vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-04-28 03:20:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Make v5 release automation branch-owned

Browse source
This commit is contained in:
rcourtman 2026-04-14 19:48:25 +01:00
parent 324f3be1c8
commit 2c51c0a0dd
8 changed files with 158 additions and 180 deletions
Download patch file Download diff file Expand all files Collapse all files

14
.github/workflows/README.md vendored
View file

@ -4,7 +4,7 @@
**File**: `update-demo-server.yml` **File**: `update-demo-server.yml`
Automatically updates the public demo server when a new stable release is published. Updates the public demo server when the release pipeline dispatches a new stable release deployment, or when run manually.
### Configuration Required ### Configuration Required
@ -25,8 +25,8 @@ Add these secrets to your GitHub repository settings (`Settings` → `Secrets an
### How It Works ### How It Works
1. **Trigger**: Runs automatically when a GitHub release is published 1. **Trigger**: Dispatched by the release pipeline after a stable release is published, or run manually from the Actions tab
2. **Filter**: Only runs for stable releases (skips RC/pre-releases) 2. **Filter**: The release pipeline only dispatches this for stable releases
3. **Update**: SSHs to demo server and runs the install script 3. **Update**: SSHs to demo server and runs the install script
4. **Verify**: Checks that the new version is running and mock mode is active 4. **Verify**: Checks that the new version is running and mock mode is active
5. **Cleanup**: Removes SSH key from runner 5. **Cleanup**: Removes SSH key from runner
@ -49,8 +49,7 @@ To test without publishing a release:
**File**: `helm-ci.yml` **File**: `helm-ci.yml`
Runs `helm lint --strict` and renders the chart with common configuration combinations on every pull request that touches Helm content (and on pushes to `main`). This prevents regressions before they land. Runs `helm lint --strict` and renders the chart with common configuration combinations on every pull request that touches Helm content (and on pushes to `main` and `release/5.1`). This prevents regressions before they land.
- Triggered by PRs/pushes touching `deploy/helm/**`, docs, or the workflow itself - Triggered by PRs/pushes touching `deploy/helm/**`, docs, or the workflow itself
- Uses Helm v3.15.2 - Uses Helm v3.15.2
- Renders both the default deployment and an agent-enabled configuration to catch template issues - Renders both the default deployment and an agent-enabled configuration to catch template issues
@ -59,9 +58,8 @@ Runs `helm lint --strict` and renders the chart with common configuration combin
**File**: `publish-helm-chart.yml` **File**: `publish-helm-chart.yml`
Packages the Helm chart and pushes it to the GitHub Container Registry (OCI) whenever a GitHub Release is published. Also makes the packaged `.tgz` available as both an Actions artifact and a release asset. The same behaviour can be triggered locally via `./scripts/package-helm-chart.sh <version> [--push]`. Packages the Helm chart and pushes it to the GitHub Container Registry (OCI) when dispatched by the release pipeline, or manually via workflow dispatch. Also makes the packaged `.tgz` available as both an Actions artifact and a release asset. The same behaviour can be triggered locally via `./scripts/package-helm-chart.sh <version> [--push]`.
- Triggered by the release pipeline via workflow dispatch, or manually from the Actions tab
- Triggered automatically on `release: published`, or manually via workflow dispatch (requires `chart_version` input)
- Chart and app versions mirror the Pulse release tag (e.g., `v4.24.0``4.24.0`) - Chart and app versions mirror the Pulse release tag (e.g., `v4.24.0``4.24.0`)
- Publishes to `oci://ghcr.io/<owner>/pulse-chart` - Publishes to `oci://ghcr.io/<owner>/pulse-chart`
- Requires no additional secrets—uses the built-in `GITHUB_TOKEN` with `packages: write` permission - Requires no additional secrets—uses the built-in `GITHUB_TOKEN` with `packages: write` permission

