-
Notifications
You must be signed in to change notification settings - Fork 2
182 lines (182 loc) · 6.81 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
# See GH-544 for detail
name: 🚀
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+*'
branches:
- main
paths:
- '.github/workflows/release.yml'
- 'lib/**'
- '**.gemspec'
- 'Gemfile'
- 'Rakefile'
- '.ruby-version'
pull_request:
paths:
- '.github/workflows/release.yml'
- 'lib/**'
- '**.gemspec'
- 'Gemfile'
- 'Rakefile'
- '.ruby-version'
workflow_dispatch:
jobs:
build:
timeout-minutes: 15
runs-on: 'ubuntu-24.04'
env:
# https://github.com/kachick/ruby-ulid/blob/104834846baf5caa1e8536a11c43acdd56fc849c/CONTRIBUTING.md#adding-dependencies-for-this-gem
BUNDLE_WITHOUT: development
outputs:
gem_file: ${{ steps.build.outputs.built_file }}
checksum_file: ${{ steps.isnpect.outputs.checksum_file }}
prerelease: ${{ steps.isnpect.outputs.prerelease }}
steps:
- uses: actions/checkout@v4
- uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
with:
# Enabling is the recommended way, but it cannot detect runner changes in early stage.
# So disable it is better for test job, do not mind in other jobs
bundler-cache: false # runs 'bundle install' and caches installed gems automatically
- run: bundle install
- name: Build
id: build
run: |
built_file="$(bundle exec rake validate_gem | ruby -e 'puts STDIN.read.slice(/\bFile: (ruby-ulid-\S+?\.gem)$/, 1)')"
package_name="$(basename --suffix '.gem' "$built_file")"
echo "built_file=$built_file" | tee --append "$GITHUB_OUTPUT"
echo "package_name=$package_name" | tee --append "$GITHUB_OUTPUT"
- name: Inspect
id: isnpect
run: |
gem install '${{ steps.build.outputs.built_file }}'
gem unpack '${{ steps.build.outputs.built_file }}'
tree '${{ steps.build.outputs.package_name }}'
checksum_file="${{ steps.build.outputs.package_name }}_checksums.txt"
sha256sum '${{ steps.build.outputs.built_file }}' | tee --append "$checksum_file"
echo "checksum_file=$checksum_file" | tee --append "$GITHUB_OUTPUT"
if [[ ${GITHUB_REF#refs/tags/} =~ ^v[0-9]+\.[0-9]+\.[0-9]+.+ ]]; then
echo 'prerelease=true' >> "$GITHUB_OUTPUT"
else
echo 'prerelease=false' >> "$GITHUB_OUTPUT"
fi
- name: Upload the gem file as an artifact
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: 'release-assets'
path: |
${{ steps.build.outputs.built_file }}
${{ steps.isnpect.outputs.checksum_file }}
check-installability:
needs: [build]
timeout-minutes: 15
strategy:
fail-fast: false
# Syntax https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs
matrix:
os:
- ubuntu-24.04
- macos-15 # aarch64
# - macos-13 # x86_64 - CPU arch does not affect for this gem (I think)
# - windows-2022 - Too slow. Please tell me if any Windows user is using this gem.
# For actual use-case, head is needless here
ruby: ['3.4', '3.3']
runs-on: ${{ matrix.os }}
steps:
# Required to checkout for gh command
- uses: actions/checkout@v4
- uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: false
- name: Download release-assets
env:
GH_TOKEN: ${{ github.token }}
# Do not use tree and 'tee --append; for macos and windows runner. Keep minimum
run: |
gh run download
- name: Make sure we can use the gem
run: |
gem install 'release-assets/${{ needs.build.outputs.gem_file }}'
ruby -r 'ulid' -e 'pp [ULID.generate, ULID.sample(3), ULID.parse(%q_01F4A5Y1YAQCYAYCTC7GRMJ9AA_)]'
github:
if: startsWith(github.ref, 'refs/tags/')
needs: [build, check-installability]
timeout-minutes: 15
runs-on: 'ubuntu-24.04'
env:
GH_TOKEN: ${{ github.token }}
steps:
# Required to checkout for gh command
- uses: actions/checkout@v4
- name: Download release-assets
run: |
gh run download
tree release-assets
- name: Wait other jobs
uses: kachick/[email protected]
timeout-minutes: 10
with:
skip-same-workflow: 'true'
skip-list: |
[
{
"workflowFile": "merge-bot-pr.yml"
}
]
- name: Publish as a prerelease version
# To be strict, prefer `!= false` than `== true`
if: ${{ needs.build.outputs.prerelease != 'false' }}
run: |
gh release create --verify-tag "$GITHUB_REF_NAME" --title "$GITHUB_REF_NAME" --prerelease release-assets/*
- name: Publish
if: ${{ needs.build.outputs.prerelease == 'false' }}
run: |
gh release create --verify-tag "$GITHUB_REF_NAME" --title "$GITHUB_REF_NAME" release-assets/*
rubygems:
if: startsWith(github.ref, 'refs/tags/')
needs: [build, check-installability, github]
timeout-minutes: 15
runs-on: 'ubuntu-24.04'
permissions:
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
# https://github.com/kachick/ruby-ulid/deployments/release
# https://github.com/kachick/ruby-ulid/settings/environments
environment: release
steps:
# Required to checkout for gh command
- uses: actions/checkout@v4
- uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
with:
bundler-cache: false
- name: Download release-assets
env:
GH_TOKEN: ${{ github.token }}
run: |
gh run download
tree release-assets
- name: Configure trusted publishing credentials
uses: rubygems/configure-rubygems-credentials@bc6dd217f8a4f919d6835fcfefd470ef821f5c44 # v1.0.0
# with:
# https://github.com/rubygems/configure-rubygems-credentials/blob/ca0ef5249c429db0cfc96ce44475ad2e6f4da260/README.md#L84-L93
# TODO: Update after we got reply in https://github.com/rubygems/configure-rubygems-credentials/issues/161
# role-to-assume: 3
- name: Wait other jobs
uses: kachick/[email protected]
timeout-minutes: 10
with:
skip-same-workflow: 'true'
skip-list: |
[
{
"workflowFile": "merge-bot-pr.yml"
}
]
- name: Publish
run: |
gem push 'release-assets/${{ needs.build.outputs.gem_file }}'
- name: Wait for release to propagate
run: |
gem exec rubygems-await 'release-assets/${{ needs.build.outputs.gem_file }}'