This repository was archived by the owner on Jun 1, 2026. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
166 lines (148 loc) · 5.6 KB
/
Copy pathrelease.yml
File metadata and controls
166 lines (148 loc) · 5.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
name: Release
on:
workflow_run:
workflows: ["CI"]
types:
- completed
jobs:
docker:
name: Build & Push Docker Image
runs-on: ubuntu-latest
if: >
github.event.workflow_run.conclusion == 'success' &&
github.event.workflow_run.event == 'push' &&
github.event.workflow_run.repository.full_name == github.repository &&
startsWith(github.event.workflow_run.head_branch, 'v') &&
contains(github.event.workflow_run.head_branch, '.')
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v6
with:
ref: ${{ github.event.workflow_run.head_sha }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
- name: Log into Docker Hub
uses: docker/login-action@v4
with:
username: akaririn
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v6
with:
images: akaririn/texas
tags: |
type=semver,pattern={{version}},value=${{ github.event.workflow_run.head_branch }}
type=semver,pattern={{major}}.{{minor}},value=${{ github.event.workflow_run.head_branch }}
type=raw,value=latest
- name: Build and push Docker image
uses: docker/build-push-action@v7
with:
context: .
file: Dockerfile
push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
helm:
name: Push Helm Chart to GHCR (OCI)
runs-on: ubuntu-latest
if: >
github.event.workflow_run.conclusion == 'success' &&
github.event.workflow_run.event == 'push' &&
github.event.workflow_run.repository.full_name == github.repository &&
startsWith(github.event.workflow_run.head_branch, 'v') &&
contains(github.event.workflow_run.head_branch, '.')
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v6
with:
ref: ${{ github.event.workflow_run.head_sha }}
- name: Install Helm
uses: azure/setup-helm@v5
- name: Log into GHCR
env:
GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GHCR_USER: ${{ github.actor }}
run: echo "${GHCR_TOKEN}" | helm registry login ghcr.io -u "${GHCR_USER}" --password-stdin
- name: Update Helm chart version
env:
HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }}
run: |
# 严格校验分支名只含合法 semver 字符,防止注入
if [[ ! "${HEAD_BRANCH}" =~ ^v?[0-9]+\.[0-9]+(\.[0-9]+)?(-[a-zA-Z0-9._-]+)?(\+[a-zA-Z0-9._-]+)?$ ]]; then
echo "::error::非法的版本号格式: ${HEAD_BRANCH}"
exit 1
fi
VERSION="${HEAD_BRANCH#v}"
sed -i "s/^version:.*/version: ${VERSION}/" helm/texas/Chart.yaml
sed -i "s/^appVersion:.*/appVersion: \"${VERSION}\"/" helm/texas/Chart.yaml
- name: Add Helm dependency repos
run: |
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
- name: Build Helm dependencies
run: helm dependency build helm/texas
- name: Package Helm chart
run: helm package helm/texas -d .helm-out
- name: Push Helm chart to GHCR (OCI)
run: helm push .helm-out/*.tgz oci://ghcr.io/Project-Texas
github-release:
name: Create GitHub Release
needs: [docker, helm]
runs-on: ubuntu-latest
if: >
github.event.workflow_run.conclusion == 'success' &&
github.event.workflow_run.event == 'push' &&
github.event.workflow_run.repository.full_name == github.repository &&
startsWith(github.event.workflow_run.head_branch, 'v') &&
contains(github.event.workflow_run.head_branch, '.')
permissions:
contents: write
steps:
- uses: actions/checkout@v6
with:
ref: ${{ github.event.workflow_run.head_sha }}
fetch-depth: 0
- name: Extract changelog
id: changelog
env:
HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }}
run: |
VERSION="${HEAD_BRANCH#v}"
NOTES=$(python3 - <<'PYEOF'
import re, os, sys
head_branch = os.environ["HEAD_BRANCH"]
version_tag = head_branch if head_branch.startswith("v") else f"v{head_branch}"
try:
with open("CHANGELOG.md") as f:
content = f.read()
pattern = r"## " + re.escape(version_tag) + r"[^\n]*\n(.*?)(?=\n## |\Z)"
match = re.search(pattern, content, re.DOTALL)
if match:
notes = match.group(1).strip()
print(notes if notes else "暂无变更记录")
else:
print(f"未在 CHANGELOG.md 中找到 {version_tag} 的条目")
except FileNotFoundError:
print("未找到CHANGELOG.md")
PYEOF
)
printf '%s' "$NOTES" > /tmp/release_notes.txt
echo "notes_file=/tmp/release_notes.txt" >> "$GITHUB_OUTPUT"
- name: Create GitHub Release
uses: softprops/action-gh-release@v3
with:
tag_name: ${{ github.event.workflow_run.head_branch }}
name: ${{ github.event.workflow_run.head_branch }}
body_path: ${{ steps.changelog.outputs.notes_file }}
draft: false
prerelease: false