6758379e48
namely, these workflows: test-e2e, test-ui, and test-windows extra-curricularly, as part of the overall migration effort company-wide, this also includes some standardization such as: * explicit permissions:read on various workflows * pinned action version shas (per https://github.com/hashicorp/security-public-tsccr) * actionlint, which among other things runs shellcheck on GHA run steps Co-authored-by: emilymianeil <eneil@hashicorp.com> Co-authored-by: Daniel Kimsey <daniel.kimsey@hashicorp.com>
209 lines
8 KiB
YAML
209 lines
8 KiB
YAML
name: Release
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
description: 'The version being released'
|
|
required: true
|
|
type: string
|
|
update-changelog:
|
|
description: 'Update CHANGELOG'
|
|
required: true
|
|
type: boolean
|
|
default: false
|
|
notification-channel:
|
|
description: 'Slack channel to use for notifications'
|
|
required: false
|
|
type: string
|
|
default: 'CUYKT2A73'
|
|
|
|
env:
|
|
GO_TAGS: "release"
|
|
|
|
jobs:
|
|
prepare-release:
|
|
runs-on: ubuntu-20.04
|
|
outputs:
|
|
build-ref: ${{ steps.commit-change-push.outputs.build-ref }}
|
|
steps:
|
|
- name: Prevent running from main
|
|
if: ${{ github.ref_name == 'main' }}
|
|
run: |-
|
|
echo "::error::Workflow not allowed to run from ${{ github.ref_name }}"
|
|
exit 1
|
|
|
|
- name: Print release info
|
|
run: |-
|
|
echo "::notice::Release v${{ github.event.inputs.version }} from branch ${{ github.ref_name }}"
|
|
|
|
- name: Install semver CLI
|
|
run: |-
|
|
local_bin="${HOME}/.local/bin"
|
|
mkdir -p "${local_bin}"
|
|
curl -L --output "${local_bin}/semver" \
|
|
https://raw.githubusercontent.com/fsaintjacques/semver-tool/3.3.0/src/semver
|
|
chmod +x "${local_bin}/semver"
|
|
echo "${local_bin}" >> "$GITHUB_PATH"
|
|
|
|
- name: Validate release version
|
|
run: |-
|
|
if [ "$(semver validate ${{ github.event.inputs.version }})" == "invalid" ]; then
|
|
echo "::error::Version ${{ github.event.inputs.version }} is invalid"
|
|
exit 1
|
|
fi
|
|
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
|
|
- name: Setup Git
|
|
run: |-
|
|
if [ -n "${{ secrets.ELEVATED_GITHUB_TOKEN }}" ]; then
|
|
git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com/".insteadOf "https://github.com"
|
|
fi
|
|
git config --global user.email "github-team-nomad-core@hashicorp.com"
|
|
git config --global user.name "hc-github-team-nomad-core"
|
|
|
|
- name: Determine Go version
|
|
id: get-go-version
|
|
# We use .go-version as our source of truth for current Go
|
|
# version, because "goenv" can react to it automatically.
|
|
run: |
|
|
echo "Building with Go $(cat .go-version)"
|
|
echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Setup go
|
|
uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
|
|
with:
|
|
go-version: ${{ steps.get-go-version.outputs.go-version }}
|
|
|
|
- name: Setup node and yarn
|
|
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
|
|
with:
|
|
node-version: "14"
|
|
cache-dependency-path: "ui/yarn.lock"
|
|
|
|
- name: Install Yarn
|
|
run: |
|
|
npm install -g yarn
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
make deps
|
|
|
|
- name: Update notification channel
|
|
id: notification-channel
|
|
if: ${{ github.event.inputs.notification-channel != '' }}
|
|
run: |
|
|
sed -i.bak -e 's|\(notification_channel * = *"\)[^"]*|\1${{ github.event.inputs.notification-channel }}|g' .release/ci.hcl
|
|
rm -rf .release/ci.hcl.bak
|
|
git diff --color=always .release/ci.hcl
|
|
|
|
- name: Update version file
|
|
run: |
|
|
NOMAD_VERSION="${{ github.event.inputs.version }}"
|
|
NOMAD_MAIN_VERSION=$(semver get release "$NOMAD_VERSION")
|
|
NOMAD_PRERELEASE_VERSION=$(semver get prerel "$NOMAD_VERSION")
|
|
|
|
echo "updating version to ${NOMAD_MAIN_VERSION}-${NOMAD_PRERELEASE_VERSION}"
|
|
|
|
sed -i.bak -e "s|\(Version * = *\"\)[^\"]*|\1${NOMAD_MAIN_VERSION}|g" version/version.go
|
|
sed -i.bak -e "s|\(VersionPrerelease * = *\"\)[^\"]*|\1${NOMAD_PRERELEASE_VERSION}|g" version/version.go
|
|
rm -rf version/version.go.bak
|
|
git diff --color=always version/version.go
|
|
|
|
- name: Update changelog
|
|
if: ${{ github.event.inputs.update-changelog == 'true' }}
|
|
run: |
|
|
echo "::group::Fetch all git repo"
|
|
git fetch --unshallow
|
|
echo "::endgroup::"
|
|
|
|
echo -e "## ${{ github.event.inputs.version }} ($(date '+%B %d, %Y'))\n$(make changelog)\n\n$(cat CHANGELOG.md)" > CHANGELOG.md
|
|
git diff --color=always CHANGELOG.md
|
|
|
|
- name: Generate static assets
|
|
id: generate-static-assets
|
|
run: |
|
|
make prerelease
|
|
|
|
- name: Commit and push changes
|
|
id: commit-change-push
|
|
run: |
|
|
git add -A .
