Skip to content
Prepare release

Prepare release #30

Sign in to view logs

Prepare release

Prepare release #30

Workflow file for this run

.github/workflows/prepare-release.yml at 3bd8206
name: Prepare release
defaults:
run:
shell: bash -euo pipefail -O nullglob {0}
on:
workflow_dispatch:
inputs:
tag:
type: string
description: 'Release version tag (e.g. v1.2.3)'
required: true
ref:
type: string
description: 'Git ref from which to release'
required: true
default: 'master'
do_build_native_images:
type: boolean
description: 'Native Test Server'
required: true
default: 'true'
do_publish_jars:
type: boolean
description: 'Publish Java Artifacts'
required: true
default: 'true'
jobs:
create_draft_release:
name: Create Github draft release
runs-on: ubuntu-latest
steps:
- name: Audit gh version
run: gh --version
- name: Check for existing release
id: check_release
run: |
echo "::echo::on"
gh release view --repo '${{ github.repository }}' '${{ github.event.inputs.tag }}' \
&& echo "::set-output name=already_exists::true" \
|| echo "::set-output name=already_exists::false"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout repo
if: steps.check_release.outputs.already_exists == 'false'
uses: actions/checkout@v3
with:
ref: '${{ github.event.inputs.ref }}'
- name: Create release
if: steps.check_release.outputs.already_exists == 'false'
run: >
gh release create
'${{ github.event.inputs.tag }}'
--draft
--repo '${{ github.repository }}'
--title '${{ github.event.inputs.tag }}'
--target '${{ github.event.inputs.ref }}'
--notes-file 'releases/${{ github.event.inputs.tag }}'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
publish_java_artifacts:
name: Publish Java Artifacts
if: github.event.inputs.do_publish_jars == 'true'
runs-on: ubuntu-latest
needs: create_draft_release
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
ref: '${{ github.event.inputs.ref }}'
# Our custom gradle version sniffing builds the maven release artifact
# names out of the git tag ... but the repo isn't tagged (yet) so add a
# tag to the _local_ clone just to get the right jar names. This tag
# does not get pushed back to the origin. Once the artifacts have been
# inspected and verified, the manual act of publishing the draft GH
# release creates the tag.
- name: Temporary tag
run: git tag '${{ github.event.inputs.tag }}'
- name: Set up Java
uses: actions/setup-java@v3
with:
java-version: '11'
distribution: 'temurin'
- name: Set up Gradle
uses: gradle/gradle-build-action@v2
- name: Set up signing key
run: mkdir -p "$HOME/.gnupg" && echo -n "$KEY" | base64 -d > "$HOME/.gnupg/secring.gpg"
env:
KEY: ${{ secrets.JAR_SIGNING_KEY }}
# Prefer env variables here rather than inline ${{ secrets.FOO }} to
# decrease the likelihood that secrets end up printed to stdout.
- name: Set up secret gradle properties
run: |
mkdir -p "$HOME/.gradle"
envsubst >"$HOME/.gradle/gradle.properties" <<EOF
signing.keyId = $KEY_ID
signing.password = $KEY_PASSWORD
signing.secretKeyRingFile = $HOME/.gnupg/secring.gpg
ossrhUsername = $RH_USER
ossrhPassword = $RH_PASSWORD
EOF
env:
KEY_PASSWORD: ${{ secrets.JAR_SIGNING_KEY_PASSWORD }}
KEY_ID: ${{ secrets.JAR_SIGNING_KEY_ID }}
RH_USER: ${{ secrets.RH_USER }}
RH_PASSWORD: ${{ secrets.RH_PASSWORD }}
- name: Publish
run: ./gradlew publishToSonatype
build_native_images:
name: Build native test server
needs: create_draft_release
if: github.event.inputs.do_build_native_images == 'true'
strategy:
matrix:
include:
- dist: ubuntu-latest
os_family: linux
arch: amd64
- dist: macos-latest
os_family: macOS
arch: amd64
- dist: windows-2019
os_family: windows
arch: amd64
runs-on: ${{ matrix.dist }}
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
ref: '${{ github.event.inputs.ref }}'
# See comment on temporary tag above. tldr: this is a local tag; never
# gets pushed
- name: Temporary tag
run: git tag '${{ github.event.inputs.tag }}'
- name: Set up Java
uses: actions/setup-java@v3
with:
java-version: '11'
distribution: 'temurin'
- name: Set up Gradle
uses: gradle/gradle-build-action@v2
- name: Build native test server
run: ./gradlew :temporal-test-server:build
# path ends in a wildcard because on windows the file ends in '.exe'
# path excludes *.txt because native-image also writes a build manifest txt file
- name: Upload executable to workflow
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.os_family }}_${{ matrix.arch }}
path: |
temporal-test-server/build/graal/temporal-test-server*
!temporal-test-server/build/graal/*.txt
if-no-files-found: error
retention-days: 1
attach_to_release:
name: Attach native executables to release
needs: build_native_images
runs-on: ubuntu-latest
steps:
- name: Audit gh version
run: gh --version
# when no artifact is specified, all artifacts are downloaded and expanded into CWD
- name: Fetch executables
uses: actions/download-artifact@v3
# example: linux_amd64/ -> temporal-test-server_1.2.3_linux_amd64
# the name of the directory created becomes the basename of the archive (*.tar.gz or *.zip) and
# the root directory of the contents of the archive.
- name: Rename dirs
run: |
version="$(sed 's/^v//'<<<'${{ github.event.inputs.tag }}')"
for dir in *; do mv "$dir" "temporal-test-server_${version}_${dir}"; done
- name: Tar (linux, macOS)
run: for dir in *{linux,macOS}*; do tar cvzf "${dir}.tar.gz" "$dir"; done
- name: Zip (windows)
run: for dir in *windows*; do zip -r "${dir}.zip" "$dir"; done
- name: Upload release archives
uses: actions/upload-artifact@v3
with:
name: release-archives
path: |
*.zip
*.tar.gz
if-no-files-found: error
retention-days: 1
- name: Upload
run: |
until gh release upload --clobber --repo ${{ github.repository }} ${{ github.event.inputs.tag }} *.zip *.tar.gz; do
echo "Attempt $((++attempts)) to upload release artifacts failed. Will retry in 20s"
sleep 20
done
timeout-minutes: 10
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}