Release Branch #112
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release Agent | |
on: | |
workflow_dispatch: | |
inputs: | |
githubRelease: | |
description: 'Setup release in github' | |
type: boolean | |
default: false | |
packageVersion: | |
description: 'Package version number' | |
default: "3.0.0" | |
type: string | |
uploadAzure: | |
description: 'Publish packages Azure storage' | |
default: true | |
type: boolean | |
publishPackages: | |
description: 'Publish packages to nginx repo' | |
default: true | |
type: boolean | |
tagRelease: | |
description: 'Add tag to release branch' | |
default: false | |
type: boolean | |
createPullRequest: | |
description: 'Create pull request back into v3' | |
default: false | |
type: boolean | |
releaseBranch: | |
description: 'Release branch to build & publish from' | |
required: true | |
type: string | |
env: | |
NFPM_VERSION: 'v2.35.3' | |
defaults: | |
run: | |
shell: bash | |
concurrency: | |
group: ${{ github.ref_name }}-v3-release | |
cancel-in-progress: true | |
permissions: | |
contents: read | |
jobs: | |
vars: | |
name: Set workflow variables | |
runs-on: ubuntu-22.04 | |
outputs: | |
github_release: ${{steps.vars.outputs.github_release }} | |
upload_azure: ${{steps.vars.outputs.upload_azure }} | |
publish_packages: ${{steps.vars.outputs.publish_packages }} | |
tag_release: ${{steps.vars.outputs.tag_release }} | |
create_pull_request: ${{steps.vars.outputs.create_pull_request }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
with: | |
ref: ${{ inputs.releaseBranch }} | |
- name: Set variables | |
id: vars | |
run: | | |
echo "github_release=${{ inputs.githubRelease }}" >> $GITHUB_OUTPUT | |
echo "upload_azure=${{ inputs.uploadAzure }}" >> $GITHUB_OUTPUT | |
echo "publish_packages=${{ inputs.publishPackages }}" >> $GITHUB_OUTPUT | |
echo "tag_release=${{ inputs.tagRelease }}" >> $GITHUB_OUTPUT | |
echo "create_pull_request=${{ inputs.createPullRequest }}" >> $GITHUB_OUTPUT | |
cat $GITHUB_OUTPUT | |
release-draft: | |
name: Update Release Draft | |
runs-on: ubuntu-22.04 | |
needs: [vars] | |
outputs: | |
release_id: ${{ steps.vars.outputs.RELEASE_ID }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
with: | |
ref: ${{ inputs.releaseBranch }} | |
- name: Setup Node Environment | |
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
- name: Create Draft Release | |
if: ${{ needs.vars.outputs.github_release == 'true' }} | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
id: release | |
env: | |
version: ${{ inputs.packageVersion }} | |
with: | |
script: | | |
const {version} = process.env | |
console.log(`The release version is v${version}`) | |
const releases = (await github.rest.repos.listReleases({ | |
owner: context.payload.repository.owner.login, | |
repo: context.payload.repository.name, | |
per_page: 100, | |
})).data | |
const latest_release = (await github.rest.repos.getLatestRelease({ | |
owner: context.payload.repository.owner.login, | |
repo: context.payload.repository.name, | |
})).data.tag_name | |
console.log(`The latest release was ${latest_release}`) | |
if (latest_release === "v"+version) { | |
core.setFailed(`A published release already exists for ${latest_release}`) | |
} else { | |
const draft = releases.find((r) => r.draft && r.tag_name === "v"+version) | |
const draft_found = !(draft === undefined) | |
let release | |
if (draft_found){ | |
console.log("Draft release already exists. Deleting current draft release and recreating it") | |
release = (await github.rest.repos.deleteRelease({ | |
owner: context.payload.repository.owner.login, | |
repo: context.payload.repository.name, | |
release_id: draft.id, | |
})) | |
} | |
const release_notes = (await github.rest.repos.generateReleaseNotes({ | |
owner: context.payload.repository.owner.login, | |
repo: context.payload.repository.name, | |
tag_name: "v"+version, | |
previous_tag_name: latest_release, | |
target_commitish: ref, | |
})) | |
const footer = ` | |
## Resources | |
- Documentation -- https://github.com/nginx/agent#readme | |
` | |
release = (await github.rest.repos.createRelease({ | |
owner: context.payload.repository.owner.login, | |
repo: context.payload.repository.name, | |
tag_name: "v"+version, | |
target_commitish: ref, | |
name: "v"+version, | |
body: release_notes.data.body + footer, | |
draft: true, | |
})) | |
console.log(`Release created: ${release.data.html_url}`) | |
console.log(`Release ID: ${release.data.id}`) | |
console.log(`Release notes: ${release_notes.data.body}`) | |
console.log(`Release Upload URL: ${release.data.upload_url}`) | |
return { | |
version: version, | |
release_id: release.data.id, | |
release_upload_url: release.data.upload_url, | |
} | |
} | |
- name: Set Environment Variables | |
id: vars | |
run: | | |
echo "RELEASE_ID=$(echo '${{steps.release.outputs.result}}' | jq -r '.release_id')" >> $GITHUB_OUTPUT | |
