Skip to content

Commit 0112e53

Browse files
yuneng-berriclaude
andcommitted
[Infra] Add release workflow and cosign public key
Add create-release.yml workflow triggered via workflow_dispatch to create GitHub releases with auto-generated notes. Add cosign public key for container image signature verification. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 7066c89 commit 0112e53

2 files changed

Lines changed: 64 additions & 0 deletions

File tree

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
name: Create Release
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
tag:
7+
description: "Release tag (e.g. v1.83.0-stable)"
8+
required: true
9+
type: string
10+
commit_hash:
11+
description: "Full 40-char commit SHA to target"
12+
required: true
13+
type: string
14+
15+
permissions: {}
16+
17+
jobs:
18+
release:
19+
name: Create Release
20+
runs-on: ubuntu-latest
21+
permissions:
22+
contents: write
23+
steps:
24+
- name: Validate inputs
25+
env:
26+
TAG: ${{ inputs.tag }}
27+
COMMIT_HASH: ${{ inputs.commit_hash }}
28+
run: |
29+
if ! echo "${COMMIT_HASH}" | grep -qE '^[0-9a-f]{40}$'; then
30+
echo "::error::commit_hash must be a full 40-character commit SHA"
31+
exit 1
32+
fi
33+
if ! echo "${TAG}" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+'; then
34+
echo "::error::tag must start with vX.Y.Z"
35+
exit 1
36+
fi
37+
38+
- name: Create release
39+
env:
40+
TAG: ${{ inputs.tag }}
41+
COMMIT_HASH: ${{ inputs.commit_hash }}
42+
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
43+
with:
44+
script: |
45+
const tag = process.env.TAG;
46+
const commitHash = process.env.COMMIT_HASH;
47+
try {
48+
await github.rest.repos.createRelease({
49+
draft: false,
50+
generate_release_notes: true,
51+
target_commitish: commitHash,
52+
name: tag,
53+
owner: context.repo.owner,
54+
prerelease: false,
55+
repo: context.repo.repo,
56+
tag_name: tag,
57+
});
58+
} catch (error) {
59+
core.setFailed(error.message);
60+
}

cosign.pub

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
-----BEGIN PUBLIC KEY-----
2+
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKi4ivqGpE231OGH50PKbqy1Y1Kkb
3+
POJC8+i2Wko82gBOUCe3M0Vw86H/4rhUhfoYEti4gdJ9wZbYmK0I2EE96g==
4+
-----END PUBLIC KEY-----

0 commit comments

Comments
 (0)