-
Notifications
You must be signed in to change notification settings - Fork 74
342 lines (302 loc) · 12.1 KB
/
release-branch.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
name: Release Agent V3
on:
workflow_dispatch:
inputs:
githubRelease:
description: 'Setup release in github'
type: boolean
default: false
buildPackages:
description: 'Build packages'
default: true
type: boolean
packageVersion:
description: 'Package version number'
default: "3.0.0"
type: string
uploadAzure:
description: 'Publish packages Azure storage'
default: true
type: boolean
publishPackages:
description: 'Publish packages to up-ap.nginx.com'
default: true
type: boolean
tagRelease:
description: 'Add tag to release branch'
default: false
type: boolean
createPullRequest:
description: 'Create pull request back into v3'
default: false
type: boolean
releaseBranch:
description: 'Release branch to build & publish from'
required: true
type: string
env:
NFPM_VERSION: 'v2.35.3'
defaults:
run:
shell: bash
concurrency:
group: ${{ github.ref_name }}-v3-release
cancel-in-progress: true
permissions:
contents: read
jobs:
vars:
name: Set workflow variables
runs-on: ubuntu-22.04
outputs:
github_release: ${{steps.vars.outputs.github_release }}
build_packages: ${{steps.vars.outputs.build_packages }}
upload_azure: ${{steps.vars.outputs.upload_azure }}
publish_packages: ${{steps.vars.outputs.publish_packages }}
tag_release: ${{steps.vars.outputs.tag_release }}
create_pull_request: ${{steps.vars.outputs.create_pull_request }}
steps:
- name: Checkout Repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
ref: ${{ inputs.releaseBranch }}
- name: Set variables
id: vars
run: |
echo "github_release=${{ inputs.githubRelease }}" >> $GITHUB_OUTPUT
echo "build_packages=${{ inputs.buildPackages }}" >> $GITHUB_OUTPUT
echo "upload_azure=${{ inputs.uploadAzure }}" >> $GITHUB_OUTPUT
echo "publish_packages=${{ inputs.publishPackages }}" >> $GITHUB_OUTPUT
echo "tag_release=${{ inputs.tagRelease }}" >> $GITHUB_OUTPUT
echo "create_pull_request=${{ inputs.createPullRequest }}" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
release-draft:
name: Update Release Draft
runs-on: ubuntu-22.04
needs: [vars]
outputs:
release_id: ${{ steps.vars.outputs.RELEASE_ID }}
steps:
- name: Checkout Repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
ref: ${{ inputs.releaseBranch }}
- name: Setup Node Environment
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
- name: Create Draft Release
if: ${{ needs.vars.outputs.github_release == 'true' }}
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
id: release
env:
version: ${{ inputs.packageVersion }}
with:
script: |
const {version} = process.env
console.log(`The release version is v${version}`)
const releases = (await github.rest.repos.listReleases({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
per_page: 100,
})).data
const latest_release = (await github.rest.repos.getLatestRelease({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
})).data.tag_name
console.log(`The latest release was ${latest_release}`)
if (latest_release === "v"+version) {
core.setFailed(`A published release already exists for ${latest_release}`)
} else {
const draft = releases.find((r) => r.draft && r.tag_name === "v"+version)
const draft_found = !(draft === undefined)
let release
if (draft_found){
console.log("Draft release already exists. Deleting current draft release and recreating it")
release = (await github.rest.repos.deleteRelease({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
release_id: draft.id,
}))
}
const release_notes = (await github.rest.repos.generateReleaseNotes({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
tag_name: "v"+version,
previous_tag_name: latest_release,
target_commitish: ref,
}))
const footer = `
## Resources
- Documentation -- https://github.com/nginx/agent#readme
`
release = (await github.rest.repos.createRelease({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
tag_name: "v"+version,
target_commitish: ref,
name: "v"+version,
body: release_notes.data.body + footer,
draft: true,
}))
console.log(`Release created: ${release.data.html_url}`)
console.log(`Release ID: ${release.data.id}`)
console.log(`Release notes: ${release_notes.data.body}`)
console.log(`Release Upload URL: ${release.data.upload_url}`)
return {
version: version,
release_id: release.data.id,
release_upload_url: release.data.upload_url,
}
}
- name: Set Environment Variables
id: vars
run: |
echo "RELEASE_ID=$(echo '${{steps.release.outputs.result}}' | jq -r '.release_id')" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
tag-release:
name: Tag Release
runs-on: ubuntu-22.04
needs: [vars,release-draft]
steps:
- name: Checkout Repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
ref: ${{ inputs.releaseBranch }}
- name: Tag release
run: |
git config --global user.name 'github-actions'
git config --global user.email '41898282+github-actions[bot]@users.noreply.github.com'
git tag -a "v${{ inputs.packageVersion }}" -m "CI Autogenerated"
- name: Push Tags
if: ${{ needs.vars.outputs.tag_release == 'true' }}
run: |
git push origin "v${{ inputs.packageVersion }}"
upload-packages:
name: Upload packages
runs-on: ubuntu-22.04
needs: [vars,release-draft,tag-release]
steps:
- name: Checkout Repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
ref: ${{ inputs.releaseBranch }}
- name: Setup go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version-file: 'go.mod'
- name: Setup package build environment
run: |
go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }}
sudo apt-get update
sudo apt-get install -y gpgv1 monkeysphere
make install-tools
export PATH=$PATH:~/go/bin
nfpm --version
- name: Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
- name: Build Docker Image
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
file: scripts/packages/packager/Dockerfile
tags: build-signed-packager:1.0.0
context: '.'
