From 4d4ca2b007fab4ddd17d82e4d9b23aca8305ac36 Mon Sep 17 00:00:00 2001 From: Dominik Kapusta Date: Fri, 23 Feb 2024 14:11:00 +0100 Subject: [PATCH 1/5] Add support for public and hotfix releases in Tag Release workflow (#2246) Task/Issue URL: https://app.asana.com/0/1199230911884351/1206628689034178/f Description: This change renames tag_and_merge.yml workflow to tag_release.yml and updates it to handle public releases (regular as well as hotfixes). For public releases, tag_release deletes the release branch instead of merging it to the base branch. publish_dmg_release workflow calls tag_release for non-internal releases prior to publishing. New Asana comments and templates were added to inform release DRI about the progress and issues. --- ...nternal-release-ready-tag-failed copy.yml} | 0 .../templates/public-release-tag-failed.yml | 15 ++++ ...ic-release-tagged-delete-branch-failed.yml | 16 ++++ .../templates/public-release-tagged.yml | 15 ++++ .../templates/delete-branch-failed.yml | 15 ++++ ...ed.yml => internal-release-tag-failed.yml} | 2 +- .../templates/merge-failed.yml | 2 +- .../templates/public-release-tag-failed.yml | 38 ++++++++ .../create-tag-and-github-release/action.yml | 11 ++- .../install-certs-and-profiles/action.yml | 2 +- .github/workflows/bump_internal_release.yml | 3 +- .github/workflows/code_freeze.yml | 3 +- .github/workflows/publish_dmg_release.yml | 30 ++++++- .../{tag_and_merge.yml => tag_release.yml} | 88 +++++++++++++++---- 14 files changed, 212 insertions(+), 28 deletions(-) rename .github/actions/asana-add-comment/templates/{internal-release-ready-tag-failed.yml => internal-release-ready-tag-failed copy.yml} (100%) create mode 100644 .github/actions/asana-add-comment/templates/public-release-tag-failed.yml create mode 100644 .github/actions/asana-add-comment/templates/public-release-tagged-delete-branch-failed.yml create mode 100644 .github/actions/asana-add-comment/templates/public-release-tagged.yml create mode 100644 .github/actions/asana-create-action-item/templates/delete-branch-failed.yml rename .github/actions/asana-create-action-item/templates/{tag-failed.yml => internal-release-tag-failed.yml} (96%) create mode 100644 .github/actions/asana-create-action-item/templates/public-release-tag-failed.yml rename .github/workflows/{tag_and_merge.yml => tag_release.yml} (53%) diff --git a/.github/actions/asana-add-comment/templates/internal-release-ready-tag-failed.yml b/.github/actions/asana-add-comment/templates/internal-release-ready-tag-failed copy.yml similarity index 100% rename from .github/actions/asana-add-comment/templates/internal-release-ready-tag-failed.yml rename to .github/actions/asana-add-comment/templates/internal-release-ready-tag-failed copy.yml diff --git a/.github/actions/asana-add-comment/templates/public-release-tag-failed.yml b/.github/actions/asana-add-comment/templates/public-release-tag-failed.yml new file mode 100644 index 0000000000..067673f4c2 --- /dev/null +++ b/.github/actions/asana-add-comment/templates/public-release-tag-failed.yml @@ -0,0 +1,15 @@ +data: + html_text: | + +

[ACTION NEEDED] Failed to publish ${TAG} release – tagging failed

+ + + , please proceed with the release according to instructions. + + + 🔗 Workflow URL: ${WORKFLOW_URL}. + diff --git a/.github/actions/asana-add-comment/templates/public-release-tagged-delete-branch-failed.yml b/.github/actions/asana-add-comment/templates/public-release-tagged-delete-branch-failed.yml new file mode 100644 index 0000000000..7f872a1f55 --- /dev/null +++ b/.github/actions/asana-add-comment/templates/public-release-tagged-delete-branch-failed.yml @@ -0,0 +1,16 @@ +data: + # yq -o=j | sed -E 's/\\n( *)([^\\n])/\2/g' + html_text: | + +

