Skip to content

Commit

Permalink
Only push 1 commit if doing a feature branch release
Browse files Browse the repository at this point in the history
Fix output of job so we can get the release_type

Updating a tag requires force-pushing, and that feels bad

Comment on PR when a preview release is published

Remove troublesome backticks that confuse bash...

Ideally we would be generating a markdown message with lots of backticks
for styling:

https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks

...like this:

rtyley/sample-project-using-gha-scala-library-release-workflow#1 (comment)

...but they get interpreted by BASH, and cause trouble...

https://github.com/rtyley/sample-project-using-gha-scala-library-release-workflow/actions/runs/7399435634/job/20130944058
  • Loading branch information
rtyley committed Jan 4, 2024
1 parent a09466f commit 10950c6
Showing 1 changed file with 111 additions and 26 deletions.
137 changes: 111 additions & 26 deletions .github/workflows/reusable-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,14 @@ env:
RUN_ATTEMPT_UID: ${{ github.run_id }}-${{ github.run_attempt }}

jobs:
identifiers-for-signing-key:
name: 🔒 Read Signing Key Id
init:
name: 🔒 Init
runs-on: ubuntu-latest
outputs:
key_fingerprint: ${{ steps.read-identifiers.outputs.key_fingerprint }}
key_email: ${{ steps.read-identifiers.outputs.key_email }}
release_type: ${{ steps.generate-version-suffix.outputs.release_type }}
version_suffix: ${{ steps.generate-version-suffix.outputs.version_suffix }}
steps:
- uses: actions/setup-java@v4
with:
Expand All @@ -59,24 +61,54 @@ jobs:
key_fingerprint=$key_fingerprint
key_email=$key_email
EndOfFile
- name: Check for default branch
id: generate-version-suffix
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
default_branch=$(gh repo view --json defaultBranchRef --jq .defaultBranchRef.name ${{ github.repository }})
# * Full Main-Branch Release: 2 commits - committing non-snapshot version, then new snapshot version
# * Preview Feature-Branch Release: 1 commit - committing non-snapshot version only
if [[ "$default_branch" = $GITHUB_REF_NAME ]]; then
release_type="FULL_MAIN_BRANCH"
version_suffix=""
else
release_type="PREVIEW_FEATURE_BRANCH"
version_suffix="-PREVIEW.${GITHUB_REF_NAME//[^[:alnum:-_]]/}.$(date +%Y-%m-%dT%H%M).${GITHUB_SHA:0:8}"
fi
echo "release_type: $release_type, version_suffix: $version_suffix"
cat << EndOfFile >> $GITHUB_OUTPUT
release_type=$release_type
version_suffix=$version_suffix
EndOfFile
generate-version-update-commits:
name: 🎊 Test & Version
needs: identifiers-for-signing-key
needs: init
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4 # don't 'cache: sbt', at least until https://github.com/actions/setup-java/pull/564 is merged
with:
distribution: corretto
java-version: 17
# - name: Debug MIMA assessment
# run: |
# sbt "show versionPolicyFindIssues"
- name: Use sbt-release to construct version.sbt updates
env:
KEY_EMAIL: ${{ needs.identifiers-for-signing-key.outputs.key_email }}
run: |
git config user.email "$KEY_EMAIL"
git config user.email "${{ needs.init.outputs.key_email }}"
git config user.name "$COMMITTER_NAME"
sbt "release with-defaults"
sbt_commands_file=$(mktemp)
cat << EndOfFile > $sbt_commands_file
set releaseVersion := releaseVersion.value.andThen(_ + "${{ needs.init.outputs.version_suffix }}")
release with-defaults
EndOfFile
cat $sbt_commands_file
sbt ";< $sbt_commands_file"
echo $GITHUB_WORKSPACE
cd `mktemp -d`
git clone --bare $GITHUB_WORKSPACE repo-with-unsigned-version-update-commits.git
Expand All @@ -93,7 +125,7 @@ jobs:

