-
Notifications
You must be signed in to change notification settings - Fork 38
267 lines (238 loc) · 11.7 KB
/
releaser.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
# When a tag is push on the repo, this workflow will run to create a release and add some artifact to it.
name: Releaser
on:
pull_request:
paths:
- .github/workflows/package-server.yml
- .github/workflows/releaser.yml
push:
tags:
- v[0-9]+.[0-9]+.[0-9]+*
- nightly
schedule:
- cron: 30 22 * * * # At 22:30
permissions:
contents: write
# We set `concurrency` to prevent having this workflow being more than once for the same tag.
concurrency:
group: releaser-${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
env:
NIGHTLY_RELEASE: ${{ (github.event_name == 'schedule' || github.ref == 'refs/tags/nightly') && 'true' || 'false' }}
jobs:
scheduled-nightly-build:
if: github.event_name == 'schedule'
uses: ./.github/workflows/_releaser_nightly_build.yml
version:
needs: scheduled-nightly-build
# Always run the job if `scheduled-nightly-build` job is skipped otherwise only if `scheduled-nightly-build` job was successful.
if: github.event_name != 'schedule' && always() || success()
uses: ./.github/workflows/_parse_version.yml
with:
version: >-
${{
(github.event_name == 'schedule' && needs.scheduled-nightly-build.outputs.version_full) ||
(github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && github.ref_name != 'nightly' && github.ref_name) ||
''
}}
commit_sha: ${{ needs.scheduled-nightly-build.outputs.commit_sha || github.sha }}
package-parsec-server:
needs: version
if: needs.version.result == 'success' && always()
uses: ./.github/workflows/package-server.yml
with:
version: ${{ needs.version.outputs.full }}
version_patch_run_id: ${{ github.run_id }}
commit_sha: ${{ needs.version.outputs.commit_sha }}
package-parsec-client:
needs: version
if: needs.version.result == 'success' && always()
uses: ./.github/workflows/package-client.yml
with:
version: ${{ needs.version.outputs.full }}
version_patch_run_id: ${{ github.run_id }}
commit_sha: ${{ needs.version.outputs.commit_sha }}
nightly_build: ${{ github.event_name == 'schedule' || github.ref == 'refs/tags/nightly' }}
secrets:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
MACOS_CI_KEYCHAIN_PASSWD: ${{ secrets.MACOS_CI_KEYCHAIN_PASSWD }}
MACOS_CERT_PASSWD: ${{ secrets.MACOS_CERT_PASSWD }}
MACOS_CERT: ${{ secrets.MACOS_CERT }}
MACOS_CERT_COMMON_NAME: ${{ secrets.MACOS_CERT_COMMON_NAME }}
MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.MACOS_NOTARIZATION_TEAM_ID }}
MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}
MACOS_NOTARIZATION_PASSWD: ${{ secrets.MACOS_NOTARIZATION_PASSWD }}
package-parsec-cli:
needs: version
if: needs.version.result == 'success' && always()
uses: ./.github/workflows/package-cli.yml
with:
version: ${{ needs.version.outputs.full }}
version_patch_run_id: ${{ github.run_id }}
commit_sha: ${{ needs.version.outputs.commit_sha }}
releaser:
needs:
- version
- package-parsec-server
- package-parsec-client
- package-parsec-cli
name: 🚛 Releaser
permissions:
contents: write
if: needs.version.result == 'success' && needs.package-parsec-client.result == 'success' && needs.package-parsec-server.result && always()
runs-on: ubuntu-22.04
steps:
- name: Download every artifact generated (and uploaded)
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # pin v4.1.8
