
	[ "${{ matrix.release_os }}" == "linux" ] && sed -i "s/^#LINUXONLY#//g" .goreleaser.yaml \|\| true

	- name: "GoReleaser: Release"
	if: startsWith(github.ref, 'refs/tags/') \|\| inputs.nightly
	uses: goreleaser/goreleaser-action@v6
	with:
	distribution: goreleaser
	version: latest
	args: release --clean --timeout=60m --verbose --parallelism 2
	env:
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
	COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	GPG_FINGERPRINT: ${{ steps.gpg-import.outputs.fingerprint }}
	GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
	GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
	GITHUB_RELEASE_PRERELEASE: ${{ inputs.prerelease }}
	GITHUB_RELEASE_MAKE_LATEST: ${{ inputs.make-latest }}
	NFPM_DEFAULT_PASSPHRASE: ${{ secrets.GPG_PASSWORD }}
	NIGHTLY_RELEASE: ${{ inputs.nightly }}

	- name: Remove GPG Signing Key File
	if: always()
	run: \|
	if [ -n "${GPG_KEY_FILE}" ]; then
	rm -rf "${GPG_KEY_FILE}"
	fi

	- name: "Check free space on runner"
	run: \|
	df -h .

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

release #7

Workflow file

release #7

Jobs

Run details

Workflow file for this run