[ACTION NEEDED] Public release ${TAG} tagged

+ + + 🔗 Workflow URL: ${WORKFLOW_URL}. + diff --git a/.github/actions/asana-add-comment/templates/public-release-tagged.yml b/.github/actions/asana-add-comment/templates/public-release-tagged.yml new file mode 100644 index 0000000000..aebce6802a --- /dev/null +++ b/.github/actions/asana-add-comment/templates/public-release-tagged.yml @@ -0,0 +1,15 @@ +data: + # yq -o=j | sed -E 's/\\n( *)([^\\n])/\2/g' + html_text: | + +

Public release ${TAG} has been tagged ✅

+ + + 🔗 Workflow URL: ${WORKFLOW_URL}. + diff --git a/.github/actions/asana-create-action-item/templates/delete-branch-failed.yml b/.github/actions/asana-create-action-item/templates/delete-branch-failed.yml new file mode 100644 index 0000000000..61225c1281 --- /dev/null +++ b/.github/actions/asana-create-action-item/templates/delete-branch-failed.yml @@ -0,0 +1,15 @@ +data: + name: Delete ${BRANCH} branch + assignee: "${ASSIGNEE_ID}" + html_notes: | + + The ${TAG} public release has been successfully tagged and published in GitHub releases, + but deleting ${BRANCH} branch failed. Please delete it manually: + + Complete this task when ready, or if the release branch has already been deleted. + + + 🔗 Workflow URL: ${WORKFLOW_URL}. + diff --git a/.github/actions/asana-create-action-item/templates/tag-failed.yml b/.github/actions/asana-create-action-item/templates/internal-release-tag-failed.yml similarity index 96% rename from .github/actions/asana-create-action-item/templates/tag-failed.yml rename to .github/actions/asana-create-action-item/templates/internal-release-tag-failed.yml index 950d1b293f..9d617e0eaf 100644 --- a/.github/actions/asana-create-action-item/templates/tag-failed.yml +++ b/.github/actions/asana-create-action-item/templates/internal-release-tag-failed.yml @@ -1,5 +1,5 @@ data: - name: Merging ${BRANCH} to ${BASE_BRANCH} failed + name: Tag ${BRANCH} branch and create GitHub release assignee: "${ASSIGNEE_ID}" html_notes: | diff --git a/.github/actions/asana-create-action-item/templates/merge-failed.yml b/.github/actions/asana-create-action-item/templates/merge-failed.yml index 8ea7584021..f4d997e98b 100644 --- a/.github/actions/asana-create-action-item/templates/merge-failed.yml +++ b/.github/actions/asana-create-action-item/templates/merge-failed.yml @@ -1,5 +1,5 @@ data: - name: Merging ${BRANCH} to ${BASE_BRANCH} failed + name: Merge ${BRANCH} to ${BASE_BRANCH} assignee: "${ASSIGNEE_ID}" html_notes: | diff --git a/.github/actions/asana-create-action-item/templates/public-release-tag-failed.yml b/.github/actions/asana-create-action-item/templates/public-release-tag-failed.yml new file mode 100644 index 0000000000..94e7ae9c02 --- /dev/null +++ b/.github/actions/asana-create-action-item/templates/public-release-tag-failed.yml @@ -0,0 +1,38 @@ +data: + name: Tag ${BRANCH} branch, delete it, and create GitHub release + assignee: "${ASSIGNEE_ID}" + html_notes: | + + Failed to tag the release with ${TAG} tag. + + Please follow instructions below to tag the branch, make GitHub release and delete the release branch manually. + + + Issue the following git commands to tag the release and delete the branch: + + + To create GitHub