Automated Release #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Automated Release | |
on: | |
workflow_dispatch: | |
inputs: | |
component: | |
description: "The component to release" | |
required: true | |
type: choice | |
options: | |
- orb-slot-ctrl | |
- orb-attest | |
- orb-thermal-cam-ctrl | |
- orb-ui | |
channel: | |
description: | | |
Which release channel? | |
`beta` can only be used on `main` and is permanent. | |
`tmp` can be any ref and *will* eventually be deleted. It should only | |
be used as a temporary way to distribute artifacts and we make no guarantees | |
about its stability. It should never make it into the `main` branch of orb-os. | |
required: true | |
type: choice | |
options: | |
- "beta" | |
- "tmp" | |
env: | |
CI_CHANNEL: ${{ inputs.channel }} | |
CI_COMPONENT: ${{ inputs.component }} | |
CI_OVERALL_VERSION: KK | |
GH_TOKEN: ${{ github.token }} # For gh cli | |
jobs: | |
check-inputs: | |
name: Check Workflow Inputs | |
runs-on: ubuntu-22.04 | |
outputs: | |
release-name: ${{ steps.release-name.outputs.CI_RELEASE_NAME }} | |
steps: | |
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3 | |
with: | |
token: ${{ github.token }} | |
- name: Ensure git ref is valid for the selected channel | |
env: | |
CI_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | |
run: | | |
set -Eeuxo pipefail | |
CI_CURRENT_BRANCH="$(git branch --show-current)" | |
echo "CI_CURRENT_BRANCH=${CI_CURRENT_BRANCH}" | |
echo "CI_DEFAULT_BRANCH=${CI_DEFAULT_BRANCH}" | |
if [[ "${CI_CHANNEL}" != "tmp" ]]; then | |
if [[ "${CI_CURRENT_BRANCH}" != "${CI_DEFAULT_BRANCH}" ]]; then | |
echo "We are on the ${CI_CURRENT_BRANCH} branch, but only commits on ${CI_DEFAULT_BRANCH} are allowed for the ${CI_CHANNEL} channel!" | |
exit 1 | |
fi | |
fi | |
- name: Extract Package Version | |
run: | | |
set -Eeuxo pipefail | |
# Cargo metadata is a machine readable description of the workspace. | |
# We parse this with jq to extract the current version number of the | |
# software component | |
jq_query=".packages[] | select(.name == \"${CI_COMPONENT}\") | .version" | |
CI_SEMVER="$(cargo metadata --format-version=1 | jq -r "${jq_query}")" | |
echo "CI_SEMVER=${CI_SEMVER}" >>${GITHUB_ENV} | |
if ! [[ "${CI_SEMVER}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
echo "Cargo crate version was not in expected X.Y.Z format." | |
exit 1 | |
fi | |
- name: Calculate Release Name | |
id: release-name | |
run: | | |
set -Eeuxo pipefail | |
echo "CI_CHANNEL=${CI_CHANNEL}" | |
echo "CI_COMPONENT=${CI_COMPONENT}" | |
echo "CI_SEMVER=${CI_SEMVER}" | |
echo "CI_OVERALL_VERSION=${CI_OVERALL_VERSION}" | |
prefix="${CI_COMPONENT}/v${CI_SEMVER}-${CI_CHANNEL}" | |
# This regex searches for the prerelease number `.0` in `foo/v1.2.3-beta.0+KK` | |
regex="${CI_COMPONENT}\/v${CI_SEMVER}-${CI_CHANNEL}\.([0-9]+)\+[A-Z]{2}" | |
# This finds the latest prerelease number. | |
channel_num=$(gh release list | awk '{print $1}' | (grep ${prefix} || true) | sed -E "s/${regex}/\1/" | sort -n | tail -1) | |
channel_num=$((${channel_num:--1} + 1)) # increment number | |
echo "Detected next channel num to be ${channel_num}" | |
CI_RELEASE_NAME="${CI_COMPONENT}/v${CI_SEMVER}-${CI_CHANNEL}.${channel_num}+${CI_OVERALL_VERSION}" | |
echo "CI_RELEASE_NAME=${CI_RELEASE_NAME}" >>${GITHUB_ENV} | |
echo "CI_RELEASE_NAME=${CI_RELEASE_NAME}" >>${GITHUB_OUTPUT} | |
rust-ci: | |
name: Rust CI | |
uses: ./.github/workflows/rust-ci.yaml | |
needs: check-inputs | |
secrets: | |
GIT_HUB_TOKEN: ${{ secrets.GIT_HUB_TOKEN }} | |
release: | |
name: Create Release and Tag | |
runs-on: ubuntu-22.04 | |
needs: | |
- rust-ci | |
- check-inputs | |
steps: | |
- name: Download Artifacts | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # pin@v3 | |
with: | |
name: artifacts | |
path: artifacts | |
- name: List Downloaded Artifacts | |
run: ls -aRsh artifacts | |
- name: Extract relevant component's tar | |
run: | | |
set -Eeux -o pipefail | |
mkdir -p extracted | |
tar -xvf artifacts/${CI_COMPONENT}.tar.zst -C extracted | |
ls -aRsh extracted | |
- name: Compute sha256 checksums | |
run: | | |
set -Eeuxo pipefail | |
pushd extracted | |
for f in *; do | |
sha256sum "${f}" > "${f}.sha256" | |
done | |
ls -aRsh | |
popd | |
- name: Upload Release and Create Tag | |
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # pin@v1 | |
with: | |
tag_name: ${{ needs.check-inputs.outputs.release-name }} | |
draft: ${{ env.CI_CHANNEL == 'tmp' }} | |
fail_on_unmatched_files: true | |
files: extracted/* |