mirror/insomnia
1
0
Fork 0
mirror of https://github.com/Kong/insomnia.git synced 2026-04-21 06:37:36 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
fix/query-string-encode-issue
insomnia/.github/workflows/release-publish.yml
Jay Wu 2cd0317be0 chore(publish): publish releases (#8648) 
INS-5421
2025-04-28 14:58:42 +08:00

226 lines
10 KiB
YAML
Raw Permalink Blame History

name: Release Publish
run-name: Publish ${{ github.event.inputs.version }} channel by @${{ github.actor }}
on:
workflow_dispatch:
inputs:
version:
required: true
description: Release version (e.g. 2022.1.0 or 2022.1.0-beta.0)
env:
RELEASE_VERSION: ${{ github.event.inputs.version }}
RELEASE_CORE_TAG: core@${{ github.event.inputs.version }}
RELEASE_BRANCH: release/${{ github.event.inputs.version }}
IS_PRERELEASE: ${{ contains(github.event.inputs.version, 'alpha') || contains(github.event.inputs.version, 'beta') }}
ARTIFACTS_DOWNLOAD_PATH: ${{ github.workspace }}/artifacts
INSO_DOCKER_IMAGE: kong/inso # By default, registry is docker.io
NOTARY_REPOSITORY: "kong/notary" # All signatures will be pushed to public notary repository
ARTIFACTS_REPOSITORY: ${{ vars.ARTIFACTS_REPOSITORY }}
jobs:
publish:
timeout-minutes: 15
runs-on: ubuntu-22.04
outputs:
NOTARY_REPOSITORY: ${{ env.NOTARY_REPOSITORY }}
INSO_DOCKER_IMAGE: ${{ env.INSO_DOCKER_IMAGE }}
INSO_DOCKER_IMAGE_DIGEST: ${{ steps.image_manifest_metadata.outputs.inso_image_sha }}
INSOMNIA_RELEASE_TAG: ${{ env.RELEASE_CORE_TAG }}
permissions:
id-token: write # needed for signing the images
actions: read # For getting workflow run info for keyless signing of docker image
contents: write # Required to upload assets. Issue: https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container#known-issues
packages: write
steps:
- name: Checkout branch # Check out the release branch
uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_BRANCH }}
fetch-depth: 0
persist-credentials: false
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version-file: ".nvmrc"
cache: "npm"
cache-dependency-path: package-lock.json
- name: Install packages
run: npm ci
- name: Check if Release Exists
id: check_release
run: |
release_id=$(gh release view core@${{ env.RELEASE_VERSION }} --json id --jq ".id" 2>/dev/null)
if [ -z "$release_id" ]; then
echo "Release core@${{ env.RELEASE_VERSION }} does not exist. Aborting workflow."
exit 1
fi
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Download release assets
run: |
gh release download core@${{ env.RELEASE_VERSION }} --dir=${{ env.ARTIFACTS_DOWNLOAD_PATH }} --skip-existing
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Docker meta for Inso CLI Docker Image
id: inso_docker_meta
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5
with:
images: ${{ env.INSO_DOCKER_IMAGE }}
tags: |
type=raw,value=${{ env.RELEASE_VERSION }},priority=1000
type=raw,value=latest,enable=${{ env.IS_PRERELEASE == 'false' }}
type=raw,value=alpha,enable=${{ env.IS_PRERELEASE == 'true' && contains(github.event.inputs.version, 'alpha') }}
type=raw,value=beta,enable=${{ env.IS_PRERELEASE == 'true' && contains(github.event.inputs.version, 'beta') }}
sep-tags: ","
# Setup regctl to parse platform specific image digest from image manifest
- name: Install regctl
uses: regclient/actions/regctl-installer@ce5fd131e371ffcdd7508b478cb223b3511a9183 # main
# The image manifest digest/sha is generated only after the image is published to registry
- name: Parse architecture specific digest from image manifest
id: image_manifest_metadata
run: |
INSO_IMAGE=${{ env.INSO_DOCKER_IMAGE }}:${{ steps.inso_docker_meta.outputs.version }}
inso_image_sha="$(regctl image digest "${INSO_IMAGE}")"
echo "inso_image_sha=${inso_image_sha}" >> $GITHUB_OUTPUT
- name: Install Cosign
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382
- name: Verify Inso Container Image Signature produced on insomnia-ee
run: |
cosign verify \
kong/inso:${{env.RELEASE_VERSION}}@${{steps.image_manifest_metadata.outputs.inso_image_sha}} \
--certificate-oidc-issuer='https://token.actions.githubusercontent.com' \
--certificate-identity-regexp='https://github.com/Kong/insomnia-ee/.github/workflows/release-publish.yml'
env:
COSIGN_REPOSITORY: ${{env.NOTARY_REPOSITORY}}
- name: Install slsa verifier
uses: slsa-framework/slsa-verifier/actions/installer@6657aada084353c65e5dde35394b1a010289fab0
- name: Verify Inso Container Image Provenance produced on insomnia-ee
run: |
slsa-verifier verify-image \
kong/inso:${{env.RELEASE_VERSION}}@${{steps.image_manifest_metadata.outputs.inso_image_sha}} \
--print-provenance \
--provenance-repository ${{env.NOTARY_REPOSITORY}} \
