From 13316ddea7046a07ae0d115988c4c4df9149da8b Mon Sep 17 00:00:00 2001 From: D072950 Date: Wed, 6 May 2026 07:25:46 +0200 Subject: [PATCH 1/5] chore(ci): plugin release workflow --- .github/workflows/release.yaml | 72 ++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 .github/workflows/release.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..e165585 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,72 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company +# SPDX-License-Identifier: Apache-2.0 + +name: Release + +on: + release: + types: + - created + +permissions: + contents: read + packages: write + +jobs: + build-and-push-image: + name: Build and push container image + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v6 + + - name: Log in to the Container registry + uses: docker/login-action@v4 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v6 + with: + images: ghcr.io/${{ github.repository }} + tags: | + type=semver,pattern={{raw}} + type=semver,pattern=v{{major}}.{{minor}} + type=semver,pattern=v{{major}} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v4 + + - name: Build and push Docker image + uses: docker/build-push-action@v7 + with: + context: . + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.meta.outputs.tags }} + + notify-extensions: + name: Notify greenhouse-extensions + runs-on: ubuntu-latest + needs: build-and-push-image + permissions: + contents: read + steps: + - name: Repository dispatch to greenhouse-extensions + uses: peter-evans/repository-dispatch@v3 + with: + token: ${{ secrets.EXTENSIONS_DISPATCH_TOKEN }} + repository: abhijith-darshan/greenhouse-extensions + event-type: plugin_release + client-payload: | + { + "plugin_definition": "shoot-grafter", + "version": "${{ github.event.release.tag_name }}" + } From e1c88cfe2491279bd7bf2cd65389ffdb6a60ebbc Mon Sep 17 00:00:00 2001 From: D072950 Date: Wed, 6 May 2026 07:39:05 +0200 Subject: [PATCH 2/5] chore(ci): fix release workflow use github app secrets for repository dispatch --- .github/workflows/release.yaml | 75 +++++++++++++++++++++++++--------- 1 file changed, 55 insertions(+), 20 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e165585..69181be 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,37 +20,63 @@ jobs: - name: Check out code uses: actions/checkout@v6 - - name: Log in to the Container registry - uses: docker/login-action@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 + + # Set up BuildKit Docker container builder to be able to build + # multi-platform images and export cache + # https://github.com/docker/setup-buildx-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 with: - registry: ghcr.io + driver-opts: | + image=moby/buildkit:latest + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + with: + registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata (tags, labels) for Docker + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata id: meta - uses: docker/metadata-action@v6 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: - images: ghcr.io/${{ github.repository }} + images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/greenhouse tags: | - type=semver,pattern={{raw}} - type=semver,pattern=v{{major}}.{{minor}} - type=semver,pattern=v{{major}} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v4 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v4 + type=semver,pattern={{version}},prefix=v + type=semver,pattern={{major}}.{{minor}},prefix=v + type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }},prefix=v + type=ref,event=branch + type=ref,event=tag + type=ref,event=pr + type=schedule + type=raw,value=${{ github.sha }} + type=sha,enable=true,format=short,prefix= + type=edge,branch=master + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action - name: Build and push Docker image - uses: docker/build-push-action@v7 + id: build-and-push + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: . - labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64,linux/arm64 - push: true tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + # remove untagged images produced for multi platform builds + provenance: false + # cache-from: type=gha + # cache-to: type=gha,mode=max + platforms: | + linux/amd64 + linux/arm64 notify-extensions: name: Notify greenhouse-extensions @@ -59,10 +85,19 @@ jobs: permissions: contents: read steps: + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@v3.1.1 + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + repositories: greenhouse-extensions + permission-contents: write + - name: Repository dispatch to greenhouse-extensions uses: peter-evans/repository-dispatch@v3 with: - token: ${{ secrets.EXTENSIONS_DISPATCH_TOKEN }} + token: ${{ steps.app-token.outputs.token }} repository: abhijith-darshan/greenhouse-extensions event-type: plugin_release client-payload: | From edba5bc551ed549fd46850c97c8f0d0c1409c540 Mon Sep 17 00:00:00 2001 From: D072950 Date: Wed, 6 May 2026 07:41:01 +0200 Subject: [PATCH 3/5] chore(ci): add registry env to ghcr.io --- .github/workflows/release.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 69181be..1bf2de2 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -12,6 +12,9 @@ permissions: contents: read packages: write +env: + REGISTRY: ghcr.io + jobs: build-and-push-image: name: Build and push container image From 0b853e43fe311989e0658be62a7e30d9a7c1969b Mon Sep 17 00:00:00 2001 From: D072950 Date: Wed, 6 May 2026 07:44:08 +0200 Subject: [PATCH 4/5] chore(ci): build only for amd64 --- .github/workflows/release.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1bf2de2..1ca345a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -51,7 +51,7 @@ jobs: id: meta uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: - images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/greenhouse + images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/shoot-grafter tags: | type=semver,pattern={{version}},prefix=v type=semver,pattern={{major}}.