cat $GITHUB_OUTPUT | |
tag-release: | |
name: Tag Release | |
runs-on: ubuntu-22.04 | |
needs: [vars,release-draft] | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
with: | |
ref: ${{ inputs.releaseBranch }} | |
- name: Tag release | |
run: | | |
git config --global user.name 'github-actions' | |
git config --global user.email '41898282+github-actions[bot]@users.noreply.github.com' | |
git tag -a "v${{ inputs.packageVersion }}" -m "CI Autogenerated" | |
- name: Push Tags | |
if: ${{ needs.vars.outputs.tag_release == 'true' }} | |
run: | | |
git push origin "v${{ inputs.packageVersion }}" | |
upload-packages: | |
name: Upload packages | |
runs-on: ubuntu-22.04 | |
needs: [vars,release-draft,tag-release] | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
with: | |
ref: ${{ inputs.releaseBranch }} | |
- name: Setup go | |
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version-file: 'go.mod' | |
- name: Setup package build environment | |
run: | | |
go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
sudo apt-get update | |
sudo apt-get install -y gpgv1 monkeysphere | |
make install-tools | |
export PATH=$PATH:~/go/bin | |
nfpm --version | |
- name: Docker Buildx | |
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 | |
- name: Build Docker Image | |
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 | |
with: | |
file: scripts/packages/packager/Dockerfile | |
tags: build-signed-packager:1.0.0 | |
context: '.' | |
push: false | |
load: true | |
cache-from: type=gha,scope=build-signed-packager | |
cache-to: type=gha,scope=build-signed-packager,mode=max | |
build-args: | | |
package_type=signed-package | |
- name: Build Packages | |
env: | |
GPG_KEY: ${{ secrets.INDIGO_GPG_AGENT }} | |
NFPM_SIGNING_KEY_FILE: .key.asc | |
VERSION: ${{ inputs.packageVersion }} | |
run: | | |
export PATH=$PATH:~/go/bin | |
echo "$GPG_KEY" | base64 --decode > ${NFPM_SIGNING_KEY_FILE} | |
make package | |
- name: Azure Login | |
if: ${{ inputs.uploadAzure == true }} | |
uses: azure/login@8c334a195cbb38e46038007b304988d888bf676a # v2.0.0 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: Azure Upload Release Packages | |
if: ${{ inputs.uploadAzure == true }} | |
uses: azure/CLI@965c8d7571d2231a54e321ddd07f7b10317f34d9 # v2.0.0 | |
with: | |
inlineScript: | | |
for i in ./build/azure/packages/nginx-agent*; do | |
echo "Uploading ${i} to nginx-agent/${GITHUB_REF##*/}/${i##*/}" | |
az storage blob upload --auth-mode=login -f "$i" -c ${{ secrets.AZURE_CONTAINER_NAME }} \ | |
--account-name ${{ secrets.AZURE_ACCOUNT_NAME }} --overwrite -n nginx-agent/${GITHUB_REF##*/}/${i##*/} | |
done | |
- name: Install GPG tools | |
if: ${{ inputs.publishPackages == true }} | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y gpgv1 monkeysphere | |
- name: Get Id Token | |
if: ${{ inputs.publishPackages == true }} | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
id: idtoken | |
with: | |
script: | | |
let id_token = await core.getIDToken() | |
core.setOutput('id_token', id_token) | |
- name: Publish Release Packages | |
if: ${{ inputs.publishPackages == true }} | |
env: | |
TOKEN: ${{ steps.idtoken.outputs.id_token }} | |
UPLOAD_URL: ${{ secrets.UPLOAD_URL }} | |
run: | | |
make release | |
- name: Upload Release Assets | |
if: ${{ needs.vars.outputs.github_release == 'true' }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# clobber overwrites existing assets of the same name | |
run: | | |
gh release upload --clobber v${{ inputs.packageVersion }} \ | |
$(find ./build/github/packages -type f \( -name "*.deb" -o -name "*.rpm" -o -name "*.pkg" -o -name "*.apk" \)) | |
- name: Publish Github Release | |
if: ${{ needs.vars.outputs.github_release == 'true' }} | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
with: | |
script: | | |
const {RELEASE_ID} = process.env | |
const release = (await github.rest.repos.updateRelease({ | |
owner: context.payload.repository.owner.login, | |
repo: context.payload.repository.name, | |
release_id: `${RELEASE_ID}`, | |
draft: false, | |
})) | |
console.log(`Release published: ${release.data.html_url}`) | |
env: | |
RELEASE_ID: ${{ needs.release-draft.outputs.release_id }} | |
merge-release: | |
if: ${{ needs.vars.outputs.create_pull_request == 'true' }} | |
name: Merge release branch back into V3 branch | |
runs-on: ubuntu-22.04 | |
needs: [vars,tag-release] | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
with: | |
ref: ${{ inputs.releaseBranch }} | |
- name: Create Pull Request | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
with: | |
script: | | |
const { repo, owner } = context.repo; | |
const result = await github.rest.pulls.create({ | |
title: 'Merge ${{ github.ref_name }} back into v3', | |
owner, | |
repo, | |
head: '${{ github.ref_name }}', | |
base: 'v3', | |
body: [ | |
'This PR is auto-generated by the release workflow.' | |
].join('\n') | |
}); |