Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 02bc7de3e9f6743f4713edcd83497a14ade48da2^! / .
commit02bc7de3e9f6743f4713edcd83497a14ade48da2[log] [tgz]
authorLorenz Brun <lorenz@monogon.tech>Thu Jun 30 17:01:36 2022 +0000
committerLorenz Brun <lorenz@monogon.tech>Thu Jul 07 10:45:40 2022 +0000
tree3f96729a32be5c9b393ed5b8d9f82f3fdb965fc5
parent1dc567e8f342e0e410a4fe7beb149bf66eb34a56 [diff]
github: implement release workflow

This adds a GitHub Action which builds all release artifacts (currently
metroctl, the bundle and the handbook) and pushes them to a GCS bucket
as well as to GitHub releases. It uses federated identity to
authenticate to Google Cloud via an OIDC token issued by GitHub.
The action only runs for tags starting with a 'v' as it's not intended
as a general-purpose CI solution.

All artifacts are uploaded to GCS even though initially only the
handbook is used there in anticipation of automated downloads.

Change-Id: I125166b2178d5a0aa53b725259ac96386f0275d0
Reviewed-on: https://review.monogon.dev/c/monogon/+/810
Tested-by: Jenkins CI
Reviewed-by: Mateusz Zalega <mateusz@monogon.tech>

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..f8a2fc6
--- /dev/null
+++ b/.github/workflows/release.yml

@@ -0,0 +1,37 @@
+name: Publish release artifacts and docs for new tags
+on:
+  push:
+    tags:
+      - "v*"
+jobs:
+  publish:
+    runs-on: gha-trusted
+    permissions:
+      contents: "write" # Required for publishing release artifacts
+      id-token: "write"
+    steps:
+      - uses: actions/checkout@v3
+      - id: auth
+        name: Authenticate to GCP
+        uses: google-github-actions/auth@v0.8.0
+        with:
+          create_credentials_file: "true"
+          workload_identity_provider: "projects/498345658902/locations/global/workloadIdentityPools/oidc-fed/providers/github-actions"
+          service_account: "github-artifact-deploy@monogon-infra.iam.gserviceaccount.com"
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@v0
+      - name: Install Cloud SDK alpha commands
+        run: gcloud --quiet components install alpha
+      - name: Build artifacts
+        run: bazel build -c opt //metropolis/node:bundle //metropolis/handbook //metropolis/cli/metroctl
+      - name: Attach artifacts to Release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: |
+            bazel-bin/metropolis/node/bundle.zip
+            bazel-bin/metropolis/cli/metroctl/metroctl_/metroctl
+      - name: Upload to GCS
+        run: |-
+          gcloud alpha storage cp bazel-bin/metropolis/node/bundle.zip gs://monogon-release-artifacts/${GITHUB_REF##*/}/bundle.zip
+          gcloud alpha storage cp bazel-bin/metropolis/cli/metroctl/metroctl_/metroctl gs://monogon-release-artifacts/${GITHUB_REF##*/}/metroctl
+          gcloud alpha storage cp -r bazel-bin/metropolis/handbook/handbook gs://monogon-release-artifacts/${GITHUB_REF##*/}/handbook