feat: fix release ci

armadaproject · Jun 20, 2023 · b12bfc7 · b12bfc7
1 parent 7482120
commit b12bfc7
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 4 deletions.
diff --git a/.github/workflows/release-validate.yml b/.github/workflows/release-validate.yml
@@ -0,0 +1,56 @@
+name: Validate Release
+
+on:
+  push:
+    tags:
+      - v*
+
+permissions:
+  contents: write
+
+jobs:
+  compare_tags:
+    if: github.repository_owner == 'armadaproject'
+    name: "Compare tags"
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v3"
+        with:
+          fetch-depth: 0
+
+      - name: Compare tags
+        env:
+          ALLOWED_BRANCH: "master"
+        run: |
+          ref=${{ github.ref }}
+          tag=${ref#refs/tags/}
+          echo "Current tag: $tag"
+          sha=${{ github.sha }}
+          echo "Current sha: $sha"
+          result=0
+          case $tag in
+            v?*)
+              latest_tag_commit=$(git rev-parse refs/tags/$tag^{})
+              git branch --contains=$sha $ALLOWED_BRANCH >> /dev/null
+              branch_contains_commit=$?
+
+              if [[ $branch_contains_commit -eq 0 && "$latest_tag_commit" == "$sha" ]]; then
+                result=0
+              else
+                result=1
+              fi
+            ;;
+            *)
+              echo "Invalid tag $tag"
+              result=1
+            ;;
+          esac
+          if [ $result -ne 0 ]; then
+            echo "Latest tag ($tag) does not match the current commit ($sha)."
+            echo "::error ::Invalid ref $ref $sha"
+            exit 1
+          else
+            echo "Latest tag ($tag) matches the current commit ($sha)."
+          fi
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,16 +1,19 @@
 name: Release Armada components
 
 on:
-  push:
-    tags:
-      - 'v*'
+  workflow_run:
+    types: [completed]
+    workflows: [Validate Release]
+    branches:
+      - master
+      - v*
 
 permissions:
   contents: write
 
 jobs:
   release:
-    if: github.repository_owner == 'armadaproject'
+    if: github.event.workflow_run.event == 'push' && github.event.workflow_run.conclusion == 'success' && github.repository_owner == 'armadaproject'
     name: "Release"
     runs-on: ubuntu-22.04
     environment: armada-dockerhub