ci(release): build release when release-please release created (#4857)

Author: erikgb

.github/workflows/release-please.yaml

@@ -7,15 +7,86 @@ on:
       - main
 
 permissions:
-  contents: write
-  pull-requests: write
+  contents: read
 
 jobs:
   release-please:
     runs-on: ubuntu-latest
-    if: "${{ github.repository_owner == 'weaveworks' && github.ref_name == 'main'}}"
+    permissions:
+      contents: write
+      pull-requests: write
+    if: "${{ github.repository_owner == 'weaveworks' && github.ref_name == 'main' }}"
     steps:
-      - id: release
+      - id: Release Please
         uses: googleapis/release-please-action@a02a34c4d625f9be7cb89156071d8567266a2445 # v4.2.0
         with:
           token: ${{ secrets.WEAVE_GITOPS_BOT_ACCESS_TOKEN }}
+
+  publish-npm-package:
+    needs: release-please
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write # needed for GitHub Packages registry access
+    if: "${{ needs.release-please.outputs.outputs.release_created }}"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Setup Node.js
+        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
+        with:
+          node-version-file: package.json
+          registry-url: "https://npm.pkg.github.com"
+          scope: "@weaveworks"
+      - run: yarn
+      - run: make ui-lib && cd dist && npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  build-and-push-image:
+    needs: release-please
+    uses: ./.github/workflows/build-push-image.yaml
+    with:
+      file: gitops-server.dockerfile
+      flavor: |
+        latest=true
+      image: ghcr.io/weaveworks/wego-app
+      platforms: linux/amd64,linux/arm64
+      push: true
+      tags: |
+        type=raw,value=${{ needs.release-please.outputs.outputs.tag_name }}
+        type=semver,pattern={{version}},value=${{ needs.release-please.outputs.outputs.version }}
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      id-token: write # for Cosign to be able to sign images with GHA token
+      packages: write # for docker/build-push-action to push images
+    if: "${{ needs.release-please.outputs.outputs.release_created }}"
+
+  goreleaser:
+    needs: release-please
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      id-token: write # for Cosign to be able to sign release artifacts with GHA token
+    if: "${{ needs.release-please.outputs.outputs.release_created }}"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+      - name: Setup Go
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        with:
+          go-version-file: go.mod
+      - name: Include brew publishing
+        run: cat .goreleaser.brew.yml >> .goreleaser.yml
+        if: ${{ !contains(needs.release-please.outputs.outputs.version, '-') }}
+      - name: Install cosign
+        uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
+        with:
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.WEAVE_GITOPS_BOT_ACCESS_TOKEN }}
+          BOT_TOKEN: ${{ secrets.WEAVE_GITOPS_BOT_ACCESS_TOKEN }}

.github/workflows/release.yaml

@@ -8,7 +8,7 @@ before:
 checksum:
   name_template: "{{ .ProjectName }}_checksums.txt"
 release:
-  prerelease: auto
+  mode: keep-existing
 archives:
   - formats: tar.gz
     name_template: >-
@@ -21,16 +21,16 @@ builds:
       binary: "gitops"
       main: ./cmd/gitops
       ldflags:
-        - -X github.com/weaveworks/weave-gitops/cmd/gitops/version.Branch={{ .Env.BRANCH}}
-        - -X github.com/weaveworks/weave-gitops/cmd/gitops/version.BuildTime={{.Date}}
-        - -X github.com/weaveworks/weave-gitops/cmd/gitops/version.GitCommit={{.Commit}}
-        - -X github.com/weaveworks/weave-gitops/cmd/gitops/version.Version={{.Version}}
+        - -X github.com/weaveworks/weave-gitops/cmd/gitops/version.Branch={{ .Env.BRANCH }}
+        - -X github.com/weaveworks/weave-gitops/cmd/gitops/version.BuildTime={{ .Date }}
+        - -X github.com/weaveworks/weave-gitops/cmd/gitops/version.GitCommit={{ .Commit }}
+        - -X github.com/weaveworks/weave-gitops/cmd/gitops/version.Version={{ .Version }}
         - -X github.com/weaveworks/weave-gitops/pkg/version.FluxVersion={{ .Env.FLUX_VERSION }}
         - -X github.com/weaveworks/weave-gitops/pkg/analytics.Tier=oss
-        - -X github.com/weaveworks/weave-gitops/core/server.Branch={{ .Env.BRANCH}}
-        - -X github.com/weaveworks/weave-gitops/core/server.BuildTime={{.Date}}
-        - -X github.com/weaveworks/weave-gitops/core/server.GitCommit={{.Commit}}
-        - -X github.com/weaveworks/weave-gitops/core/server.Version={{.Version}}
+        - -X github.com/weaveworks/weave-gitops/core/server.Branch={{ .Env.BRANCH }}
+        - -X github.com/weaveworks/weave-gitops/core/server.BuildTime={{ .Date }}
+        - -X github.com/weaveworks/weave-gitops/core/server.GitCommit={{ .Commit }}
+        - -X github.com/weaveworks/weave-gitops/core/server.Version={{ .Version }}
         - -X github.com/weaveworks/weave-gitops/cmd/gitops/beta/run.HelmChartVersion={{ .Env.CHART_VERSION }}
       env:
         - CGO_ENABLED=0