ci: serialize release image workflows

pull/3762/head
dsx137 5 days ago
parent b67c03b33e
commit 9025b6a0fa

@ -4,14 +4,26 @@ on:
push:
branches:
- release-*
release:
types: [published]
workflow_dispatch:
inputs:
tag:
description: "Tag version to be used for Docker image"
required: true
default: "v3.8.3"
workflow_call:
inputs:
tag:
description: "Tag version to be used for Docker image"
required: true
type: string
checkout_sha:
description: "Commit SHA to checkout"
required: true
type: string
checkout_short_sha:
description: "Short commit SHA for image tags"
required: true
type: string
jobs:
build-and-push:
@ -23,6 +35,8 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v7.0.0
with:
ref: ${{ inputs.checkout_sha || inputs.tag || github.event.inputs.tag }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v4.1.0
@ -53,8 +67,9 @@ jobs:
- name: Resolve Docker image tags
id: tags
env:
INPUT_TAG: ${{ github.event.inputs.tag }}
INPUT_TAG: ${{ inputs.tag || github.event.inputs.tag }}
RELEASE_TAG: ${{ github.event.release.tag_name }}
CHECKOUT_SHORT_SHA: ${{ inputs.checkout_short_sha }}
run: |
set -euo pipefail
@ -84,13 +99,17 @@ jobs:
add_tag_with_semver_alias "${INPUT_TAG:-}"
add_tag_with_semver_alias "${RELEASE_TAG:-}"
if [[ "${GITHUB_EVENT_NAME:-}" == "release" && "${{ github.event.release.prerelease }}" != "true" ]]; then
add_tag "latest"
fi
if [[ "${GITHUB_REF_TYPE:-}" == "tag" ]]; then
add_tag_with_semver_alias "${GITHUB_REF_NAME}"
elif [[ "${GITHUB_REF_TYPE:-}" == "branch" ]]; then
add_tag "${GITHUB_REF_NAME}"
fi
add_tag "sha-${GITHUB_SHA::7}"
add_tag "sha-${CHECKOUT_SHORT_SHA:-${GITHUB_SHA::7}}"
{
echo "tags<<EOF"

@ -4,14 +4,26 @@ on:
push:
branches:
- release-*
release:
types: [published]
workflow_dispatch:
inputs:
tag:
description: "Tag version to be used for Docker image"
required: true
default: "v3.8.3"
workflow_call:
inputs:
tag:
description: "Tag version to be used for Docker image"
required: true
type: string
checkout_sha:
description: "Commit SHA to checkout"
required: true
type: string
checkout_short_sha:
description: "Short commit SHA for image tags"
required: true
type: string
env:
IMAGE_NAME: "openim-server"
@ -21,11 +33,15 @@ env:
jobs:
publish-docker-images:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
if: ${{ !(github.event_name == 'pull_request' && github.event.pull_request.merged == false) }}
steps:
- name: Checkout main repository
uses: actions/checkout@v7.0.0
with:
ref: ${{ inputs.checkout_sha || inputs.tag || github.event.inputs.tag }}
path: main-repo
- name: Set up QEMU
@ -54,7 +70,10 @@ jobs:
type=semver,pattern=v{{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
type=sha,enable=${{ inputs.checkout_short_sha == '' }}
type=raw,value=sha-${{ inputs.checkout_short_sha }},enable=${{ inputs.checkout_short_sha != '' }}
type=raw,value=${{ inputs.tag || github.event.inputs.tag }}
type=raw,value=latest,enable=${{ github.event_name == 'release' && !github.event.release.prerelease }}
- name: Install skopeo
run: |

