-
Notifications
You must be signed in to change notification settings - Fork 172
166 lines (156 loc) · 6.77 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
name: 'New Release'
run-name: 'Release ${{ inputs.version_number }} (skip tests: ${{ inputs.skip_tests }}, use existing tag: ${{ inputs.use_existing_tag}})'
# Used for creating a new release. This workflow will run qa acceptance tests, create a new tag, and generate the release with GoReleaser.
on:
workflow_dispatch:
inputs:
version_number:
description: 'Version number (e.g., v1.0.0, v1.0.0-pre, v1.0.0-pre1)'
required: true
skip_tests:
description: 'Set value to `true` to skip QA acceptance tests, default is `false`'
default: 'false'
use_existing_tag:
description: 'Set value to `true` to use an existing tag for the release process, default is `false`'
default: 'false'
jobs:
release-config:
runs-on: ubuntu-latest
permissions: {}
outputs:
creates_new_tag: ${{ steps.evaluate_inputs.outputs.creates_new_tag }}
is_official_release: ${{ steps.evaluate_inputs.outputs.is_official_release }}
runs_tests: ${{ steps.evaluate_inputs.outputs.runs_tests }}
steps:
- id: evaluate_inputs
run: |
{
echo "creates_new_tag=$(if [ '${{ inputs.use_existing_tag }}' = 'true' ]; then echo 'false'; else echo 'true'; fi)"
echo "is_official_release=$(if echo '${{ inputs.version_number }}' | grep -q 'pre'; then echo 'false'; else echo 'true'; fi)"
echo "runs_tests=$(if [ '${{ inputs.skip_tests }}' = 'true' ]; then echo 'false'; else echo 'true'; fi)"
} >> "$GITHUB_OUTPUT"
validate-inputs:
runs-on: ubuntu-latest
permissions: {}
steps:
- name: Validation of version format
run: |
echo "${{ inputs.version_number }}" | grep -P '^v\d+\.\d+\.\d+(-pre[A-Za-z0-9-]*)?$'
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
ref: ${{ inputs.use_existing_tag == 'true' && inputs.version_number || 'master' }}
- name: Check for Upgrade Guide
run: './scripts/check-upgrade-guide-exists.sh ${{inputs.version_number}}'
update-examples-reference-in-docs:
needs: [ release-config, validate-inputs ]
if: >-
!cancelled()
&& !contains(needs.*.result, 'failure')
&& needs.release-config.outputs.creates_new_tag == 'true'
&& needs.release-config.outputs.is_official_release == 'true'
uses: ./.github/workflows/run-script-and-commit.yml
with:
script_call: './scripts/update-examples-reference-in-docs.sh ${{inputs.version_number}}'
file_to_commit: 'docs/index.md'
commit_message: 'chore: Updates examples link in index.md for ${{ github.event.inputs.version_number }} release'
secrets:
apix_bot_pat: ${{ secrets.APIX_BOT_PAT }}
remote: https://svc-apix-bot:${{ secrets.APIX_BOT_PAT }}@github.com/${{ github.repository }}
gpg_private_key: ${{ secrets.APIX_BOT_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.APIX_BOT_PASSPHRASE }}
update-changelog-header:
needs: [ release-config, validate-inputs, update-examples-reference-in-docs ]
if: >-
!cancelled()
&& !contains(needs.*.result, 'failure')
&& needs.release-config.outputs.creates_new_tag == 'true'
&& needs.release-config.outputs.is_official_release == 'true'
uses: ./.github/workflows/run-script-and-commit.yml
with:
script_call: './scripts/update-changelog-header-for-release.sh ${{inputs.version_number}}'
file_to_commit: 'CHANGELOG.md'
commit_message: 'chore: Updates CHANGELOG.md header for ${{ github.event.inputs.version_number }} release'
secrets:
apix_bot_pat: ${{ secrets.APIX_BOT_PAT }}
remote: https://svc-apix-bot:${{ secrets.APIX_BOT_PAT }}@github.com/${{ github.repository }}
gpg_private_key: ${{ secrets.APIX_BOT_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.APIX_BOT_PASSPHRASE }}
create-tag:
runs-on: ubuntu-latest
permissions:
contents: write
needs: [ release-config, validate-inputs, update-examples-reference-in-docs, update-changelog-header ]
if: >-
!cancelled()
&& !contains(needs.*.result, 'failure')
&& needs.release-config.outputs.creates_new_tag == 'true'
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
ref: 'master'
- name: Get the latest commit SHA
id: get-sha
run: echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
- name: Create release tag
uses: rickstaa/action-create-tag@a1c7777fcb2fee4f19b0f283ba888afa11678b72
with:
tag: ${{ inputs.version_number }}
commit_sha: ${{ steps.get-sha.outputs.sha }}
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg_passphrase: ${{ secrets.PASSPHRASE }}
run-qa-acceptance-tests:
needs: [ release-config, validate-inputs, update-examples-reference-in-docs, update-changelog-header, create-tag ]
if: >-
!cancelled()
&& !contains(needs.*.result, 'failure')
&& needs.release-config.outputs.runs_tests == 'true'
secrets: inherit
uses: ./.github/workflows/acceptance-tests.yml
with:
atlas_cloud_env: "qa"
ref: ${{ inputs.version_number }}
release:
runs-on: ubuntu-latest
permissions:
contents: write
needs: [ validate-inputs, update-examples-reference-in-docs, update-changelog-header, create-tag, run-qa-acceptance-tests ]
# Release is skipped if there are failures in previous steps
if: >-
!cancelled()
&& !contains(needs.*.result, 'failure')
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
ref: ${{ inputs.version_number }}
- name: Set up Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed
with:
go-version-file: 'go.mod'
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf
with:
version: '~> v2'
args: release --clean
env:
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jira-release-version:
needs: [ release-config, release ]
# if release job is skipped, cancelled, or failed we do not run this job
if: >-
!cancelled()
&& needs.release.result == 'success'
&& needs.release-config.outputs.is_official_release == 'true'
secrets: inherit
uses: ./.github/workflows/jira-release-version.yml
with:
version_number: ${{ inputs.version_number }}