19
.github/workflows/create-release.yml vendored
View file

@ -503,18 +503,29 @@ jobs:
- name: Trigger Docker image publish - name: Trigger Docker image publish
if: ${{ github.event.inputs.draft_only != 'true' }} if: ${{ github.event.inputs.draft_only != 'true' }}
continue-on-error: true
env: env:
GH_TOKEN: ${{ secrets.WORKFLOW_PAT }} GH_TOKEN: ${{ secrets.WORKFLOW_PAT }}
run: | run: |
gh workflow run publish-docker.yml \ gh workflow run publish-docker.yml \
--ref "${GITHUB_REF_NAME}" \ --ref "${GITHUB_REF_NAME}" \
-f tag="${{ needs.prepare.outputs.tag }}" -f tag="${{ needs.prepare.outputs.tag }}" \
-f target_branch="${GITHUB_REF_NAME}"
echo "[OK] Docker publish workflow dispatched" echo "[OK] Docker publish workflow dispatched"
- name: Trigger demo server update - name: Trigger Helm chart publish
if: ${{ github.event.inputs.draft_only != 'true' }} if: ${{ github.event.inputs.draft_only != 'true' }}
continue-on-error: true env:
GH_TOKEN: ${{ secrets.WORKFLOW_PAT }}
run: |
gh workflow run publish-helm-chart.yml \
--ref "${GITHUB_REF_NAME}" \
-f chart_version="${{ needs.prepare.outputs.version }}" \
-f app_version="${{ needs.prepare.outputs.version }}" \
-f release_tag="${{ needs.prepare.outputs.tag }}"
echo "[OK] Helm chart publish workflow dispatched"
- name: Trigger demo server update
if: ${{ github.event.inputs.draft_only != 'true' && needs.prepare.outputs.is_prerelease != 'true' }}
env: env:
GH_TOKEN: ${{ secrets.WORKFLOW_PAT }} GH_TOKEN: ${{ secrets.WORKFLOW_PAT }}
run: | run: |

75
.github/workflows/helm-pages.yml vendored
View file

@ -1,17 +1,20 @@
name: Release Helm Chart to GitHub Pages name: Release Helm Chart to GitHub Pages
run-name: Release Helm Chart ${{ inputs.chart_version }} run-name: Release Helm Chart ${{ inputs.chart_version }}
# Triggered automatically when publish-docker.yml completes, or manually # Triggered by publish-docker.yml after image publication, or manually.
# We wait for Docker publish because the smoke test pulls the Docker image # The smoke test pulls the Docker image for the release tag.
on: on:
workflow_run:
workflows: ["Publish Docker Images"]
types: [completed]
workflow_dispatch: workflow_dispatch:
inputs: inputs:
chart_version: chart_version:
description: "Chart version (e.g., 4.28.0)" description: "Chart version (e.g., 4.28.0)"
required: true required: true
type: string
target_branch:
description: "Branch to update (defaults to release/5.1)"
required: false
default: "release/5.1"
type: string
permissions: permissions:
contents: write contents: write
@ -19,13 +22,31 @@ permissions:
jobs: jobs:
release: release:
runs-on: ubuntu-latest runs-on: ubuntu-latest
# Only run if workflow_dispatch OR if workflow_run completed successfully
if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
steps: steps:
- name: Resolve target branch
id: target_branch
run: |
TARGET_BRANCH="${{ inputs.target_branch }}"
if [ -z "$TARGET_BRANCH" ]; then
TARGET_BRANCH="release/5.1"
fi
if [ -z "$TARGET_BRANCH" ]; then
echo "::error::Could not determine target branch"
exit 1
fi
echo "branch=$TARGET_BRANCH" >> "$GITHUB_OUTPUT"
echo "Using target branch: $TARGET_BRANCH"
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
ref: ${{ steps.target_branch.outputs.branch }}
- name: Ensure branch checkout
run: git checkout "${{ steps.target_branch.outputs.branch }}"
- name: Configure Git - name: Configure Git
run: | run: |
@ -46,6 +67,8 @@ jobs:
helm-docs --version helm-docs --version
- name: Generate chart documentation - name: Generate chart documentation
env:
TARGET_BRANCH: ${{ steps.target_branch.outputs.branch }}
run: | run: |
cd deploy/helm/pulse cd deploy/helm/pulse
helm-docs helm-docs
@ -56,40 +79,26 @@ jobs:
git config user.email "$GITHUB_ACTOR@users.noreply.github.com" git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
git add README.md git add README.md
git commit -m "Auto-update Helm chart documentation" git commit -m "Auto-update Helm chart documentation"
git pull --rebase origin main git pull --rebase origin "$TARGET_BRANCH"
git push origin main git push origin HEAD:"$TARGET_BRANCH"
fi fi
cd ../../.. cd ../../..
- name: Determine chart version - name: Resolve chart version
id: version id: version
env:
GH_TOKEN: ${{ github.token }}
run: | run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then VERSION="${{ inputs.chart_version }}"
# Manual dispatch - use input directly if [ -z "$VERSION" ]; then
VERSION="${{ inputs.chart_version }}" echo "::error::chart_version input is required"
else exit 1
# workflow_run trigger - extract version from the triggering workflow
RUN_ID="${{ github.event.workflow_run.id }}"
echo "Extracting version from workflow run ${RUN_ID}..."
WORKFLOW_DATA=$(gh api repos/${{ github.repository }}/actions/runs/${RUN_ID})
TAG=$(echo "$WORKFLOW_DATA" | jq -r '.display_title' | grep -oP 'v?\d+\.\d+\.\d+(-[a-zA-Z]+\.\d+)?' || echo "")
if [ -z "$TAG" ]; then
echo "::error::Could not extract version from workflow_run"
exit 1
fi
# Remove leading 'v' if present
VERSION="${TAG#v}"
fi fi
echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "version=$VERSION" >> "$GITHUB_OUTPUT"
echo "Chart version: $VERSION" echo "Chart version: $VERSION"
- name: Update Chart.yaml version - name: Update Chart.yaml version
env:
TARGET_BRANCH: ${{ steps.target_branch.outputs.branch }}
run: | run: |
VERSION="${{ steps.version.outputs.version }}" VERSION="${{ steps.version.outputs.version }}"
sed -i "s/^version: .*/version: $VERSION/" deploy/helm/pulse/Chart.yaml sed -i "s/^version: .*/version: $VERSION/" deploy/helm/pulse/Chart.yaml
@ -101,8 +110,8 @@ jobs:
git config user.email "$GITHUB_ACTOR@users.noreply.github.com" git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
git add deploy/helm/pulse/Chart.yaml git add deploy/helm/pulse/Chart.yaml
git commit -m "Auto-update Helm chart version to $VERSION" git commit -m "Auto-update Helm chart version to $VERSION"
git pull --rebase origin main git pull --rebase origin "$TARGET_BRANCH"
git push origin main git push origin HEAD:"$TARGET_BRANCH"
fi fi
- name: Validate Helm chart - name: Validate Helm chart

