Release #256

Workflow file for this run

.github/workflows/release.yml at bef3173

	name: Release

	on:
	push:
	tags:
	- 'v*'
	schedule:
	- cron: '0 2 * * *' # run at 2 AM UTC
	workflow_dispatch:

	jobs:
	goreleaser:
	runs-on: ubuntu-latest-32
	permissions:
	id-token: write
	contents: write

	strategy:
	fail-fast: false
	matrix:
	variant:
	- connect-ai
	- connect-cgo
	- connect-cloud
	- connect-fips
	- connect-lambda
	- connect

	steps:

	- name: Check Out Repo
	uses: actions/checkout@v5

	- name: Configure AWS credentials for access to AWS Secrets Manager
	uses: aws-actions/configure-aws-credentials@v5
	with:
	aws-region: ${{ vars.RP_AWS_CRED_REGION }}
	role-to-assume: arn:aws:iam::${{ secrets.RP_AWS_CRED_ACCOUNT_ID }}:role/${{ vars.RP_AWS_CRED_BASE_ROLE_NAME }}${{ github.event.repository.name }}

	- name: Get secrets from AWS Secrets Manager
	uses: aws-actions/aws-secretsmanager-get-secrets@v2
	with:
	secret-ids: \|
	,sdlc/prod/github/cloudsmith
	,sdlc/prod/github/dockerhub
	parse-json-secrets: true

	- name: Configure AWS credentials for access to Amazon ECR Public
	uses: aws-actions/configure-aws-credentials@v5
	with:
	aws-region: us-east-1
	role-to-assume: arn:aws:iam::${{ secrets.RP_AWS_CRED_ACCOUNT_ID }}:role/${{ vars.RP_AWS_CRED_BASE_ROLE_NAME }}${{ github.event.repository.name }}

	- name: Login to Amazon ECR Public
	uses: aws-actions/amazon-ecr-login@v2
	with:
	registry-type: public

	- name: Install Go
	uses: actions/setup-go@v6
	with:
	go-version: 1.25.4

	- name: Install Microsoft Go
	if: ${{ matrix.variant == 'connect-fips' }}
	run: \|
	GO_VERSION=$(go version \| cut -d' ' -f3 \| cut -d'.' -f1,2)
	curl -sSLf -o "$RUNNER_TEMP/msgo.tgz" https://aka.ms/golang/release/latest/${GO_VERSION}.linux-amd64.tar.gz
	[[ -d "$RUNNER_TEMP/bin" ]] \|\| install -d -m 0755 "$RUNNER_TEMP/bin"
	[[ -d "$RUNNER_TEMP/microsoft" ]] \|\| install -d -m 0755 "$RUNNER_TEMP/microsoft"
	tar -C "$RUNNER_TEMP/microsoft" -xf "$RUNNER_TEMP/msgo.tgz"
	echo "$RUNNER_TEMP/bin" >> "$GITHUB_PATH"

	- name: Install patchelf
	run: sudo apt-get update && sudo apt-get install -y patchelf

	- name: Release Notes
	run: ./resources/scripts/release_notes.sh > ./release_notes.md

	- name: Write telemetry private key
	env:
	CONNECT_TELEMETRY_PRIV_KEY: ${{ secrets.TELEMETRY_PRIVATE_KEY }}
	run: \|
	git update-index --skip-worktree ./internal/telemetry/key.pem
	echo "$CONNECT_TELEMETRY_PRIV_KEY" > ./internal/telemetry/key.pem

	- uses: actions/setup-python@v6
	with:
	python-version: '3.12'

	- name: Install cloudsmith CLI (for publishing Linux packages)
	run: pip install cloudsmith-cli

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ env.DOCKERHUB_USER }}
	password: ${{ env.DOCKERHUB_TOKEN }}

	- name: Install Buildx
	uses: docker/setup-buildx-action@v3

	- name: Write telemetry private key
	env:
	CONNECT_TELEMETRY_PRIV_KEY: ${{ secrets.TELEMETRY_PRIVATE_KEY }}
	run: \|
	echo "Adding telemetry key"
	git update-index --skip-worktree ./internal/telemetry/key.pem
	echo "$CONNECT_TELEMETRY_PRIV_KEY" > ./internal/telemetry/key.pem

	- name: GoReleaser Release
	if: ${{ github.event_name == 'push' }}
	uses: goreleaser/goreleaser-action@v6
	with:
	args: release --release-notes=./release_notes.md --timeout 120m --config ./.goreleaser/${{ matrix.variant }}.yaml
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	CLOUDSMITH_API_KEY: ${{ env.CLOUDSMITH_API_KEY }}

	- name: Disable checksums for Edge build
	if: ${{ github.event_name == 'schedule' }}
	run: \|
	yq eval '.checksum.disable = true' -i .goreleaser/${{ matrix.variant }}.yaml

	- name: GoReleaser Edge
	if: ${{ github.event_name == 'schedule' }}
	uses: goreleaser/goreleaser-action@v6
	with:
	args: release --timeout 120m --snapshot --skip archive,nfpm --config ./.goreleaser/${{ matrix.variant }}.yaml
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	CLOUDSMITH_API_KEY: ${{ env.CLOUDSMITH_API_KEY }}

	- name: GoReleaser Edge push docker
	if: ${{ github.event_name == 'schedule' && (matrix.variant == 'connect' \|\| matrix.variant == 'connect-ai' \|\| matrix.variant == 'connect-cloud') }}
	run: \|
	IMAGE_BASE=${{ fromJSON('{"connect":"redpandadata/connect:edge","connect-ai":"redpandadata/connect:edge-ai","connect-cloud":"redpandadata/connect:edge-cloud"}')[matrix.variant] }}
	docker push ${IMAGE_BASE}-amd64
	docker push ${IMAGE_BASE}-arm64
	docker buildx imagetools create -t ${IMAGE_BASE} ${IMAGE_BASE}-amd64 ${IMAGE_BASE}-arm64

	- name: GoReleaser Test
	if: ${{ github.event_name == 'workflow_dispatch' }}
	uses: goreleaser/goreleaser-action@v6
	with:
	args: release --timeout 120m --snapshot --skip publish --config ./.goreleaser/${{ matrix.variant }}.yaml

	- name: Scan docker images for vulnerabilities
	if: ${{ (github.event_name == 'schedule' \|\| github.event_name == 'workflow_dispatch') && (matrix.variant == 'connect' \|\| matrix.variant == 'connect-ai' \|\| matrix.variant == 'connect-cloud') }}
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: ${{ fromJSON('{"connect":"redpandadata/connect:edge","connect-ai":"redpandadata/connect:edge-ai","connect-cloud":"redpandadata/connect:edge-cloud"}')[matrix.variant] }}
	format: table
	ignore-unfixed: true
	exit-code: 1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Release #256

Workflow file

Release #256

Uh oh!

Jobs

Run details

Workflow file for this run