From 852f08f52663d5725bdb549b2bd26d4d2991bdff Mon Sep 17 00:00:00 2001
From: Horst Gutmann <horst.gutmann@grafana.com>
Date: Wed, 13 Nov 2024 18:45:10 +0100
Subject: [PATCH] Merge release-please and release-binaries workflows

---
 .github/workflows/release-binaries.yml | 98 --------------------------
 .github/workflows/release-please.yml   | 83 ++++++++++++++++++----
 2 files changed, 71 insertions(+), 110 deletions(-)
 delete mode 100644 .github/workflows/release-binaries.yml

diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml
deleted file mode 100644
index f0f4fe837..000000000
--- a/.github/workflows/release-binaries.yml
+++ /dev/null
@@ -1,98 +0,0 @@
-name: Release binaries
-
-on:
-  release:
-    types:
-      - created
-
-jobs:
-  build-binaries:
-    runs-on: ubuntu-latest
-    steps:
-      - id: get-secrets
-        uses: grafana/shared-workflows/actions/get-vault-secrets@main
-        with:
-          repo_secrets: |
-            TANKABOT_APP_ID=tankabot_app:id
-            TANKABOT_APP_PRIVATE_KEY=tankabot_app:private_key
-
-      - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
-        id: app-token
-        with:
-          app-id: ${{ env.TANKABOT_APP_ID }}
-          private-key: ${{ env.TANKABOT_APP_PRIVATE_KEY }}
-
-      # At first we should wait for a release to be created by the
-      # release-please workflow
-      - name: Check for release
-        id: lookup-release
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          script: |
-            const timers = require('node:timers/promises');
-            const ref = context.ref;
-            if (!ref.startsWith('refs/tags/')) {
-              core.setFailed('Not a valid ref');
-              return;
-            }
-            const currentTag = ref.substring('refs/tags/'.length);
-            core.info(`Looking for release associated with '${currentTag}'`);
-            let remainingAttempts = 6;
-            while (remainingAttempts > 0) {
-              try {
-                const release = await github.rest.repos.getReleaseByTag({owner: context.repo.owner, repo: context.repo.repo, tag: currentTag});
-                core.info(`Release found: ${release.data.id}'`);
-                core.setOutput('release_id', release.data.id);
-                return;
-              } catch (e) {
-                if (remainingAttempts === 1) {
-                  if (e.status !== 404) {
-                    console.log(e);
-                  }
-                }
-                remainingAttempts -= 1;
-                await timers.setTimeout(10000);
-              }
-            }
-            core.setFailed('Release not found');
-
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
-        with:
-          # https://github.com/actions/checkout/issues/1467 
-          fetch-depth: 0
-
-      - uses: ./.github/actions/setup-goversion
-
-      - name: Build binaries
-        run: make cross
-
-      - name: Attach binaries
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          github-token: ${{ steps.app-token.outputs.token }}
-          script: |
-            const path = require('node:path');
-            const fs = require('node:fs/promises');
-
-            const releaseId = '${{ steps.lookup-release.outputs.release_id }}';
-            const globber = await glob.create('dist/*');
-
-            for await (const file of globber.globGenerator()) {
-              const filename = path.basename(file);
-              try {
-                await github.rest.repos.uploadReleaseAsset({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  release_id: releaseId,
-                  name: filename,
-                  data: await fs.readFile(file),
-                });
-              } catch (e) {
-                if (e.status === 422) {
-                  core.setFailed(`${filename} already attached to release`);
-                  return;
-                }
-                throw e;
-              }
-            }
-
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
index e30a552d5..b75873f80 100644
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -12,22 +12,81 @@ name: release-please
 jobs:
   release-please:
     runs-on: ubuntu-latest
-    steps:
-      - id: get-secrets
-        uses: grafana/shared-workflows/actions/get-vault-secrets@main
-        with:
-          repo_secrets: |
-            TANKABOT_APP_ID=tankabot_app:id
-            TANKABOT_APP_PRIVATE_KEY=tankabot_app:private_key
+    outputs:
+      release_created: "${{ steps.release-please.outputs.release_created }}"
+      release_tag: "${{ steps.release-please.outputs.tag_name }}"
 
-      - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
-        id: app-token
+    steps:
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
-          app-id: ${{ env.TANKABOT_APP_ID }}
-          private-key: ${{ env.TANKABOT_APP_PRIVATE_KEY }}
+          # https://github.com/actions/checkout/issues/1467 
+          fetch-depth: 0
 
       - uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4.1.3
+        id: release-please
         with:
           config-file: .release-please.json
           manifest-file: .release-please-manifest.json
-          github-token: ${{ steps.app-token.outputs.token }}
+          github-token: ${{ github.secret }}
+
+  # If a release was created, also create the binaries and attach them
+  release-binaries:
+    runs-on: ubuntu-latest
+    needs:
+      - release-please
+    if: needs.release-please.outputs.release_created
+
+    steps:
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        with:
+          # https://github.com/actions/checkout/issues/1467 
+          fetch-depth: 0
+          ref: "${{ needs.release-please.outputs.release_tag }}"
+
+      - name: Look up release
+        id: lookup-release
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            const currentTag = "${{ needs.release-please.outputs.release_tag }}";
+            core.info(`Looking for release associated with '${currentTag}'`);
+            const release = await github.rest.repos.getReleaseByTag({owner: context.repo.owner, repo: context.repo.repo, tag: currentTag});
+            core.info(`Release found: ${release.data.id}'`);
+            core.setOutput('release_id', release.data.id);
+
+
+      - uses: ./.github/actions/setup-goversion
+
+      - name: Build binaries
+        run: make cross
+
+      - name: Attach binaries
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          github-token: ${{ github.token }}
+          script: |
+            const path = require('node:path');
+            const fs = require('node:fs/promises');
+
+            const releaseId = '${{ steps.lookup-release.outputs.release_id }}';
+            const globber = await glob.create('dist/*');
+
+            for await (const file of globber.globGenerator()) {
+              const filename = path.basename(file);
+              try {
+                await github.rest.repos.uploadReleaseAsset({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  release_id: releaseId,
+                  name: filename,
+                  data: await fs.readFile(file),
+                });
+              } catch (e) {
+                if (e.status === 422) {
+                  core.setFailed(`${filename} already attached to release`);
+                  return;
+                }
+                throw e;
+              }
+            }
+