Prod run - Release smithy-rs 1.1.0/0.61.0 (9f0ba850e03241f657e2e40ca185780e0a5878cb) #185
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | |
| # SPDX-License-Identifier: Apache-2.0 | |
| # This workflow performs a release of smithy-rs. It is manually | |
| # kicked off via GitHub Actions workflow dispatch. | |
| # Allow only one release to run at a time | |
| concurrency: | |
| group: release-smithy-rs-${{ inputs.dry_run }} | |
| cancel-in-progress: true | |
| env: | |
| rust_version: 1.70.0 | |
| name: Release smithy-rs | |
| run-name: ${{ inputs.dry_run && 'Dry run' || 'Prod run' }} - ${{ github.workflow }} ${{ inputs.stable_semantic_version }}/${{ inputs.unstable_semantic_version }} (${{ inputs.commit_sha }}) | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| commit_sha: | |
| description: | | |
| Commit SHA: The SHA of the git commit that you want to release. | |
| You must use the non-abbreviated SHA (e.g. b2318b0 won't work!). | |
| required: true | |
| type: string | |
| stable_semantic_version: | |
| description: | | |
| Stable semantic version: The semver tag that you want to release for stable crates (e.g. 1.0.2) | |
| required: true | |
| type: string | |
| unstable_semantic_version: | |
| description: | | |
| Unstable semantic version: The semver tag that you want to release for unstable crates (e.g. 0.52.1) | |
| required: true | |
| type: string | |
| dry_run: | |
| description: | | |
| Dry run: When selected, it only produces release artifacts, but will not cut a release tag in GitHub or publish to crates.io | |
| required: true | |
| type: boolean | |
| default: true | |
| jobs: | |
| check-actor-for-prod-run: | |
| name: Check actor for prod run | |
| if: inputs.dry_run == false | |
| runs-on: ubuntu-latest | |
| env: | |
| ACTOR: ${{ github.actor }} | |
| steps: | |
| - name: Check actor for prod run | |
| run: | | |
| set -e | |
| if [ "${ACTOR}" != "aws-sdk-rust-ci" ]; then | |
| echo "Error: The current actor is '${ACTOR}' but only 'aws-sdk-rust-ci' is allowed to run a prod release workflow." | |
| exit 1 | |
| fi | |
| echo "The current actor is 'aws-sdk-rust-ci', continuing with the workflow." | |
| # We'll need to build a base image to work against if: | |
| # - a release was kicked off before the image build step triggered by a push to the release branch/main completed | |
| # - a dry-run release was kicked off against a feature branch to test automation changes | |
| # This job will be a no-op if an image had already been built. | |
| acquire-base-image: | |
| name: Acquire Base Image | |
| needs: | |
| - check-actor-for-prod-run | |
| # We need `always` here otherwise this job won't run if the previous job has been skipped | |
| # See https://samanpavel.medium.com/github-actions-conditional-job-execution-e6aa363d2867 | |
| if: | | |
| always() && | |
| (needs.check-actor-for-prod-run.result == 'success' || needs.check-actor-for-prod-run.result == 'skipped') | |
| runs-on: smithy_ubuntu-latest_16-core | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| path: smithy-rs | |
| ref: ${{ inputs.commit_sha }} | |
| fetch-depth: 0 | |
| - name: Acquire base image | |
| id: acquire | |
| run: ./smithy-rs/.github/scripts/acquire-build-image | |
| - name: Upload base image | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: smithy-rs-base-image | |
| path: smithy-rs-base-image | |
| retention-days: 1 | |
| release-ci: | |
| name: Prerelease checks | |
| if: inputs.dry_run == false | |
| needs: | |
| - acquire-base-image | |
| uses: ./.github/workflows/ci.yml | |
| with: | |
| run_sdk_examples: false | |
| git_ref: ${{ inputs.commit_sha }} | |
| get-or-create-release-branch: | |
| name: Get or create a release branch | |
| needs: | |
| - release-ci | |
| - acquire-base-image | |
| # We need `always` here otherwise this job won't run if the previous job has been skipped | |
| # See https://samanpavel.medium.com/github-actions-conditional-job-execution-e6aa363d2867 | |
| if: | | |
| always() && | |
| needs.acquire-base-image.result == 'success' && | |
| (needs.release-ci.result == 'success' || needs.release-ci.result == 'skipped') | |
| runs-on: ubuntu-latest | |
| outputs: | |
