name: Release Publisher on: workflow_dispatch: inputs: gh_ref: description: 'Tag to release' type: string required: true workflow_call: inputs: gh_ref: description: 'Tag to release' type: string required: true permissions: contents: write jobs: release: environment: release-admins runs-on: ubuntu-24.04 outputs: version: ${{ steps.vars.outputs.gh_ref }} release_notes: ${{ steps.extract_release_notes.outputs.release_notes }} steps: - name: Extract some useful variables id: vars run: | echo "gh_ref=${{ inputs.gh_ref || github.ref_name }}" >> $GITHUB_OUTPUT - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{ steps.vars.outputs.gh_ref }} # --- Publicly release the docker images --- - name: Login to private registry uses: docker/login-action@v3 with: registry: ${{ secrets.DOCKER_REGISTRY }} username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to DockerHub uses: docker/login-action@v3 with: username: ${{ secrets.PUB_DOCKER_USERNAME }} password: ${{ secrets.PUB_DOCKER_PASSWORD }} - name: Publish docker images to DockerHub env: TAG: ${{ steps.vars.outputs.gh_ref }} REGISTRY: ${{ secrets.DOCKER_REGISTRY }} HUB: ${{ secrets.PUB_DOCKER_HUB }} run: | IMAGES=("frontend" "backend" "exporter") EXTRA_TAGS=("main" "latest") for image in "${IMAGES[@]}"; do docker pull "$REGISTRY/$image:$TAG" docker tag "$REGISTRY/$image:$TAG" "penpotapp/$image:$TAG" docker push "penpotapp/$image:$TAG" for tag in "${EXTRA_TAGS[@]}"; do docker tag "$REGISTRY/$image:$TAG" "penpotapp/$image:$tag" docker push "penpotapp/$image:$tag" done done # --- Release notes extraction --- - name: Extract release notes from CHANGES.md id: extract_release_notes env: TAG: ${{ steps.vars.outputs.gh_ref }} run: | RELEASE_NOTES=$(awk "/^## $TAG$/{flag=1; next} /^## /{flag=0} flag" CHANGES.md | awk '{$1=$1};1') if [ -z "$RELEASE_NOTES" ]; then RELEASE_NOTES="No changes for $TAG according to CHANGES.md" fi echo "release_notes<> $GITHUB_OUTPUT echo "$RELEASE_NOTES" >> $GITHUB_OUTPUT echo "EOF" >> $GITHUB_OUTPUT # --- Create GitHub release --- - name: Create GitHub release uses: softprops/action-gh-release@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: ${{ steps.vars.outputs.gh_ref }} name: ${{ steps.vars.outputs.gh_ref }} body: ${{ steps.extract_release_notes.outputs.release_notes }} - name: Notify Mattermost if: failure() uses: mattermost/action-mattermost-notify@master with: MATTERMOST_WEBHOOK_URL: ${{ secrets.MATTERMOST_WEBHOOK }} MATTERMOST_CHANNEL: bot-alerts-cicd TEXT: | ❌ 🚀 *[PENPOT] Error releasing penpot.* 📄 Triggered from ref: `${{ steps.vars.outputs.gh_ref }}` 🔗 Run: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} @infra