Commit 9406f12

authored

Chore: Use F5 artifactory GOPROXY and self-hosted runners (#3718)

Use F5 artifactory GOPROXY and self-hosted runners

1 parent 81d3c43 commit 9406f12Copy full SHA for 9406f12

File tree

9 files changed

+165

-27

lines changed

.github/workflows
docs/developer
- release-process.md

9 files changed

+165

-27

lines changed

`‎.github/workflows/build.yml‎`

Lines changed: 16 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,15 @@ on:`
`12`	`12`	`tag:`
`13`	`13`	`required: false`
`14`	`14`	`type: string`
	`15`	`+ default: ''`
	`16`	`+ dry_run:`
	`17`	`+ required: false`
	`18`	`+ type: boolean`
	`19`	`+ default: false`
	`20`	`+ runner:`
	`21`	`+ required: false`
	`22`	`+ type: string`
	`23`	`+ default: 'ubuntu-24.04'`
`15`	`24`
`16`	`25`	`defaults:`
`17`	`26`	`run:`
`@@ -27,7 +36,7 @@ jobs:`
`27`	`36`	`security-events: write # for github/codeql-action/upload-sarif to upload SARIF results`
`28`	`37`	`packages: write # for docker/build-push-action to push to GHCR`
`29`	`38`	`id-token: write # for docker/login to login to NGINX registry`
`30`		`- runs-on: ${{ github.event_name != 'pull_request' && contains(inputs.image, 'plus') && 'kic-plus' \|\| 'ubuntu-24.04' }}`
	`39`	`+ runs-on: ${{ inputs.runner }}`
`31`	`40`	`services:`
`32`	`41`	`registry:`
`33`	`42`	`image: registry:3`
`@@ -37,7 +46,7 @@ jobs:`
`37`	`46`	`- name: Checkout Repository`
`38`	`47`	`uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0`
`39`	`48`	`with:`
`40`		`- ref: ${{ inputs.tag != '' && format('refs/tags/v{0}', inputs.tag) \|\| github.ref }}`
	`49`	`+ ref: ${{ (inputs.tag != '' && !inputs.dry_run ) && format('refs/tags/v{0}', inputs.tag) \|\| github.ref }}`
`41`	`50`
`42`	`51`	`- name: Fetch Cached Artifacts`
`43`	`52`	`uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4`
`@@ -115,7 +124,7 @@ jobs:`
`115`	`124`	`type=edge`
`116`	`125`	`type=schedule`
`117`	`126`	`type=ref,event=pr`
`118`		`- type=ref,event=branch,suffix=-rc,enable=${{ startsWith(github.ref, 'refs/heads/release') }}`
	`127`	`+ type=ref,event=branch,suffix=-rc,enable=${{ startsWith(github.ref, 'refs/heads/release') && inputs.tag == '' }}`
`119`	`128`	`type=raw,value=${{ inputs.tag }},enable=${{ inputs.tag != '' }}`
`120`	`129`	`labels: \|`
`121`	`130`	`org.opencontainers.image.documentation=https://docs.nginx.com/nginx-gateway-fabric`
`@@ -140,7 +149,7 @@ jobs:`
`140`	`149`	`tags: ${{ steps.meta.outputs.tags }}`
`141`	`150`	`labels: ${{ steps.meta.outputs.labels }}`
`142`	`151`	`annotations: ${{ steps.meta.outputs.annotations }}`
`143`		`- push: true`
	`152`	`+ push: ${{ !inputs.dry_run }}`
`144`	`153`	`platforms: ${{ inputs.platforms }}`
`145`	`154`	`cache-from: type=gha,scope=${{ inputs.image }}`
`146`	`155`	`cache-to: type=gha,scope=${{ inputs.image }},mode=max`
`@@ -157,12 +166,14 @@ jobs:`
`157`	`166`	`${{ contains(inputs.image, 'plus') && format('"nginx-repo.key={0}"', secrets.NGINX_KEY) \|\| '' }}`
`158`	`167`
`159`	`168`	`- name: Inspect SBOM and output manifest`
	`169`	`+ if: ${{ !inputs.dry_run }}`
`160`	`170`	`run: \|`
`161`	`171`	`docker buildx imagetools inspect localhost:5000/nginx-gateway-fabric/${{ inputs.image }}:${{ steps.meta.outputs.version }} --format '{{ json (index .SBOM "linux/amd64").SPDX }}' > sbom-${{ inputs.image }}.json`
`162`	`172`	`docker buildx imagetools inspect localhost:5000/nginx-gateway-fabric/${{ inputs.image }}:${{ steps.meta.outputs.version }} --raw`
`163`	`173`
`164`	`174`	`- name: Scan SBOM`
`165`	`175`	`id: scan`
	`176`	`+ if: ${{ !inputs.dry_run }}`
`166`	`177`	`uses: anchore/scan-action@1638637db639e0ade3258b51db49a9a137574c3e # v6.5.1`
`167`	`178`	`with:`
`168`	`179`	`sbom: "sbom-${{ inputs.image }}.json"`
`@@ -172,8 +183,8 @@ jobs:`
`172`	`183`
`173`	`184`	`- name: Upload scan result to GitHub Security tab`
`174`	`185`	`uses: github/codeql-action/upload-sarif@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0`
	`186`	`+ if: ${{ !inputs.dry_run }}`
`175`	`187`	`continue-on-error: true`
`176`	`188`	`with:`
`177`	`189`	`sarif_file: ${{ steps.scan.outputs.sarif }}`
`178`	`190`	`category: build-${{ inputs.image }}`
`179`		`- if: always()`