release: + + + Complete this task when ready. + + + 🔗 Workflow URL: ${WORKFLOW_URL}. + diff --git a/.github/actions/create-tag-and-github-release/action.yml b/.github/actions/create-tag-and-github-release/action.yml index a78575bc8c..21b7d34f6b 100644 --- a/.github/actions/create-tag-and-github-release/action.yml +++ b/.github/actions/create-tag-and-github-release/action.yml @@ -11,8 +11,11 @@ inputs: required: true type: string outputs: + promoted-tag: + description: "Pre-release tag (x.y.z-N) that has been promoted to a release tag (x.y.z)" + value: ${{ steps.compute-tag.outputs.promoted-tag }} tag: - description: "Tag that has been added" + description: "Tag that has been added (x.y.z-N for internal, x.y.z for public and hotfixes)" value: ${{ steps.compute-tag.outputs.tag }} tag-created: description: "Whether the tag has been created" @@ -30,11 +33,13 @@ runs: shell: bash run: | version="$(cut -d ' ' -f 3 < Configuration/Version.xcconfig)" + build_number="$(cut -d ' ' -f 3 < Configuration/BuildNumber.xcconfig)" if [[ "${{ inputs.prerelease }}" == "true" ]]; then - build_number="$(cut -d ' ' -f 3 < Configuration/BuildNumber.xcconfig)" tag="${version}-${build_number}" else tag="${version}" + promoted_tag="${version}-${build_number}" + echo "promoted-tag=${promoted_tag}" >> $GITHUB_OUTPUT fi echo "tag=${tag}" >> $GITHUB_OUTPUT @@ -53,5 +58,5 @@ runs: if [[ "${{ inputs.prerelease }}" == "true" ]]; then gh release create ${{ steps.compute-tag.outputs.tag }} --generate-notes --prerelease --notes-start-tag ${latest_release} else - gh release create ${{ steps.compute-tag.outputs.tag }} --generate-notes --notes-start-tag ${latest_release} + gh release create ${{ steps.compute-tag.outputs.tag }} --generate-notes --latest --notes-start-tag ${latest_release} fi diff --git a/.github/actions/install-certs-and-profiles/action.yml b/.github/actions/install-certs-and-profiles/action.yml index 5ac06a2a0d..923bbcd979 100644 --- a/.github/actions/install-certs-and-profiles/action.yml +++ b/.github/actions/install-certs-and-profiles/action.yml @@ -1,4 +1,4 @@ -name: Instal Certs and Profiles +name: Install Certs and Profiles description: Installs signing certificates and provisioning profiles inputs: BUILD_CERTIFICATE_BASE64: diff --git a/.github/workflows/bump_internal_release.yml b/.github/workflows/bump_internal_release.yml index 49b67e1bd2..0b5a0de3b6 100644 --- a/.github/workflows/bump_internal_release.yml +++ b/.github/workflows/bump_internal_release.yml @@ -123,11 +123,12 @@ jobs: tag_and_merge: name: Tag and Merge Branch needs: [ prepare_release ] - uses: ./.github/workflows/tag_and_merge.yml + uses: ./.github/workflows/tag_release.yml with: asana-task-url: ${{ github.event.inputs.asana-task-url }} branch: ${{ github.ref_name }} base-branch: ${{ github.event.inputs.base-branch || 'main' }} + prerelease: true secrets: ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} diff --git a/.github/workflows/code_freeze.yml b/.github/workflows/code_freeze.yml index 6806f405c0..4663641ea4 100644 --- a/.github/workflows/code_freeze.yml +++ b/.github/workflows/code_freeze.yml @@ -163,10 +163,11 @@ jobs: tag_and_merge: name: Tag and Merge Branch needs: [ create_release_branch, prepare_release ] - uses: ./.github/workflows/tag_and_merge.yml + uses: ./.github/workflows/tag_release.yml with: asana-task-url: ${{ needs.create_release_branch.outputs.asana_task_url }} branch: ${{ needs.create_release_branch.outputs.release_branch_name }} + prerelease: true secrets: ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} diff --git a/.github/workflows/publish_dmg_release.yml b/.github/workflows/publish_dmg_release.yml index c31f3473fe..b749d30a68 100644 --- a/.github/workflows/publish_dmg_release.yml +++ b/.github/workflows/publish_dmg_release.yml @@ -22,10 +22,33 @@ on: jobs: + # This is only run for public and hotfix releases + # Internal release has been tagged as part of code_freeze or bump_interal_release workflows + tag-public-release: + + name: Tag public release + + if: ${{ github.event.inputs.release-type != 'internal' }} + + uses: ./.github/workflows/tag_release.yml + with: + asana-task-url: ${{ github.event.inputs.asana-task-url }} + branch: ${{ github.ref_name }} + prerelease: false + secrets: + ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} + GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} + publish-to-sparkle: name: Publish a release to Sparkle + needs: [tag-public-release] + + # Allow to run even if the tag-public-release job was skipped (e.g. for internal releases) + # or failed (for public releases or hotfixes), because tagging doesn't block publishing the release + if: always() + runs-on: macos-13-xlarge timeout-minutes: 10 @@ -68,8 +91,11 @@ jobs: env: DMG_NAME: duckduckgo-${{ steps.verify-tag.outputs.release-version }}.dmg run: | - DMG_URL="${{ vars.DMG_URL_ROOT }}${DMG_NAME}" - curl -fLSs -o "$DMG_NAME" "$DMG_URL" + # Public release doesn't need fetching a DMG (it's already uploaded to S3) + if [[ "${{ github.event.inputs.release-type }}" != 'public' ]]; then + DMG_URL="${{ vars.DMG_URL_ROOT }}${DMG_NAME}" + curl -fLSs -o "$DMG_NAME" "$DMG_URL" + fi echo "dmg-name=$DMG_NAME" >> $GITHUB_OUTPUT echo "dmg-path=$DMG_NAME" >> $GITHUB_OUTPUT diff --git a/.github/workflows/tag_and_merge.yml b/.github/workflows/tag_release.yml similarity index 53% rename from .github/workflows/tag_and_merge.yml rename to .github/workflows/tag_release.yml index 4004a55ac0..c5c7debf1b 100644 --- a/.github/workflows/tag_and_merge.yml +++ b/.github/workflows/tag_release.yml @@ -1,4 +1,4 @@ -name: Tag and Merge +name: Tag Release on: workflow_dispatch: @@ -8,13 +8,17 @@ on: required: true type: string base-branch: - description: "Base branch name" + description: "Base branch name (defaults to main, only override for testing)" required: false type: string branch: description: "Branch name" required: false type: string + prerelease: + description: "Is this a pre-release? (a.k.a. internal release)" + required: true + type: boolean workflow_call: inputs: asana-task-url: @@ -22,13 +26,17 @@ on: required: true type: string base-branch: - description: "Base branch name" + description: "Base branch name (defaults to main, only override for testing)" required: false type: string branch: description: "Branch name" required: false type: string + prerelease: + description: "Is this a pre-release? (a.k.a. internal release)" + required: true + type: boolean secrets: ASANA_ACCESS_TOKEN: required: true @@ -36,24 +44,32 @@ on: required: true jobs: - tag-and-merge: + tag-release: - name: Tag and Merge + name: Tag Release - # This doesn't need Xcode, so could technically run on Ubuntu, but actions add comments and tasks in Asana - # use BSD-specific sed syntax, that doesn't work with GNU sed (available on Linux). + # This doesn't need Xcode, so could technically run on Ubuntu, but actions that add comments and tasks + # in