with:
path: artifacts
timeout-minutes: 5
- name: List downloaded artifacts
run: tree artifacts
- name: Create the folder that will contain the release files
run: mkdir release-files
- name: Copy artifacts to the release folder
run: |
set -ex
# Python Files
cp ${CP_ARGS} artifacts/Linux-X64-wheel/parsec_cloud-${{ needs.version.outputs.pep440 }}-*.whl release-files
cp ${CP_ARGS} artifacts/Linux-X64-wheel/requirements.txt release-files/python-linux-requirements.txt
cp ${CP_ARGS} artifacts/macOS-X64-wheel/parsec_cloud-${{ needs.version.outputs.pep440 }}-*.whl release-files
cp ${CP_ARGS} artifacts/macOS-X64-wheel/requirements.txt release-files/python-macos-requirements.txt
cp ${CP_ARGS} artifacts/Windows-X64-wheel/parsec_cloud-${{ needs.version.outputs.pep440 }}-*.whl release-files
cp ${CP_ARGS} artifacts/Windows-X64-wheel/requirements.txt release-files/python-win-requirements.txt
# Snapcraft
cp ${CP_ARGS} artifacts/linux-snap-X64-electron/Parsec_${{ needs.version.outputs.full }}_linux_*.snap release-files
# AppImage
cp ${CP_ARGS} artifacts/linux-appimage-X64-electron/Parsec_${{ needs.version.outputs.full }}_linux_*.AppImage release-files
cp ${CP_ARGS} artifacts/linux-appimage-X64-electron/latest-linux-*.yml release-files
# DMG & ZIP
cp ${CP_ARGS} artifacts/macos-dmg-X64-electron/Parsec_${{ needs.version.outputs.full }}_mac_*.{dmg,zip}{,.blockmap} release-files
cp ${CP_ARGS} artifacts/macos-dmg-X64-electron/latest-mac-*.yml release-files
# TODO: Currently, Windows electron client is not signed by the CI, thus
# it should not be uploaded when creating the draft release.
# These artifacts are uploaded manually by someone who is able to sign them.
# # EXE
# cp ${CP_ARGS} artifacts/windows-exe-X64-electron/Parsec_${{ needs.version.outputs.full }}_win_*.unsigned.exe{,.blockmap} release-files
# cp ${CP_ARGS} artifacts/windows-exe-X64-electron/latest-win-*.yml release-files
# CLI
cp ${CP_ARGS} artifacts/Linux-x86_64-unknown-linux-gnu-cli/parsec-cli_${{ needs.version.outputs.full }}_linux-x86_64-gnu release-files
cp ${CP_ARGS} artifacts/Linux-x86_64-unknown-linux-musl-cli/parsec-cli_${{ needs.version.outputs.full }}_linux-x86_64-musl release-files
env:
# TODO: Current version of cp don't support `--update` with argument,
# recent version (coreutils-9.5) allows for `none-fail` that make `cp` fail if it would have overwritten a file.
CP_ARGS: -v --no-clobber
BASH_XTRACEFD: 1
- name: Copy SBOM files
run: cp -v artifacts/**/Parsec-SBOM-*.spdx.json release-files
- name: Generate version file
run:
(
echo "full=${{ needs.version.outputs.full }}";
echo "pep440=${{ needs.version.outputs.pep440 }}";
echo "major=${{ needs.version.outputs.major }}";
echo "minor=${{ needs.version.outputs.minor }}";
echo "patch=${{ needs.version.outputs.patch }}";
echo "pre=${{ needs.version.outputs.pre }}";
echo "dev=${{ needs.version.outputs.dev }}";
echo "local=${{ needs.version.outputs.local }}";
) | tee release-files/version
- name: Generate checksums file released files
run: sha256sum release-files/* | sed 's;release-files/;;' | tee checksums.sha256
- name: Extract checksum for each file
run: |
set -x
# Every files that don't end with '.sha256'
for file in $(find release-files -type f -not -name '*.sha256'); do
grep "$(basename "$file")" checksums.sha256 | cut -d ' ' -f 1 > "$file".sha256
done
- name: List files in 'release-files'.
