add release workflow (#5742)

Author: pdabelf5

.github/workflows/ci.yml

@@ -195,7 +195,7 @@ jobs:
         with:
           minor-label: "enhancement"
           major-label: "change"
-          publish: ${{ github.ref_type == 'tag' }}
+          publish: ${{ github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true' }}
           collapse-after: 50
           variables: |
             helm-chart=${{ needs.checks.outputs.chart_version }}
@@ -234,17 +234,17 @@ jobs:
 
       - name: Download Syft
         uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0
-        if: github.ref_type == 'tag'
+        if: ${{ github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true' }}
 
       - name: Install Cosign
         uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
-        if: github.ref_type == 'tag'
+        if: ${{ github.ref_type == 'tag' && vars.OLD_RELEASE_FLOW == 'true' }}
 
       - name: Build binaries
         uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
         with:
           version: latest
-          args: ${{ github.ref_type == 'tag' && 'release' || 'build --snapshot' }} --clean
+          args: build --snapshot --clean
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GOPATH: ${{ needs.checks.outputs.go_path }}
@@ -256,10 +256,6 @@ jobs:
           AWS_NAP_WAF_PUB_KEY: ${{ secrets.AWS_NAP_WAF_PUB_KEY }}
           AWS_NAP_WAF_DOS_PRODUCT_CODE: ${{ secrets.AWS_NAP_WAF_DOS_PRODUCT_CODE }}
           AWS_NAP_WAF_DOS_PUB_KEY: ${{ secrets.AWS_NAP_WAF_DOS_PUB_KEY }}
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_COMMUNITY }}
-          AZURE_STORAGE_ACCOUNT: ${{ secrets.AZURE_STORAGE_ACCOUNT }}
-          AZURE_STORAGE_KEY: ${{ secrets.AZURE_STORAGE_KEY }}
-          AZURE_BUCKET_NAME: ${{ secrets.AZURE_BUCKET_NAME }}
           GORELEASER_CURRENT_TAG: "v${{ needs.checks.outputs.ic_version }}"
         if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }}
 

.github/workflows/update-docker-sha.yml

@@ -15,6 +15,8 @@ on:
       dry_run:
         type: boolean
         default: false
+  schedule:
+    - cron: "0 1 * * 1-5" # 01:00 UTC Mon-Fri
 
 defaults:
   run:
@@ -24,15 +26,32 @@ permissions:
   contents: read
 
 jobs:
+  vars:
+    permissions:
+      contents: read
+    runs-on: ubuntu-22.04
+    outputs:
+      source_branch: ${{ steps.vars.outputs.source_branch }}
+    steps:
+      - name: Set vars
+        id: vars
+        run: |
+          source_branch=main
+          if ${{ inputs.source_branch }}; then
+            source_branch=${{ inputs.source_branch }}
+          fi
+          echo "source_branch=${source_branch}" >> $GITHUB_OUTPUT
+
   update-docker-sha:
     permissions:
       contents: write
     runs-on: ubuntu-22.04
+    needs: [vars]
     steps:
       - name: Checkout Repository
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
-          ref: ${{ inputs.source_branch }}
+          ref: ${{ needs.vars.outputs.source_branch }}
 
       - name: Update images
         id: update_images
@@ -59,7 +78,7 @@ jobs:
           token: ${{ secrets.NGINX_PAT }}
           commit-message: Update docker images ${{ steps.update_images.outputs.docker_md5 }}
           title: Docker image update ${{ steps.update_images.outputs.docker_md5 }}
-          branch: chore/image-update-${{ inputs.source_branch }}-${{ steps.update_images.outputs.docker_md5 }}
+          branch: chore/image-update-${{ needs.vars.outputs.source_branch }}-${{ steps.update_images.outputs.docker_md5 }}
           author: nginx-bot <integrations@nginx.com>
           labels: |
             dependencies