.github/workflows/release.yaml


name: release

on:
  workflow_dispatch:
  push:
    tags:
      - "v*" # Push events to matching v*, i.e. v1.0, v20.15.10

jobs:
  build-push-services:
    permissions:
      actions: read
      contents: write
      packages: write
      id-token: write
    strategy:
      matrix:
        destination: [ghcr, prod]
        arch: [amd64, arm64]
        include:
        - destination: ghcr
          registry: ghcr.io
          username: ${{ github.actor }}
          password: GITHUB_TOKEN
          image: GHCR_IMAGE
          secret_registry: false
        - destination: prod
          registry: REGISTRY_ENDPOINT
          username: REGISTRY_USERNAME
          password: REGISTRY_PASSWORD
          image: REGISTRY_IMAGE
          secret_registry: true
    name: Release
    uses: ./.github/workflows/release-workflow.yml
    with:
      password: ${{ matrix.password }}
      username: ${{ matrix.username }}
      registry: ${{ matrix.registry }}
      tag: ${{ github.ref_name }}
      arch: ${{ matrix.arch }}
      image: ${{ matrix.image }}
      secret_registry: ${{ matrix.secret_registry }}
    secrets: inherit

  multiarch:
    name: Publish multiarch image
    needs: [build-push-services]
    runs-on: ubuntu-latest
    permissions:
      packages: write
      contents: read
    strategy:
      matrix:
        destination: [ghcr, prod]
        include:
        - destination: ghcr
          registry: ghcr.io
          username: ${{ github.actor }}
          password: GITHUB_TOKEN
          image: GHCR_IMAGE
          secret_registry: false
        - destination: prod
          registry: REGISTRY_ENDPOINT
          username: REGISTRY_USERNAME
          password: REGISTRY_PASSWORD
          image: REGISTRY_IMAGE
          secret_registry: true
    steps:
      - name: Checkout
        uses: actions/checkout@v4.1.3
        with:
          fetch-depth: 0
      - name: Docker login
        uses: docker/login-action@v3
        with:
          registry: ${{ matrix.secret_registry && secrets[matrix.registry] || matrix.registry }}
          username: ${{ matrix.secret_registry && secrets[matrix.username] || matrix.username }}
          password: ${{ secrets[matrix.password] }}
      - name: Publish multiarch
        run: CONTROLLER_IMG=${{ vars[matrix.image] }} TAG=${{ github.ref_name }} make docker-push-manifest-rancher-turtles

  release:
    name: Create helm release
    needs: [multiarch]
    runs-on: ubuntu-latest
    env:
      TAG: ${{ github.ref_name }}
      CONTROLLER_IMG: ${{ vars.REGISTRY_IMAGE }}
      PROD_REGISTRY: ${{ secrets.REGISTRY_ENDPOINT }}
      PROD_ORG: rancher
      RELEASE_DIR: .cr-release-packages
      CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
    steps:
      - name: Checkout
        uses: actions/checkout@v4.1.3
        with:
          fetch-depth: 0
      - name: setupGo
        uses: actions/setup-go@v5
        with:
          go-version: '=1.22.0'
      - name: Get prod multiarch image digest
        run: | 
          docker pull ${{ env.CONTROLLER_IMG }}:${{ env.TAG }}
          multiarch_digest=$( docker inspect --format='{{index .RepoDigests 0}}' ${{ env.CONTROLLER_IMG }}:${{ env.TAG }} | sed 's/.*@//' )
          echo "multiarch_digest=${multiarch_digest}" >> $GITHUB_ENV
      - name: Configure Git
        run: |
          git config user.name "$GITHUB_ACTOR"
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
      - name: Package operator chart
        run: RELEASE_TAG=${GITHUB_REF##*/} CONTROLLER_IMAGE_VERSION=${{ env.multiarch_digest }} CHART_PACKAGE_DIR=${RELEASE_DIR} REGISTRY=${{ env.PROD_REGISTRY }} ORG=${{ env.PROD_ORG }} make release

      - name: Install chart-releaser
        uses: helm/chart-releaser-action@v1.6.0
        with:
          install_only: true

      - name: Prepare environment for the chart releaser
        run: |
          echo "CR_OWNER=$(cut -d '/' -f 1 <<< $GITHUB_REPOSITORY)" >> $GITHUB_ENV
          echo "CR_GIT_REPO=$(cut -d '/' -f 2 <<< $GITHUB_REPOSITORY)" >> $GITHUB_ENV
          rm -rf .cr-index
          mkdir -p .cr-index

      - name: Run chart-releaser upload
        run: cr upload --skip-existing -c "$(git rev-parse HEAD)" --generate-release-notes --release-name-template "${{ env.TAG }}" --make-release-latest=false

      - name: Run chart-releaser index
        run: cr index --push --release-name-template "${{ env.TAG }}"