badfish/.github/workflows/production-release.yml at master · quadsproject/badfish · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
name: Production Release

on:
    push:
        branches:
            - master

concurrency:
    group: production-release
    cancel-in-progress: true

jobs:
    # ------------------------------------------------------------------
    # JOB 1: RELEASE (Calculate Version, Tag, Push to PyPI)
    # ------------------------------------------------------------------
    release:
        name: Semantic Release
        runs-on: ubuntu-latest
        permissions:
            contents: write # Needed to create releases/tags
            id-token: write # Needed for PyPI trusted publishing
        outputs:
            released: ${{ steps.semantic.outputs.released }}
            tag: ${{ steps.semantic.outputs.tag }}
            version: ${{ steps.semantic.outputs.version }}

        steps:
            - uses: actions/checkout@v4
              with:
                  fetch-depth: 0

            - name: Python Semantic Release
              id: semantic
              uses: python-semantic-release/python-semantic-release@v9.15.0
              with:
                  github_token: ${{ secrets.GITHUB_TOKEN }}

            - name: Publish to PyPI
              if: steps.semantic.outputs.released == 'true'
              uses: pypa/gh-action-pypi-publish@release/v1
              with:
                  password: ${{ secrets.PYPI_API_TOKEN }}

    # ------------------------------------------------------------------
    # JOB 2: COPR BUILD (Fedora SRPM)
    # ------------------------------------------------------------------
    copr_build:
        name: Submit to COPR
        needs: release
        if: needs.release.outputs.released == 'true'
        runs-on: ubuntu-latest
        container: fedora:latest
        permissions:
            contents: read

        steps:
            - name: Install Git
              run: dnf -y install git

            - name: Checkout Tagged Release
              uses: actions/checkout@v4
              with:
                  ref: ${{ needs.release.outputs.tag }}

            - name: Install tooling
              run: |
                  dnf -y install @development-tools @rpm-development-tools copr-cli make zlib-devel

            - name: Work around GHA permission issue
              run: git config --global --add safe.directory /__w/badfish/badfish

            - name: Setup COPR Config
              env:
                  API_TOKEN_CONTENT: ${{ secrets.COPR_API_TOKEN }}
              run: |
                  mkdir -p "$HOME/.config"
                  echo "$API_TOKEN_CONTENT" > "$HOME/.config/copr"

            - name: Sync Spec Version and Build
              run: |
                  cd rpm

                  # 1. Build the SRPM
                  make srpm

                  # 2. Find the SRPM file (handles cases where it is in ./ or subdirs)
                  SRPM_FILE=$(find . -name "*.src.rpm" -type f | head -n 1)

                  if [ -z "$SRPM_FILE" ]; then
                    echo "Error: No .src.rpm file found after running 'make srpm'"
                    exit 1
                  fi

                  echo "Found SRPM: $SRPM_FILE"

                  # 3. Submit to COPR
                  copr build quadsdev/badfish "$SRPM_FILE"

    # ------------------------------------------------------------------
    # JOB 3: QUAY PUBLISH (Master & Latest)
    # ------------------------------------------------------------------
    quay_master:
        name: Push Quay (Master)
        needs: release
        if: needs.release.outputs.released == 'true'
        runs-on: ubuntu-latest
        permissions:
            contents: read

        steps:
            - name: Checkout Tagged Release
              uses: actions/checkout@v4
              with:
                  ref: ${{ needs.release.outputs.tag }}

            - name: Podman Login
              env:
                  QUAY_USER: ${{ secrets.QUAY_USERNAME }}
                  QUAY_TOKEN: ${{ secrets.QUAY_API_TOKEN }}
              run: echo "$QUAY_TOKEN" | podman login -u="$QUAY_USER" --password-stdin quay.io

            - name: Clean Old Tags
              env:
                  QUAY_USER: ${{ secrets.QUAY_USERNAME }}
                  QUAY_TOKEN: ${{ secrets.QUAY_API_TOKEN }}
              run: |
                  REPO="quay.io/quads/badfish"
                  echo "$QUAY_TOKEN" | skopeo login -u="$QUAY_USER" --password-stdin quay.io

                  # Delete 'master' and 'latest' if they exist
                  for tag in master latest; do
                    echo "Attempting to delete old tag: $tag"
                    skopeo delete "docker://$REPO:$tag" || echo "Tag $tag not found or already deleted."
                  done

            - name: Build and Push
              run: |
                  # Added --no-cache to ensure fresh layers
                  podman build --no-cache -t quay.io/quads/badfish:master .
                  podman tag quay.io/quads/badfish:master quay.io/quads/badfish:latest
                  podman push quay.io/quads/badfish:master
                  podman push quay.io/quads/badfish:latest