53
.github/workflows/promote-floating-tags.yml vendored
View file

@ -1,11 +1,8 @@
name: Promote Floating Tags name: Promote Floating Tags
run-name: Promote Floating Tags ${{ inputs.tag }} run-name: Promote Floating Tags ${{ inputs.tag }}
# Triggered automatically when publish-docker.yml completes, or manually # Triggered by publish-docker.yml after image publication, or manually.
on: on:
workflow_run:
workflows: ["Publish Docker Images"]
types: [completed]
workflow_dispatch: workflow_dispatch:
inputs: inputs:
tag: tag:
@ -21,52 +18,22 @@ on:
jobs: jobs:
promote-images: promote-images:
runs-on: ubuntu-latest runs-on: ubuntu-latest
# Only run if workflow_dispatch OR if workflow_run completed successfully
if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
permissions: permissions:
contents: read contents: read
packages: write packages: write
steps: steps:
- name: Extract tag from trigger - name: Resolve release tag
id: extract id: extract
env:
GH_TOKEN: ${{ github.token }}
run: | run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then TAG="${{ inputs.tag }}"
# Manual dispatch - use inputs directly PRERELEASE="${{ inputs.prerelease }}"
TAG="${{ inputs.tag }}"
PRERELEASE="${{ inputs.prerelease }}" if [ -z "$TAG" ]; then
else echo "::error::tag input is required"
# workflow_run trigger - extract from the triggering workflow's inputs exit 1
# The publish-docker workflow was triggered with a tag input
RUN_ID="${{ github.event.workflow_run.id }}"
echo "Extracting inputs from workflow run ${RUN_ID}..."
# Get the workflow run details to extract the tag
WORKFLOW_DATA=$(gh api repos/${{ github.repository }}/actions/runs/${RUN_ID})
TAG=$(echo "$WORKFLOW_DATA" | jq -r '.head_branch // ""')
# If head_branch is main, we need to get it from the run's inputs
# The inputs are stored in the run's display_title or we parse from artifacts
if [ "$TAG" = "main" ] || [ -z "$TAG" ]; then
# Try to get from run name which typically includes the tag
TAG=$(echo "$WORKFLOW_DATA" | jq -r '.display_title' | grep -oP 'v\d+\.\d+\.\d+(-[a-zA-Z]+\.\d+)?' || echo "")
fi
if [ -z "$TAG" ]; then
echo "::error::Could not extract tag from workflow_run"
exit 1
fi
# Detect prerelease from tag
if [[ "$TAG" =~ -rc\.[0-9]+$ ]] || [[ "$TAG" =~ -alpha\.[0-9]+$ ]] || [[ "$TAG" =~ -beta\.[0-9]+$ ]]; then
PRERELEASE="true"
else
PRERELEASE="false"
fi
fi fi
echo "tag=${TAG}" >> $GITHUB_OUTPUT echo "tag=${TAG}" >> $GITHUB_OUTPUT
echo "prerelease=${PRERELEASE}" >> $GITHUB_OUTPUT echo "prerelease=${PRERELEASE}" >> $GITHUB_OUTPUT
echo "Promoting floating tags for ${TAG} (prerelease: ${PRERELEASE})" echo "Promoting floating tags for ${TAG} (prerelease: ${PRERELEASE})"
@ -92,7 +59,7 @@ jobs:
MAX_ATTEMPTS=30 MAX_ATTEMPTS=30
ATTEMPT=0 ATTEMPT=0
# Wait for main pulse image # Wait for Pulse server image
while [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do while [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do
