fix: preserve vault CEL expressions during model type upgrades #586
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| pull_request: | |
| types: [closed] | |
| branches: [main] | |
| workflow_dispatch: | |
| concurrency: | |
| group: release | |
| cancel-in-progress: false | |
| permissions: | |
| contents: write | |
| jobs: | |
| release: | |
| name: Build and Release | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.version.outputs.version }} | |
| # Only run on merged PRs (not closed without merge) or manual trigger | |
| if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| ref: main | |
| - name: Setup Deno | |
| uses: denoland/setup-deno@v2 | |
| with: | |
| deno-version: v2.x | |
| - name: Generate version | |
| id: version | |
| run: | | |
| # Format: YYYYMMDD.HHMMSS.0-sha.COMMITSHA (matches SI convention) | |
| VERSION=$(date -u +%Y%m%d.%H%M%S).0-sha.$(git rev-parse --short=8 HEAD) | |
| echo "version=$VERSION" >> "$GITHUB_OUTPUT" | |
| echo "Version: $VERSION" | |
| - name: Build binaries | |
| run: | | |
| mkdir -p dist | |
| VERSION="${{ steps.version.outputs.version }}" | |
| # Linux x86_64 | |
| deno run -A scripts/compile.ts \ | |
| --version "$VERSION" \ | |
| --target x86_64-unknown-linux-gnu \ | |
| --output dist/swamp-linux-x86_64 | |
| # Linux aarch64 | |
| deno run -A scripts/compile.ts \ | |
| --version "$VERSION" \ | |
| --target aarch64-unknown-linux-gnu \ | |
| --output dist/swamp-linux-aarch64 | |
| # macOS x86_64 | |
| deno run -A scripts/compile.ts \ | |
| --version "$VERSION" \ | |
| --target x86_64-apple-darwin \ | |
| --output dist/swamp-darwin-x86_64 | |
| # macOS aarch64 (Apple Silicon) | |
| deno run -A scripts/compile.ts \ | |
| --version "$VERSION" \ | |
| --target aarch64-apple-darwin \ | |
| --output dist/swamp-darwin-aarch64 | |
| # Windows x86_64 | |
| deno run -A scripts/compile.ts \ | |
| --version "$VERSION" \ | |
| --target x86_64-pc-windows-msvc \ | |
| --output dist/swamp-windows-x86_64.exe | |
| - name: Create checksums | |
| working-directory: dist | |
| run: | | |
| sha256sum swamp-* > checksums.txt | |
| cat checksums.txt | |
| - name: Generate release body | |
| env: | |
| PR_TITLE: ${{ github.event.pull_request.title }} | |
| PR_BODY: ${{ github.event.pull_request.body }} | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| EVENT_NAME: ${{ github.event_name }} | |
| VERSION: ${{ steps.version.outputs.version }} | |
| REPO: ${{ github.repository }} | |
| run: | | |
| # Write changelog section | |
| echo "## What's Changed" > /tmp/release_body.md | |
| echo "" >> /tmp/release_body.md | |
| if [ "$EVENT_NAME" = "pull_request" ]; then | |
| printf '* %s (#%s)\n' "$PR_TITLE" "$PR_NUMBER" >> /tmp/release_body.md | |
| if [ -n "$PR_BODY" ]; then | |
| echo "" >> /tmp/release_body.md | |
| printenv PR_BODY >> /tmp/release_body.md | |
| fi | |
| else | |
| git log -1 --pretty="* %s" HEAD >> /tmp/release_body.md | |
| COMMIT_BODY=$(git log -1 --pretty=%b HEAD) | |
| if [ -n "$COMMIT_BODY" ]; then | |
| echo "" >> /tmp/release_body.md | |
| echo "$COMMIT_BODY" >> /tmp/release_body.md | |
| fi | |
| fi | |
| # Write installation section | |
| { | |
| echo "" | |
| echo "---" | |
| echo "" | |
| echo "### Installation" | |
| echo "" | |
| echo "**macOS (Apple Silicon):**" | |
| echo '```bash' | |
| echo "curl -L https://github.com/${REPO}/releases/download/v${VERSION}/swamp-darwin-aarch64 -o swamp" | |
| echo 'chmod +x swamp && sudo mv swamp /usr/local/bin/' | |
| echo '```' | |
| echo "" | |