`‎.github/workflows/ci.yml‎`

Lines changed: 40 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,18 +5,33 @@ on:`
`5`	`5`	`branches:`
`6`	`6`	`- main`
`7`	`7`	`- release-*`
`8`		`- tags:`
`9`		`- - "v[0-9]+.[0-9]+.[0-9]+*"`
`10`	`8`	`pull_request:`
`11`	`9`	`branches:`
`12`	`10`	`- "**"`
`13`	`11`	`schedule:`
`14`	`12`	`- cron: "0 4 * * *" # run every day at 4am UTC`
	`13`	`+ workflow_call:`
	`14`	`+ inputs:`
	`15`	`+ is_production_release:`
	`16`	`+ required: false`
	`17`	`+ type: boolean`
	`18`	`+ default: false`
	`19`	`+ release_version:`
	`20`	`+ required: false`
	`21`	`+ type: string`
	`22`	`+ default: ''`
	`23`	`+ dry_run:`
	`24`	`+ required: false`
	`25`	`+ type: boolean`
	`26`	`+ default: false`
`15`	`27`
`16`	`28`	`defaults:`
`17`	`29`	`run:`
`18`	`30`	`shell: bash`
`19`	`31`
	`32`	`+env:`
	`33`	`+ GOPROXY: ${{ (github.repository_owner == 'nginx' && (inputs.is_production_release \|\| github.event_name == 'push' && github.ref == 'refs/heads/main') && format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_ENDPOINT)) \|\| (github.repository_owner == 'nginx' && format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) \|\| 'direct') }}`
	`34`	`+`
`20`	`35`	`concurrency:`
`21`	`36`	`group: ${{ github.ref_name }}-ci`
`22`	`37`	`cancel-in-progress: true`
`@@ -127,7 +142,7 @@ jobs:`
`127`	`142`
`128`	`143`	`binary:`
`129`	`144`	`name: Build Binary`
`130`		`- runs-on: ubuntu-24.04`
	`145`	`+ runs-on: ${{ github.repository_owner == 'nginx' && (inputs.is_production_release \|\| (github.event_name == 'push' && github.ref == 'refs/heads/main')) && 'ubuntu-24.04-amd64' \|\| 'ubuntu-24.04' }}`
`131`	`146`	`needs: [vars, unit-tests, njs-unit-tests]`
`132`	`147`	`permissions:`
`133`	`148`	`contents: write # for goreleaser/goreleaser-action and lucacome/draft-release to create/update releases`
`@@ -147,31 +162,37 @@ jobs:`
`147`	`162`	`go.sum`
`148`	`163`	`.github/.cache/buster-for-binary`
`149`	`164`
	`165`	`+ - name: Set Go module cache`
	`166`	`+ run: \|`
	`167`	`+ mkdir -p ${{ github.workspace }}/.gocache`
	`168`	`+ echo "GOMODCACHE=${{ github.workspace }}/.gocache" >> $GITHUB_ENV`
	`169`	`+ echo "GOCACHE=${{ github.workspace }}/.gocache" >> $GITHUB_ENV`
	`170`	`+`
`150`	`171`	`- name: Create/Update Draft`
`151`	`172`	`uses: lucacome/draft-release@00f74370c044c322da6cb52acc707d62c7762c71 # v1.2.4`
`152`	`173`	`with:`
`153`	`174`	`minor-label: "enhancement"`
`154`	`175`	`major-label: "change"`
`155`		`- publish: ${{ github.ref_type == 'tag' }}`
	`176`	`+ publish: ${{ inputs.is_production_release && (inputs.dry_run == false \|\| inputs.dry_run == null) }}`
`156`	`177`	`collapse-after: 20`
`157`	`178`	`notes-header: \|`
`158`	`179`	`*Below is the auto-generated changelog, which includes all PRs that went into the release.`
`159`	`180`	`For a shorter version that highlights only important changes, see [CHANGELOG.md](https://github.com/nginx/nginx-gateway-fabric/blob/{{version}}/CHANGELOG.md).*`
`160`	`181`	`if: ${{ github.event_name == 'push' && github.ref != 'refs/heads/main' }}`
`161`	`182`
`162`	`183`	`- name: Download Syft`
	`184`	`+ if: ${{ inputs.is_production_release }}`
`163`	`185`	`uses: anchore/sbom-action/download-syft@da167eac915b4e86f08b264dbdbc867b61be6f0c # v0.20.5`
`164`		`- if: github.ref_type == 'tag'`
`165`	`186`
`166`	`187`	`- name: Install Cosign`
	`188`	`+ if: ${{ inputs.is_production_release }}`
`167`	`189`	`uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2`
`168`		`- if: github.ref_type == 'tag'`
`169`	`190`
`170`	`191`	`- name: Build binary`
`171`	`192`	`uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0`
`172`	`193`	`with:`
`173`	`194`	`version: v2.12.0 # renovate: datasource=github-tags depName=goreleaser/goreleaser`