{{minor}},prefix=v @@ -79,7 +79,6 @@ jobs: # cache-to: type=gha,mode=max platforms: | linux/amd64 - linux/arm64 notify-extensions: name: Notify greenhouse-extensions @@ -90,7 +89,7 @@ jobs: steps: - name: Generate GitHub App token id: app-token - uses: actions/create-github-app-token@v3.1.1 + uses: actions/create-github-app-token@v3 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} From 6c303c7638daf996dc63a797235d44229e18db6e Mon Sep 17 00:00:00 2001 From: D072950 Date: Wed, 6 May 2026 08:12:27 +0200 Subject: [PATCH 5/5] chore(ci): automated release --- .github/workflows/release-build.yaml | 109 +++++++++++++++++++++++++ .github/workflows/release.yaml | 117 ++++++--------------------- 2 files changed, 132 insertions(+), 94 deletions(-) create mode 100644 .github/workflows/release-build.yaml diff --git a/.github/workflows/release-build.yaml b/.github/workflows/release-build.yaml new file mode 100644 index 0000000..1ca345a --- /dev/null +++ b/.github/workflows/release-build.yaml @@ -0,0 +1,109 @@ +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company +# SPDX-License-Identifier: Apache-2.0 + +name: Release + +on: + release: + types: + - created + +permissions: + contents: read + packages: write + +env: + REGISTRY: ghcr.io + +jobs: + build-and-push-image: + name: Build and push container image + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v6 + + - name: Set up QEMU + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 + + # Set up BuildKit Docker container builder to be able to build + # multi-platform images and export cache + # https://github.com/docker/setup-buildx-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + with: + driver-opts: | + image=moby/buildkit:latest + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 + with: + images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/shoot-grafter + tags: | + type=semver,pattern={{version}},prefix=v + type=semver,pattern={{major}}.{{minor}},prefix=v + type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }},prefix=v + type=ref,event=branch + type=ref,event=tag + type=ref,event=pr + type=schedule + type=raw,value=${{ github.sha }} + type=sha,enable=true,format=short,prefix= + type=edge,branch=master + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + with: + context: . + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + # remove untagged images produced for multi platform builds + provenance: false + # cache-from: type=gha + # cache-to: type=gha,mode=max + platforms: | + linux/amd64 + + notify-extensions: + name: Notify greenhouse-extensions + runs-on: ubuntu-latest + needs: build-and-push-image + permissions: + contents: read + steps: + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@v3 + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + repositories: greenhouse-extensions + permission-contents: write + + - name: Repository dispatch to greenhouse-extensions + uses: peter-evans/repository-dispatch@v3 + with: + token: ${{ steps.app-token.outputs.token }} + repository: abhijith-darshan/greenhouse-extensions + event-type: plugin_release + client-payload: | + { + "plugin_definition": "shoot-grafter", + "version": "${{ github.event.release.tag_name }}" + } diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1ca345a..6691f6b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,109 +1,38 @@ # SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company # SPDX-License-Identifier: Apache-2.0 -name: Release +name: Release Auto on: - release: - types: - - created + workflow_dispatch: + inputs: + version: + description: Release version (e.g. v0.3.0) + required: true + default: v0.3.0 permissions: - contents: read - packages: write - -env: - REGISTRY: ghcr.io + contents: write jobs: - build-and-push-image: - name: Build and push container image + create-release: + name: Create GitHub release runs-on: ubuntu-latest steps: - name: Check out code uses: actions/checkout@v6 - - name: Set up QEMU - uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - - # Set up BuildKit Docker container builder to be able to build - # multi-platform images and export cache - # https://github.com/docker/setup-buildx-action - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - with: - driver-opts: | - image=moby/buildkit:latest - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 - with: - images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/shoot-grafter - tags: | - type=semver,pattern={{version}},prefix=v - type=semver,pattern={{major}}.{{minor}},prefix=v - type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }},prefix=v - type=ref,event=branch - type=ref,event=tag - type=ref,event=pr - type=schedule - type=raw,value=${{ github.sha }} - type=sha,enable=true,format=short,prefix= - type=edge,branch=master - - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 - with: - context: . - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - # remove untagged images produced for multi platform builds - provenance: false - # cache-from: type=gha - # cache-to: type=gha,mode=max - platforms: | - linux/amd64 - - notify-extensions: - name: Notify greenhouse-extensions - runs-on: ubuntu-latest - needs: build-and-push-image - permissions: - contents: read - steps: - - name: Generate GitHub App token - id: app-token - uses: actions/create-github-app-token@v3 - with: - app-id: ${{ vars.APP_ID }} - private-key: ${{ secrets.APP_PRIVATE_KEY }} - repositories: greenhouse-extensions - permission-contents: write - - - name: Repository dispatch to greenhouse-extensions - uses: peter-evans/repository-dispatch@v3 + - name: Create release and generate release notes + uses: actions/github-script@v8 with: - token: ${{ steps.app-token.outputs.token }} - repository: abhijith-darshan/greenhouse-extensions - event-type: plugin_release - client-payload: | - { - "plugin_definition": "shoot-grafter", - "version": "${{ github.event.release.tag_name }}" - } + script: | + await github.rest.repos.createRelease({ + owner: context.repo.owner, + repo: context.repo.repo, + tag_name: '${{ github.event.inputs.version }}', + target_commitish: context.sha, + name: '${{ github.event.inputs.version }}', + generate_release_notes: true, + draft: false, + prerelease: false + })