kata-containers/.github/workflows/release.yaml

name: Release Kata Containers
on:
  workflow_dispatch

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Create a new release
        run: |
          ./tools/packaging/release/release.sh create-new-release
        env:
          GH_TOKEN: ${{ github.token }}

  build-and-push-assets-amd64:
    needs: release
    uses: ./.github/workflows/release-amd64.yaml
    with:
      target-arch: amd64
    secrets: inherit

  build-and-push-assets-arm64:
    needs: release
    uses: ./.github/workflows/release-arm64.yaml
    with:
      target-arch: arm64
    secrets: inherit

  build-and-push-assets-s390x:
    needs: release
    uses: ./.github/workflows/release-s390x.yaml
    with:
      target-arch: s390x
    secrets: inherit

  build-and-push-assets-ppc64le:
    needs: release
    uses: ./.github/workflows/release-ppc64le.yaml
    with:
      target-arch: ppc64le
    secrets: inherit

  publish-multi-arch-images:
    runs-on: ubuntu-latest
    needs: [build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x, build-and-push-assets-ppc64le]
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Login to Kata Containers docker.io
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Login to Kata Containers quay.io
        uses: docker/login-action@v2
        with:
          registry: quay.io
          username: ${{ secrets.QUAY_DEPLOYER_USERNAME }}
          password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}

      - name: Get the image tags
        run: |
          release_version=$(./tools/packaging/release/release.sh release-version)
          echo "KATA_DEPLOY_IMAGE_TAGS=$release_version latest" >> "$GITHUB_ENV"

      - name: Publish multi-arch manifest on docker.io and quay.io
        run: |
          ./tools/packaging/release/release.sh publish-multiarch-manifest
        env:
          KATA_DEPLOY_REGISTRIES: "quay.io/kata-containers/kata-deploy docker.io/katadocker/kata-deploy"

  upload-multi-arch-static-tarball:
    needs: [build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x, build-and-push-assets-ppc64le]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set KATA_STATIC_TARBALL env var
        run: |
          tarball=$(pwd)/kata-static.tar.xz
          echo "KATA_STATIC_TARBALL=${tarball}" >> "$GITHUB_ENV"

      - name: Download amd64 artifacts
        uses: actions/download-artifact@v3
        with:
          name: kata-static-tarball-amd64

      - name: Upload amd64 static tarball to GitHub
        run: |
          ./tools/packaging/release/release.sh upload-kata-static-tarball
        env:
          GH_TOKEN: ${{ github.token }}
          ARCHITECTURE: amd64

      - name: Download arm64 artifacts
        uses: actions/download-artifact@v3
        with:
          name: kata-static-tarball-arm64

      - name: Upload arm64 static tarball to GitHub
        run: |
          ./tools/packaging/release/release.sh upload-kata-static-tarball
        env:
          GH_TOKEN: ${{ github.token }}
          ARCHITECTURE: arm64

      - name: Download s390x artifacts
        uses: actions/download-artifact@v3
        with:
          name: kata-static-tarball-s390x

      - name: Upload s390x static tarball to GitHub
        run: |
          ./tools/packaging/release/release.sh upload-kata-static-tarball
        env:
          GH_TOKEN: ${{ github.token }}
          ARCHITECTURE: s390x

      - name: Download ppc64le artifacts
        uses: actions/download-artifact@v3
        with:
          name: kata-static-tarball-ppc64le

      - name: Upload ppc64le static tarball to GitHub
        run: |
          ./tools/packaging/release/release.sh upload-kata-static-tarball
        env:
          GH_TOKEN: ${{ github.token }}
          ARCHITECTURE: ppc64le

  upload-versions-yaml:
    needs: release
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Upload versions.yaml to GitHub
        run: |
          ./tools/packaging/release/release.sh upload-versions-yaml-file
        env:
          GH_TOKEN: ${{ github.token }}

  upload-cargo-vendored-tarball:
    needs: release
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Generate and upload vendored code tarball
        run: |
          ./tools/packaging/release/release.sh upload-vendored-code-tarball
        env:
          GH_TOKEN: ${{ github.token }}

  upload-libseccomp-tarball:
    needs: release
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Download libseccomp tarball and upload it to GitHub
        run: |
          ./tools/packaging/release/release.sh upload-libseccomp-tarball
        env:
          GH_TOKEN: ${{ github.token }}

  publish-release:
    needs: [ build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x, build-and-push-assets-ppc64le, publish-multi-arch-images, upload-multi-arch-static-tarball, upload-versions-yaml, upload-cargo-vendored-tarball, upload-libseccomp-tarball ]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Publish a release
        run: |
          ./tools/packaging/release/release.sh publish-release
        env:
          GH_TOKEN: ${{ github.token }}