| release_branch: ${{ steps.branch-push.outputs.release_branch }} | |
| new_release_series: ${{ steps.branch-push.outputs.new_release_series }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ inputs.commit_sha }} | |
| token: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }} | |
| fetch-depth: 0 | |
| - name: Get or create release branch | |
| id: branch-push | |
| shell: bash | |
| env: | |
| SEMANTIC_VERSION: ${{ inputs.stable_semantic_version }} | |
| DRY_RUN: ${{ inputs.dry_run }} | |
| run: | | |
| set -e | |
| ./.github/scripts/get-or-create-release-branch.sh output | |
| cat output > $GITHUB_OUTPUT | |
| upgrade-gradle-properties: | |
| name: Upgrade gradle.properties | |
| needs: | |
| - get-or-create-release-branch | |
| # See https://github.com/actions/runner/issues/2205#issuecomment-1381988186 for an explanation as to why | |
| # we need this here _even though_ the job we depend on is never skipped. | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| outputs: | |
| release_branch: ${{ needs.get-or-create-release-branch.outputs.release_branch }} | |
| commit_sha: ${{ steps.gradle-push.outputs.commit_sha }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ inputs.commit_sha }} | |
| path: smithy-rs | |
| fetch-depth: 0 | |
| token: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }} | |
| - name: Upgrade gradle.properties | |
| uses: ./smithy-rs/.github/actions/docker-build | |
| with: | |
| action: upgrade-gradle-properties | |
| action-arguments: ${{ inputs.stable_semantic_version }} ${{ inputs.unstable_semantic_version }} | |
| - name: Download all artifacts | |
| uses: ./smithy-rs/.github/actions/download-all-artifacts | |
| - name: Push gradle.properties changes | |
| id: gradle-push | |
| working-directory: upgrade-gradle-properties/smithy-rs | |
| shell: bash | |
| env: | |
| SEMANTIC_VERSION: ${{ inputs.stable_semantic_version }} | |
| RELEASE_COMMIT_SHA: ${{ inputs.commit_sha }} | |
| RELEASE_BRANCH_NAME: ${{ needs.get-or-create-release-branch.outputs.release_branch }} | |
| DRY_RUN: ${{ inputs.dry_run }} | |
| run: | | |
| set -x | |
| # For debugging purposes | |
| git status | |
| if ! git diff-index --quiet HEAD; then | |
| # gradle.properties was changed, we need to commit and push the diff | |
| git -c 'user.name=AWS SDK Rust Bot' -c '[email protected]' commit gradle.properties --message "Upgrade the smithy-rs runtime crates version to ${SEMANTIC_VERSION}" | |
| # This will fail if we tried to release from a non-HEAD commit on the release branch. | |
| # The only scenario where we would try to release a non-HEAD commit from the release branch is | |
| # to retry a release action execution that failed due to a transient issue. | |
| # In that case, we expect the commit to be releasable as-is, i.e. the runtime crate version in gradle.properties | |
| # should already be the expected one. | |
| if [[ "${DRY_RUN}" == "true" ]]; then | |
| # During dry-runs, "git push" without "--force" can fail if smithy-rs-release-x.y.z-preview is behind | |
| # smithy-rs-release-x.y.z, but that does not matter much during dry-runs. | |
| git push --force origin "HEAD:refs/heads/${RELEASE_BRANCH_NAME}" | |
| else | |
| git push origin "HEAD:refs/heads/${RELEASE_BRANCH_NAME}" | |
| fi | |
| echo "commit_sha=$(git rev-parse HEAD)" > $GITHUB_OUTPUT | |
| else | |
| echo "commit_sha=${RELEASE_COMMIT_SHA}" > $GITHUB_OUTPUT | |
| fi | |
| release: | |
| name: Release | |
| needs: | |
| - upgrade-gradle-properties | |
| # See https://github.com/actions/runner/issues/2205#issuecomment-1381988186 for an explanation as to why | |
| # we need this here _even though_ the job we depend on is never skipped. | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ env.rust_version }} | |
| - name: Checkout smithy-rs | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ needs.upgrade-gradle-properties.outputs.commit_sha }} | |
| path: smithy-rs | |
| token: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }} | |
| - name: Generate release artifacts | |
| uses: ./smithy-rs/.github/actions/docker-build | |
| with: | |
| action: generate-smithy-rs-release | |
| - name: Download all artifacts | |
| uses: ./smithy-rs/.github/actions/download-all-artifacts | |
