diff --git a/.github/workflows/auto-tag-and-release.yml b/.github/workflows/auto-tag-and-release.yml index 013dc0556..b3b820de6 100644 --- a/.github/workflows/auto-tag-and-release.yml +++ b/.github/workflows/auto-tag-and-release.yml @@ -7,7 +7,7 @@ on: workflow_dispatch: inputs: force_services: - description: 'Force tag these services (comma-separated: backend_ee,drift,ui,statesman,token-service,projects-refresh)' + description: 'Force tag these services (comma-separated: backend_ee,drift,ui,statesman,token-service,projects-refresh,sidecar)' required: false default: '' @@ -25,12 +25,14 @@ jobs: statesman_changed: ${{ steps.changes.outputs.statesman }} token_service_changed: ${{ steps.changes.outputs.token_service }} projects_refresh_changed: ${{ steps.changes.outputs.projects_refresh }} + sidecar_changed: ${{ steps.changes.outputs.sidecar }} backend_ee_version: ${{ steps.versions.outputs.backend_ee_version }} drift_version: ${{ steps.versions.outputs.drift_version }} ui_version: ${{ steps.versions.outputs.ui_version }} statesman_version: ${{ steps.versions.outputs.statesman_version }} token_service_version: ${{ steps.versions.outputs.token_service_version }} projects_refresh_version: ${{ steps.versions.outputs.projects_refresh_version }} + sidecar_version: ${{ steps.versions.outputs.sidecar_version }} steps: - uses: actions/checkout@v4 with: @@ -49,6 +51,7 @@ jobs: [[ "$FORCE" == *"statesman"* ]] && echo "statesman=true" >> $GITHUB_OUTPUT || echo "statesman=false" >> $GITHUB_OUTPUT [[ "$FORCE" == *"token-service"* ]] && echo "token_service=true" >> $GITHUB_OUTPUT || echo "token_service=false" >> $GITHUB_OUTPUT [[ "$FORCE" == *"projects-refresh"* ]] && echo "projects_refresh=true" >> $GITHUB_OUTPUT || echo "projects_refresh=false" >> $GITHUB_OUTPUT + [[ "$FORCE" == *"sidecar"* ]] && echo "sidecar=true" >> $GITHUB_OUTPUT || echo "sidecar=false" >> $GITHUB_OUTPUT else # Auto-detect based on changed files PREV_COMMIT="${{ github.event.before }}" @@ -94,6 +97,13 @@ jobs: else echo "projects_refresh=false" >> $GITHUB_OUTPUT fi + + # Check sidecar changes + if git diff --name-only $PREV_COMMIT HEAD | grep -E '^(sandbox-sidecar/|\.github/workflows/sidecar-release\.yml)'; then + echo "sidecar=true" >> $GITHUB_OUTPUT + else + echo "sidecar=false" >> $GITHUB_OUTPUT + fi fi - name: Calculate new versions @@ -129,6 +139,7 @@ jobs: echo "statesman_version=$(get_next_version 'taco/statesman')" >> $GITHUB_OUTPUT echo "token_service_version=$(get_next_version 'taco/token-service')" >> $GITHUB_OUTPUT echo "projects_refresh_version=$(get_next_version 'projects-refresh')" >> $GITHUB_OUTPUT + echo "sidecar_version=$(get_next_version 'sandbox-sidecar')" >> $GITHUB_OUTPUT tag-backend-ee: needs: detect-changes @@ -250,6 +261,26 @@ jobs: echo "Created and pushed tag: $TAG" + tag-sidecar: + needs: detect-changes + if: needs.detect-changes.outputs.sidecar_changed == 'true' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + token: ${{ secrets.HELM_CHARTS_PAT }} + + - name: Create and push tag + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + TAG="sandbox-sidecar/${{ needs.detect-changes.outputs.sidecar_version }}" + git tag -a "$TAG" -m "Release sandbox-sidecar ${{ needs.detect-changes.outputs.sidecar_version }}" + git push origin "$TAG" + + echo "Created and pushed tag: $TAG" + summary: needs: - detect-changes @@ -259,6 +290,7 @@ jobs: - tag-statesman - tag-token-service - tag-projects-refresh + - tag-sidecar if: always() runs-on: ubuntu-latest steps: @@ -274,6 +306,7 @@ jobs: echo "| statesman | ${{ needs.detect-changes.outputs.statesman_changed }} | ${{ needs.detect-changes.outputs.statesman_version }} |" >> $GITHUB_STEP_SUMMARY