Replace release proces with new setup

pendulum-project · Apr 5, 2024 · 245c368 · 245c368
1 parent 7e93a0d
commit 245c368
Show file tree

Hide file tree

Showing 9 changed files with 258 additions and 186 deletions.
diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml
@@ -16,6 +16,7 @@ on:
   merge_group:
     branches:
       - main
+  workflow_call: {}
 
 jobs:
   build:

diff --git a/.github/workflows/packaging-v5.yaml b/.github/workflows/packaging-v5.yaml
@@ -11,21 +11,41 @@ on:
 
 jobs:
   package:
-    uses: pendulum-project/ploutos/.github/workflows/pkg-rust.yml@provide-debug-symbols
-    with:
-      workspace_package: ntpd
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        target:
+          - aarch64-unknown-linux-gnu
+          - armv7-unknown-linux-gnueabihf
+          - x86_64-unknown-linux-gnu
+          - i686-unknown-linux-gnu
+    steps:
+      - name: Setup packaging tools for cross compiled artifacts
+        uses: awalsh128/cache-apt-pkgs-action@a6c3917cc929dd0345bfb2d3feaf9101823370ad # v1.4.2
+        with:
+          packages: qemu-user-static crossbuild-essential-armhf crossbuild-essential-arm64 crossbuild-essential-i386
+          version: 1
 
-      package_build_rules: |
-        pkg: ntpd-rs
-        image:
-          - "rockylinux:9"
-          - "ubuntu:xenial"
-        target: x86_64
-        extra_build_args: "--features unstable_ntpv5"
+      - name: Install toolchain
+        uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248
+        with:
+          toolchain: "stable"
+          components: "llvm-tools"
 
-      package_test_scripts_path: pkg/test-scripts/test-ntpd-rs.sh
+      - name: Install cross, cargo-deb and cargo-generate-rpm
+        uses: taiki-e/install-action@4abee32ddd6d3482e57ba21814317997e6268efe
+        with:
+          tool: cross, cargo-deb, cargo-generate-rpm
 
-      rpm_scriptlets_path: pkg/rpm/scriptlets.toml
+      - name: Checkout sources
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
 
-      rpm_extra_build_packages: git
-      deb_extra_build_packages: git
+      - name: Build the release binaries
+        run: RELEASE_TARGETS="${{ matrix.target }}" RELEASE_FEATURES="unstable_ntpv5" utils/build-release.sh
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: release-binaries-${{ matrix.target }}
+          path: target/pkg/
+          if-no-files-found: error
diff --git a/.github/workflows/packaging.yaml b/.github/workflows/packaging.yaml
@@ -11,20 +11,134 @@ on:
 
 jobs:
   package:
-    uses: pendulum-project/ploutos/.github/workflows/pkg-rust.yml@provide-debug-symbols
-    with:
-      workspace_package: ntpd
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        target:
+          - aarch64-unknown-linux-gnu
+          - armv7-unknown-linux-gnueabihf
+          - x86_64-unknown-linux-gnu
+          - i686-unknown-linux-gnu
+    steps:
+      - name: Setup packaging tools for cross compiled artifacts
+        uses: awalsh128/cache-apt-pkgs-action@a6c3917cc929dd0345bfb2d3feaf9101823370ad # v1.4.2
+        with:
+          packages: qemu-user-static crossbuild-essential-armhf crossbuild-essential-arm64 crossbuild-essential-i386
+          version: 1
 
-      package_build_rules: |
-        pkg: ntpd-rs
-        image:
-          - "rockylinux:9"
-          - "ubuntu:xenial"
-        target: x86_64
+      - name: Install toolchain
+        uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248
+        with:
+          toolchain: "stable"
+          components: "llvm-tools"
 
-      package_test_scripts_path: pkg/test-scripts/test-ntpd-rs.sh
+      - name: Install cross, cargo-deb and cargo-generate-rpm
+        uses: taiki-e/install-action@4abee32ddd6d3482e57ba21814317997e6268efe
+        with:
+          tool: cross, cargo-deb, cargo-generate-rpm
 
