Publish Release #129
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish Release | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: 'Version for Release.' | |
required: false | |
default: '' | |
skip_checks: | |
type: boolean | |
required: false | |
default: false | |
description: 'Use this to skip: check-changelog and check-upgrade-handler-updated go straight to approval step.' | |
skip_release: | |
type: boolean | |
required: false | |
default: false | |
description: 'If this is true it will simply execute all the steps for a release prior to actually cutting the release, then stop' | |
concurrency: | |
group: publish-release | |
cancel-in-progress: false | |
jobs: | |
check_branch: | |
if: ${{ (startsWith(github.ref, 'refs/heads/release/v') || startsWith(github.ref, 'refs/heads/hotfix/v')) }} | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Branch | |
run: | | |
echo "${{ github.ref }}" | |
check-goreleaser: | |
if: ${{ github.event.inputs.skip_checks != 'true' }} | |
runs-on: ${{ vars.RELEASE_RUNNER }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Release build dry-run | |
run: | | |
make release-dry-run | |
check-changelog: | |
needs: | |
- check_branch | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout code | |
if: ${{ github.event.inputs.skip_checks != 'true' }} | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Get latest commit SHA of Develop & Current Branch | |
if: ${{ github.event.inputs.skip_checks != 'true' }} | |
id: get-develop-sha | |
run: | | |
SHA=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
https://api.github.com/repos/${{ github.repository }}/git/ref/heads/develop | jq -r '.object.sha') | |
echo "DEVELOP_SHA=${SHA}" >> ${GITHUB_ENV} | |
echo "CURRENT_BRANCH_SHA=${{ github.sha }}" >> ${GITHUB_ENV} | |
- name: Check for CHANGELOG.md changes | |
if: ${{ github.event.inputs.skip_checks != 'true' }} | |
run: | | |
echo "Check the changelog has actually been updated from whats in develop" | |
echo "DEVELOP BRANCH SHA: ${DEVELOP_SHA}" | |
echo "CURRENT BRANCH SHA: ${CURRENT_BRANCH_SHA}" | |
CHANGELOG_DIFF=$(git diff ${DEVELOP_SHA}..${CURRENT_BRANCH_SHA} -- changelog.md) | |
echo "${CHANGELOG_DIFF}" | |
if [ -z "$CHANGELOG_DIFF" ]; then | |
echo "ERROR: No changes detected in CHANGELOG.md. Please update the changelog." | |
exit 1 | |
else | |
echo "CHANGELOG.md has been updated." | |
fi | |
- name: Mark Job Complete Skipped | |
if: ${{ github.event.inputs.skip_checks == 'true' }} | |
shell: bash | |
run: | | |
echo "continue" | |
check-upgrade-handler-updated: | |
needs: | |
- check_branch | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/checkout@v4 | |
if: ${{ github.event.inputs.skip_checks != 'true' }} | |
with: | |
fetch-depth: 0 | |
- name: Major Version in Upgrade Handler Must Match Tag | |
if: ${{ github.event.inputs.skip_checks != 'true' }} | |
run: | | |
UPGRADE_HANDLER_MAJOR_VERSION=$(cat app/setup_handlers.go | grep "const releaseVersion" | cut -d ' ' -f4 | tr -d '"' | cut -d '.' -f 1 | tr -d '\n') | |
USER_INPUT_VERSION=$(echo "${{ github.event.inputs.version }}" | cut -d '.' -f 1 | tr -d '\n') | |
echo "Upgrade Handler Major Version: ${UPGRADE_HANDLER_MAJOR_VERSION}" | |
echo "User Inputted Release Version: ${USER_INPUT_VERSION}" | |
if [ ${USER_INPUT_VERSION} != $UPGRADE_HANDLER_MAJOR_VERSION ]; then | |
echo "ERROR: The input version doesn't match the release handler for the branch selected. Please ensure the upgrade handler of the branch you selected when you ran the pipeline matches the input version." | |
echo "Did you forget to update the 'releaseVersion' in app/setup_handlers.go?" | |
exit 1 | |
fi | |
echo "The major version found in 'releaseVersion' in app/setup_handlers.go matches this tagged release - Moving Forward!" | |
- name: Mark Job Complete Skipped | |
if: ${{ github.event.inputs.skip_checks == 'true' }} | |
shell: bash | |
run: | | |
echo "continue" | |
publish-release: | |
permissions: | |
id-token: write | |
contents: write | |
attestations: write | |
if: ${{ github.event.inputs.skip_release == 'false' }} | |
needs: | |
- check-changelog | |
- check-upgrade-handler-updated | |
- check_branch | |
- check-goreleaser | |
runs-on: ${{ vars.RELEASE_RUNNER }} | |
timeout-minutes: 60 | |
environment: release | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Pipeline Dependencies | |
uses: ./.github/actions/install-dependencies | |
timeout-minutes: 8 | |
with: | |
cpu_architecture: ${{ env.CPU_ARCH }} | |
skip_python: "true" | |
skip_aws_cli: "true" | |
skip_docker_compose: "true" | |
- name: Change Log Release Notes. | |
id: release_notes | |
run: | | |
cat changelog.md > ${{ github.workspace }}-CHANGELOG.txt | |
cat ${{ github.workspace }}-CHANGELOG.txt | |
- name: Set Version | |
run: | | |
echo "GITHUB_TAG_MAJOR_VERSION=${{ github.event.inputs.version }}" >> ${GITHUB_ENV} | |
- name: Set CPU Architecture | |
shell: bash | |
run: | | |
if [ "$(uname -m)" == "aarch64" ]; then | |
echo "CPU_ARCH=arm64" >> $GITHUB_ENV | |
elif [ "$(uname -m)" == "x86_64" ]; then | |
echo "CPU_ARCH=amd64" >> $GITHUB_ENV | |
else | |
echo "Unsupported architecture" >&2 | |
exit 1 | |
fi | |
- name: Create Release Tag | |
shell: bash | |
run: | | |
git tag ${GITHUB_TAG_MAJOR_VERSION} | |
create_tag=$(git push --tags || echo "tag exists") | |
if [[ $create_tag == "tag exists" ]]; then | |
echo "Delete existing tag to re-create" | |
git tag -d ${GITHUB_TAG_MAJOR_VERSION} | |
git push --delete origin ${GITHUB_TAG_MAJOR_VERSION} | |
echo "sleep for 5 seconds to let github catch up." | |
sleep 5 | |
echo "Re-Create Tag." | |
git tag ${GITHUB_TAG_MAJOR_VERSION} | |
git push --tags | |
fi | |
- name: Create GitHub Release | |
uses: softprops/action-gh-release@v1 | |
with: | |
prerelease: true | |
token: ${{ secrets.GITHUB_TOKEN }} | |
body_path: ${{ github.workspace }}-CHANGELOG.txt | |
tag_name: ${{ env.GITHUB_TAG_MAJOR_VERSION }} | |
- name: Publish Release Files | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GORELEASER_CURRENT_TAG: ${{ env.GITHUB_TAG_MAJOR_VERSION }} | |
run: | | |
touch .release-env | |
make release | |
- name: Artifact Attestations | |
id: attestation | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-path: | | |
dist/zetacored_**/* | |
dist/zetaclientd_**/* | |
dist/checksums.txt | |
- name: Upload Attestation Bundle | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
shell: bash | |
run: | | |
gh release upload ${{ env.GITHUB_TAG_MAJOR_VERSION }} ${{ steps.attestation.outputs.bundle-path }} | |
- name: Clean Up Workspace | |
if: always() | |
shell: bash | |
run: sudo rm -rf * || echo "failed to cleanup workspace please investigate" |