forked from containrrr/watchtower
-
-
Notifications
You must be signed in to change notification settings - Fork 60
109 lines (99 loc) · 3.87 KB
/
release-nightly.yaml
File metadata and controls
109 lines (99 loc) · 3.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
---
name: Release Nightly
on:
workflow_dispatch:
inputs:
DRY_RUN:
description: "Run in test mode without publishing artifacts"
required: false
default: false
type: boolean
FORCE_RELEASE:
description: "Skip change detection and force the release"
required: false
default: false
type: boolean
schedule:
- cron: "0 0 * * *"
permissions:
contents: read # Set default read-only permissions
jobs:
check_changes:
name: Check for Code Changes
runs-on: ubuntu-latest
permissions:
contents: read # For code checkout
actions: read # For querying previous workflow runs via API
outputs:
has-changes: ${{ steps.check.outputs.has-changes }}
steps:
- name: Checkout Repository
if: ${{ inputs.FORCE_RELEASE != 'true' }}
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
fetch-depth: 0
persist-credentials: false
- name: Get Last Successful Nightly Release
if: ${{ inputs.FORCE_RELEASE != 'true' }}
id: last-run
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BRANCH: ${{ github.ref_name }}
run: |
# Find the most recent successful run of this workflow (not failed/cancelled)
LAST_NIGHTLY_COMMIT=$(gh api repos/"${{ github.repository }}"/actions/runs | \
jq --arg branch "$BRANCH" -r '.workflow_runs[] | select(.status=="completed" and .conclusion=="success" and .path==".github/workflows/release-nightly.yaml" and .head_branch==$branch) | .head_sha' | head -1)
echo "last_nightly_commit=$LAST_NIGHTLY_COMMIT" >> "$GITHUB_OUTPUT"
- name: Check for Changes
id: check
env:
LAST_NIGHTLY_COMMIT: ${{ steps.last-run.outputs.last_nightly_commit }}
run: |
if [ "${{ inputs.FORCE_RELEASE }}" = "true" ]; then
echo "Force release enabled, skipping change detection"
echo "has-changes=true" >> "$GITHUB_OUTPUT"
exit 0
fi
if [ -z "$LAST_NIGHTLY_COMMIT" ]; then
echo "No previous successful nightly run found, proceeding with build"
echo "has-changes=true" >> "$GITHUB_OUTPUT"
exit 0
fi
# Check if there are any changes in the watched paths since last successful nightly run
if ! CHANGED=$(git diff --name-only "$LAST_NIGHTLY_COMMIT" HEAD -- "cmd/**" "pkg/**" "internal/**" main.go go.mod go.sum); then
echo "git diff failed, treating as changes present"
echo "has-changes=true" >> "$GITHUB_OUTPUT"
exit 0
fi
if [ -n "$CHANGED" ]; then
echo "Detected changes in watched paths:"
echo "$CHANGED"
echo "has-changes=true" >> "$GITHUB_OUTPUT"
else
echo "No changes detected in watched paths since last successful nightly run"
echo "has-changes=false" >> "$GITHUB_OUTPUT"
fi
test:
name: Run Tests
needs: [check_changes]
if: ${{ needs.check_changes.outputs.has-changes == 'true' }}
uses: ./.github/workflows/test.yaml
permissions:
contents: read # For code checkout
build:
name: Run Build
needs: [check_changes, test]
if: ${{ needs.check_changes.outputs.has-changes == 'true' }}
uses: ./.github/workflows/build.yaml
permissions:
contents: write # For code checkout and uploading release artifacts
packages: write # For pushing images to registries
attestations: write # For generating provenance and SBOMs
id-token: write # For OIDC auth to Docker Hub and GHCR
secrets:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
with:
ENVIRONMENT: CI-Release
BUILD_TYPE: nightly
DRY_RUN: ${{ inputs.DRY_RUN || false }}