Update build-and-release.yml #30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and release docker extension | ||
|
Check failure on line 1 in .github/workflows/build-and-release.yml
|
||
| on: | ||
| release: | ||
| types: [published] # Runs only when a new release is published | ||
| workflow_call: | ||
| inputs: | ||
| tag_name: | ||
| description: "The release tag name (e.g., v1.0.0-1)" | ||
| required: true | ||
| type: string | ||
| release_channel: | ||
| description: "Release channel (stable or edge)" | ||
| required: false | ||
| type: string | ||
| default: "stable" | ||
| workflow_dispatch: | ||
| inputs: | ||
| tag_name: | ||
| description: "The release tag name (e.g., v1.0.0-1)" | ||
| required: true | ||
| type: string | ||
| release_channel: | ||
| description: "Release channel (stable or edge)" | ||
| required: false | ||
| type: string | ||
| default: "stable" | ||
| env: | ||
| GIT_TAG: ${{ github.event.release.tag_name || inputs.tag_name }} | ||
| RELEASE_CHANNEL: ${{ inputs.release_channel }} | ||
| jobs: | ||
| derive-version-info: | ||
| runs-on: ubuntu-24.04 | ||
| outputs: | ||
| GIT_VERSION: ${{ steps.set-vars.outputs.GIT_VERSION }} | ||
| GIT_STRIPPED_VERSION: ${{ steps.set-vars.outputs.GIT_STRIPPED_VERSION }} | ||
| RELEASE_CHANNEL: ${{ steps.set-vars.outputs.RELEASE_CHANNEL }} | ||
| steps: | ||
| - name: Set version variables from tag | ||
| id: set-vars | ||
| run: | | ||
| # Get tag name from either release event or workflow_call input | ||
| TAG_NAME="${{ env.GIT_TAG }}" | ||
| echo "Detected tag: $TAG_NAME" | ||
| # Validate tag name format to prevent command injection | ||
| # Allows semver patterns like v1.0.0, 1.0.0, v1.0.0-alpha.1, edge-latest, etc. | ||
| if [[ ! "$TAG_NAME" =~ ^[a-zA-Z0-9][a-zA-Z0-9._-]*$ ]]; then | ||
| echo "Error: Invalid tag name format." | ||
| exit 1 | ||
| fi | ||
| # Strip 'v' from version tag if it exists | ||
| STRIPPED_VERSION="${TAG_NAME#v}" | ||
| # Determine release channel | ||
| RELEASE_CHANNEL="${{ inputs.release_channel }}" | ||
| echo "GIT_VERSION=$TAG_NAME" >> $GITHUB_OUTPUT | ||
| echo "GIT_STRIPPED_VERSION=$STRIPPED_VERSION" >> $GITHUB_OUTPUT | ||
| echo "RELEASE_CHANNEL=$RELEASE_CHANNEL" >> $GITHUB_OUTPUT | ||
| docker-extension: | ||
| needs: derive-version-info | ||
| runs-on: ubuntu-24.04 | ||
| env: | ||
| GIT_VERSION: ${{ needs.derive-version-info.outputs.GIT_VERSION }} | ||
| GIT_STRIPPED_VERSION: ${{ needs.derive-version-info.outputs.GIT_STRIPPED_VERSION }} | ||
| RELEASE_CHANNEL: ${{ needs.derive-version-info.outputs.RELEASE_CHANNEL }} | ||
| steps: | ||
| - name: Checkout 🛎️ repo | ||
| uses: actions/checkout@v6 | ||
| - name: Setup image tags in docker-compose.yaml | ||
| run: | | ||
| sed -i "s/kanvas-docker-extension:stable-latest/kanvas-docker-extension:${RELEASE_CHANNEL}-${GIT_VERSION}/g" docker-compose.yaml | ||
| sed -i "s/meshery:kanvas-latest/meshery:kanvas-${GIT_VERSION}/g" docker-compose.yaml | ||
| cat docker-compose.yaml | ||
| - name: Generate release notes | ||
| id: release_notes | ||
| run: | | ||
| # Use tag from environment variable (set from release event or workflow_call input) | ||
| TAG_NAME="${{ env.GIT_TAG }}" | ||
| # Try to fetch release notes if the release exists | ||
| if gh release view "$TAG_NAME" &> /dev/null; then | ||
| RELEASE_NOTES=$(gh release view "$TAG_NAME" --json body -q .body) | ||
| # Use default message if release notes are empty | ||
| if [[ -z "$RELEASE_NOTES" ]]; then | ||
| RELEASE_NOTES="Docker Extension build for Kanvas $TAG_NAME" | ||
| fi | ||
| else | ||
| RELEASE_NOTES="Docker Extension build for Kanvas $TAG_NAME" | ||
| fi | ||
| echo "RELEASE_NOTES<<EOF" >> $GITHUB_ENV | ||
| echo "$RELEASE_NOTES" >> $GITHUB_ENV | ||
| echo "EOF" >> $GITHUB_ENV | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v3 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| - name: Docker Meta | ||
| id: meta | ||
| uses: docker/metadata-action@v5 | ||
| with: | ||
| images: layer5/kanvas-docker-extension | ||
| flavor: | | ||
| latest=true | ||
| tags: | | ||
| type=raw,value=${{env.RELEASE_CHANNEL}}-{{sha}} | ||
| type=semver,pattern={{version}},value=${{env.GIT_STRIPPED_VERSION}} | ||
| type=raw,value=${{env.RELEASE_CHANNEL}}-${{env.GIT_VERSION}} | ||
| type=raw,value=${{env.RELEASE_CHANNEL}}-latest | ||
| - name: Login to DockerHub | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| username: ${{ secrets.DOCKER_USERNAME }} | ||
| password: ${{ secrets.DOCKER_PASSWORD }} | ||
| - name: Build and Push Docker Extension | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| context: "{{defaultContext}}" | ||
| push: true | ||
| build-args: | | ||
| GIT_STRIPPED_VERSION=${{env.GIT_STRIPPED_VERSION}} | ||
| GIT_VERSION=${{env.GIT_VERSION}} | ||
| RELEASE_CHANNEL=${{env.RELEASE_CHANNEL}} | ||
| RELEASE_NOTES=${{ env.RELEASE_NOTES || "See https://docs.layer5.io/kanvas/reference/releases"}} | ||
| KANVAS_TAG=${{env.RELEASE_CHANNEL}}-${{env.GIT_VERSION}} | ||
| EXTENSION_TAG=${{env.RELEASE_CHANNEL}}-${{env.GIT_VERSION}} | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| platforms: linux/amd64,linux/arm64 | ||