@ -0,0 +1,56 @@
name: Release
on:
release:
types: [published]
workflow_dispatch:
inputs:
tag:
description: "Existing tag to release"
required: true
target_branch:
description: "Branch that the release tag was created from"
required: true
permissions:
actions: write
contents: write
packages: write
concurrency:
group: release-${{ github.event.release.tag_name || inputs.tag }}
cancel-in-progress: false
jobs:
update-version:
permissions:
contents: write
uses: ./.github/workflows/update-version-file-on-release.yml
with:
tag: ${{ github.event.release.tag_name || inputs.tag }}
target_branch: ${{ github.event.release.target_commitish || inputs.target_branch }}
secrets: inherit
docker-image:
needs: update-version
permissions:
contents: read
packages: write
uses: ./.github/workflows/publish-docker-image.yml
with:
tag: ${{ github.event.release.tag_name || inputs.tag }}
checkout_sha: ${{ needs.update-version.outputs.updated_sha }}
checkout_short_sha: ${{ needs.update-version.outputs.updated_short_sha }}
secrets: inherit
service-images:
needs: update-version
permissions:
contents: read
packages: write
uses: ./.github/workflows/docker-build-and-release-services-images.yml
with:
tag: ${{ github.event.release.tag_name || inputs.tag }}
checkout_sha: ${{ needs.update-version.outputs.updated_sha }}
checkout_short_sha: ${{ needs.update-version.outputs.updated_short_sha }}
secrets: inherit

@ -1,22 +1,66 @@
name: Update Version File on Release
on:
release:
types: [created]
workflow_dispatch:
inputs:
tag:
description: "Tag version to update"
required: true
target_branch:
description: "Branch that the release tag was created from"
required: true
workflow_call:
inputs:
tag:
description: "Tag version to update"
required: true
type: string
target_branch:
description: "Branch that the release tag was created from"
required: true
type: string
outputs:
updated_sha:
description: "Commit SHA after updating version and moving the tag"
value: ${{ jobs.update-version.outputs.updated_sha }}
updated_short_sha:
description: "Short commit SHA after updating version and moving the tag"
value: ${{ jobs.update-version.outputs.updated_short_sha }}
permissions:
contents: write
jobs:
update-version:
runs-on: ubuntu-latest
outputs:
updated_sha: ${{ steps.resolve-tag.outputs.updated_sha }}
updated_short_sha: ${{ steps.resolve-tag.outputs.updated_short_sha }}
env:
TAG_VERSION: ${{ github.event.release.tag_name }}
TAG_VERSION: ${{ inputs.tag || github.event.inputs.tag }}
TARGET_BRANCH: ${{ inputs.target_branch || github.event.inputs.target_branch }}
steps:
# Step 1: Checkout the original repository's code
- name: Checkout code
uses: actions/checkout@v7.0.0
with:
ref: ${{ inputs.target_branch || github.event.inputs.target_branch }}
fetch-depth: 0
# submodules: "recursive"
- name: Validate target branch
run: |
set -euo pipefail
if [[ -z "${TARGET_BRANCH}" ]]; then
echo "target_branch is required"
exit 1
fi
if ! git ls-remote --exit-code --heads origin "${TARGET_BRANCH}" >/dev/null; then
echo "target_branch must be an existing branch: ${TARGET_BRANCH}"
exit 1
fi
git checkout -B "${TARGET_BRANCH}" "origin/${TARGET_BRANCH}"
- name: Safe submodule initialization
run: |
echo "Checking for submodules..."
@ -48,7 +92,6 @@ jobs:
run: |
if git rev-parse ${{ env.TAG_VERSION }} >/dev/null 2>&1; then
git tag -d ${{ env.TAG_VERSION }}
git push --delete origin ${{ env.TAG_VERSION }}
fi
# Step 4: Update version file
@ -62,14 +105,28 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -euo pipefail
git add version/version
git commit -m "Update version to ${{ env.TAG_VERSION }}"
if git diff --cached --quiet; then
echo "version/version already matches ${TAG_VERSION}"
else
git commit -m "Update version to ${{ env.TAG_VERSION }}"
git push origin HEAD:${TARGET_BRANCH}
fi
# Step 6: Update tag
- name: Update tag
run: |
set -euo pipefail
git tag -fa ${{ env.TAG_VERSION }} -m "Update version to ${{ env.TAG_VERSION }}"
git push origin ${{ env.TAG_VERSION }} --force
git push origin refs/tags/${{ env.TAG_VERSION }}:refs/tags/${{ env.TAG_VERSION }} --force
- name: Resolve updated tag SHA
id: resolve-tag
run: |
updated_sha="$(git rev-parse "${TAG_VERSION}^{commit}")"
echo "updated_sha=$updated_sha" >> "$GITHUB_OUTPUT"
echo "updated_short_sha=${updated_sha:0:12}" >> "$GITHUB_OUTPUT"
# Step 7: Find and Publish Draft Release
- name: Find and Publish Draft Release

Loading…
Cancel
Save