if docker manifest inspect rcourtman/pulse:${TAG} > /dev/null 2>&1; then if docker manifest inspect rcourtman/pulse:${TAG} > /dev/null 2>&1; then
echo "Image rcourtman/pulse:${TAG} is available!" echo "Image rcourtman/pulse:${TAG} is available!"

43
.github/workflows/publish-docker.yml vendored
View file

@ -2,7 +2,8 @@ name: Publish Docker Images
run-name: Publish Docker Images ${{ inputs.tag }} run-name: Publish Docker Images ${{ inputs.tag }}
# Triggered by create-release.yml after staging images pass tests. # Triggered by create-release.yml after staging images pass tests.
# Builds multi-arch images (amd64+arm64) from source and publishes to Docker Hub and GHCR. # Builds multi-arch images (amd64+arm64) from source, publishes to Docker Hub and GHCR,
# then dispatches the downstream maintenance-branch workflows that depend on those images.
on: on:
workflow_dispatch: workflow_dispatch:
inputs: inputs:
@ -10,6 +11,10 @@ on:
description: 'Release tag (e.g., v4.34.0)' description: 'Release tag (e.g., v4.34.0)'
required: true required: true
type: string type: string
target_branch:
description: 'Branch to dispatch downstream workflows on (defaults to the workflow ref)'
required: false
type: string
concurrency: concurrency:
group: docker-publish-${{ inputs.tag }} group: docker-publish-${{ inputs.tag }}
@ -47,6 +52,22 @@ jobs:
echo "is_prerelease=${IS_PRERELEASE}" >> $GITHUB_OUTPUT echo "is_prerelease=${IS_PRERELEASE}" >> $GITHUB_OUTPUT
echo "Publishing Docker images for ${TAG} (prerelease: ${IS_PRERELEASE})" echo "Publishing Docker images for ${TAG} (prerelease: ${IS_PRERELEASE})"
- name: Resolve downstream branch
id: target_branch
run: |
TARGET_BRANCH="${{ inputs.target_branch }}"
if [ -z "$TARGET_BRANCH" ]; then
TARGET_BRANCH="${GITHUB_REF_NAME}"
fi
if [ -z "$TARGET_BRANCH" ]; then
echo "::error::Could not determine downstream target branch"
exit 1
fi
echo "branch=${TARGET_BRANCH}" >> "$GITHUB_OUTPUT"
echo "Using downstream target branch: ${TARGET_BRANCH}"
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v3
@ -129,3 +150,23 @@ jobs:
if [ "$IS_PRERELEASE" = "true" ]; then if [ "$IS_PRERELEASE" = "true" ]; then
echo "Note: :latest tags were NOT updated (this is a prerelease)" echo "Note: :latest tags were NOT updated (this is a prerelease)"
fi fi
- name: Trigger floating tag promotion
env:
GH_TOKEN: ${{ secrets.WORKFLOW_PAT }}
run: |
gh workflow run promote-floating-tags.yml \
--ref "${{ steps.target_branch.outputs.branch }}" \
-f tag="${{ steps.version.outputs.tag }}" \
-f prerelease="${{ steps.version.outputs.is_prerelease }}"
echo "[OK] Floating tag promotion workflow dispatched"
- name: Trigger Helm Pages release
env:
GH_TOKEN: ${{ secrets.WORKFLOW_PAT }}
run: |
gh workflow run helm-pages.yml \
--ref "${{ steps.target_branch.outputs.branch }}" \
-f chart_version="${{ steps.version.outputs.version }}" \
-f target_branch="${{ steps.target_branch.outputs.branch }}"
echo "[OK] Helm Pages workflow dispatched"