-      rpm_scriptlets_path: pkg/rpm/scriptlets.toml
+      - name: Checkout sources
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+
+      - name: Build the release binaries
+        run: RELEASE_TARGETS="${{ matrix.target }}" utils/build-release.sh
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: release-binaries-${{ matrix.target }}
+          path: target/pkg/
+          if-no-files-found: error
+
+  gather:
+    needs: package
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download artifacts
+        uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
+        with:
+          pattern: release-binaries-*
+          path: target/pkg/
+          merge-multiple: true
+      - name: Create a SHA256SUMS file
+        run: |
+          cd target/pkg/
+          rm -rf SHA256SUMS
+          sha256sum -b * > SHA256SUMS
+      - name: Upload artifacts
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: release-binaries
+          path: target/pkg/
+          if-no-files-found: error
+
+  checks:
+    uses: './.github/workflows/checks.yaml'
+
+  release:
+    needs: [gather, checks]
+    runs-on: ubuntu-latest
+    if: ${{ startsWith(github.ref, 'refs/heads/release/') }}
+    permissions:
+      # This part of the release pipeline needs to create a tag and a release
+      contents: write
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Download artifacts
+        uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
+        with:
+          name: release-binaries
+          path: target/pkg/
+
+      - name: Install toolchain
+        uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248
+        with:
+          toolchain: "stable"
+          components: "llvm-tools"
+
+      - name: Check that the release commit is verified
+        run: |
+          commit_url="${{ github.api_url }}/repos/${{ github.repository }}/commits/${{ github.sha }}"
+          json_accept_header="Accept: application/vnd.github+json"
+          auth_bearer_header="Authorization: Bearer ${{ github.token }}"
+          test "$(curl -sf -H "$json_accept_header" -H "$auth_bearer_header" "$commit_url" | jq .commit.verification.verified)" == "true"
+
+      - name: Read the version from the manifest file
+        run: echo "release_version=$(cargo read-manifest --manifest-path ntpd/Cargo.toml | jq -r .version)" >> "$GITHUB_ENV"
+
+      - name: Version in Cargo.toml must match the branch name
+        run: test "release/$release_version" == "${{ github.ref_name }}"
+
+      - name: Ensure there is not already a released tag with a non-draft release
+        run: test "$(gh release view "v$release_version" --json isDraft --jq .isDraft 2>/dev/null || echo "true")" == "true"
+
+      - name: Verify that the changelog top most entry concerns this release
+        run: |
+          release_notes="$(awk '/^## / && !found { found=1; print; next } /^## / && found { exit } found { print }' CHANGELOG.md)"
+          release_notes_header="$(echo "$release_notes" | head -1)"
+          echo "Found release notes for '$release_notes_header'"
+          release_notes_body="$(echo "$release_notes" | tail +2)"
+          release_notes_body="${release_notes_body#"${release_notes_body%%[![:space:]]*}"}"
+          release_notes_body="${release_notes_body%"${release_notes_body##*[![:space:]]}"}"
+          release_notes_version="$(echo "$release_notes_header" | cut -d' ' -f2 | sed 's/[][]//g')"
+          echo "Found version '$release_notes_version' in release notes"
+          test "$release_notes_version" == "${{ env.release_version }}"
+          {
+            echo "release_notes_body<<RELEASE_NOTES_EOF"
+            echo "$release_notes_body"
+            echo RELEASE_NOTES_EOF
+          } >> "$GITHUB_ENV"
+
+      - name: Create a draft release
+        uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.4
+        with:
+          draft: true
+          fail_on_unmatched_files: true
+          tag_name: "v${{ env.release_version }}"
+          target_commitish: "${{ github.sha }}"
+          name: "Version ${{ env.release_version }}"
+          files: target/pkg/*
+          body: "${{ env.release_notes_body }}"
 
