From 16d8b8a0c98aa1091a46a987fadfd86b7d548697 Mon Sep 17 00:00:00 2001 From: Dominik Kapusta Date: Fri, 23 Feb 2024 13:12:49 +0100 Subject: [PATCH 1/3] Fix delete-branch-failed template --- .../asana-create-action-item/templates/delete-branch-failed.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/asana-create-action-item/templates/delete-branch-failed.yml b/.github/actions/asana-create-action-item/templates/delete-branch-failed.yml index 61fe66bad0..61225c1281 100644 --- a/.github/actions/asana-create-action-item/templates/delete-branch-failed.yml +++ b/.github/actions/asana-create-action-item/templates/delete-branch-failed.yml @@ -6,7 +6,7 @@ data: The ${TAG} public release has been successfully tagged and published in GitHub releases, but deleting ${BRANCH} branch failed. Please delete it manually: Complete this task when ready, or if the release branch has already been deleted. From 62826972fe60263486785948d9e0be25b7bfa6a3 Mon Sep 17 00:00:00 2001 From: Dominik Kapusta Date: Fri, 23 Feb 2024 13:20:12 +0100 Subject: [PATCH 2/3] Update docs --- .github/actions/create-tag-and-github-release/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/create-tag-and-github-release/action.yml b/.github/actions/create-tag-and-github-release/action.yml index 5971212b3f..21b7d34f6b 100644 --- a/.github/actions/create-tag-and-github-release/action.yml +++ b/.github/actions/create-tag-and-github-release/action.yml @@ -12,10 +12,10 @@ inputs: type: string outputs: promoted-tag: - description: "Pre-release tag that has been promoted to a release tag" + description: "Pre-release tag (x.y.z-N) that has been promoted to a release tag (x.y.z)" value: ${{ steps.compute-tag.outputs.promoted-tag }} tag: - description: "Tag that has been added" + description: "Tag that has been added (x.y.z-N for internal, x.y.z for public and hotfixes)" value: ${{ steps.compute-tag.outputs.tag }} tag-created: description: "Whether the tag has been created" From 6387ec6a4aec498bbb63715ec20e0fb8c8003e27 Mon Sep 17 00:00:00 2001 From: Dominik Kapusta Date: Fri, 23 Feb 2024 13:54:27 +0100 Subject: [PATCH 3/3] Publish subsequent internal release immediately after building --- .github/workflows/bump_internal_release.yml | 14 ++++++ .github/workflows/publish_dmg_release.yml | 54 +++++++++++++++------ .github/workflows/tag_release.yml | 14 +++++- 3 files changed, 67 insertions(+), 15 deletions(-) diff --git a/.github/workflows/bump_internal_release.yml b/.github/workflows/bump_internal_release.yml index 0b5a0de3b6..ebe5b191fb 100644 --- a/.github/workflows/bump_internal_release.yml +++ b/.github/workflows/bump_internal_release.yml @@ -132,3 +132,17 @@ jobs: secrets: ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} + + publish_release: + name: Publish DMG Release + needs: [ tag_and_merge ] + uses: ./.github/workflows/publish_dmg_release.yml + with: + asana-task-url: ${{ github.event.inputs.asana-task-url }} + + secrets: + ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} + GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} + SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }} diff --git a/.github/workflows/publish_dmg_release.yml b/.github/workflows/publish_dmg_release.yml index b749d30a68..7060dd1d8f 100644 --- a/.github/workflows/publish_dmg_release.yml +++ b/.github/workflows/publish_dmg_release.yml @@ -19,16 +19,33 @@ on: - internal - public - hotfix - + workflow_call: + inputs: + asana-task-url: + description: "Asana release task URL" + required: true + type: string + secrets: + ASANA_ACCESS_TOKEN: + required: true + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true + GHA_ELEVATED_PERMISSIONS_TOKEN: + required: true + SPARKLE_PRIVATE_KEY: + required: true + jobs: - # This is only run for public and hotfix releases + # This is only run for public and hotfix releases, so only when it's triggered manually. # Internal release has been tagged as part of code_freeze or bump_interal_release workflows tag-public-release: name: Tag public release - if: ${{ github.event.inputs.release-type != 'internal' }} + if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.release-type != 'internal' }} uses: ./.github/workflows/tag_release.yml with: @@ -43,6 +60,10 @@ jobs: name: Publish a release to Sparkle + env: + RELEASE_TYPE: ${{ github.event.inputs.release-type || 'internal' }} + SPARKLE_DIR: ${{ github.workspace }}/sparkle-updates + needs: [tag-public-release] # Allow to run even if the tag-public-release job was skipped (e.g. for internal releases) @@ -52,15 +73,25 @@ jobs: runs-on: macos-13-xlarge timeout-minutes: 10 - env: - SPARKLE_DIR: ${{ github.workspace }}/sparkle-updates - steps: + - name: Download tag artifact + if: ${{ github.event_name == 'workflow_call' }} + uses: actions/download-artifact@v4 + with: + name: tag + path: .github + + - name: Set tag variable + run: | + if [[ "${{ github.event_name }}" == 'workflow_call' ]]; then + echo "tag=$(<.github/tag)" >> $GITHUB_ENV + else + echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_ENV + fi + - name: Verify the tag id: verify-tag - env: - tag: ${{ github.event.inputs.tag }} run: | tag_regex='^[0-9]+\.[0-9]+\.[0-9]+-[0-9]+$' @@ -87,12 +118,11 @@ jobs: - name: Fetch DMG id: fetch-dmg - if: ${{ github.event.inputs.release-type != 'public' }} env: DMG_NAME: duckduckgo-${{ steps.verify-tag.outputs.release-version }}.dmg run: | # Public release doesn't need fetching a DMG (it's already uploaded to S3) - if [[ "${{ github.event.inputs.release-type }}" != 'public' ]]; then + if [[ "${RELEASE_TYPE}" != 'public' ]]; then DMG_URL="${{ vars.DMG_URL_ROOT }}${DMG_NAME}" curl -fLSs -o "$DMG_NAME" "$DMG_URL" fi @@ -121,7 +151,6 @@ jobs: env: DMG_PATH: ${{ steps.fetch-dmg.outputs.dmg-path }} SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }} - RELEASE_TYPE: ${{ github.event.inputs.release-type }} VERSION: ${{ steps.verify-tag.outputs.release-version }} run: | echo -n "$SPARKLE_PRIVATE_KEY" > sparkle_private_key @@ -169,7 +198,6 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} - RELEASE_TYPE: ${{ github.event.inputs.release-type }} VERSION: ${{ steps.verify-tag.outputs.release-version }} run: | # Back up existing appcast2.xml @@ -208,8 +236,6 @@ jobs: - name: Set up Asana templates if: always() id: asana-templates - env: - RELEASE_TYPE: ${{ github.event.inputs.release-type }} run: | if [[ ${{ steps.upload.outcome }} == "success" ]]; then if [[ "${RELEASE_TYPE}" == "internal" ]]; then diff --git a/.github/workflows/tag_release.yml b/.github/workflows/tag_release.yml index c5c7debf1b..6a7e8ff728 100644 --- a/.github/workflows/tag_release.yml +++ b/.github/workflows/tag_release.yml @@ -83,6 +83,18 @@ jobs: prerelease: ${{ env.prerelease }} github-token: ${{ github.token }} + - name: Store created tag in a file artifact + if: ${{ github.event_name == 'workflow_call' }} + run: echo ${{ steps.create-tag.outputs.tag }} > .github/tag + + - name: Upload tag artifact + if: ${{ github.event_name == 'workflow_call' }} + uses: actions/upload-artifact@v4 + with: + name: tag + path: .github/tag + retention-days: 1 + - name: Merge to base branch id: merge if: ${{ env.prerelease == 'true' }} @@ -103,7 +115,7 @@ jobs: env: GH_TOKEN: ${{ github.token }} run: | - gh api --method DELETE /repos/${{ github.repository }}/git/refs/heads/${{ env.BRANCH}} + gh api --method DELETE /repos/${{ github.repository }}/git/refs/heads/${{ env.BRANCH }} - name: Set common environment variables if: always()