push: false
load: true
cache-from: type=gha,scope=build-signed-packager
cache-to: type=gha,scope=build-signed-packager,mode=max
build-args: |
package_type=signed-package
- name: Build Packages
env:
GPG_KEY: ${{ secrets.gpg-key }}
NFPM_SIGNING_KEY_FILE: .key.asc
VERSION: ${{ inputs.packageVersion }}
run: |
export PATH=$PATH:~/go/bin
echo "$GPG_KEY" | base64 --decode > ${NFPM_SIGNING_KEY_FILE}
make package
- name: Azure Login
if: ${{ inputs.uploadAzure == true }}
uses: azure/login@8c334a195cbb38e46038007b304988d888bf676a # v2.0.0
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Azure Upload Release Packages
if: ${{ inputs.uploadAzure == true }}
uses: azure/CLI@965c8d7571d2231a54e321ddd07f7b10317f34d9 # v2.0.0
with:
inlineScript: |
for i in ./build/azure/packages/nginx-agent*; do
echo "Uploading ${i} to nginx-agent/${GITHUB_REF##*/}/${i##*/}"
az storage blob upload --auth-mode=login -f "$i" -c ${{ secrets.AZURE_CONTAINER_NAME }} \
--account-name ${{ secrets.AZURE_ACCOUNT_NAME }} --overwrite -n nginx-agent/${GITHUB_REF##*/}/${i##*/}
done
- name: Install GPG tools
if: ${{ inputs.publishPackages == true }}
run: |
sudo apt-get update
sudo apt-get install -y gpgv1 monkeysphere
- name: Get Id Token
if: ${{ inputs.publishPackages == true }}
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
id: idtoken
with:
script: |
let id_token = await core.getIDToken()
core.setOutput('id_token', id_token)
- name: Publish Release Packages
if: ${{ inputs.publishPackages == true }}
env:
TOKEN: ${{ steps.idtoken.outputs.id_token }}
GPG_KEY: ${{ secrets.INDIGO_GPG_AGENT }}
NFPM_SIGNING_KEY_FILE: .key.asc
run: |
echo "${GPG_KEY}" | base64 --decode > ${NFPM_SIGNING_KEY_FILE}
make gpg-key
make release
- name: Upload Release Assets
if: ${{ needs.vars.outputs.github_release == 'true' }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# clobber overwrites existing assets of the same name
run: |
gh release upload --clobber v${{ inputs.packageVersion }} \
$(find ./build/github/packages -type f \( -name "*.deb" -o -name "*.rpm" -o -name "*.pkg" -o -name "*.apk" \))
- name: Publish Github Release
if: ${{ needs.vars.outputs.github_release == 'true' }}
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const {RELEASE_ID} = process.env
const release = (await github.rest.repos.updateRelease({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
release_id: `${RELEASE_ID}`,
draft: false,
}))
console.log(`Release published: ${release.data.html_url}`)
env:
RELEASE_ID: ${{ needs.release-draft.outputs.release_id }}
merge-release:
if: ${{ needs.vars.outputs.create_pull_request == 'true' }}
name: Publish packages
runs-on: ubuntu-22.04
needs: [vars,tag-release]
steps:
- name: Checkout Repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
with:
ref: ${{ inputs.releaseBranch }}
- name: Create Pull Request
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
const { repo, owner } = context.repo;
const result = await github.rest.pulls.create({
title: 'Merge ${{ github.ref_name }} back into v3',
owner,
repo,
head: '${{ github.ref_name }}',
base: 'v3',
body: [
'This PR is auto-generated by the release workflow.'
].join('\n')
});