push-release-commit:
name: 🔒 Push Release Commit
needs: [generate-version-update-commits, identifiers-for-signing-key]
needs: [generate-version-update-commits, init]
permissions:
contents: write
runs-on: ubuntu-latest
Expand All @@ -117,8 +149,8 @@ jobs:
- name: Create commit
id: create-commit
env:
KEY_FINGERPRINT: ${{ needs.identifiers-for-signing-key.outputs.key_fingerprint }}
KEY_EMAIL: ${{ needs.identifiers-for-signing-key.outputs.key_email }}
KEY_FINGERPRINT: ${{ needs.init.outputs.key_fingerprint }}
KEY_EMAIL: ${{ needs.init.outputs.key_email }}
run: |
echo "GITHUB_REF_NAME=$GITHUB_REF_NAME"
echo "GITHUB_REF=$GITHUB_REF"
Expand All @@ -131,6 +163,7 @@ jobs:
git config user.email "$KEY_EMAIL"
git config user.name "$COMMITTER_NAME"
git config commit.gpgsign true
git config tag.gpgSign true
git config user.signingkey "$KEY_FINGERPRINT"
git remote add unsigned ../repo-with-unsigned-version-update-commits.git
Expand All @@ -147,11 +180,22 @@ jobs:
git log --format="%h %p %ce %s" --decorate=short -n3
git status
git push
if [ "${{ needs.init.outputs.release_type }}" == "FULL_MAIN_BRANCH" ]
then
echo "Full Main-Branch release, pushing 2 commits to the default branch"
git push # push 2 commits (non-snapshot version, then new snapshot version) onto the default branch
else
tag_for_pushing="preliminary-${{ github.run_id }}"
echo "Preview Feature-Branch release, pushing 1 commit with the temporary tag $tag_for_pushing"
git tag -a -s -m "Release $release_tag initiated by $COMMITTER_NAME" $tag_for_pushing $release_commit_id
git push origin $tag_for_pushing # push the single commit with a tag only
fi
create-artifacts:
name: 🎊 Create artifacts
needs: [identifiers-for-signing-key, push-release-commit]
needs: [init, push-release-commit]
runs-on: ubuntu-latest
outputs:
ARTIFACT_SHA256SUMS: ${{ steps.record-hashes.outputs.ARTIFACT_SHA256SUMS }}
Expand All @@ -166,7 +210,7 @@ jobs:
- name: Generate artifacts
run: |
cat << EndOfFile > sbt-commands.txt
set every sonatypeProjectHosting := Some(xerial.sbt.Sonatype.GitHubHosting("$GITHUB_REPOSITORY_OWNER", "${GITHUB_REPOSITORY#*/}", "${{ needs.identifiers-for-signing-key.outputs.key_email }}"))
set every sonatypeProjectHosting := Some(xerial.sbt.Sonatype.GitHubHosting("$GITHUB_REPOSITORY_OWNER", "${GITHUB_REPOSITORY#*/}", "${{ needs.init.outputs.key_email }}"))
set ThisBuild / publishTo := Some(Resolver.file("foobar", file("$LOCAL_ARTIFACTS_STAGING_PATH")))
EndOfFile
cat sbt-commands.txt
Expand All @@ -192,10 +236,10 @@ jobs:

