Publish release #153
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (C) 2020 Dremio | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
# Publishes all Nessie release artifacts and creates a Nessie release in GitHub. | |
# | |
# Triggered when a `nessie-*` tag is being pushed. | |
# | |
# GitHub environment name: release | |
# | |
# This workflow uses separate GH workflow jobs intentionally to be able to re-run | |
# failed "release targets" (Maven Central, Swaggerhub, GHCR, Helm) and not let | |
# the whole release fail (and force a completely new release). | |
# | |
# Jobs: | |
# Prepare -->--+ | |
# | | |
# +-->-- Publish to Maven Central -->--+ | |
# | | | |
# +-->-- Publish OpenAPI ----------->--+ | |
# | | | |
# +-->-- Publish Docker images ----->--+ | |
# | | | |
# +-->-- Publish Helm Chart -------->--+ | |
# | | |
# +-->-- GitHub Release notes | |
# | |
name: Publish release | |
on: | |
push: | |
tags: | |
- nessie-* | |
workflow_dispatch: | |
inputs: | |
releaseTag: | |
description: 'Release tag name to re-release' | |
required: true | |
jobs: | |
prepare: | |
name: Prepare | |
outputs: | |
release-version: ${{ steps.get_version.outputs.release-version }} | |
git-tag: ${{ steps.get_version.outputs.git-tag }} | |
runs-on: ubuntu-22.04 | |
environment: release | |
timeout-minutes: 10 | |
steps: | |
# GH doesn't provide just the tag name, so this step strips `/refs/tags/nessie-` from `GITHUB_REF` | |
# and provides the outputs for the Git tag and the release-version derived from it, in case of a manual run, | |
# uses the input `releaseTag` as the input tag name. | |
- name: Get release version | |
id: get_version | |
run: | | |
if [[ "${{ github.event_name }}" == "push" ]] ; then | |
V="${GITHUB_REF/refs\/tags\/}" | |
else | |
V="${{ github.event.inputs.releaseTag }}" | |
fi | |
# check if tag matches patterns like nessie-0.5, nessie-0.10.4.3-alpha1, etc | |
if [[ ${V} =~ ^nessie-[0-9]+[.][0-9.]*[0-9](-[a-zA-Z0-9]+)?$ ]]; then | |
echo "release-version=${V/nessie-}" >> ${GITHUB_OUTPUT} | |
echo "git-tag=${V}" >> ${GITHUB_OUTPUT} | |
else | |
echo "Tag must start with nessie- followed by a valid version (got tag ${V}, ref is ${GITHUB_REF} )" | |
exit 1 | |
fi | |
publish-maven-central: | |
name: Publish to Maven Central | |
runs-on: ubuntu-22.04 | |
environment: release | |
timeout-minutes: 150 | |
needs: | |
- prepare | |
env: | |
RELEASE_VERSION: ${{needs.prepare.outputs.release-version}} | |
ARTIFACTS: build-artifacts | |
steps: | |
### BEGIN runner setup | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
if: ${{ github.event_name == 'push' }} | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
with: | |
ref: refs/tags/${{ github.event.inputs.releaseTag }} | |
- name: Setup runner | |
uses: ./.github/actions/setup-runner | |
- name: Setup Java, Gradle | |
uses: ./.github/actions/dev-tool-java | |
with: | |
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
### END runner setup | |
- name: Prepare artifacts directory | |
run: rm -rf "${ARTIFACTS}" ; mkdir -p "${ARTIFACTS}" | |
- name: Gradle build | |
run: | | |
# 2 Retries - due to Gradle's old and unfixed CME bug | |
./gradlew --no-scan compileAll jar || ./gradlew --no-scan compileAll jar || ./gradlew --no-scan compileAll jar | |
- name: Check Licenses | |
run: ./gradlew --no-scan aggregatedLicenseReportsZip | |
# Deploys Maven artifacts. Build and test steps were already ran in previous steps. | |
# Not running tests, because the environment contains secrets. | |
- name: Publish Maven artifacts for release | |
env: | |
# To release with Gradle | |
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.OSSRH_ACCESS_ID }} | |
ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.OSSRH_TOKEN }} | |
# To release commits that used Maven to build | |
MAVEN_USERNAME: ${{ secrets.OSSRH_ACCESS_ID }} | |
MAVEN_OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} | |
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
run: | | |
# 2 Retries - to mitigate "HTTP/502 Bad Gateway" issues | |
./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository -Prelease -Puber-jar --no-scan --stacktrace || \ | |
