mirror of
https://github.com/KeygraphHQ/shannon.git
synced 2026-05-09 04:05:36 +02:00
ezl-keygraph
130 lines
3.9 KiB
YAML
130 lines
3.9 KiB
YAML
name: Rollback
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
description: "Version to move npm latest and Docker latest to (example: 1.4.2)"
|
|
required: true
|
|
type: string
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
concurrency:
|
|
group: rollback-latest-${{ github.event.inputs.version }}
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
rollback:
|
|
name: Roll back npm, Docker, and GitHub release latest
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout tags
|
|
uses: actions/checkout@v6
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Fetch all tags
|
|
run: git fetch --force --tags
|
|
|
|
- name: Validate target version
|
|
id: target
|
|
shell: bash
|
|
env:
|
|
RAW_VERSION: ${{ inputs.version }}
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
VERSION="${RAW_VERSION#v}"
|
|
|
|
case "$VERSION" in
|
|
''|*[!0-9.]*)
|
|
echo "Invalid version: $VERSION"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
if ! [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
|
echo "Version must be in semver format X.Y.Z"
|
|
exit 1
|
|
fi
|
|
|
|
if ! git rev-parse "refs/tags/v$VERSION" >/dev/null 2>&1; then
|
|
echo "Git tag v$VERSION does not exist"
|
|
exit 1
|
|
fi
|
|
|
|
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v6
|
|
with:
|
|
node-version: 24
|
|
registry-url: https://registry.npmjs.org
|
|
|
|
- name: Verify npm package version exists
|
|
run: npm view "@keygraph/shannon@${{ steps.target.outputs.version }}" version
|
|
|
|
- name: Show current npm dist-tags
|
|
env:
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
run: npm dist-tag ls @keygraph/shannon
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v4
|
|
|
|
- name: Log in to Docker Hub
|
|
uses: docker/login-action@v4
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Verify Docker image tag exists
|
|
run: docker buildx imagetools inspect "keygraph/shannon:${{ steps.target.outputs.version }}"
|
|
|
|
- name: Install cosign
|
|
uses: sigstore/cosign-installer@v4.1.0
|
|
|
|
- name: Verify Docker image signature before rollback
|
|
run: |
|
|
cosign verify \
|
|
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
|
|
--certificate-identity "https://github.com/${{ github.repository }}/.github/workflows/release.yml@refs/heads/main" \
|
|
"keygraph/shannon:${{ steps.target.outputs.version }}"
|
|
|
|
- name: Move Docker latest
|
|
run: |
|
|
docker buildx imagetools create \
|
|
--tag "keygraph/shannon:latest" \
|
|
"keygraph/shannon:${{ steps.target.outputs.version }}"
|
|
|
|
- name: Move npm latest
|
|
env:
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
run: npm dist-tag add "@keygraph/shannon@${{ steps.target.outputs.version }}" latest
|
|
|
|
- name: Mark GitHub release as latest
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: gh release edit "v${{ steps.target.outputs.version }}" --latest
|
|
|
|
- name: Show final npm dist-tags
|
|
env:
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
run: npm dist-tag ls @keygraph/shannon
|
|
|
|
- name: Verify Docker latest now points to target
|
|
run: docker buildx imagetools inspect "keygraph/shannon:latest"
|
|
|
|
- name: Write summary
|
|
run: |
|
|
{
|
|
echo "## Rollback latest"
|
|
echo ""
|
|
echo "- Target version: \`${{ steps.target.outputs.version }}\`"
|
|
echo "- npm package: \`@keygraph/shannon\`"
|
|
echo "- Docker image: \`keygraph/shannon\`"
|
|
echo "- GitHub release: \`v${{ steps.target.outputs.version }}\` marked as latest"
|
|
} >> "$GITHUB_STEP_SUMMARY"
|