| echo "**macOS (Intel):**" | |
| echo '```bash' | |
| echo "curl -L https://github.com/${REPO}/releases/download/v${VERSION}/swamp-darwin-x86_64 -o swamp" | |
| echo 'chmod +x swamp && sudo mv swamp /usr/local/bin/' | |
| echo '```' | |
| echo "" | |
| echo "**Linux (x86_64):**" | |
| echo '```bash' | |
| echo "curl -L https://github.com/${REPO}/releases/download/v${VERSION}/swamp-linux-x86_64 -o swamp" | |
| echo 'chmod +x swamp && sudo mv swamp /usr/local/bin/' | |
| echo '```' | |
| echo "" | |
| echo "**Linux (aarch64):**" | |
| echo '```bash' | |
| echo "curl -L https://github.com/${REPO}/releases/download/v${VERSION}/swamp-linux-aarch64 -o swamp" | |
| echo 'chmod +x swamp && sudo mv swamp /usr/local/bin/' | |
| echo '```' | |
| } >> /tmp/release_body.md | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 | |
| with: | |
| tag_name: v${{ steps.version.outputs.version }} | |
| name: swamp ${{ steps.version.outputs.version }} | |
| body_path: /tmp/release_body.md | |
| files: | | |
| dist/swamp-linux-x86_64 | |
| dist/swamp-linux-aarch64 | |
| dist/swamp-darwin-x86_64 | |
| dist/swamp-darwin-aarch64 | |
| dist/swamp-windows-x86_64.exe | |
| dist/checksums.txt | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Trigger UAT | |
| uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 | |
| with: | |
| token: ${{ secrets.UAT_TRIGGER_TOKEN }} | |
| repository: systeminit/swamp-uat | |
| event-type: run-uat | |
| client-payload: '{"version": "${{ steps.version.outputs.version }}"}' | |
| docker: | |
| name: Build and Push Docker Image | |
| runs-on: ubuntu-latest | |
| needs: release | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| ref: main | |
| - name: Download Linux binaries from release | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| RELEASE_VERSION: ${{ needs.release.outputs.version }} | |
| run: | | |
| mkdir -p docker-build/linux-amd64 docker-build/linux-arm64 | |
| RELEASE_TAG="v${RELEASE_VERSION}" | |
| echo "Downloading binaries from release ${RELEASE_TAG}" | |
| gh release download "${RELEASE_TAG}" --pattern "swamp-linux-x86_64" --dir docker-build/linux-amd64 | |
| gh release download "${RELEASE_TAG}" --pattern "swamp-linux-aarch64" --dir docker-build/linux-arm64 | |
| mv docker-build/linux-amd64/swamp-linux-x86_64 docker-build/linux-amd64/swamp | |
| mv docker-build/linux-arm64/swamp-linux-aarch64 docker-build/linux-arm64/swamp | |
| chmod +x docker-build/linux-amd64/swamp docker-build/linux-arm64/swamp | |
| echo "docker_tag=${RELEASE_VERSION}" >> "$GITHUB_ENV" | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Copy Dockerfile into build contexts | |
| run: | | |
| cp Dockerfile docker-build/linux-amd64/ | |
| cp Dockerfile docker-build/linux-arm64/ | |
| - name: Build and push (amd64) | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: docker-build/linux-amd64 | |
| platforms: linux/amd64 | |
| push: true | |
| tags: systeminit/swamp:${{ env.docker_tag }}-amd64 | |
| provenance: mode=max | |
| sbom: true | |
| - name: Build and push (arm64) | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: docker-build/linux-arm64 | |
| platforms: linux/arm64 | |
| push: true | |
| tags: systeminit/swamp:${{ env.docker_tag }}-arm64 | |
| provenance: mode=max | |
| sbom: true | |
| - name: Create and push multi-arch manifest | |
| run: | | |
| docker buildx imagetools create \ | |
| -t systeminit/swamp:${{ env.docker_tag }} \ | |
| systeminit/swamp:${{ env.docker_tag }}-amd64 \ | |
| systeminit/swamp:${{ env.docker_tag }}-arm64 |