sign:
name: 🔒 Sign
needs: [identifiers-for-signing-key, push-release-commit, create-artifacts]
needs: [init, push-release-commit, create-artifacts]
runs-on: ubuntu-latest
env:
KEY_FINGERPRINT: ${{ needs.identifiers-for-signing-key.outputs.key_fingerprint }}
KEY_FINGERPRINT: ${{ needs.init.outputs.key_fingerprint }}
steps:
- uses: actions/checkout@v4
with:
Expand All @@ -220,7 +264,7 @@ jobs:
RELEASE_TAG: ${{ needs.push-release-commit.outputs.release_tag }}
RELEASE_COMMIT_ID: ${{ needs.push-release-commit.outputs.release_commit_id }}
ARTIFACT_SHA256SUMS: ${{ needs.create-artifacts.outputs.ARTIFACT_SHA256SUMS }}
KEY_EMAIL: ${{ needs.identifiers-for-signing-key.outputs.key_email }}
KEY_EMAIL: ${{ needs.init.outputs.key_email }}
run: |
echo "RELEASE_TAG=$RELEASE_TAG"
echo "RELEASE_COMMIT_ID=$RELEASE_COMMIT_ID"
Expand All @@ -239,8 +283,8 @@ jobs:
echo "Message is..."
cat tag-message.txt
echo "Creating tag"
git tag -a -F tag-message.txt $RELEASE_TAG $RELEASE_COMMIT_ID
echo "Creating/Updating release tag with artifact details"
git tag --force -a -F tag-message.txt $RELEASE_TAG $RELEASE_COMMIT_ID
echo "RELEASE_TAG=$RELEASE_TAG"
git show $RELEASE_TAG
Expand Down Expand Up @@ -288,20 +332,61 @@ jobs:
sbt "sonatypeBundleRelease"
github-release:
name: 🔒 GitHub Release
needs: [push-release-commit, sign]
name: 🔒 Update GitHub
needs: [init, push-release-commit, sign]
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
env:
RELEASE_TAG: ${{ needs.push-release-commit.outputs.release_tag }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
GITHUB_REPO_URL: ${{ github.server_url }}/${{ github.repository }}
steps:
- name: Common values
run: |
GITHUB_ACTIONS_PATH="$GITHUB_REPO_URL/actions"
GITHUB_WORKFLOW_FILE="release.yml" # Could be derived from $GITHUB_WORKFLOW_REF
GITHUB_WORKFLOW_URL="$GITHUB_ACTIONS_PATH/workflows/$GITHUB_WORKFLOW_FILE"
cat << EndOfFile >> $GITHUB_ENV
GITHUB_WORKFLOW_FILE=$GITHUB_WORKFLOW_FILE
GITHUB_WORKFLOW_LINK=[GitHub UI]($GITHUB_WORKFLOW_URL)
GITHUB_WORKFLOW_RUN_LINK=[#${{ github.run_number }}]($GITHUB_ACTIONS_PATH/runs/${{ github.run_id }})
EndOfFile
- name: Create Github Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
if: needs.init.outputs.release_type == 'FULL_MAIN_BRANCH'
run: |
gh release create $RELEASE_TAG --verify-tag --generate-notes --notes "Release run: [#${{ github.run_number }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})"
- name: Job summary
gh release create $RELEASE_TAG --verify-tag --generate-notes --notes "Release run: $GITHUB_WORKFLOW_RUN_LINK"
echo "GitHub Release notes: [$RELEASE_TAG]($GITHUB_REPO_URL/releases/tag/$RELEASE_TAG)" >> $GITHUB_STEP_SUMMARY
- name: Update PR
if: needs.init.outputs.release_type == 'PREVIEW_FEATURE_BRANCH'
run: |
echo "GitHub Release notes: [$RELEASE_TAG](${{ github.server_url }}/${{ github.repository }}/releases/tag/$RELEASE_TAG)" >> $GITHUB_STEP_SUMMARY
cat << EndOfFile > comment_body.txt
@${{github.actor}} has published a preview version of this PR with release workflow run $GITHUB_WORKFLOW_RUN_LINK, based on commit ${{ github.sha }}:
$RELEASE_TAG
<details>
<summary>Want to make another preview release?</summary>
Click 'Run workflow' in the $GITHUB_WORKFLOW_LINK, specifying the $GITHUB_REF_NAME branch, or use the [GitHub CLI](https://cli.github.com/) command:
gh workflow run $GITHUB_WORKFLOW_FILE --ref $GITHUB_REF_NAME
</details>
<details>
<summary>Want to make a full release after this PR is merged?</summary>
Click 'Run workflow' in the $GITHUB_WORKFLOW_LINK, leaving the branch as the default, or use the [GitHub CLI](https://cli.github.com/) command:
gh workflow run $GITHUB_WORKFLOW_FILE
</details>
EndOfFile
cat comment_body.txt
gh pr comment ${{ github.ref_name }} --body-file comment_body.txt >> $GITHUB_STEP_SUMMARY

0 comments on commit 10950c6

Please sign in to comment.