`174`		`- args: ${{ github.ref_type == 'tag' && 'release' \|\| 'build --snapshot' }} --clean`
	`195`	`+ args: ${{ (inputs.is_production_release && (inputs.dry_run == false \|\| inputs.dry_run == null)) && 'release' \|\| 'build --snapshot' }} --clean`
`175`	`196`	`env:`
`176`	`197`	`GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}`
`177`	`198`	`GOPATH: ${{ needs.vars.outputs.go_path }}`
`@@ -200,6 +221,9 @@ jobs:`
`200`	`221`	`with:`
`201`	`222`	`image: ${{ matrix.image }}`
`202`	`223`	`platforms: ${{ matrix.platforms }}`
	`224`	`+ tag: ${{ inputs.release_version \|\| '' }}`
	`225`	`+ dry_run: ${{ inputs.dry_run \|\| false}}`
	`226`	`+ runner: ${{ github.repository_owner == 'nginx' && (inputs.is_production_release \|\| (github.event_name == 'push' && github.ref == 'refs/heads/main')) && 'ubuntu-24.04-amd64' \|\| 'ubuntu-24.04' }}`
`203`	`227`	`permissions:`
`204`	`228`	`contents: read # for docker/build-push-action to read repo content`
`205`	`229`	`security-events: write # for github/codeql-action/upload-sarif to upload SARIF results`
`@@ -214,6 +238,9 @@ jobs:`
`214`	`238`	`with:`
`215`	`239`	`image: plus`
`216`	`240`	`platforms: "linux/arm64, linux/amd64"`
	`241`	`+ tag: ${{ inputs.release_version \|\| '' }}`
	`242`	`+ dry_run: ${{ inputs.dry_run \|\| false }}`
	`243`	`+ runner: ${{ github.repository_owner == 'nginx' && (inputs.is_production_release \|\| (github.event_name == 'push' && github.ref == 'refs/heads/main')) && 'ubuntu-24.04-amd64' \|\| 'ubuntu-24.04' }}`
`217`	`244`	`permissions:`
`218`	`245`	`contents: read # for docker/build-push-action to read repo content`
`219`	`246`	`security-events: write # for github/codeql-action/upload-sarif to upload SARIF results`
`@@ -259,6 +286,8 @@ jobs:`
`259`	`286`	`image: ${{ matrix.image }}`
`260`	`287`	`k8s-version: ${{ matrix.k8s-version }}`
`261`	`288`	`enable-experimental: ${{ matrix.enable-experimental }}`
	`289`	`+ production-release: ${{ inputs.is_production_release == true && (inputs.dry_run == false \|\| inputs.dry_run == null) }}`
	`290`	`+ release_version: ${{ inputs.release_version }}`
`262`	`291`	`secrets: inherit`
`263`	`292`	`permissions:`
`264`	`293`	`contents: write`
`@@ -284,9 +313,9 @@ jobs:`
`284`	`313`
`285`	`314`	`publish-helm:`
`286`	`315`	`name: Package and Publish Helm Chart`
`287`		`- runs-on: ubuntu-24.04`
	`316`	`+ runs-on: ${{ github.repository_owner == 'nginx' && (inputs.is_production_release \|\| (github.event_name == 'push' && github.ref == 'refs/heads/main')) && 'ubuntu-24.04-amd64' \|\| 'ubuntu-24.04' }}`
`288`	`317`	`needs: [vars, helm-tests]`
`289`		`- if: ${{ github.event_name == 'push' && ! startsWith(github.ref, 'refs/heads/release-') }}`
	`318`	`+ if: ${{ (inputs.is_production_release && (inputs.dry_run == false \|\| inputs.dry_run == null)) \|\| (github.event_name == 'push' && ! startsWith(github.ref, 'refs/heads/release-')) }}`
`290`	`319`	`permissions:`
`291`	`320`	`contents: read`
`292`	`321`	`packages: write # for helm to push to GHCR`
`@@ -304,10 +333,11 @@ jobs:`
`304`	`333`	`- name: Package`
`305`	`334`	`id: package`
`306`	`335`	`run: \|`
`307`		`- output=$(helm package ${{ github.ref_type != 'tag' && '--app-version edge --version 0.0.0-edge' \|\| '' }} charts/nginx-gateway-fabric)`
	`336`	`+ output=$(helm package ${{ !inputs.is_production_release && '--app-version edge --version 0.0.0-edge' \|\| '' }} charts/nginx-gateway-fabric)`
`308`	`337`	`echo "path=$(basename -- $(echo $output \| cut -d: -f2))" >> $GITHUB_OUTPUT`
`309`	`338`
`310`	`339`	`- name: Push to GitHub Container Registry`
	`340`	`+ if: ${{ inputs.dry_run == false \|\| inputs.dry_run == null }}`
`311`	`341`	`run: \|`
`312`	`342`	`helm push ${{ steps.package.outputs.path }} oci://ghcr.io/nginx/charts`
`313`	`343`

