release.yml

name: release
on:
  push:
    tags:
      - 'v*'

# Needed to login to DockerHub
permissions:
  contents: read
  id-token: write

jobs:

  release:
    if: github.repository == 'grafana/tempo'  # skip in forks
    runs-on: ubuntu-24.04
    env:
      NFPM_SIGNING_KEY_FILE: /tmp/nfpm-private-key.key
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: fetch tags
        run: git fetch --tags

      - id: "get-secrets"
        name: "get nfpm signing keys"
        uses: "grafana/shared-workflows/actions/get-vault-secrets@main"
        with:
          common_secrets: |
            NFPM_SIGNING_KEY=packages-gpg:private-key
            NFPM_DEFAULT_PASSPHRASE=packages-gpg:passphrase

      - name: write-key
        run: printenv NFPM_SIGNING_KEY > $NFPM_SIGNING_KEY_FILE

      - name: test release
        run: make release-snapshot

      - name: test deb package
        run: |
          # podman is simpler to make it work with systemd inside containers
          podman run -d --name systemd-debian --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro jrei/systemd-debian:12
          podman cp ./dist/tempo_*_linux_amd64.deb systemd-debian:.
          podman cp ./tools/packaging/verify-deb-install.sh systemd-debian:.
          podman cp ./tools/packaging/wait-for-ready.sh systemd-debian:. 
          podman exec systemd-debian ./verify-deb-install.sh
          podman rm -f systemd-debian

      - name: test rpm package
        run: |
          podman run -d --name systemd-centos --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro jrei/systemd-centos:8
          podman cp ./dist/tempo_*_linux_amd64.rpm systemd-centos:.
          podman cp ./tools/packaging/verify-rpm-install.sh systemd-centos:.
          podman cp ./tools/packaging/wait-for-ready.sh systemd-centos:.
          podman exec systemd-centos ./verify-rpm-install.sh
          podman rm -f systemd-centos

      - name: release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: make release