| - name: Push smithy-rs changes | |
| shell: bash | |
| working-directory: smithy-rs-release/smithy-rs | |
| id: push-changelog | |
| env: | |
| RELEASE_BRANCH_NAME: ${{ needs.upgrade-gradle-properties.outputs.release_branch }} | |
| DRY_RUN: ${{ inputs.dry_run }} | |
| run: | | |
| if ! git diff-index --quiet HEAD; then | |
| echo "Pushing release commits..." | |
| # This will fail if we tried to release from a non-HEAD commit on the release branch. | |
| # The only scenario where we would try to release a non-HEAD commit from the release branch is | |
| # to retry a release action execution that failed due to a transient issue. | |
| # In that case, we expect the commit to be releasable as-is, i.e. the changelog should have already | |
| # been processed. | |
| if [[ "${DRY_RUN}" == "true" ]]; then | |
| # During dry-runs, "git push" without "--force" can fail if smithy-rs-release-x.y.z-preview is behind | |
| # smithy-rs-release-x.y.z, but that does not matter much during dry-runs. | |
| git push --force origin "HEAD:refs/heads/${RELEASE_BRANCH_NAME}" | |
| else | |
| git push origin "HEAD:refs/heads/${RELEASE_BRANCH_NAME}" | |
| fi | |
| fi | |
| echo "commit_sha=$(git rev-parse HEAD)" > $GITHUB_OUTPUT | |
| - name: Tag release | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }} | |
| script: | | |
| const createReleaseScript = require("./smithy-rs/.github/workflows/release-scripts/create-release.js"); | |
| await createReleaseScript({ | |
| github, | |
| isDryRun: ${{ inputs.dry_run }}, | |
| releaseManifestPath: "smithy-rs-release/smithy-rs-release-manifest.json", | |
| releaseCommitish: "${{ steps.push-changelog.outputs.commit_sha }}" | |
| }); | |
| - name: Publish to crates.io | |
| shell: bash | |
| working-directory: smithy-rs-release/crates-to-publish | |
| env: | |
| RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN: ${{ secrets.RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN }} | |
| run: | | |
| cargo login -- "${RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN}" | |
| cargo install --path "$(realpath ../smithy-rs/tools/ci-build/publisher)" | |
| # Verify the publisher tool installed successfully | |
| publisher --version | |
| if [[ "${{ inputs.dry_run }}" == "true" ]]; then | |
| if [[ ! -f aws-smithy-types/Cargo.toml ]]; then | |
| echo "Crates to publish not found!" | |
| exit 1 | |
| fi | |
| echo "Checking cargo auth token..." | |
| # This version has already been yanked. This command succeeds if we have a token with permission to yank the crate. | |
| cargo yank aws-sigv4 --version 0.55.0 | |
| else | |
| publisher publish -y --location . | |
| fi | |
| trim-changelog-next-on-main: | |
| name: Remove released entries from CHANGELOG.next.toml on the main branch | |
| if: inputs.dry_run == false && needs.get-or-create-release-branch.outputs.new_release_series == true | |
| needs: | |
| - get-or-create-release-branch | |
| - release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout smithy-rs | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ inputs.commit_sha }} | |
| path: smithy-rs | |
| token: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }} | |
| - name: Empty CHANGELOG.next.toml | |
| uses: ./smithy-rs/.github/actions/docker-build | |
| with: | |
| action: generate-new-changelog-next-toml | |
| - name: Download all artifacts | |
| uses: ./smithy-rs/.github/actions/download-all-artifacts | |
| - name: Push smithy-rs changes | |
| working-directory: generate-new-changelog-next-toml/smithy-rs | |
| shell: bash | |
| run: | | |
| set -eux | |
| # This will fail if other commits have been pushed to `main` after `commit_sha` | |
| # In particular, this will ALWAYS fail if you are creating a new release series from | |
| # a commit that is not the current tip of `main`. | |
| # We can build more refined automation to handle this case in the future - until then, it'll require | |
| # a manual PR to edit the current CHANGELOG.next.toml file and remove the released entries. | |
| git -c 'user.name=AWS SDK Rust Bot' -c '[email protected]' commit CHANGELOG.next.toml --message "Remove released entries from \`CHANGELOG.next.toml\`" | |
| git push origin main |