Publish swagger.yaml from GitHub Actions on push to main and tags

Add a 'Publish swagger' workflow that builds pkg/api/swagger.yaml and
uploads it to the libpod-master-releases GCS bucket (swagger-latest.yaml
for main, swagger-<tag>.yaml for tags), reusing the same gcsupld container
as Cirrus with GCPJSON/GCPNAME supplied via repository secrets. Per-PR
uploads to libpod-pr-releases are dropped, as nothing consumes them.

The gcsupld image tag is hardcoded (copied from .cirrus.yml IMAGE_SUFFIX)
rather than read at runtime, since Cirrus CI is to be decommissioned soon.

Remove the now-migrated swagger_task from .cirrus.yml (and its success_task
dependency) and the _run_swagger handler from hack/ci/runner.sh, and update
docs/README.md to point at the new workflow. While at it, fix the link in
docs/README.md to hack/ci/README.md#docs-task, which had been dangling ever
since that file was removed in 2020 by commit 2c9084e224.

Note: requires GCPJSON and GCPNAME to be configured as GitHub repository
secrets before the upload step can succeed.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit is contained in:
Kir Kolyshkin
2026-05-26 20:17:04 -07:00
committed by Paul Holzinger
parent 6071d780e9
commit 26e30e5f6d
4 changed files with 74 additions and 86 deletions

72
.github/workflows/swagger.yml vendored Normal file
View File

@@ -0,0 +1,72 @@
name: Publish swagger
# Build the libpod API spec (pkg/api/swagger.yaml) and publish it to the
# public GCS bucket consumed by the API reference docs
# (docs/source/_static/api.html -> https://storage.googleapis.com/libpod-master-releases/swagger-<version>.yaml).
# Pushes to main publish "swagger-latest.yaml"; tags publish "swagger-<tag>.yaml".
on:
push:
branches:
- main
tags:
- "v*"
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
publish-swagger:
name: Build and publish swagger.yaml
runs-on: cncf-ubuntu-8-32-x86
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Install build dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
gawk \
libassuan-dev \
libbtrfs-dev \
libgpgme-dev \
libseccomp-dev \
libsystemd-dev \
libclone-perl \
man-db \
podman \
python3-pip
- name: Set up Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
go-version-file: go.mod
cache: false
- name: Build swagger.yaml
run: make swagger
- name: Publish swagger.yaml to GCS
env:
GCPJSON: ${{ secrets.GCPJSON }}
GCPNAME: ${{ secrets.GCPNAME }}
GCPPROJECT: libpod-218412
# Pushes to main publish "latest"; tags publish under their tag name.
TO_GCSURI: gs://libpod-master-releases/swagger-${{ github.ref_type == 'tag' && github.ref_name || 'latest' }}.yaml
FROM_FILEPATH: /src/pkg/api/swagger.yaml
# Uploader image tag, copied from .cirrus.yml IMAGE_SUFFIX.
GCSUPLD_FQIN: quay.io/libpod/gcsupld:c20260425t010036z-f43f42d14
run: |
# Pass secrets through podman's environment (-e VAR) rather than an
# env-file so they are never written to disk.
podman run --rm --security-opt label=disable \
-e GCPJSON -e GCPNAME -e GCPPROJECT -e FROM_FILEPATH -e TO_GCSURI \
-v "$GITHUB_WORKSPACE:/src:ro" \
--workdir /src \
"$GCSUPLD_FQIN"