-      rpm_extra_build_packages: git
-      deb_extra_build_packages: git
diff --git a/Cross.toml b/Cross.toml
@@ -0,0 +1,5 @@
+[target.x86_64-unknown-linux-gnu]
+image = "ghcr.io/cross-rs/x86_64-unknown-linux-gnu"
+
+[target.aarch64-unknown-linux-gnu]
+image = "ghcr.io/cross-rs/aarch64-unknown-linux-gnu"
diff --git a/docs/development-process.md b/docs/development-process.md
@@ -27,31 +27,26 @@ To determine what version to release we keep to semantic versioning:
 
 - [ ] Run `utils/update-version.sh [version]`
 - [ ] Update `CHANGELOG.md` with the new version, remove any `Unreleased`
-      section in the changelog.
-- [ ] `git switch -c release/[version]`
-- [ ] `git commit -a -S -m "Release [version]"`
+      section in the changelog. Make sure the to release version is the top most
+      section of the changelog. Also make sure the diff link is updated at the
+      bottom of the document.
+- [ ] `git switch -c release/[version]` (the branch name must match this format)
+- [ ] `git commit -a -S -m "Release [version]"` (a signed commit is required)
 - [ ] `git push -u origin release/[version]`
-- [ ] Wait for all actions to finish and succeed, make sure both the checks and
-      the packaging workflow succeed.
-- [ ] Either create a PR and let someone review the release, or directly merge
-      into the target branch (for most releases this will be `main`).
-- [ ] On the merged commit, create a new (signed) tag:
-      `git tag -a -s -m "Version [version]" v[version]`
-- [ ] Push the tag to GitHub: `git push origin v[version]`
-- [ ] Release on crates.io by running `utils/release.sh`
-- [ ] Download the artifacts by running `utils/prepare-artifacts.sh --api-token [github-api-token] --run-id [run-id] --download-artifacts --delete-zips --reset`
-      The run id can be extracted from the URL by going to the `Actions` page on
-      GitHub and clicking through to the specific packaging run. A GitHub API
-      token can be generated by going to your personal settings (via your
-      profile picture), clicking on `Developer settings` (at the bottom) and
-      generating a new 'Fine grained personal access token'. Easiest way here
-      is to select 'All repositories' and then enabling the Actions 'Read-only'
-      permission.
-- [ ] Create a new release on GitHub: https://github.com/pendulum-project/ntpd-rs/releases/new
-- [ ] Pick the tag just pushed.
-- [ ] Set the title to `Version [version]`.
-- [ ] Add the contents of the changelog specific to this version to the body
-      of the release. You may add any additional text at the top of the release
-      text.
-- [ ] Upload all the files in the `target/pkg` directory.
-- [ ] Publish the release.
+- [ ] Wait for the github actions pipelines to complete, take special care of
+      the packaging pipeline
+- [ ] Go to the releases page on Github and find the draft release, check if the
+      binaries have been properly generated.
+- [ ] Let somebody review the branch
+- [ ] WARNING: only merge the branch to main if it is fully up to date compared
+      to main, don't let any other branches on the merge queue in the mean time.
+      You could also store the release on a non-main branch, but make sure to
+      sync the main branch at a later time in that case to update the changelog
+      on main.
+- [ ] Go to the releases page on GitHub and find the draft release, edit the
+      draft release and make it public, this should also create a tag on the
+      repository.
+- [ ] On your local computer, checkout the specific commit that was tagged by
+      GitHub (i.e. `git fetch && git switch --detach v[version]`)
+- [ ] Run `utils/release.sh` to publish the crates.io packages
+
diff --git a/pkg/rpm/scriptlets.toml b/pkg/rpm/scriptlets.toml
@@ -63,6 +63,7 @@ if [ $1 -eq 0 ] ; then
     # Package removal, not upgrade
     # Run commands equivalent to what the RPM systemd macros would do
     systemd_preun ntpd-rs.service
+    systemd_preun ntpd-rs-metrics.service
     systemd_triggers
 fi
 '''

diff --git a/pkg/test-scripts/test-ntpd-rs.sh b/pkg/test-scripts/test-ntpd-rs.sh
@@ -13,6 +13,7 @@ case $1 in
       # and configuration validates.
       echo -e "\nNTPD-RS HELP OUTPUT:"
       /usr/bin/ntp-daemon --help
+      /usr/bin/ntp-metrics-exporter --help
       /usr/bin/ntp-ctl validate
 
