Release Agent #218
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Branch | |
| env: | |
| NFPM_VERSION: 'v2.35.3' | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| releaseBranch: | |
| description: 'Release branch to build & publish from' | |
| required: true | |
| type: string | |
| packageVersion: | |
| description: 'Agent version' | |
| required: false | |
| type: string | |
| default: '' | |
| publishPackages: | |
| description: 'Publish packages to upload host' | |
| required: true | |
| type: boolean | |
| default: false | |
| createPullRequest: | |
| description: 'Create pull request back into dev-v2' | |
| required: true | |
| type: boolean | |
| default: false | |
| workflow_call: | |
| permissions: | |
| contents: read | |
| jobs: | |
| update-draft: | |
| name: Update Release | |
| runs-on: ubuntu-22.04-amd64 | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ inputs.releaseBranch }} | |
| - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Create Draft Release | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| id: release | |
| env: | |
| version: ${{ inputs.packageVersion }} | |
| with: | |
| script: | | |
| const ref = context.ref.split("/")[2] | |
| const {version} = process.env | |
| console.log(`The release version is v${version}`) | |
| const releases = (await github.rest.repos.listReleases({ | |
| owner: context.payload.repository.owner.login, | |
| repo: context.payload.repository.name, | |
| per_page: 100, | |
| })).data | |
| const latest_release = (await github.rest.repos.getLatestRelease({ | |
| owner: context.payload.repository.owner.login, | |
| repo: context.payload.repository.name, | |
| })).data.tag_name | |
| console.log(`The latest release was ${latest_release}`) | |
| if (latest_release === "v"+version) { | |
| core.setFailed(`A published release already exists for ${latest_release}`) | |
| } else { | |
| const draft = releases.find((r) => r.draft && r.tag_name === version) | |
| const draft_found = !(draft === undefined) | |
| let release | |
| if (draft_found){ | |
| console.log("Draft release already exists. Deleting current draft release and recreating it") | |
| release = (await github.rest.repos.deleteRelease({ | |
| owner: context.payload.repository.owner.login, | |
| repo: context.payload.repository.name, | |
| release_id: draft.id, | |
| })) | |
| } | |
| const release_notes = (await github.rest.repos.generateReleaseNotes({ | |
| owner: context.payload.repository.owner.login, | |
| repo: context.payload.repository.name, | |
| tag_name: version, | |
| previous_tag_name: latest_release, | |
| target_commitish: ref, | |
| })) | |
| const footer = ` | |
| ## Resources | |
| - Documentation -- https://github.com/nginx/agent#readme | |
| ` | |
| release = (await github.rest.repos.createRelease({ | |
| owner: context.payload.repository.owner.login, | |
| repo: context.payload.repository.name, | |
| tag_name: "v"+version, | |
| target_commitish: ref, | |
| name: version, | |
| body: release_notes.data.body + footer, | |
| draft: true, | |
| })) | |
| console.log(`Release created: ${release.data.html_url}`) | |
| console.log(`Release ID: ${release.data.id}`) | |
| console.log(`Release notes: ${release_notes.data.body}`) | |
| console.log(`Release Upload URL: ${release.data.upload_url}`) | |
| return { | |
| version: version, | |
| release_id: release.data.id, | |
| release_upload_url: release.data.upload_url, | |
| } | |
| } | |
| - name: Set Environment Variables | |
| run: | | |
| echo "${{steps.release.outputs.result}}" | |
| echo "VERSION=$(echo '${{steps.release.outputs.result}}' | jq -r '.version')" >> $GITHUB_ENV | |
| echo "RELEASE_ID=$(echo '${{steps.release.outputs.result}}' | jq -r '.release_id')" >> $GITHUB_ENV | |
| echo "RELEASE_UPLOAD_URL=$(echo '${{steps.release.outputs.result}}' | jq -r '.release_upload_url')" >> $GITHUB_ENV | |
| - name: Setup build environment | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y gpgv1 monkeysphere | |
| go install github.com/goreleaser/nfpm/v2/cmd/[email protected] | |
| - name: Tag release | |
| run: | | |
| git config --global user.name 'github-actions' | |
| git config --global user.email '41898282+github-actions[bot]@users.noreply.github.com' | |
| git tag -a "v${{env.VERSION}}" -m "CI Autogenerated" | |
| git tag -a "sdk/v${{env.VERSION}}" -m "CI Autogenerated" | |
| - name: Push Tags | |
| if: ${{ inputs.publishPackages == true }} | |
| run: | | |
| git push origin "v${{env.VERSION}}" | |
| git push origin "sdk/v${{env.VERSION}}" | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 | |
| - name: Build Docker Image | |
| uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 | |
| with: | |
| file: scripts/packages/packager/Dockerfile | |
| tags: build-signed-packager:1.0.0 | |
| context: '.' | |
| push: false | |
| load: true | |
| no-cache: true | |
| build-args: | | |
| package_type=signed-package | |
| - name: Build Packages | |
| env: | |
| INDIGO_GPG_AGENT: ${{ secrets.INDIGO_GPG_AGENT }} | |
| NFPM_SIGNING_KEY_FILE: .key.asc | |
| run: | | |
| echo "$INDIGO_GPG_AGENT" | base64 --decode > .key.asc | |
| make clean package | |
| - name: Get Id Token | |
| if: ${{ inputs.publishPackages == true }} | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| id: idtoken | |
| with: | |
| script: | | |
| let id_token = await core.getIDToken() | |
| core.setOutput('id_token', id_token) | |
| - name: Publish Release Packages | |
| if: ${{ inputs.publishPackages == true }} | |
| env: | |
| TOKEN: ${{ steps.idtoken.outputs.id_token }} | |
| UPLOAD_URL: "https://up-ap.nginx.com" | |
| run: | | |
| make release | |
| - name: Create Pull Request | |
| if: ${{ inputs.publishPackages == true && inputs.createPullRequest == true}} | |
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
| with: | |
| script: | | |
| const { repo, owner } = context.repo; | |
| const result = await github.rest.pulls.create({ | |
| title: 'Merge ${{ github.ref_name }} back into dev-v2', | |
| owner, | |
| repo, | |
| head: '${{ github.ref_name }}', | |
| base: 'dev-v2', | |
| body: [ | |
| 'This PR is auto-generated by the release branch workflow.' | |
| ].join('\n') | |
| }); |