Asana use BSD-specific sed syntax, that doesn't work with GNU sed (available on Linux). runs-on: macos-13 env: asana-task-url: ${{ github.event.inputs.asana-task-url || inputs.asana-task-url }} BASE_BRANCH: ${{ inputs.base-branch || 'main' }} BRANCH: ${{ inputs.branch || github.ref_name }} + prerelease: ${{ github.event.inputs.prerelease || inputs.prerelease }} outputs: tag: ${{ steps.create-tag.outputs.tag }} steps: + - name: Assert release branch + run: | + case "${{ env.BRANCH }}" in + release/*) ;; + *) echo "👎 Not a release branch"; exit 1 ;; + esac + - name: Check out the code uses: actions/checkout@v4 with: @@ -64,11 +80,12 @@ jobs: id: create-tag uses: ./.github/actions/create-tag-and-github-release with: - prerelease: true + prerelease: ${{ env.prerelease }} github-token: ${{ github.token }} - name: Merge to base branch id: merge + if: ${{ env.prerelease == 'true' }} uses: actions/github-script@v7 with: github-token: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} @@ -80,31 +97,66 @@ jobs: head: "${{ env.BRANCH }}" }) + - name: Delete release branch + id: delete + if: ${{ env.prerelease == 'false' }} + env: + GH_TOKEN: ${{ github.token }} + run: | + gh api --method DELETE /repos/${{ github.repository }}/git/refs/heads/${{ env.BRANCH}} + - name: Set common environment variables if: always() env: GH_TOKEN: ${{ github.token }} + PROMOTED_TAG: ${{ steps.create-tag.outputs.promoted-tag }} TAG: ${{ steps.create-tag.outputs.tag }} run: | echo "TAG=$TAG" >> $GITHUB_ENV + if [[ ${prerelase} == "true" ]]; then + DMG_VERSION=${TAG//-/.} + else + # For public release, tag is x.y.z, but we need DMG version as x.y.z-N + DMG_VERSION=${PROMOTED_TAG//-/.} + fi echo "WORKFLOW_URL=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" >> $GITHUB_ENV - echo "DMG_URL=${{ vars.DMG_URL_ROOT }}duckduckgo-${TAG//-/.}.dmg" >> $GITHUB_ENV - echo "RELEASE_URL=https://github.com/${{ github.repository }}/releases/tag/${{ steps.create-tag.outputs.tag }}" >> $GITHUB_ENV + echo "DMG_URL=${{ vars.DMG_URL_ROOT }}duckduckgo-${DMG_VERSION}.dmg" >> $GITHUB_ENV + echo "RELEASE_URL=https://github.com/${{ github.repository }}/releases/tag/${TAG}" >> $GITHUB_ENV if [[ ${{ steps.create-tag.outputs.tag-created }} == "false" ]]; then last_release_tag=$(gh api /repos/${{ github.repository }}/releases/latest --jq '.tag_name') echo "LAST_RELEASE_TAG=${last_release_tag}" >> $GITHUB_ENV fi + - name: Set up Asana success comment template + if: success() + id: asana-success-template + run: | + if [[ "${prerelease}" == "true" ]]; then + echo "comment-template=internal-release-ready" >> $GITHUB_OUTPUT + else + echo "comment-template=public-release-tagged" >> $GITHUB_OUTPUT + fi + - name: Set up Asana templates if: failure() - id: asana-templates + id: asana-failure-templates run: | if [[ ${{ steps.create-tag.outputs.tag-created }} == "true" ]]; then - echo "task-template=merge-failed" >> $GITHUB_OUTPUT - echo "comment-template=internal-release-ready-merge-failed" >> $GITHUB_OUTPUT + if [[ "${prerelease}" == "true" ]]; then + echo "task-template=merge-failed" >> $GITHUB_OUTPUT + echo "comment-template=internal-release-ready-merge-failed" >> $GITHUB_OUTPUT + else + echo "task-template=delete-branch-failed" >> $GITHUB_OUTPUT + echo "comment-template=public-release-tagged-delete-branch-failed" >> $GITHUB_OUTPUT + fi else - echo "task-template=tag-failed" >> $GITHUB_OUTPUT - echo "comment-template=internal-release-ready-tag-failed" >> $GITHUB_OUTPUT + if [[ "${prerelease}" == "true" ]]; then + echo "task-template=internal-release-tag-failed" >> $GITHUB_OUTPUT + echo "comment-template=internal-release-ready-tag-failed" >> $GITHUB_OUTPUT + else + echo "task-template=public-release-tag-failed" >> $GITHUB_OUTPUT + echo "comment-template=public-release-tag-failed" >> $GITHUB_OUTPUT + fi fi - name: Create Asana task on failure @@ -114,7 +166,7 @@ jobs: with: access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} release-task-url: ${{ env.asana-task-url }} - template-name: ${{ steps.asana-templates.outputs.task-template }} + template-name: ${{ steps.asana-failure-templates.outputs.task-template }} - name: Report failure if: failure() @@ -125,7 +177,7 @@ jobs: with: access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} task-url: ${{ env.asana-task-url }} - template-name: ${{ steps.asana-templates.outputs.comment-template }} + template-name: ${{ steps.asana-failure-templates.outputs.comment-template }} - name: Report success if: success() @@ -133,4 +185,4 @@ jobs: with: access-token: ${{ secrets.ASANA_ACCESS_TOKEN }} task-url: ${{ env.asana-task-url }} - template-name: internal-release-ready + template-name: ${{ steps.asana-success-template.outputs.comment-template }} From d9ab149998424ade76c8034b6091bd1275ed97f9 Mon Sep 17 00:00:00 2001 From: Dominik Kapusta Date: Fri, 23 Feb 2024 13:54:27 +0100 Subject: [PATCH 2/5] Publish subsequent internal release immediately after building --- .github/workflows/bump_internal_release.yml | 14 ++++++ .github/workflows/publish_dmg_release.yml | 54 +++++++++++++++------ .github/workflows/tag_release.yml | 14 +++++- 3 files changed, 67 insertions(+), 15 deletions(-) diff --git a/.github/workflows/bump_internal_release.yml b/.github/workflows/bump_internal_release.yml index 0b5a0de3b6..ebe5b191fb 100644 --- a/.github/workflows/bump_internal_release.yml +++ b/.github/workflows/bump_internal_release.yml @@ -132,3 +132,17 @@ jobs: secrets: ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} + + publish_release: + name: Publish DMG Release + needs: [ tag_and_merge ] + uses: ./.github/workflows/publish_dmg_release.yml + with: + asana-task-url: ${{ github.event.inputs.asana-task-url }} + + secrets: + ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} + GHA_ELEVATED_PERMISSIONS_TOKEN: ${{ secrets.GHA_ELEVATED_PERMISSIONS_TOKEN }} + SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }} diff --git a/.github/workflows/publish_dmg_release.yml b/.github/workflows/publish_dmg_release.yml index b749d30a68..7060dd1d8f 100644 --- a/.github/workflows/publish_dmg_release.yml +++ b/.github/workflows/publish_dmg_release.yml @@ -19,16 +19,33 @@ on: - internal - public - hotfix - + workflow_call: + inputs: + asana-task-url: + description: "Asana release task URL" + required: true + type: string + secrets: + ASANA_ACCESS_TOKEN: + required: true + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true + GHA_ELEVATED_PERMISSIONS_TOKEN: + required: true + SPARKLE_PRIVATE_KEY: + required: true + jobs: - # This is only run for public and hotfix releases + # This is only run for public and hotfix releases, so only when it's triggered manually. # Internal release has been tagged as part of code_freeze or bump_interal_release workflows tag-public-release: name: Tag public release - if: ${{ github.event.inputs.release-type != 'internal' }} + if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.release-type != 