./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository -Prelease -Puber-jar --no-scan --stacktrace || \ | |
./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository -Prelease -Puber-jar --no-scan --stacktrace | |
- name: Generate changelog | |
run: ./gradlew --no-scan --quiet --console=plain getChangelog --no-header --no-links > "${ARTIFACTS}/nessie-changelog-${RELEASE_VERSION}.md" | |
- name: Collect artifacts | |
run: | | |
mv servers/quarkus-server/build/nessie-quarkus-${RELEASE_VERSION}-runner.jar "${ARTIFACTS}" | |
mv cli/cli/build/libs/nessie-cli-${RELEASE_VERSION}.jar "${ARTIFACTS}" | |
mv tools/server-admin/build/nessie-server-admin-tool-${RELEASE_VERSION}-runner.jar "${ARTIFACTS}" | |
mv gc/gc-tool/build/executable/nessie-gc.jar "${ARTIFACTS}/nessie-gc-${RELEASE_VERSION}.jar" | |
cp tools/aggregated-license-report/build/distributions/nessie-aggregated-license-report-${RELEASE_VERSION}.zip "${ARTIFACTS}" | |
- name: Archive release artifacts | |
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4 | |
with: | |
name: nessie-release-artifacts | |
path: build-artifacts | |
if-no-files-found: error | |
publish-images: | |
name: Publish images | |
runs-on: ubuntu-22.04 | |
environment: release | |
timeout-minutes: 60 | |
needs: | |
- prepare | |
steps: | |
### BEGIN runner setup | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
if: ${{ github.event_name == 'push' }} | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
with: | |
ref: refs/tags/${{ github.event.inputs.releaseTag }} | |
- name: Setup runner | |
uses: ./.github/actions/setup-runner | |
- name: Setup Java, Gradle | |
uses: ./.github/actions/dev-tool-java | |
### END runner setup | |
- name: Gradle build | |
run: | | |
# 2 Retries - due to Gradle's old and unfixed CME bug | |
./gradlew --no-scan compileAll jar || ./gradlew --no-scan compileAll jar || ./gradlew --no-scan compileAll jar | |
- name: Docker login | |
run: | | |
echo '${{ secrets.GITHUB_TOKEN }}' | docker login ghcr.io -u $ --password-stdin | |
- name: Publish Nessie Server | |
run: | | |
tools/dockerbuild/build-push-images.sh \ | |
-g ":nessie-quarkus" \ | |
-p "servers/quarkus-server" \ | |
-d "Dockerfile-server" \ | |
ghcr.io/projectnessie/nessie | |
- name: Publish Nessie GC | |
run: | | |
tools/dockerbuild/build-push-images.sh \ | |
-g ":nessie-gc-tool" \ | |
-p "gc/gc-tool" \ | |
-d "Dockerfile-gctool" \ | |
ghcr.io/projectnessie/nessie-gc | |
- name: Publish Nessie Server Admin Tool | |
run: | | |
tools/dockerbuild/build-push-images.sh \ | |
-g ":nessie-server-admin-tool" \ | |
-p "tools/server-admin" \ | |
-d "Dockerfile-admintool" \ | |
ghcr.io/projectnessie/nessie-server-admin | |
- name: Publish Nessie CLI | |
run: | | |
tools/dockerbuild/build-push-images.sh \ | |
-g ":nessie-cli" \ | |
-p "cli/cli" \ | |
-d "Dockerfile-cli" \ | |
ghcr.io/projectnessie/nessie-cli | |
# NOTE: GH container registry behaves a bit weird when new images are added. | |
# The first push/publication of a _new_ image (package) fails with a HTTP/403, | |
# but the next one works. | |
# See also the note in .github/docker-sync/regsync.yml about quay.io. | |
# | |
# Also make sure to add the new image to the site, currently in: | |
# site/docs/downloads/index.md | |
# site/in-dev/index.md | |
# site/in-dev/index-release.md | |
publish-helm: | |
name: Publish Helm Chart | |
runs-on: ubuntu-22.04 | |
environment: release | |
timeout-minutes: 60 | |
needs: | |
- prepare | |
env: | |
RELEASE_VERSION: ${{needs.prepare.outputs.release-version}} | |
steps: | |
### BEGIN runner setup | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
if: ${{ github.event_name == 'push' }} | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
with: | |
ref: refs/tags/${{ github.event.inputs.releaseTag }} | |
- name: Install Helm | |
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4 | |
with: | |
version: v3.6.3 | |
### END runner setup | |
- name: Package Nessie Helm chart | |
run: | | |
helm package helm/nessie --version ${RELEASE_VERSION} | |
mv nessie-${RELEASE_VERSION}.tgz nessie-helm-${RELEASE_VERSION}.tgz | |
- name: Publish Nessie Helm chart to Helm Repo | |