echo "| token-service | ${{ needs.detect-changes.outputs.token_service_changed }} | ${{ needs.detect-changes.outputs.token_service_version }} |" >> $GITHUB_STEP_SUMMARY echo "| projects-refresh | ${{ needs.detect-changes.outputs.projects_refresh_changed }} | ${{ needs.detect-changes.outputs.projects_refresh_version }} |" >> $GITHUB_STEP_SUMMARY + echo "| sidecar | ${{ needs.detect-changes.outputs.sidecar_changed }} | ${{ needs.detect-changes.outputs.sidecar_version }} |" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "Tags have been created and pushed. Build workflows will trigger automatically." >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/sidecar-release.yml b/.github/workflows/sidecar-release.yml index 38f5da029..38a85e603 100644 --- a/.github/workflows/sidecar-release.yml +++ b/.github/workflows/sidecar-release.yml @@ -2,17 +2,8 @@ name: Sidecar Release on: push: - branches: - - main - - develop - paths: - - 'sandbox-sidecar/**' - - '.github/workflows/sidecar-release.yml' - pull_request: - paths: - - 'sandbox-sidecar/**' - release: - types: [published] + tags: + - 'sandbox-sidecar/v*' env: REGISTRY: ghcr.io @@ -21,19 +12,22 @@ env: jobs: build-and-push: runs-on: ubuntu-latest - permissions: - contents: read - packages: write - steps: - - name: Checkout repository - uses: actions/checkout@v4 + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Derive version + id: meta + run: | + TAG="${GITHUB_REF_NAME}" # e.g. sandbox-sidecar/v0.1.0.0 + VERSION="${TAG##*/}" # v0.1.0.0 + echo "version=$VERSION" >> $GITHUB_OUTPUT - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to Container Registry - if: github.event_name != 'pull_request' uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} @@ -41,40 +35,60 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata - id: meta + id: docker-meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=sha,prefix=sha- - type=raw,value=latest,enable={{is_default_branch}} + type=raw,value=${{ steps.meta.outputs.version }} + type=ref,event=tag + type=raw,value=latest - - name: Set up Depot - uses: depot/setup-action@v1 - - - name: Build and push Docker image - id: build-push - uses: depot/build-push-action@v1 + - uses: depot/setup-action@v1 + - uses: depot/build-push-action@v1 with: project: 43l6gkbwqm token: ${{ secrets.DEPOT_TOKEN }} context: ./sandbox-sidecar file: ./sandbox-sidecar/Dockerfile_sidecar - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + push: true platforms: linux/amd64,linux/arm64 + tags: ${{ steps.docker-meta.outputs.tags }} + labels: ${{ steps.docker-meta.outputs.labels }} + build-args: | + COMMIT_SHA=${{ github.sha }} + VERSION=${{ steps.meta.outputs.version }} + + create-release: + needs: [build-and-push] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Derive version + id: meta + run: | + TAG="${GITHUB_REF_NAME}" # e.g. sandbox-sidecar/v0.1.0.0 + VERSION="${TAG##*/}" # v0.1.0.0 + echo "version=$VERSION" >> $GITHUB_OUTPUT - - name: Generate artifact attestation - if: github.event_name != 'pull_request' - uses: actions/attest-build-provenance@v1 + - name: Create GitHub Release + uses: softprops/action-gh-release@v1 with: - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - subject-digest: ${{ steps.build-push.outputs.digest }} - push-to-registry: true + tag_name: ${{ github.ref_name }} + name: Sandbox Sidecar ${{ steps.meta.outputs.version }} + body: | + ## Sandbox Sidecar ${{ steps.meta.outputs.version }} + + Node.js service for managing E2B sandboxes for remote Terraform/OpenTofu execution. + + ### Docker Image + ```bash + docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} + ``` + + draft: false + prerelease: false