Skip to content
Provenance Build and Release

Use the bank module to keep track of scope value owners #4134

Sign in to view logs

Use the bank module to keep track of scope value owners

Use the bank module to keep track of scope value owners #4134

Workflow file for this run

.github/workflows/release.yml at 2ac9713
name: Provenance Build and Release
on:
pull_request:
paths:
- "**.go"
- "go.mod"
- "go.sum"
- "**.mk"
- "Makefile"
- "gon.json"
- "scripts/**"
- ".github/workflows/release.yml"
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+" # Push events to matching v*, i.e. v1.0, v20.15.10
- "v[0-9]+.[0-9]+.[0-9]+-rc*" # Push events to matching v*, i.e. v1.0-rc1, v20.15.10-rc5
# Set concurrency for this workflow to cancel in-progress jobs if retriggered.
# The github.ref is only available when triggered by a PR so fall back to github.run_id for other cases.
# The github.run_id is unique for each run, giving each such invocation it's own unique concurrency group.
# Basically, if you push to a PR branch, jobs that are still running for that PR will be cancelled.
# But jobs started because of a merge to main or a release tag push are not cancelled.
concurrency:
group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
cancel-in-progress: true
jobs:
build_init:
runs-on: ubuntu-latest
name: Build Init
steps:
- name: Define Variables
id: vars
# ${GITHUB_REF##*/} removes everything before the last slash. E.g. 'refs/tags/v1.8.0' becomes 'v1.8.0'
# ${GITHUB_SHA:0:7} gets the first 7 characters. E.g. `3e9928920f5a64c8fc4884ee085efe1983071c90` becomes `3e99289'
run: |
version="${GITHUB_SHA:0:7}"
is_release='false'
if [[ "$GITHUB_REF" =~ ^refs/tags/ ]]; then
version=${GITHUB_REF##*/}
is_release='true'
fi
prerelease=false
if [[ "$version" =~ -rc ]]; then
prerelease=true
fi
echo "Setting output: version=$version"
echo "version=$version" >> "$GITHUB_OUTPUT"
echo "Setting output: is_release=$is_release"
echo "is_release=$is_release" >> "$GITHUB_OUTPUT"
echo "Setting output: prerelease=$prerelease"
echo "prerelease=$prerelease" >> "$GITHUB_OUTPUT"
outputs:
version: ${{ steps.vars.outputs.version }}
is_release: ${{ steps.vars.outputs.is_release }}
prerelease: ${{ steps.vars.outputs.prerelease }}
build_osx:
runs-on: macos-latest
needs:
- build_init
name: Build OSX
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
- name: Build osx binary
run: |
export VERSION=${{ needs.build_init.outputs.version }}
make build-release-zip
- name: Provenanced version
run: build/provenanced version --long
- uses: actions/upload-artifact@v4
with:
name: osx-zip
path: build/*.zip
build_linux:
runs-on: ubuntu-20.04
needs:
- build_init
name: Build Linux
env:
LD_LIBRARY_PATH: /usr/local/lib:/usr/local/lib/x86_64-linux-gnu
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
- name: Install deps
run: |
sudo apt-get update
sudo apt-get install -y libgflags-dev libsnappy-dev zlib1g-dev libbz2-dev liblz4-dev libzstd-dev
- name: Build linux binary
run: |
export VERSION=${{ needs.build_init.outputs.version }}
make build-release-zip
- name: Provenanced version
run: build/provenanced version --long
- uses: actions/upload-artifact@v4
with:
name: linux-zip
path: build/provenance*.zip
buf_push:
needs:
- build_init
if: needs.build_init.outputs.is_release == 'true'
runs-on: ubuntu-latest
name: Protobuf Push
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Buf setup action
uses: bufbuild/buf-setup-action@v1.38.0
- name: Buf push 'proto/'
uses: bufbuild/buf-push-action@v1
with:
input: 'proto'
buf_token: ${{ secrets.BUF_TOKEN }}
create_release:
needs:
- build_init
- build_linux
if: needs.build_init.outputs.is_release == 'true'
runs-on: ubuntu-latest
name: Create Release
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Create release ${{ needs.build_init.outputs.version }}
uses: actions/create-release@v1
id: create_release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
draft: false
prerelease: ${{ needs.build_init.outputs.prerelease }}
body_path: RELEASE_CHANGELOG.md
outputs:
release_url: ${{ steps.create_release.outputs.upload_url }}
update_release:
needs:
- build_init
- create_release
if: needs.build_init.outputs.is_release == 'true'
runs-on: ubuntu-latest
name: Attach Release Artifacts
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
- name: Download linux zip artifact
uses: actions/download-artifact@v4
with:
name: linux-zip
path: build/
- name: Create release items
id: create-items
run: |
make VERSION=${{ needs.build_init.outputs.version }} build-release-checksum build-release-plan build-release-proto
- name: Upload linux zip artifact
if: always() && steps.create-items.outcome == 'success'
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create_release.outputs.release_url }}
asset_path: ./build/provenance-linux-amd64-${{ needs.build_init.outputs.version }}.zip
asset_name: provenance-linux-amd64-${{ needs.build_init.outputs.version }}.zip
asset_content_type: application/octet-stream
- name: Upload release checksum
if: always() && steps.create-items.outcome == 'success'
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create_release.outputs.release_url }}
asset_path: ./build/sha256sum.txt
asset_name: sha256sum.txt
asset_content_type: application/octet-stream
- name: Upload release plan
if: always() && steps.create-items.outcome == 'success'
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create_release.outputs.release_url }}
asset_path: ./build/plan-${{ needs.build_init.outputs.version }}.json
asset_name: plan-${{ needs.build_init.outputs.version }}.json
asset_content_type: application/octet-stream
- name: Upload release protos
if: always() && steps.create-items.outcome == 'success'
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create_release.outputs.release_url }}
asset_path: ./build/protos-${{ needs.build_init.outputs.version }}.zip
asset_name: protos-${{ needs.build_init.outputs.version }}.zip
asset_content_type: application/octet-stream
java_kotlin_release:
needs:
- build_init
if: needs.build_init.outputs.is_release == 'true'
runs-on: ubuntu-latest
name: Java/Kotlin Proto Publishing
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Java Setup
uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: 11
server-id: github
- name: GPG Setup
env:
GPG_KEY: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
run: |
export GPG_TTY=$(tty)
echo -n "$GPG_KEY" | base64 --decode | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
echo -n "$GPG_KEY" | base64 --decode > $GITHUB_WORKSPACE/release.gpg
- name: Build and Publish
env:
OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
GPG_PASSWORD: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
run: |
cd protoBindings
./gradlew publish closeAndReleaseSonatypeStagingRepository \
-PartifactVersion=$(echo "${{ needs.build_init.outputs.version }}" | sed -e 's/^v//') \
-Psigning.keyId=B7D30ABE \
-Psigning.password="${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}" \
-Psigning.secretKeyRingFile=$GITHUB_WORKSPACE/release.gpg \
--info
npm_release:
needs:
- build_init
if: needs.build_init.outputs.is_release == 'true'
runs-on: ubuntu-latest
name: NPM Proto Publishing
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Publish
uses: provenance-io/npm-publish-action@v1.1
with:
api-version: ${{ needs.build_init.outputs.version }}
npm-token: ${{ secrets.NPM_TOKEN }}
tag: alpha