'internal' }} uses: ./.github/workflows/tag_release.yml with: @@ -43,6 +60,10 @@ jobs: name: Publish a release to Sparkle + env: + RELEASE_TYPE: ${{ github.event.inputs.release-type || 'internal' }} + SPARKLE_DIR: ${{ github.workspace }}/sparkle-updates + needs: [tag-public-release] # Allow to run even if the tag-public-release job was skipped (e.g. for internal releases) @@ -52,15 +73,25 @@ jobs: runs-on: macos-13-xlarge timeout-minutes: 10 - env: - SPARKLE_DIR: ${{ github.workspace }}/sparkle-updates - steps: + - name: Download tag artifact + if: ${{ github.event_name == 'workflow_call' }} + uses: actions/download-artifact@v4 + with: + name: tag + path: .github + + - name: Set tag variable + run: | + if [[ "${{ github.event_name }}" == 'workflow_call' ]]; then + echo "tag=$(<.github/tag)" >> $GITHUB_ENV + else + echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_ENV + fi + - name: Verify the tag id: verify-tag - env: - tag: ${{ github.event.inputs.tag }} run: | tag_regex='^[0-9]+\.[0-9]+\.[0-9]+-[0-9]+$' @@ -87,12 +118,11 @@ jobs: - name: Fetch DMG id: fetch-dmg - if: ${{ github.event.inputs.release-type != 'public' }} env: DMG_NAME: duckduckgo-${{ steps.verify-tag.outputs.release-version }}.dmg run: | # Public release doesn't need fetching a DMG (it's already uploaded to S3) - if [[ "${{ github.event.inputs.release-type }}" != 'public' ]]; then + if [[ "${RELEASE_TYPE}" != 'public' ]]; then DMG_URL="${{ vars.DMG_URL_ROOT }}${DMG_NAME}" curl -fLSs -o "$DMG_NAME" "$DMG_URL" fi @@ -121,7 +151,6 @@ jobs: env: DMG_PATH: ${{ steps.fetch-dmg.outputs.dmg-path }} SPARKLE_PRIVATE_KEY: ${{ secrets.SPARKLE_PRIVATE_KEY }} - RELEASE_TYPE: ${{ github.event.inputs.release-type }} VERSION: ${{ steps.verify-tag.outputs.release-version }} run: | echo -n "$SPARKLE_PRIVATE_KEY" > sparkle_private_key @@ -169,7 +198,6 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_RELEASE_S3 }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_RELEASE_S3 }} AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} - RELEASE_TYPE: ${{ github.event.inputs.release-type }} VERSION: ${{ steps.verify-tag.outputs.release-version }} run: | # Back up existing appcast2.xml @@ -208,8 +236,6 @@ jobs: - name: Set up Asana templates if: always() id: asana-templates - env: - RELEASE_TYPE: ${{ github.event.inputs.release-type }} run: | if [[ ${{ steps.upload.outcome }} == "success" ]]; then if [[ "${RELEASE_TYPE}" == "internal" ]]; then diff --git a/.github/workflows/tag_release.yml b/.github/workflows/tag_release.yml index c5c7debf1b..6a7e8ff728 100644 --- a/.github/workflows/tag_release.yml +++ b/.github/workflows/tag_release.yml @@ -83,6 +83,18 @@ jobs: prerelease: ${{ env.prerelease }} github-token: ${{ github.token }} + - name: Store created tag in a file artifact + if: ${{ github.event_name == 'workflow_call' }} + run: echo ${{ steps.create-tag.outputs.tag }} > .github/tag + + - name: Upload tag artifact + if: ${{ github.event_name == 'workflow_call' }} + uses: actions/upload-artifact@v4 + with: + name: tag + path: .github/tag + retention-days: 1 + - name: Merge to base branch id: merge if: ${{ env.prerelease == 'true' }} @@ -103,7 +115,7 @@ jobs: env: GH_TOKEN: ${{ github.token }} run: | - gh api --method DELETE /repos/${{ github.repository }}/git/refs/heads/${{ env.BRANCH}} + gh api --method DELETE /repos/${{ github.repository }}/git/refs/heads/${{ env.BRANCH }} - name: Set common environment variables if: always() From 0ac0a083b5ec59269b520772b72228b9dfb1909c Mon Sep 17 00:00:00 2001 From: Dominik Kapusta Date: Fri, 23 Feb 2024 14:34:24 +0100 Subject: [PATCH 3/5] Fix github.event_name checks --- .github/workflows/publish_dmg_release.yml | 2 +- .github/workflows/tag_release.