diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml index 73b6f87e6f..d291b6427e 100644 --- a/.github/actionlint.yaml +++ b/.github/actionlint.yaml @@ -41,4 +41,11 @@ paths: .github/workflows/push-head-images.yaml: ignore: - 'unexpected key "background" for step' - - 'step must run script with "run" section or run action with "uses" section' \ No newline at end of file + - 'step must run script with "run" section or run action with "uses" section' + # DEVOPS-1029: the release workflow uses `parallel:` blocks of the same + # feature; actionlint reports each `parallel:` step as missing a `run`/`uses` + # section. Suppress only that message for this one file until native support + # lands; then delete this entry. + .github/workflows/release.yaml: + ignore: + - 'step must run script with "run" section or run action with "uses" section' diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e10fdc692e..fe3e2048fa 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -47,27 +47,34 @@ jobs: - uses: actions/checkout@v6 with: fetch-depth: 0 - - run: git fetch --force --tags - - name: Set up Go - uses: actions/setup-go@v6 - with: - cache: false - go-version-file: go.mod - - name: Setup Just - uses: extractions/setup-just@v2 - - name: Setup Cosgin - uses: sigstore/cosign-installer@main - with: - cosign-release: "v2.2.3" - - name: Setup Syft - uses: anchore/sbom-action/download-syft@v0.22.2 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - uses: azure/setup-helm@v4 - with: - version: "v3.0.2" + # DEVOPS-1029: independent setup steps run concurrently. The implicit + # wait-all at the end of this parallel block guarantees the tags are + # fetched and every tool is installed before get_version and goreleaser + # below consume them. No step here depends on another step in the block. + - parallel: + - name: Fetch tags + run: git fetch --force --tags + - name: Set up Go + uses: actions/setup-go@v6 + with: + cache: false + go-version-file: go.mod + - name: Setup Just + uses: extractions/setup-just@v2 + - name: Setup Cosgin + uses: sigstore/cosign-installer@main + with: + cosign-release: "v2.2.3" + - name: Setup Syft + uses: anchore/sbom-action/download-syft@v0.22.2 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: "v3.0.2" - id: get_version run: | RELEASE_VERSION=$(echo "$GITHUB_REF" | sed -nE 's!refs/tags/!!p') @@ -135,16 +142,20 @@ jobs: TELEMETRY_PRIVATE_KEY: ${{ secrets.VCLUSTER_TELEMETRY_PRIVATE_KEY }} GORELEASER_CURRENT_TAG: ${{ steps.get_version.outputs.release_version }} GORELEASER_PREVIOUS_TAG: ${{ steps.get_version.outputs.previous_tag }} - - name: Save release assets - uses: actions/upload-artifact@v6 - with: - name: release-assets - path: release/ - - name: Attach assets to release - uses: FabianKramm/release-asset-action@v1 - with: - pattern: "release/*" - github-token: ${{ secrets.GITHUB_TOKEN }} + # DEVOPS-1029: both uploads only read release/ produced by goreleaser and + # are independent of each other, so they run concurrently. The implicit + # wait-all surfaces any upload failure (release-blocking, as before). + - parallel: + - name: Save release assets + uses: actions/upload-artifact@v6 + with: + name: release-assets + path: release/ + - name: Attach assets to release + uses: FabianKramm/release-asset-action@v1 + with: + pattern: "release/*" + github-token: ${{ secrets.GITHUB_TOKEN }} # Best-effort dispatch: a failed notify must not block the release. The # receiver in vcluster-docs reconciles on the next release if missed.