`‎.github/workflows/conformance.yml‎`

Lines changed: 14 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,14 @@ on:`
`12`	`12`	`enable-experimental:`
`13`	`13`	`required: true`
`14`	`14`	`type: boolean`
	`15`	`+ production-release:`
	`16`	`+ required: false`
	`17`	`+ type: boolean`
	`18`	`+ default: false`
	`19`	`+ release_version:`
	`20`	`+ required: false`
	`21`	`+ type: string`
	`22`	`+ default: ''`
`15`	`23`
`16`	`24`	`defaults:`
`17`	`25`	`run:`
`@@ -20,6 +28,7 @@ defaults:`
`20`	`28`	`env:`
`21`	`29`	`PLUS_USAGE_ENDPOINT: ${{ secrets.JWT_PLUS_REPORTING_ENDPOINT }}`
`22`	`30`	`ENABLE_EXPERIMENTAL: ${{ inputs.enable-experimental }}`
	`31`	`+ GOPROXY: ${{ github.repository_owner == 'nginx' && format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) \|\| 'direct' }}`
`23`	`32`
`24`	`33`	`permissions:`
`25`	`34`	`contents: read`
`@@ -61,7 +70,8 @@ jobs:`
`61`	`70`	`type=edge`
`62`	`71`	`type=schedule`
`63`	`72`	`type=ref,event=pr`
`64`		`- type=ref,event=branch,suffix=-rc,enable=${{ startsWith(github.ref, 'refs/heads/release') }}`
	`73`	`+ type=ref,event=branch,suffix=-rc,enable=${{ startsWith(github.ref, 'refs/heads/release') && !inputs.production-release }}`
	`74`	`+ type=raw,value={{inputs.release_version}},enable=${{ inputs.production-release && inputs.release_version != '' }}`
`65`	`75`
`66`	`76`	`- name: NGINX Docker meta`
`67`	`77`	`id: nginx-meta`
`@@ -74,7 +84,8 @@ jobs:`
`74`	`84`	`type=edge`
`75`	`85`	`type=schedule`
`76`	`86`	`type=ref,event=pr`
`77`		`- type=ref,event=branch,suffix=-rc,enable=${{ startsWith(github.ref, 'refs/heads/release') }}`
	`87`	`+ type=ref,event=branch,suffix=-rc,enable=${{ startsWith(github.ref, 'refs/heads/release') && !inputs.production-release }}`
	`88`	`+ type=raw,value={{inputs.release_version}},enable=${{ inputs.production-release && inputs.release_version != '' }}`
`78`	`89`
`79`	`90`	`- name: Build binary`
`80`	`91`	`uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0`
`@@ -162,7 +173,7 @@ jobs:`
`162`	`173`	`path: ./tests/conformance-profile.yaml`
`163`	`174`
`164`	`175`	`- name: Upload profile to release`
`165`		`- if: ${{ startsWith(github.ref, 'refs/tags/') && inputs.enable-experimental }}`
	`176`	`+ if: ${{ inputs.production-release && inputs.enable-experimental }}`
`166`	`177`	`env:`
`167`	`178`	`GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}`
`168`	`179`	`run: gh release upload ${{ github.ref_name }} conformance-profile.yaml --clobber`