41
.github/workflows/publish-helm-chart.yml vendored
View file

@ -1,16 +1,20 @@
name: Publish Helm Chart name: Publish Helm Chart
on: on:
release:
types: [published]
workflow_dispatch: workflow_dispatch:
inputs: inputs:
chart_version: chart_version:
description: "Chart version (required when running manually, use format 4.24.0)" description: "Chart version (required when running manually, use format 4.24.0)"
required: true required: true
type: string
app_version: app_version:
description: "Application version to embed (defaults to chart version)" description: "Application version to embed (defaults to chart version)"
required: false required: false
type: string
release_tag:
description: "Release tag to attach the chart asset to (e.g., v5.1.28)"
required: true
type: string
jobs: jobs:
publish: publish:
@ -31,27 +35,23 @@ jobs:
- name: Determine chart version - name: Determine chart version
id: versions id: versions
run: | run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then CHART_VERSION="${{ inputs.chart_version }}"
CHART_VERSION="${{ inputs.chart_version }}" if [ -z "$CHART_VERSION" ]; then
if [ -z "$CHART_VERSION" ]; then echo "::error::chart_version input is required"
echo "::error::chart_version input is required when running manually" exit 1
exit 1 fi
fi
APP_VERSION="${{ inputs.app_version }}" APP_VERSION="${{ inputs.app_version }}"
if [ -z "$APP_VERSION" ]; then if [ -z "$APP_VERSION" ]; then
APP_VERSION="$CHART_VERSION"
fi
RELEASE_TAG="$CHART_VERSION"
else
RELEASE_TAG="${{ github.event.release.tag_name }}"
if [ -z "$RELEASE_TAG" ]; then
echo "::error::Release tag is empty"
exit 1
fi
CHART_VERSION="${RELEASE_TAG#v}"
APP_VERSION="$CHART_VERSION" APP_VERSION="$CHART_VERSION"
fi fi
RELEASE_TAG="${{ inputs.release_tag }}"
if [ -z "$RELEASE_TAG" ]; then
echo "::error::release_tag input is required"
exit 1
fi
echo "chart_version=$CHART_VERSION" >> "$GITHUB_OUTPUT" echo "chart_version=$CHART_VERSION" >> "$GITHUB_OUTPUT"
echo "app_version=$APP_VERSION" >> "$GITHUB_OUTPUT" echo "app_version=$APP_VERSION" >> "$GITHUB_OUTPUT"
echo "release_tag=$RELEASE_TAG" >> "$GITHUB_OUTPUT" echo "release_tag=$RELEASE_TAG" >> "$GITHUB_OUTPUT"
@ -97,7 +97,6 @@ jobs:
echo "Package visibility configuration attempted. Verify at: https://github.com/${{ github.repository_owner }}?tab=packages" echo "Package visibility configuration attempted. Verify at: https://github.com/${{ github.repository_owner }}?tab=packages"
- name: Attach chart to release - name: Attach chart to release
if: github.event_name == 'release'
env: env:
GITHUB_TOKEN: ${{ github.token }} GITHUB_TOKEN: ${{ github.token }}
run: | run: |

