Skip to content

Commit

Permalink
Publish subsequent internal release immediately after building
Browse files Browse the repository at this point in the history
  • Loading branch information
ayoy committed Feb 23, 2024
1 parent 6282697 commit 6387ec6
Show file tree
Hide file tree
Showing 3 changed files with 67 additions and 15 deletions.
14 changes: 14 additions & 0 deletions .github/workflows/bump_internal_release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -132,3 +132,17 @@ jobs:
secrets:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }}

publish_release:
name: Publish DMG Release
needs: [ tag_and_merge ]
uses: ./.github/workflows/publish_dmg_release.yml
with:
asana-task-url: ${{ github.event.inputs.asana-task-url }}

secrets:
ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }}
GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }}
SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }}
54 changes: 40 additions & 14 deletions .github/workflows/publish_dmg_release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,16 +19,33 @@ on:
- internal
- public
- hotfix

workflow_call:
inputs:
asana-task-url:
description: "Asana release task URL"
required: true
type: string
secrets:
ASANA_ACCESS_TOKEN:
required: true
AWS_ACCESS_KEY_ID:
required: true
AWS_SECRET_ACCESS_KEY:
required: true
GHA_ELEVATED_PERMISSIONS_TOKEN:
required: true
SPARKLE_PRIVATE_KEY:
required: true

jobs:

# This is only run for public and hotfix releases
# This is only run for public and hotfix releases, so only when it's triggered manually.
# Internal release has been tagged as part of code_freeze or bump_interal_release workflows
tag-public-release:

name: Tag public release

if: ${{ github.event.inputs.release-type != 'internal' }}
if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.release-type != 'internal' }}

uses: ./.github/workflows/tag_release.yml
with:
Expand All @@ -43,6 +60,10 @@ jobs:

name: Publish a release to Sparkle

env:
RELEASE_TYPE: ${{ github.event.inputs.release-type || 'internal' }}
SPARKLE_DIR: ${{ github.workspace }}/sparkle-updates

needs: [tag-public-release]

# Allow to run even if the tag-public-release job was skipped (e.g. for internal releases)
Expand All @@ -52,15 +73,25 @@ jobs:
runs-on: macos-13-xlarge
timeout-minutes: 10

env:
SPARKLE_DIR: ${{ github.workspace }}/sparkle-updates

steps:

- name: Download tag artifact
if: ${{ github.event_name == 'workflow_call' }}
uses: actions/download-artifact@v4
with:
name: tag
path: .github

- name: Set tag variable
run: |
if [[ "${{ github.event_name }}" == 'workflow_call' ]]; then
echo "tag=$(<.github/tag)" >> $GITHUB_ENV
else
echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_ENV
fi
- name: Verify the tag
id: verify-tag
env:
tag: ${{ github.event.inputs.tag }}
run: |
tag_regex='^[0-9]+\.[0-9]+\.[0-9]+-[0-9]+$'
Expand All @@ -87,12 +118,11 @@ jobs:
- name: Fetch DMG
id: fetch-dmg
if: ${{ github.event.inputs.release-type != 'public' }}
env:
DMG_NAME: duckduckgo-${{ steps.verify-tag.outputs.release-version }}.dmg
run: |
# Public release doesn't need fetching a DMG (it's already uploaded to S3)
if [[ "${{ github.event.inputs.release-type }}" != 'public' ]]; then
if [[ "${RELEASE_TYPE}" != 'public' ]]; then
DMG_URL="${{ vars.DMG_URL_ROOT }}${DMG_NAME}"
curl -fLSs -o "$DMG_NAME" "$DMG_URL"
fi
Expand Down Expand Up @@ -121,7 +151,6 @@ jobs:
env:
DMG_PATH: ${{ steps.fetch-dmg.outputs.dmg-path }}
SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }}
RELEASE_TYPE: ${{ github.event.inputs.release-type }}
VERSION: ${{ steps.verify-tag.outputs.release-version }}
run: |
echo -n "$SPARKLE_PRIVATE_KEY" > sparkle_private_key
Expand Down Expand Up @@ -169,7 +198,6 @@ jobs:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }}
AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }}
RELEASE_TYPE: ${{ github.event.inputs.release-type }}
VERSION: ${{ steps.verify-tag.outputs.release-version }}
run: |
# Back up existing appcast2.xml
Expand Down Expand Up @@ -208,8 +236,6 @@ jobs:
- name: Set up Asana templates
if: always()
id: asana-templates
env:
RELEASE_TYPE: ${{ github.event.inputs.release-type }}
run: |
if [[ ${{ steps.upload.outcome }} == "success" ]]; then
if [[ "${RELEASE_TYPE}" == "internal" ]]; then
Expand Down
14 changes: 13 additions & 1 deletion .github/workflows/tag_release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,18 @@ jobs:
prerelease: ${{ env.prerelease }}
github-token: ${{ github.token }}

- name: Store created tag in a file artifact
if: ${{ github.event_name == 'workflow_call' }}
run: echo ${{ steps.create-tag.outputs.tag }} > .github/tag

- name: Upload tag artifact
if: ${{ github.event_name == 'workflow_call' }}
uses: actions/upload-artifact@v4
with:
name: tag
path: .github/tag
retention-days: 1

- name: Merge to base branch
id: merge
if: ${{ env.prerelease == 'true' }}
Expand All @@ -103,7 +115,7 @@ jobs:
env:
GH_TOKEN: ${{ github.token }}
run: |
gh api --method DELETE /repos/${{ github.repository }}/git/refs/heads/${{ env.BRANCH}}
gh api --method DELETE /repos/${{ github.repository }}/git/refs/heads/${{ env.BRANCH }}
- name: Set common environment variables
if: always()
Expand Down

0 comments on commit 6387ec6

Please sign in to comment.