       # # Ensure that the systemd service is running

diff --git a/utils/build-release.sh b/utils/build-release.sh
@@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+: "${RELEASE_TARGETS:=aarch64-unknown-linux-gnu,armv7-unknown-linux-gnueabihf,x86_64-unknown-linux-gnu,i686-unknown-linux-gnu}"
+IFS=',' read -r -a targets <<< "$RELEASE_TARGETS"
+
+target_dir="target/pkg"
+
+rm -rf "$target_dir"
+mkdir -p "$target_dir"
+
+package_version=$(cargo read-manifest --manifest-path ntpd/Cargo.toml | jq -r .version)
+toolchain=$(rustup show active-toolchain | cut -d' ' -f1)
+host_target=$(echo "$toolchain" | cut -d'-' -f2-)
+sysroot=$(rustc --print sysroot)
+llvm_tools_path="$sysroot/lib/rustlib/$host_target/bin"
+
+echo "--- Running on toolchain '${toolchain}', make sure the llvm-tools component is installed"
+echo "--- Host target is '$host_target'"
+
+for target in "${targets[@]}"; do
+    dbg_sym_tar="ntpd-rs_dbg_$package_version-$target.tar.gz"
+
+    echo "--- Calling cross for building ntpd package for target '$target'"
+    cross build --target "$target" --package ntpd --release --features "${RELEASE_FEATURES:-}"
+
+    echo "--- Creating separate debug symbol files for target '$target'"
+    (
+        cd "target/$target/release"
+        find . -maxdepth 1 -type f -executable -print0 | while IFS= read -r -d '' file; do
+            echo "--- Writing debug symbols from '$file' to '$file.dbg'"
+            "$llvm_tools_path/llvm-strip" --only-keep-debug -o "$file.dbg" "$file"
+            chmod -x "$file.dbg"
+            echo "--- Removing all symbols from binary '$file'"
+            "$llvm_tools_path/llvm-strip" -s "$file"
+        done
+    );
+
+    echo "--- Create tar for debug symbols"
+    (
+        cd "target/$target/release"
+        rm -f "$dbg_sym_tar"
+        find . -maxdepth 1 -type f -name '*.dbg' -exec tar uvf "$dbg_sym_tar" {} +
+    );
+
+    echo "--- Creating deb package"
+    cargo deb --no-build --no-strip --target "$target" --compress-type xz --package ntpd
+
+    echo "--- Creating rpm package"
+    cargo generate-rpm --payload-compress xz --package ntpd --target "$target" --target-dir target
+
+    echo "--- Copying output files to target"
+    cp "target/$target/release/$dbg_sym_tar" "$target_dir/"
+    find "target/$target/debian" -maxdepth 1 -type f -name '*.deb' -exec cp "{}" "$target_dir/" \;
+    find "target/$target/generate-rpm" -maxdepth 1 -type f -name '*.rpm' -exec cp "{}" "$target_dir/" \;
+done
+
+echo "--- Generating SHA256SUMS file"
+(
+    cd $target_dir
+    sha256sum -b * > SHA256SUMS
+)
+
+echo "--- Done, output is in $target_dir"
+
+
-Original file line number
+Diff line change
@@ Expand Up / @@ -16,6 +16,7 @@ on: @@
       merge_group:
         branches:
           - main
+      workflow_call: {}
     jobs:
       build:
@@ Expand Down @@