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish_dmg_release.yml b/.github/workflows/publish_dmg_release.yml index 7060dd1d8f..c167ea2a73 100644 --- a/.github/workflows/publish_dmg_release.yml +++ b/.github/workflows/publish_dmg_release.yml @@ -76,7 +76,7 @@ jobs: steps: - name: Download tag artifact - if: ${{ github.event_name == 'workflow_call' }} + if: github.event_name == 'workflow_call' uses: actions/download-artifact@v4 with: name: tag diff --git a/.github/workflows/tag_release.yml b/.github/workflows/tag_release.yml index 6a7e8ff728..7cc0f7379c 100644 --- a/.github/workflows/tag_release.yml +++ b/.github/workflows/tag_release.yml @@ -84,11 +84,11 @@ jobs: github-token: ${{ github.token }} - name: Store created tag in a file artifact - if: ${{ github.event_name == 'workflow_call' }} + if: github.event_name == 'workflow_call' run: echo ${{ steps.create-tag.outputs.tag }} > .github/tag - name: Upload tag artifact - if: ${{ github.event_name == 'workflow_call' }} + if: github.event_name == 'workflow_call' uses: actions/upload-artifact@v4 with: name: tag From c8dfa01463fd406c73a7fc281a1412b6ee304ad2 Mon Sep 17 00:00:00 2001 From: Dominik Kapusta Date: Fri, 23 Feb 2024 14:40:33 +0100 Subject: [PATCH 4/5] Further fix github.event_name checks --- .github/workflows/publish_dmg_release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish_dmg_release.yml b/.github/workflows/publish_dmg_release.yml index c167ea2a73..7132f60db6 100644 --- a/.github/workflows/publish_dmg_release.yml +++ b/.github/workflows/publish_dmg_release.yml @@ -45,7 +45,7 @@ jobs: name: Tag public release - if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.release-type != 'internal' }} + if: github.event_name == 'workflow_dispatch' && github.event.inputs.release-type != 'internal' uses: ./.github/workflows/tag_release.yml with: @@ -81,7 +81,7 @@ jobs: with: name: tag path: .github - + - name: Set tag variable run: | if [[ "${{ github.event_name }}" == 'workflow_call' ]]; then From 621d999ac5073e4267294cafcc623f0379d7eb14 Mon Sep 17 00:00:00 2001 From: Dominik Kapusta Date: Fri, 23 Feb 2024 15:37:38 +0100 Subject: [PATCH 5/5] Replace 'workflow_call' usage --- .github/workflows/publish_dmg_release.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish_dmg_release.yml b/.github/workflows/publish_dmg_release.yml index 7132f60db6..e0e155730e 100644 --- a/.github/workflows/publish_dmg_release.yml +++ b/.github/workflows/publish_dmg_release.yml @@ -45,7 +45,7 @@ jobs: name: Tag public release - if: github.event_name == 'workflow_dispatch' && github.event.inputs.release-type != 'internal' + if: github.event.inputs.release-type != 'internal' uses: ./.github/workflows/tag_release.yml with: @@ -76,7 +76,8 @@ jobs: steps: - name: Download tag artifact - if: github.event_name == 'workflow_call' + id: download-tag + continue-on-error: true uses: actions/download-artifact@v4 with: name: tag @@ -84,7 +85,7 @@ jobs: - name: Set tag variable run: | - if [[ "${{ github.event_name }}" == 'workflow_call' ]]; then + if [[ "${{ steps.download-tag.outcome }}" == 'success' ]]; then echo "tag=$(<.github/tag)" >> $GITHUB_ENV else echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_ENV