49
.github/workflows/update-demo-server.yml vendored
View file

@ -1,8 +1,6 @@
name: Update Demo Server name: Update Demo Server
on: on:
release:
types: [published]
workflow_dispatch: workflow_dispatch:
inputs: inputs:
tag: tag:
@ -15,51 +13,24 @@ permissions:
jobs: jobs:
update-demo: update-demo:
# Only run for stable releases (not pre-releases) or manual dispatch
if: github.event_name == 'workflow_dispatch' || github.event.release.prerelease == false
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Resolve target tag - name: Resolve target tag
id: target id: target
run: | run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then TAG="${{ inputs.tag }}"
TAG="${{ inputs.tag }}" if [ -z "$TAG" ]; then
else echo "::error::tag input is required"
TAG="${{ github.event.release.tag_name }}" exit 1
fi fi
echo "tag=$TAG" >> "$GITHUB_OUTPUT" echo "tag=$TAG" >> "$GITHUB_OUTPUT"
- name: Skip if not latest published release - name: Confirm deployment target
id: gate
if: github.event_name == 'release'
env:
GH_TOKEN: ${{ github.token }}
run: | run: |
TARGET="${{ steps.target.outputs.tag }}" echo "Deploying demo server for tag: ${{ steps.target.outputs.tag }}"
LATEST=$(gh api "repos/${{ github.repository }}/releases?per_page=100" --jq 'map(select(.draft == false and .prerelease == false and (.tag_name | test("^v5\\.1\\.[0-9]+$"))))[0].tag_name')
echo "Target tag: $TARGET"
echo "Latest published v5.1 tag: $LATEST"
if [ "$TARGET" != "$LATEST" ]; then
echo "skip=true" >> "$GITHUB_OUTPUT"
echo "Release is not the latest v5.1 stable release; skipping demo update."
else
echo "skip=false" >> "$GITHUB_OUTPUT"
fi
- name: Check release type
if: steps.gate.outputs.skip != 'true'
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
echo "Manual deployment triggered for: ${{ inputs.tag }}"
else
echo "Release: ${{ github.event.release.tag_name }}"
echo "Prerelease: ${{ github.event.release.prerelease }}"
echo "Updating demo server to latest stable v5.1 release..."
fi
- name: Wait for release assets - name: Wait for release assets
if: steps.gate.outputs.skip != 'true'
run: | run: |
TAG="${{ steps.target.outputs.tag }}" TAG="${{ steps.target.outputs.tag }}"
echo "Waiting for release assets to be available..." echo "Waiting for release assets to be available..."
@ -94,7 +65,6 @@ jobs:
exit 1 exit 1
- name: Setup SSH - name: Setup SSH
if: steps.gate.outputs.skip != 'true'
run: | run: |
mkdir -p ~/.ssh mkdir -p ~/.ssh
echo "${{ secrets.DEMO_SERVER_SSH_KEY }}" > ~/.ssh/id_ed25519 echo "${{ secrets.DEMO_SERVER_SSH_KEY }}" > ~/.ssh/id_ed25519
@ -102,7 +72,6 @@ jobs:
ssh-keyscan -H ${{ secrets.DEMO_SERVER_HOST }} >> ~/.ssh/known_hosts ssh-keyscan -H ${{ secrets.DEMO_SERVER_HOST }} >> ~/.ssh/known_hosts
- name: Check current demo version - name: Check current demo version
if: steps.gate.outputs.skip != 'true'
id: current id: current
run: | run: |
TARGET="${{ steps.target.outputs.tag }}" TARGET="${{ steps.target.outputs.tag }}"
@ -118,7 +87,7 @@ jobs:
fi fi
- name: Update demo server - name: Update demo server
if: steps.gate.outputs.skip != 'true' && steps.current.outputs.skip_current != 'true' if: steps.current.outputs.skip_current != 'true'
run: | run: |
TAG="${{ steps.target.outputs.tag }}" TAG="${{ steps.target.outputs.tag }}"
# Use set -o pipefail to ensure curl errors aren't masked by bash # Use set -o pipefail to ensure curl errors aren't masked by bash
@ -126,7 +95,7 @@ jobs:
"set -o pipefail && curl -fsSL https://raw.githubusercontent.com/rcourtman/Pulse/release/5.1/install.sh | sudo bash -s -- --version $TAG" "set -o pipefail && curl -fsSL https://raw.githubusercontent.com/rcourtman/Pulse/release/5.1/install.sh | sudo bash -s -- --version $TAG"
- name: Verify update - name: Verify update
if: steps.gate.outputs.skip != 'true' && steps.current.outputs.skip_current != 'true' if: steps.current.outputs.skip_current != 'true'
run: | run: |
# Wait a moment for service to restart # Wait a moment for service to restart
sleep 5 sleep 5
@ -160,5 +129,5 @@ jobs:
fi fi
- name: Cleanup SSH key - name: Cleanup SSH key
if: always() && steps.gate.outputs.skip != 'true' if: always()
run: rm -f ~/.ssh/id_ed25519 run: rm -f ~/.ssh/id_ed25519