run: tree release-files
- name: Generate summary
id: summary
run: |
EOF="EOF-$(dd if=/dev/urandom bs=15 count=1 status=none | base64)"
(
set -e
echo "output<<$EOF"
echo '# Parsec ${{ needs.version.outputs.full }}'
echo
echo 'You can find all assets checksums below, or use `<asset name>.sha256`'
echo
echo '```txt'
cat checksums.sha256
echo '```'
echo
echo 'Generated by <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}>'
echo "$EOF"
) | tee -a $GITHUB_OUTPUT
- name: Remove previous nightly release
if: env.NIGHTLY_RELEASE == 'true'
run: |
if gh release ${{ env.GH_ARGS }} view nightly; then
gh release ${{ env.GH_ARGS }} delete nightly
else
echo "No nightly release to remove"
fi
env:
GH_ARGS: --repo=${{ github.server_url}}/${{ github.repository }}
GH_TOKEN: ${{ github.token }}
- name: Checkout the repository to update the nightly tag
if: env.NIGHTLY_RELEASE == 'true'
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # pin v4.2.1
with:
ref: ${{ needs.version.outputs.commit_sha }}
path: parsec-cloud
timeout-minutes: 5
- name: Update the nightly tag
if: env.NIGHTLY_RELEASE == 'true'
run: |
git tag --force nightly ${{ needs.version.outputs.commit_sha }}
git push --force origin refs/tags/nightly
working-directory: parsec-cloud
- name: Create release
if: github.event_name == 'schedule' || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/'))
uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # pin v2.0.8
with:
draft: ${{ env.NIGHTLY_RELEASE != 'true' }}
tag_name: ${{ github.event_name == 'schedule' && 'nightly' || github.ref }}
body: ${{ steps.summary.outputs.output }}
prerelease: ${{ needs.version.outputs.pre != '' || needs.version.outputs.dev != '' || needs.version.outputs.local != '' }}
name: ${{ env.NIGHTLY_RELEASE == 'true' && 'Nightly release' || format('Release v{0}', needs.version.outputs.full) }}
# release-files/Parsec_${{ needs.version.outputs.full }}_win_*.exe*
files: |
release-files/parsec_cloud-${{ needs.version.outputs.pep440 }}-*.whl*
release-files/Parsec_${{ needs.version.outputs.full }}_linux_*.AppImage*
release-files/Parsec_${{ needs.version.outputs.full }}_linux_*.snap*
release-files/Parsec_${{ needs.version.outputs.full }}_mac_*.dmg*
release-files/Parsec_${{ needs.version.outputs.full }}_mac_*.zip*
release-files/parsec-cli_${{ needs.version.outputs.full }}_linux-x86_64-*
release-files/python-*-requirements.txt
release-files/python-*-requirements.txt.sha256
release-files/latest-*.yml
release-files/latest-*.yml.sha256
release-files/Parsec-SBOM-*.spdx.json
release-files/Parsec-SBOM-*.spdx.json.sha256
release-files/version
release-files/version.sha256
fail_on_unmatched_files: true
generate_release_notes: false
timeout-minutes: 5
publish:
needs: releaser
# Only publish after release if the release is for a nightly build.
# We only do that for nightly because we do not create the github release as draft for nightlies to limit the need to human interventions.
if: >-
(github.event_name == 'schedule' || (github.event_name == 'push' && github.ref == 'refs/tags/nightly'))
&& needs.releaser.result == 'success'
&& always()
uses: ./.github/workflows/publish.yml
permissions:
contents: read
id-token: write
with:
release_tag: ${{ github.event_name == 'schedule' && 'nightly' || github.ref_name }}
nightly: ${{ github.event_name == 'schedule' || github.event_name == 'pull_request' || github.ref == 'refs/tags/nightly' }}
secrets:
SNAPCRAFT_CREDENTIALS: ${{ secrets.SNAPCRAFT_CREDENTIALS }}
PYPI_CREDENTIALS: ${{ secrets.PYPI_CREDENTIALS }}