Add create-release.yml workflow triggered via workflow_dispatch to create GitHub releases with auto-generated notes. Add cosign public key for container image signature verification. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
61 lines
1.7 KiB
YAML
61 lines
1.7 KiB
YAML
name: Create Release
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
tag:
|
|
description: "Release tag (e.g. v1.83.0-stable)"
|
|
required: true
|
|
type: string
|
|
commit_hash:
|
|
description: "Full 40-char commit SHA to target"
|
|
required: true
|
|
type: string
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
release:
|
|
name: Create Release
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
steps:
|
|
- name: Validate inputs
|
|
env:
|
|
TAG: ${{ inputs.tag }}
|
|
COMMIT_HASH: ${{ inputs.commit_hash }}
|
|
run: |
|
|
if ! echo "${COMMIT_HASH}" | grep -qE '^[0-9a-f]{40}$'; then
|
|
echo "::error::commit_hash must be a full 40-character commit SHA"
|
|
exit 1
|
|
fi
|
|
if ! echo "${TAG}" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+'; then
|
|
echo "::error::tag must start with vX.Y.Z"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Create release
|
|
env:
|
|
TAG: ${{ inputs.tag }}
|
|
COMMIT_HASH: ${{ inputs.commit_hash }}
|
|
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
|
|
with:
|
|
script: |
|
|
const tag = process.env.TAG;
|
|
const commitHash = process.env.COMMIT_HASH;
|
|
try {
|
|
await github.rest.repos.createRelease({
|
|
draft: false,
|
|
generate_release_notes: true,
|
|
target_commitish: commitHash,
|
|
name: tag,
|
|
owner: context.repo.owner,
|
|
prerelease: false,
|
|
repo: context.repo.repo,
|
|
tag_name: tag,
|
|
});
|
|
} catch (error) {
|
|
core.setFailed(error.message);
|
|
}
|