|
|
find . -name '*.generated.go' -not -path './vendor/*' -exec git add -f '{}' \;
|
|
if ! git diff-index --quiet HEAD --; then
|
|
git commit --message "Generate files for ${{ github.event.inputs.version }} release"
|
|
git push origin "$(git rev-parse --abbrev-ref HEAD)"
|
|
echo "committing generated files"
|
|
else
|
|
echo "no files were updated"
|
|
fi
|
|
echo "build-ref=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Invoke build workflow
|
|
uses: benc-uk/workflow-dispatch@798e70c97009500150087d30d9f11c5444830385 # v1.2.2
|
|
with:
|
|
workflow: build
|
|
token: ${{ secrets.ELEVATED_GITHUB_TOKEN}}
|
|
inputs: '{"build-ref": "${{ steps.commit-change-push.outputs.build-ref }}", "make-prerelease": "false"}'
|
|
ref: ${{ steps.commit-change-push.outputs.build-ref }}
|
|
|
|
- name: Revert notification channel
|
|
if: ${{ github.event.inputs.notification-channel != '' }}
|
|
run: |
|
|
git reset ${{ github.sha }} -- .release/ci.hcl
|
|
|
|
# git reset will place the original file content in the staging area
|
|
# and leave the changes since then unstaged, so call git restore to
|
|
# discard these changes and use --cached to display the diff in the
|
|
# staging area.
|
|
git restore .release/ci.hcl
|
|
git diff --cached --color=always .release/ci.hcl
|
|
|
|
- name: Update version file
|
|
run: |
|
|
# Only bump the Version value if this is not a pre-release.
|
|
# For final releases we want `nomad -version` to display the next
|
|
# version to indicate that the current release is done.
|
|
if [ -z "$(semver get prerel ${{ github.event.inputs.version }})" ]; then
|
|
next_version=$(semver bump patch ${{ github.event.inputs.version }})
|
|
sed -i.bak -e "s|\(Version * = *\"\)[^\"]*|\1${next_version}|g" version/version.go
|
|
fi
|
|
# Set the VersionPrerelease variable back to dev.
|
|
sed -i.bak -e "s|\(VersionPrerelease * = *\"\)[^\"]*|\1dev|g" version/version.go
|
|
rm -rf version/version.go.bak
|
|
git diff --color=always version/version.go
|
|
|
|
- name: Update LAST_RELEASE
|
|
run: |
|
|
# LAST_RELEASE is used to generate the new CHANGELOG entries, so it's
|
|
# only updated for final releases.
|
|
if [ -z "$(semver get prerel ${{ github.event.inputs.version }})" ]; then
|
|
sed -i.bak -re "s|^(LAST_RELEASE\s+\?=\s+v).*$|\1${{ github.event.inputs.version }}|g" GNUmakefile
|
|
rm -fr GNUmakefile.bak
|
|
git diff --color=always GNUmakefile
|
|
else
|
|
echo "Version ${{ github.event.inputs.version }} is a prerelease, skipping update of LAST_RELEASE"
|
|
fi
|
|
|
|
- name: Remove generated files
|
|
run: |
|
|
# These generated files are only needed when building the final
|
|
# binary and should be not be present in the repository afterwards.
|
|
find . -name '*.generated.go' -print0 | xargs -0 git rm
|
|
git status
|
|
|
|
- name: Commit post-release changes
|
|
run: |
|
|
# Display staged and unstaged diffs, skipping deleted files to avoid
|
|
# cluttering the output with the generated files.
|
|
git diff --diff-filter=d --color=always HEAD
|
|
git add -A .
|
|
if ! git diff-index --quiet HEAD --; then
|
|
git commit --message 'Prepare for next release'
|
|
git push origin "$(git rev-parse --abbrev-ref HEAD)"
|
|
else
|
|
echo "no files were updated"
|
|
fi
|
|
permissions:
|
|
contents: read
|
|
|