Build and release v #225
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and release | |
run-name: "Build ${{ !inputs.skip-release && 'and release ' || '' }}v${{ inputs.version }}${{ inputs.suffix }}" | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: Envoy version to build (don't include leading v, don't cancel the build because things might not be cleaned up by terraform properly) | |
type: string | |
required: true | |
suffix: | |
description: Additional suffix for release/tag (must include leading '-' if desired) | |
type: string | |
skip-release: | |
description: Skip the release? | |
type: boolean | |
required: false | |
schedule: | |
- cron: 0 4 * * 1 | |
permissions: | |
id-token: write | |
contents: write | |
jobs: | |
check-input: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Fail if version starts with "v" | |
id: check-v | |
run: | | |
VERSION=${{ inputs.version }} | |
if [[ $VERSION == v* ]]; then | |
echo "Run this action without 'v' prefix - ${VERSION:1}. Don't cancel a build in progress build because things might not be cleaned up by terraform" | |
exit 1 | |
fi | |
shell: bash | |
build: | |
needs: check-input | |
strategy: | |
matrix: | |
os: [darwin, linux, windows] | |
arch: [arm64, amd64] | |
fips: ['', 'fips'] | |
exclude: | |
- os: windows | |
fips: fips | |
- os: windows | |
arch: arm64 | |
- os: darwin | |
fips: fips | |
- os: linux | |
arch: arm64 | |
fips: fips | |
fail-fast: false | |
uses: ./.github/workflows/build.yaml | |
secrets: | |
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} | |
with: | |
os: ${{ matrix.os }} | |
arch: ${{ matrix.arch }} | |
fips: ${{ matrix.fips == 'fips' }} | |
version: ${{ inputs.version || 'main' }} | |
package: | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Download all workflow run artifacts | |
uses: actions/download-artifact@v4 | |
- run: | | |
mkdir out | |
for dir in envoy*; do | |
IFS=- read -r envoy os arch fips <<< "${dir}" | |
for bin in "${dir}"/*; do | |
chmod +x "${bin}" | |
bin="$(basename "${bin}")" | |
IFS=- read -r envoy suffix <<< "${bin}" | |
archive_name="envoy-${os}-${arch}-v${{ inputs.version }}${{ inputs.suffix }}" | |
if [[ "${fips}" == "true" ]]; then | |
archive_name="${archive_name}+fips" | |
fi | |
# move file into tar.gz and rename to 'envoy' in archive | |
tar -C "${dir}" "--transform=flags=r;s|${bin}|envoy|" -czvf "out/${archive_name}.tar.gz" "${bin}" | |
done | |
done | |
- name: Release | |
if: ${{ !inputs.skip-release }} | |
uses: softprops/action-gh-release@v2 | |
with: | |
tag_name: v${{ inputs.version || 'main' }}${{ inputs.suffix }} | |
draft: true | |
files: | | |
out/* | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: envoy-v${{ inputs.version }}${{ inputs.suffix }} | |
path: out/ | |
if-no-files-found: error |