build(deps-dev): bump the eslint group with 2 updates (#4969) #174
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: release-please | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| release-please: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| if: "${{ github.repository_owner == 'weaveworks' && github.ref_name == 'main' }}" | |
| outputs: | |
| release_created: ${{ steps.release-please.outputs.release_created }} | |
| tag_name: ${{ steps.release-please.outputs.tag_name }} | |
| version: ${{ steps.release-please.outputs.version }} | |
| steps: | |
| - name: Release Please | |
| id: release-please | |
| uses: googleapis/release-please-action@a02a34c4d625f9be7cb89156071d8567266a2445 # v4.2.0 | |
| with: | |
| token: ${{ secrets.WEAVE_GITOPS_BOT_ACCESS_TOKEN }} | |
| publish-npm-package: | |
| needs: release-please | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: write # needed for GitHub Packages registry access | |
| if: "${{ needs.release-please.outputs.release_created }}" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 | |
| with: | |
| node-version-file: package.json | |
| registry-url: "https://npm.pkg.github.com" | |
| scope: "@weaveworks" | |
| - run: yarn | |
| - run: make ui-lib && cd dist && npm publish | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| build-and-push-image: | |
| needs: release-please | |
| uses: ./.github/workflows/build-push-image.yaml | |
| with: | |
| file: gitops-server.dockerfile | |
| flavor: | | |
| latest=true | |
| image: ghcr.io/weaveworks/wego-app | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: | | |
| type=raw,value=${{ needs.release-please.outputs.tag_name }} | |
| type=semver,pattern={{version}},value=${{ needs.release-please.outputs.version }} | |
| permissions: | |
| contents: read # for actions/checkout to fetch code | |
| id-token: write # for Cosign to be able to sign images with GHA token | |
| packages: write # for docker/build-push-action to push images | |
| if: "${{ needs.release-please.outputs.release_created }}" | |
| build-and-push-chart: | |
| needs: | |
| - release-please | |
| - build-and-push-image # as we want to push chart when images are available | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read # for actions/checkout to fetch code | |
| id-token: write # for Cosign to be able to sign chart with GHA token | |
| packages: write # for helm to push OCI chart | |
| if: "${{ needs.release-please.outputs['charts/gitops-server--release_created'] }}" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Package chart | |
| run: | | |
| mkdir helm-release | |
| helm package charts/gitops-server/ -d helm-release | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Publish chart | |
| id: publish-chart | |
| run: | | |
| helm push helm-release/weave-gitops-${{ needs.release-please.outputs['charts/gitops-server--version'] }}.tgz \ | |
| oci://ghcr.io/weaveworks/charts &> helm-release/push-metadata.txt | |
| CHART_DIGEST=$(awk '/Digest: /{print $2}' helm-release/push-metadata.txt) | |
| echo "digest=$CHART_DIGEST" >> $GITHUB_OUTPUT | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2 | |
| - name: Keyless signing of chart | |
| run: | | |
| cosign sign --yes ghcr.io/weaveworks/charts@${{ steps.publish-chart.outputs.digest }} | |
| - name: Verify the chart signing | |
| run: | | |
| cosign verify ghcr.io/weaveworks/charts@${{ steps.publish-chart.outputs.digest }} \ | |
| --certificate-identity "https://github.com/${{ github.workflow_ref }}" \ | |
| --certificate-oidc-issuer "https://token.actions.githubusercontent.com" | jq . | |
| goreleaser: | |
| needs: release-please | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read # for actions/checkout to fetch code | |
| id-token: write # for Cosign to be able to sign release artifacts with GHA token | |
| if: "${{ needs.release-please.outputs.release_created }}" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 | |
| with: | |
| go-version-file: go.mod | |
| - name: Include brew publishing | |
| run: cat .goreleaser.brew.yml >> .goreleaser.yml | |
| if: ${{ !contains(needs.release-please.outputs.version, '-') }} | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2 | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0 | |
| with: | |
| version: latest | |
| args: release --clean | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.WEAVE_GITOPS_BOT_ACCESS_TOKEN }} | |
| BOT_TOKEN: ${{ secrets.WEAVE_GITOPS_BOT_ACCESS_TOKEN }} |