run: | | |
wget https://raw.githubusercontent.com/projectnessie/charts.projectnessie.org/main/index.yaml | |
helm repo index . --merge index.yaml --url https://github.com/projectnessie/nessie/releases/download/nessie-${RELEASE_VERSION} | |
echo ${{ secrets.CI_REPORTS_TOKEN }} | gh auth login --with-token | |
index_sha=$(gh api -X GET /repos/projectnessie/charts.projectnessie.org/contents/index.yaml --jq '.sha') | |
gh api -X PUT /repos/projectnessie/charts.projectnessie.org/contents/index.yaml -f message="Publishing Nessie Helm chart ${RELEASE_VERSION}" -f content=$(base64 -w0 index.yaml) -f sha=${index_sha} || true | |
- name: Archive Helm chart artifact | |
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4 | |
with: | |
name: nessie-release-helm | |
path: ./nessie-helm-*.tgz | |
if-no-files-found: error | |
publish-openapi: | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 60 | |
environment: release | |
needs: | |
- prepare | |
env: | |
RELEASE_VERSION: ${{needs.prepare.outputs.release-version}} | |
steps: | |
### BEGIN runner setup | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
if: ${{ github.event_name == 'push' }} | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
with: | |
ref: refs/tags/${{ github.event.inputs.releaseTag }} | |
- name: Setup runner | |
uses: ./.github/actions/setup-runner | |
- name: Setup Java, Gradle | |
uses: ./.github/actions/dev-tool-java | |
### END runner setup | |
- name: Gradle build | |
run: | | |
# 2 Retries - due to Gradle's old and unfixed CME bug | |
./gradlew --no-scan :nessie-model:jar || ./gradlew --no-scan :nessie-model:jar || ./gradlew --no-scan :nessie-model:jar | |
- name: Copy OpenAPI yaml | |
run: cp api/model/build/generated/openapi/META-INF/openapi/openapi.yaml ./nessie-openapi-${RELEASE_VERSION}.yaml | |
- name: Archive OpenAPI artifact | |
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4 | |
with: | |
name: nessie-release-openapi | |
path: ./nessie-openapi-*.yaml | |
if-no-files-found: error | |
- name: Update SwaggerHub | |
uses: smartbear/swaggerhub-cli@20e5eaf4866bbbc44d72e9eb8a48a942c0d9e43b # v0.9.0 | |
env: | |
XDG_CONFIG_HOME: "/tmp" | |
SWAGGERHUB_API_KEY: ${{ secrets.SWAGGERHUB_API_KEY }} | |
SWAGGERHUB_URL: "https://api.swaggerhub.com" | |
with: | |
args: api:create projectnessie/nessie -f ./nessie-openapi-${{ env.RELEASE_VERSION }}.yaml --published=publish --setdefault --visibility=public | |
create-github-release: | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 60 | |
environment: release | |
needs: | |
- prepare | |
- publish-maven-central | |
- publish-images | |
- publish-helm | |
- publish-openapi | |
env: | |
RELEASE_VERSION: ${{needs.prepare.outputs.release-version}} | |
GIT_TAG: ${{needs.prepare.outputs.git-tag}} | |
NOTES_FILE: current-release-notes.md | |
steps: | |
### BEGIN runner setup | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
if: ${{ github.event_name == 'push' }} | |
with: | |
fetch-depth: 0 | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
with: | |
fetch-depth: 0 | |
ref: refs/tags/${{ github.event.inputs.releaseTag }} | |
### END runner setup | |
- name: Create dir | |
run: mkdir current-release-artifacts | |
- name: Get release + OpenAPI + Helm chart artifacts | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 | |
with: | |
path: current-release-artifacts | |
merge-multiple: true | |
- name: Create release notes file for GitHub release | |
run: | | |
LAST_TAG=$(git describe --abbrev=0 --tags "--match=nessie-*" ${GIT_TAG}^1) | |
tools/releases/create-gh-release-notes.sh \ | |
-n ${NOTES_FILE} \ | |
-l ${LAST_TAG} \ | |
-t ${GIT_TAG} \ | |
-r ${RELEASE_VERSION} \ | |
-c current-release-artifacts/nessie-changelog-${RELEASE_VERSION}.md | |
rm current-release-artifacts/nessie-changelog-${RELEASE_VERSION}.md | |
cat "${NOTES_FILE}" >> $GITHUB_STEP_SUMMARY | |
- name: GitHub login | |
run: echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token | |
- name: Create Nessie release in GitHub | |
run: gh release create ${GIT_TAG} --notes-file ${NOTES_FILE} --title "Nessie ${RELEASE_VERSION}" current-release-artifacts/* |