github.com/letsencrypt/boulder@v0.20251208.0/.github/workflows/release.yml (about) 1 # Build the Boulder Debian package on tag push, and attach it to a GitHub 2 # release. 3 # 4 # Keep the GO_VERSION matrix and the container-building steps in sync with 5 # try-release.yml. 6 name: Build release 7 on: 8 push: 9 tags: 10 - '**' 11 12 jobs: 13 draft-release: 14 runs-on: ubuntu-24.04 15 permissions: 16 contents: write 17 steps: 18 - uses: actions/checkout@v4 19 with: 20 persist-credentials: false 21 fetch-depth: '0' # Needed for verify-release-ancestry.sh to see origin/main 22 23 - name: Verify release ancestry 24 run: ./tools/verify-release-ancestry.sh "$GITHUB_SHA" 25 26 - name: Create draft release 27 env: 28 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 29 # https://cli.github.com/manual/gh_release_create 30 run: gh release create --draft --generate-notes "${GITHUB_REF_NAME}" 31 32 push-release: 33 needs: draft-release 34 strategy: 35 fail-fast: false 36 matrix: 37 GO_VERSION: 38 - "1.25.5" 39 runs-on: ubuntu-24.04 40 permissions: 41 contents: write 42 packages: write 43 steps: 44 - uses: actions/checkout@v4 45 with: 46 persist-credentials: false 47 fetch-depth: '0' # Needed for verify-release-ancestry.sh to see origin/main 48 49 - name: Build Boulder container and .deb 50 id: build 51 env: 52 GO_VERSION: ${{ matrix.GO_VERSION }} 53 run: ./tools/container-build.sh 54 55 - name: Tag Boulder container 56 run: docker tag boulder "ghcr.io/letsencrypt/boulder:${GITHUB_REF_NAME}-go${{ matrix.GO_VERSION }}" 57 58 - name: Compute checksums 59 id: checksums 60 # The files listed on this line must be identical to the files uploaded 61 # in the last step. 62 run: sha256sum boulder*.deb boulder*.tar.gz >| boulder-${{ matrix.GO_VERSION }}.$(date +%s)-$(git rev-parse --short=8 HEAD).checksums.txt 63 64 - name: Upload release files 65 env: 66 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 67 # https://cli.github.com/manual/gh_release_upload 68 run: gh release upload "${GITHUB_REF_NAME}" boulder*.deb boulder*.tar.gz boulder*.checksums.txt 69 70 - name: Build ct-test-srv container 71 run: docker buildx build . --build-arg "GO_VERSION=${{ matrix.GO_VERSION }}" -f test/ct-test-srv/Dockerfile -t "ghcr.io/letsencrypt/ct-test-srv:${GITHUB_REF_NAME}-go${{ matrix.GO_VERSION }}" 72 73 - name: Login to GitHub Container Registry 74 uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 75 with: 76 registry: ghcr.io 77 username: ${{ github.actor }} 78 password: ${{ secrets.GITHUB_TOKEN }} 79 80 - name: Push Boulder container 81 run: docker push "ghcr.io/letsencrypt/boulder:${GITHUB_REF_NAME}-go${{ matrix.GO_VERSION }}" 82 83 - name: Push ct-test-srv container 84 run: docker push "ghcr.io/letsencrypt/ct-test-srv:${GITHUB_REF_NAME}-go${{ matrix.GO_VERSION }}" 85 86 publish-release: 87 needs: push-release 88 runs-on: ubuntu-24.04 89 permissions: 90 contents: write 91 steps: 92 - uses: actions/checkout@v4 93 with: 94 persist-credentials: false 95 96 - name: Publish release 97 env: 98 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 99 # https://cli.github.com/manual/gh_release_edit 100 run: gh release edit --draft=false "${GITHUB_REF_NAME}"