`‎.github/workflows/functional.yml‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@ defaults:`
`16`	`16`
`17`	`17`	`env:`
`18`	`18`	`PLUS_USAGE_ENDPOINT: ${{ secrets.JWT_PLUS_REPORTING_ENDPOINT }}`
	`19`	`+ GOPROXY: ${{ github.repository_owner == 'nginx' && format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) \|\| 'direct' }}`
`19`	`20`
`20`	`21`	`permissions:`
`21`	`22`	`contents: read`

`‎.github/workflows/helm.yml‎`

Lines changed: 0 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,6 @@ jobs:`
`44`	`44`	`type=edge`
`45`	`45`	`type=schedule`
`46`	`46`	`type=ref,event=pr`
`47`		`- type=ref,event=branch,suffix=-rc,enable=${{ startsWith(github.ref, 'refs/heads/release') }}`
`48`	`47`
`49`	`48`	`- name: NGINX Docker meta`
`50`	`49`	`id: nginx-meta`
`@@ -57,7 +56,6 @@ jobs:`
`57`	`56`	`type=edge`
`58`	`57`	`type=schedule`
`59`	`58`	`type=ref,event=pr`
`60`		`- type=ref,event=branch,suffix=-rc,enable=${{ startsWith(github.ref, 'refs/heads/release') }}`
`61`	`59`
`62`	`60`	`- name: Build NGF Docker Image`
`63`	`61`	`uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0`

`‎.github/workflows/lint.yml‎`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,9 @@ defaults:`
`12`	`12`	`run:`
`13`	`13`	`shell: bash`
`14`	`14`
	`15`	`+env:`
	`16`	`+ GOPROXY: ${{ github.repository_owner == 'nginx' && format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) \|\| 'direct' }}`
	`17`	`+`
`15`	`18`	`concurrency:`
`16`	`19`	`group: ${{ github.ref_name }}-lint`
`17`	`20`	`cancel-in-progress: true`

