Skip to content
Promote SKE Pre-release

Promote SKE Pre-release #52

Sign in to view logs

Promote SKE Pre-release

Promote SKE Pre-release #52

Workflow file for this run

.github/workflows/promote-ske-pre-release.yaml at 09cba6f
name: Promote SKE Pre-release
on:
workflow_dispatch:
env:
SKE_PLATFORM_IMG: "ghcr.io/syntasso/ske-platform"
SKE_QUICK_START_INSTALLER_IMG: "ghcr.io/syntasso/ske-quick-start-installer"
jobs:
promote-pre-release:
runs-on: ubuntu-latest
steps:
- name: Check out enterprise kratix
uses: actions/checkout@v4
with:
repository: syntasso/enterprise-kratix
ssh-key: ${{ secrets.ENTERPRISE_KRATIX_DEPLOY_KEY_READ_PUSH }}
submodules: recursive
fetch-depth: 0
- name: Set env vars
run: |
latest_pre_release_tag=$(gh release list --json tagName --jq '[.[] | select(.tagName | match("^v"))][0].tagName')
latest_release_tag=$(echo $latest_pre_release_tag | sed 's/-rc[0-9]*//')
s3_latest_release_dir="s3://syntasso-enterprise-releases/ske/${latest_release_tag}/"
echo "LATEST_PRE_RELEASE_TAG=$latest_pre_release_tag" >> "$GITHUB_ENV"
echo "LATEST_RELEASE_TAG=$latest_release_tag" >> "$GITHUB_ENV"
echo "S3_LATEST_RELEASE_DIR=$s3_latest_release_dir" >> "$GITHUB_ENV"
env:
GH_TOKEN: ${{ secrets.ENTERPRISE_KRATIX_GH_TOKEN }}
- name: Set up Docker (pinned)
uses: docker/setup-docker-action@v4
with:
version: 29.1.5
- name: Login to ghcr
run: |
echo "${{ secrets.GHCR_TOKEN }}" | docker login --username syntassodev --password-stdin ghcr.io
- name: Check release state
env:
GH_TOKEN: ${{ secrets.ENTERPRISE_KRATIX_GH_TOKEN }}
run: |
set -euo pipefail
echo "Checking release ${LATEST_RELEASE_TAG} state"
if gh release view "${LATEST_RELEASE_TAG}" >/dev/null 2>&1; then
echo "Release ${LATEST_RELEASE_TAG} already exists; refusing to continue."
exit 1
fi
platform_exists=0
installer_exists=0
if docker buildx imagetools inspect "${SKE_PLATFORM_IMG}:${LATEST_RELEASE_TAG}" >/dev/null 2>&1; then
platform_exists=1
fi
if docker buildx imagetools inspect "${SKE_QUICK_START_INSTALLER_IMG}:${LATEST_RELEASE_TAG}" >/dev/null 2>&1; then
installer_exists=1
fi
if [[ "${platform_exists}" -eq 1 && "${installer_exists}" -eq 1 ]]; then
echo "Release images already exist for ${LATEST_RELEASE_TAG}; skipping retag."
echo "SKIP_RETAG=true" >> "$GITHUB_ENV"
elif [[ "${platform_exists}" -eq 0 && "${installer_exists}" -eq 0 ]]; then
echo "Release images do not exist yet; retag is required."
echo "SKIP_RETAG=false" >> "$GITHUB_ENV"
else
echo "Partial image state detected for ${LATEST_RELEASE_TAG}; refusing to continue."
exit 1
fi
- name: Verify release images
run: |
./scripts/verify-images ${{ env.LATEST_PRE_RELEASE_TAG }}
- name: Verify SBOM artifacts
run: |
./scripts/verify-sboms ${{ env.LATEST_PRE_RELEASE_TAG }}
- name: Install syft
run: |
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
- name: Prepare release artifacts (skip retag path)
if: env.SKIP_RETAG == 'true'
env:
GH_TOKEN: ${{ secrets.ENTERPRISE_KRATIX_GH_TOKEN }}
run: |
gh release download --repo syntasso/enterprise-kratix "$LATEST_PRE_RELEASE_TAG" \
--pattern ske-distribution.yaml --pattern ske-quick-start-installer.yaml
sed -i "s/${LATEST_PRE_RELEASE_TAG}/${LATEST_RELEASE_TAG}/g" ske-distribution.yaml
TAG="${LATEST_RELEASE_TAG}" make sbom
- name: Re-tag SKE artifacts to full release
if: env.SKIP_RETAG != 'true'
env:
GH_TOKEN: ${{ secrets.ENTERPRISE_KRATIX_GH_TOKEN }}
run: |
./scripts/retag-ske-artifacts-to-full-release
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: eu-west-2
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Create SKE release
env:
GH_TOKEN: ${{ secrets.ENTERPRISE_KRATIX_GH_TOKEN }}
run: |
export TAG=${LATEST_RELEASE_TAG}
./scripts/create-release
- name: Generate changelog
env:
GH_TOKEN: ${{ secrets.ENTERPRISE_KRATIX_GH_TOKEN }}
run: |
git fetch --tags
./scripts/generate-changelog
changelog=$(cat final-changelog.md)
echo "$changelog" >> "$GITHUB_STEP_SUMMARY"