-
Notifications
You must be signed in to change notification settings - Fork 107
118 lines (111 loc) · 3.95 KB
/
ci-post-release.yml
File metadata and controls
118 lines (111 loc) · 3.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
name: Post Release Tasks
on:
release:
types: [published]
env:
RUSTC_WRAPPER: sccache
SCCACHE_CACHE_SIZE: ${{ vars.SCCACHE_CACHE_SIZE }}
SCCACHE_BUCKET: ${{ vars.SCCACHE_BUCKET }}
SCCACHE_ENDPOINT: ${{ vars.SCCACHE_ENDPOINT }}
SCCACHE_REGION: ${{ vars.SCCACHE_REGION }}
AWS_ACCESS_KEY_ID: "${{ secrets.CI_K8S_MINIO_ACCESS_KEY_ID }}"
AWS_SECRET_ACCESS_KEY: "${{ secrets.CI_K8S_MINIO_SECRET_ACCESS_KEY }}"
jobs:
# Ideally this would just invoke `publish-python.yml`
#
# But not yet supported:
# https://docs.pypi.org/trusted-publishers/troubleshooting/#reusable-workflows-on-github
# https://github.com/pypa/gh-action-pypi-publish/issues/166
# https://github.com/pypi/warehouse/issues/11096
#
# When this is solved, do this again:
# - name: ""
# uses: ./.github/workflows/publish-python.yml
# secrets: inherit
publish-python:
runs-on: ubuntu-latest-amd64
environment:
name: release
url: https://pypi.org/p/feldera
permissions:
contents: read
id-token: write
defaults:
run:
shell: bash
working-directory: ./python
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v2
with:
version: "0.4.15"
enable-cache: true
cache-dependency-glob: "python/uv.lock"
- name: "Set up Python"
uses: actions/setup-python@v5
with:
python-version-file: "python/pyproject.toml"
- name: Install the project
run: uv sync --all-extras --dev
- name: Build package
run: |
uv build
- name: Publish package
if: ${{ vars.RELEASE_DRY_RUN == 'false' }}
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
with:
packages-dir: ./python/dist
- name: Minimize uv cache
run: uv cache prune --ci
publish-crates:
name: ""
uses: ./.github/workflows/publish-crates.yml
with:
environment: release
secrets: inherit
adjust-versions:
runs-on: [k8s-runners-amd64]
container:
image: ghcr.io/feldera/feldera-dev:sha-db53e1302c944e29edd6d2af516fff7032b90e3b
steps:
- name: Show Kubernetes node
if: always()
run: |
echo "K8S node: ${K8S_NODE_NAME}"
- name: Generate GitHub App token
id: app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.CI_ACCESS_APP_ID }}
private-key: ${{ secrets.CI_ACCESS_APP_PKEY }}
permission-contents: write
- uses: actions/checkout@v4
with:
# This runs on main because we make the commit on main at the end of the workflow,
# we use the token so it can circument push to main protection rules
ref: main
token: ${{ steps.app-token.outputs.token }}
- name: Determine current version based on pipeline-manager
run: |
echo "CURRENT_VERSION=$(cargo metadata --no-deps | jq -r '.packages[]|select(.name == "pipeline-manager")|.version')" >> $GITHUB_ENV
- name: Bump cargo versions
run: |
cargo set-version --bump ${{ vars.RELEASE_NEXT_VERSION }}
cargo run --release --locked --bin pipeline-manager -- --dump-openapi
- name: Determine next version based on pipeline-manager
run: |
echo "NEXT_VERSION=$(cargo metadata --no-deps | jq -r '.packages[]|select(.name == "pipeline-manager")|.version')" >> $GITHUB_ENV
- name: Adjust python version
working-directory: ./python
run: |
sed -i "s/version = \"${{ env.CURRENT_VERSION }}\"/version = \"${{ env.NEXT_VERSION }}\"/g" pyproject.toml
uv sync
- name: List changes
run: |
git diff
- uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5
if: ${{ vars.RELEASE_DRY_RUN == 'false' }}
with:
message: "ci: Prepare for v${{ env.NEXT_VERSION }}"
push: origin main