44
.github/workflows/validate-release-assets.yml vendored
View file

@ -23,8 +23,6 @@ on:
description: 'Commit SHA associated with the release' description: 'Commit SHA associated with the release'
required: true required: true
type: string type: string
release:
types: [edited]
workflow_dispatch: workflow_dispatch:
inputs: inputs:
tag: tag:
@ -61,37 +59,17 @@ jobs:
- name: Determine release context - name: Determine release context
id: context id: context
env:
EVENT_NAME: ${{ github.event_name }}
INPUT_TAG: ${{ inputs.tag }}
INPUT_VERSION: ${{ inputs.version }}
INPUT_RELEASE_ID: ${{ inputs.release_id }}
INPUT_DRAFT: ${{ inputs.draft }}
INPUT_COMMIT: ${{ inputs.target_commitish }}
run: | run: |
python3 <<'EOF' > context.env python3 <<'EOF' > context.env
import json, os, sys import os, sys
event_name = os.environ.get("EVENT_NAME", "") result = {
result = {} "tag": os.environ.get("INPUT_TAG", ""),
"version": os.environ.get("INPUT_VERSION", ""),
if event_name == "release": "release_id": os.environ.get("INPUT_RELEASE_ID", ""),
with open(os.environ["GITHUB_EVENT_PATH"], "r", encoding="utf-8") as handle: "target_commitish": os.environ.get("INPUT_COMMIT", ""),
data = json.load(handle) "draft": str(os.environ.get("INPUT_DRAFT", "false")).lower(),
release = data.get("release") or {} }
result["tag"] = release.get("tag_name", "")
tag = result["tag"]
result["version"] = tag[1:] if tag.startswith("v") else tag
result["release_id"] = str(release.get("id", ""))
result["target_commitish"] = release.get("target_commitish", "")
result["draft"] = str(release.get("draft", False)).lower()
else:
result["tag"] = os.environ.get("INPUT_TAG", "")
result["version"] = os.environ.get("INPUT_VERSION", "")
result["release_id"] = os.environ.get("INPUT_RELEASE_ID", "")
result["target_commitish"] = os.environ.get("INPUT_COMMIT", "")
draft_value = os.environ.get("INPUT_DRAFT", "false")
result["draft"] = str(draft_value).lower()
if not result["tag"] or not result["release_id"]: if not result["tag"] or not result["release_id"]:
sys.stderr.write("::error::Release metadata is missing. Provide tag, version, release_id, and target_commitish.\n") sys.stderr.write("::error::Release metadata is missing. Provide tag, version, release_id, and target_commitish.\n")
@ -104,6 +82,12 @@ jobs:
EOF EOF
cat context.env >> "$GITHUB_OUTPUT" cat context.env >> "$GITHUB_OUTPUT"
cat context.env cat context.env
env:
INPUT_TAG: ${{ inputs.tag }}
INPUT_VERSION: ${{ inputs.version }}
INPUT_RELEASE_ID: ${{ inputs.release_id }}
INPUT_DRAFT: ${{ inputs.draft }}
INPUT_COMMIT: ${{ inputs.target_commitish }}
- name: Download all release assets - name: Download all release assets
if: steps.context.outputs.should_run == 'true' if: steps.context.outputs.should_run == 'true'