--source-uri 'github.com/Kong/insomnia-ee'
- name: Verify Inso Binary Provenance for artifacts produced on insomnia-ee
run: |
slsa-verifier verify-artifact \
--print-provenance \
--provenance-path '${{env.ARTIFACTS_DOWNLOAD_PATH}}/inso-provenance.intoto.jsonl' \
--source-uri 'github.com/Kong/insomnia-ee' \
${{env.ARTIFACTS_DOWNLOAD_PATH}}/inso-*-${{env.RELEASE_VERSION}}.{zip,tar.xz,pkg}
- name: Verify Insomnia App Binary Provenance for artifacts produced on insomnia-ee
run: |
slsa-verifier verify-artifact \
--print-provenance \
--provenance-path '${{env.ARTIFACTS_DOWNLOAD_PATH}}/insomnia-provenance.intoto.jsonl' \
--source-uri 'github.com/Kong/insomnia-ee' \
${{env.ARTIFACTS_DOWNLOAD_PATH}}/Insomnia.Core-${{env.RELEASE_VERSION}}.{snap,tar.gz,zip,rpm,dmg,deb,AppImage,exe}
- name: Publish release
run: |
gh release edit core@${{ env.RELEASE_VERSION }} \
--tag=${{ env.RELEASE_CORE_TAG }} \
--target=${{ env.RELEASE_BRANCH }} \
--prerelease=${{ env.IS_PRERELEASE }} \
--draft=false
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Publish beta/stable of Insomnia to Insomnia API
if: ${{ !contains(github.event.inputs.version, 'alpha') }}
run: |
curl \
--fail \
--request POST \
--url $INSOMNIA_API_URL/v1/releases \
--header "Authorization: Bearer ${INSOMNIA_API_TOKEN}" \
--header "Content-Type: application/json" \
--data "{ \"app\": \"${RELEASE_APP}\", \"version\": \"${RELEASE_VERSION}\", \"channel\": \"${RELEASE_CHANNEL}\", \"release_date\": \"$(date --rfc-3339=ns | sed 's/ /T/; s/\(\....\).*\([+-]\)/\1\2/g')\" }"
env:
INSOMNIA_API_URL: ${{ secrets.INSOMNIA_API_URL }}
INSOMNIA_API_TOKEN: ${{ secrets.INSOMNIA_API_TOKEN }}
RELEASE_APP: com.insomnia.app
RELEASE_VERSION: ${{ env.RELEASE_VERSION }}
RELEASE_CHANNEL: ${{ contains(github.event.inputs.version, 'beta') && 'beta' || 'stable' }}
- name: Publish beta/stable of inso to Insomnia API
if: ${{ !contains(github.event.inputs.version, 'alpha') }}
run: |
curl \
--fail \
--request POST \
--url $INSOMNIA_API_URL/v1/releases \
--header "Authorization: Bearer ${INSOMNIA_API_TOKEN}" \
--header "Content-Type: application/json" \
--data "{ \"app\": \"${RELEASE_APP}\", \"version\": \"${RELEASE_VERSION}\", \"channel\": \"${RELEASE_CHANNEL}\", \"release_date\": \"$(date --rfc-3339=ns | sed 's/ /T/; s/\(\....\).*\([+-]\)/\1\2/g')\" }"
env:
INSOMNIA_API_URL: ${{ secrets.INSOMNIA_API_URL }}
INSOMNIA_API_TOKEN: ${{ secrets.INSOMNIA_API_TOKEN }}
RELEASE_APP: com.insomnia.inso
RELEASE_VERSION: ${{ env.RELEASE_VERSION }}
RELEASE_CHANNEL: ${{ contains(github.event.inputs.version, 'beta') && 'beta' || 'stable' }}
- name: Upload x64 Linux snap to snapcraft (beta and stable only)
if: ${{ !contains(github.event.inputs.version, 'alpha') }}
uses: canonical/action-publish@214b86e5ca036ead1668c79afb81e550e6c54d40 # v1
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_LOGIN_FILE_NEW }}
with:
# TODO-ARM64: Replace to *-amd64.snap when we have ARM64 build from insomnia-ee
snap: artifacts/Insomnia.Core-${{ env.RELEASE_VERSION }}.snap
release: ${{ contains(github.event.inputs.version, 'beta') && 'beta' || 'stable' }}
# TODO: also release for aarch64 Linux?
- name: Upload .deb to pulp and/or cloudsmith (stable only)
if: ${{ !contains(github.event.inputs.version, 'alpha') && !contains(github.event.inputs.version, 'beta') }}
uses: docker://kong/release-script:latest
env:
PULP_USERNAME: ${{ secrets.PULP_USERNAME }}
PULP_PASSWORD: ${{ secrets.PULP_PASSWORD }}
PULP_HOST: ${{ secrets.PULP_HOST }}
VERBOSE: ${{ runner.debug == '1' && '1' || '' }}
CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}
CLOUDSMITH_DRY_RUN: ""
IGNORE_CLOUDSMITH_FAILURES: ${{ vars.IGNORE_CLOUDSMITH_FAILURES }}
USE_CLOUDSMITH: ${{ vars.USE_CLOUDSMITH }}
USE_PULP: ${{ vars.USE_PULP }}
with:
entrypoint: /entrypoint.sh
# TODO-ARM64: Replace to *-amd64.deb when we have arm64 builds from insomnia-ee
args: >
release
--file artifacts/Insomnia.Core-${{ env.RELEASE_VERSION }}.deb
--dist-name ubuntu
--dist-version focal
--package-type insomnia
${{ env.IS_PRERELEASE == 'true' && '--internal' || '--publish' }}
- name: Configure Git user
uses: Homebrew/actions/git-user-config@266845213695c3047d210b2e8fbc42ecdaf45802 # master
with:
username: ${{ (github.event_name == 'workflow_dispatch' && github.actor) || 'insomnia-infra' }}
- name: Merge git branch into develop
run: |
remote_repo="https://${GITHUB_ACTOR}:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git"
git checkout develop
git merge --no-ff ${{ env.RELEASE_BRANCH }}
git status
git push "${remote_repo}"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Reference in New Issue View Git Blame Copy Permalink