-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add release automation #183
Add release automation #183
Conversation
exclude-workflow-initiator-as-approver: true | ||
|
||
- name: Release to Packagist | ||
run: curl -XPOST -f -H 'content-type:application/json' 'https://packagist.org/api/update-package?username=opensearch&apiToken=${{secrets.PACKAGIST_PUBLISHING_API_TOKEN}}' -d'{"repository":{"url":"https://github.com/opensearch-project/opensearch-php"}}' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe other maintainer wanted to only publish based on tag opensearch-project/opensearch-build#3146 (comment)
@dblock @VachaShah @harshavamsi Asking for your input here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@shyim Want to open a separate issue for this? I am concerned that there might be security implications of auto-running workflows on merge of arbitrary branches that have access to keys.
Signed-off-by: Sayali Gaikawad <gaiksaya@amazon.com>
974fbf0
to
c329eb3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Signed-off-by: Sayali Gaikawad <gaiksaya@amazon.com>
Done. Please review. Once merge I'll add the API token in the secrets. Yet to do that. |
@shyim we love it when you approve and hit merge, don't hold back! |
@@ -53,6 +53,8 @@ Repositories create consistent release labels, such as `v1.0.0`, `v1.1.0` and `v | |||
|
|||
The release process is standard across repositories in this org and is run by a release manager volunteering from amongst [MAINTAINERS](MAINTAINERS.md). | |||
|
|||
Push a tag to this repository aganist the right commit. This triggers [release.yml](.github/workflows/release.yml) workflow which is responsible to get approval from the maintainers in the form of comments on the GitHub issue, release the client to packagist using manual webhook and finally publishing a release on the GitHub. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
on the GitHub -> on GitHub
we can fix another time
The secret has been added now. |
@gaiksaya So if I create a tag it should just do the release for me? I'm going to give it a try. |
Yes |
@dblock, I can handle the opensearch-php release. I'm not a maintainer, but I can create the bump version PR and cut the tag, right? |
You can't tag without maintainer permissions. I PRed #184 to start. |
Description
Adds workflow that publishes the package to packagist using manual webook. Since we only want to publish when a tag is pushed and GitHub webhooks does not allow to specify what exact trigger we want, a manual webhook is used here. See https://packagist.org/about#how-to-update-packages
The flow would be:
push a tag -> runs the workflow -> creates issue asking for approval from codeowners -> once approved publish to packagist using manual webhook -> Publish a release on GH
Issues Resolved
opensearch-project/opensearch-build#3146
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.