`‎.github/workflows/production-release.yml‎`

Lines changed: 85 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,85 @@`
	`1`	`+name: Production Release`
	`2`	`+`
	`3`	`+on:`
	`4`	`+ workflow_dispatch:`
	`5`	`+ inputs:`
	`6`	`+ version:`
	`7`	`+ description: 'Release version (e.g., v2.0.3)'`
	`8`	`+ required: true`
	`9`	`+ type: string`
	`10`	`+ dry_run:`
	`11`	`+ description: 'If true, does a dry run of the production workflow'`
	`12`	`+ required: false`
	`13`	`+ type: boolean`
	`14`	`+`
	`15`	`+run-name: ${{ inputs.dry_run && '[DRY RUN] ' \|\| '' }}Release ${{ inputs.version }} by @${{ github.actor }}`
	`16`	`+`
	`17`	`+defaults:`
	`18`	`+ run:`
	`19`	`+ shell: bash`
	`20`	`+`
	`21`	`+permissions:`
	`22`	`+ contents: read`
	`23`	`+`
	`24`	`+jobs:`
	`25`	`+ create-tag-and-release:`
	`26`	`+ runs-on: ubuntu-24.04`
	`27`	`+ if: startsWith(github.ref, 'refs/heads/release-')`
	`28`	`+ permissions:`
	`29`	`+ contents: write`
	`30`	`+ steps:`
	`31`	`+ - name: Validate Release Branch and Version`
	`32`	`+ run: \|`
	`33`	`+ echo "Validating release from: ${GITHUB_REF}"`
	`34`	`+`
	`35`	`+ INPUT_VERSION="${{ github.event.inputs.version }}"`
	`36`	`+`
	`37`	`+ # Validate version format`
	`38`	`+ if [[ ! "${INPUT_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then`
	`39`	`+ echo "❌ Invalid version format: ${INPUT_VERSION}"`
	`40`	`+ echo "Expected format: v1.2.3"`
	`41`	`+ exit 1`
	`42`	`+ fi`
	`43`	`+`
	`44`	`+ echo "✅ Valid release branch: ${GITHUB_REF}"`
	`45`	`+ echo "✅ Valid version format: ${INPUT_VERSION}"`
	`46`	`+`
	`47`	`+ - name: Checkout Repository`
	`48`	`+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8`
	`49`	`+ with:`
	`50`	`+ fetch-depth: 0`
	`51`	`+`
	`52`	`+ - name: Create Release Tag`
	`53`	`+ run: \|`
	`54`	`+ VERSION="${{ github.event.inputs.version }}"`
	`55`	`+ git config user.name "NGF Release Bot"`
	`56`	`+ git config user.email "integrations@nginx.com"`
	`57`	`+`
	`58`	`+ if git rev-parse --verify "refs/tags/${VERSION}" >/dev/null 2>&1; then`
	`59`	`+ echo "Tag ${VERSION} already exists - skipping tag creation"`
	`60`	`+ else`
	`61`	`+ echo "Creating annotated tag ${VERSION}"`
	`62`	`+ git tag -a "${VERSION}" -m "Release ${VERSION}"`
	`63`	`+`
	`64`	`+ if [[ "${{ inputs.dry_run }}" == "true" ]]; then`
	`65`	`+ echo "DRY RUN: Would push tag ${VERSION}"`
	`66`	`+ git push --dry-run origin "${VERSION}"`
	`67`	`+ else`
	`68`	`+ git push origin "${VERSION}"`
	`69`	`+ echo "Created and pushed tag: ${VERSION}"`
	`70`	`+ fi`
	`71`	`+ fi`
	`72`	`+`
	`73`	`+ production-build:`
	`74`	`+ needs: create-tag-and-release`
	`75`	`+ uses: ./.github/workflows/ci.yml`
	`76`	`+ with:`
	`77`	`+ is_production_release: true`
	`78`	`+ release_version: ${{ github.event.inputs.version }}`
	`79`	`+ dry_run: ${{ github.event.inputs.dry_run }}`
	`80`	`+ secrets: inherit`
	`81`	`+ permissions:`
	`82`	`+ contents: write`
	`83`	`+ packages: write`
	`84`	`+ id-token: write`
	`85`	`+ security-events: write`

`‎.github/workflows/renovate-build.yml‎`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,9 @@ defaults:`
`11`	`11`	`run:`
`12`	`12`	`shell: bash`
`13`	`13`
	`14`	`+env:`
	`15`	`+ GOPROXY: ${{ github.repository_owner == 'nginx' && format('https://{0}:{1}@{2}', secrets.ARTIFACTORY_USER, secrets.ARTIFACTORY_TOKEN, secrets.ARTIFACTORY_DEV_ENDPOINT) \|\| 'direct' }}`
	`16`	`+`
`14`	`17`	`concurrency:`
`15`	`18`	`group: ${{ github.ref_name }}-renovate`
`16`	`19`	`cancel-in-progress: true`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 9406f12

File tree

9 files changed

9 files changed

`‎.github/workflows/build.yml‎`

`‎.github/workflows/ci.yml‎`

`‎.github/workflows/conformance.yml‎`

`‎.github/workflows/functional.yml‎`

`‎.github/workflows/helm.yml‎`

`‎.github/workflows/lint.yml‎`

`‎.github/workflows/production-release.yml‎`

`‎.github/workflows/renovate-build.yml‎`

0 commit comments