-
Notifications
You must be signed in to change notification settings - Fork 108
167 lines (148 loc) · 6.3 KB
/
ci-release.yml
File metadata and controls
167 lines (148 loc) · 6.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
name: Create a new release
on:
repository_dispatch:
types: [trigger-oss-release]
workflow_dispatch:
inputs:
sha_to_release:
description: "SHA to release (don't invoke this manually except to fix release issues)"
required: true
version:
description: "Current version to release"
required: true
env:
REGISTRY: ghcr.io
jobs:
release:
runs-on: ubuntu-latest-amd64
permissions:
id-token: write
contents: read
packages: write
actions: read
steps:
- name: Generate GitHub App token
id: app-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.CI_ACCESS_APP_ID }}
private-key: ${{ secrets.CI_ACCESS_APP_PKEY }}
owner: ${{ github.repository_owner }}
permission-contents: write
permission-actions: read
permission-workflows: write
permission-metadata: read
- name: Set SHA_TO_RELEASE and CURRENT_VERSION
if: github.event_name == 'repository_dispatch'
run: |
echo "Setting version from repository_dispatch"
echo "CURRENT_VERSION=${{ github.event.client_payload.version }}" >> $GITHUB_ENV
echo "SHA_TO_RELEASE=${{ github.event.client_payload.sha_to_release }}" >> $GITHUB_ENV
- name: Set SHA_TO_RELEASE and CURRENT_VERSION
if: github.event_name == 'workflow_dispatch'
run: |
echo "Setting version from workflow_dispatch"
echo "CURRENT_VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
echo "SHA_TO_RELEASE=${{ github.event.inputs.sha_to_release }}" >> $GITHUB_ENV
- name: Check SHA and version inputs
run: |
if [ -z "${SHA_TO_RELEASE}" ] || [ -z "${CURRENT_VERSION}" ]; then
echo "Missing required release parameters"
exit 1
fi
- name: Checkout
uses: actions/checkout@v4
with:
fetch-tags: true
ref: ${{ env.SHA_TO_RELEASE }}
- name: Download artifact
id: download-artifact
uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5
with:
workflow: ci.yml
workflow_conclusion: success
commit: ${{ env.SHA_TO_RELEASE }}
name: feldera-sql-compiler-*|fda-*|pipeline-manager-*|feldera-docs|feldera-sbom
name_is_regexp: true
skip_unpack: true
if_no_artifact_found: fail
github_token: ${{ steps.app-token.outputs.token }}
- name: Prepare release artifacts
run: |
unzip -jo feldera-sql-compiler.zip 'sql2dbsp-jar-with-dependencies.jar' -d .
mv sql2dbsp-jar-with-dependencies.jar sql2dbsp-jar-with-dependencies-v${{ env.CURRENT_VERSION }}.jar
- name: Prepare SBOM files
run: |
unzip feldera-sbom.zip
mv feldera-sbom-source-${{ env.SHA_TO_RELEASE }}.spdx.json feldera-sbom-source.spdx.json
mv feldera-sbom-image-${{ env.SHA_TO_RELEASE }}.spdx.json feldera-sbom-image.spdx.json
- name: Generate Release token
id: release-token
uses: actions/create-github-app-token@v2
with:
app-id: ${{ vars.CI_ACCESS_APP_ID }}
private-key: ${{ secrets.CI_ACCESS_APP_PKEY }}
permission-contents: write
permission-workflows: write
permission-metadata: read
repositories: ${{ github.event.repository.name }}
- name: Release on GitHub
uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8
with:
target_commitish: ${{ env.SHA_TO_RELEASE }}
tag_name: v${{ env.CURRENT_VERSION }}
draft: ${{ vars.RELEASE_DRY_RUN }}
generate_release_notes: true
make_latest: true
files: |
pipeline-manager-aarch64-unknown-linux-gnu.zip
pipeline-manager-x86_64-unknown-linux-gnu.zip
fda-x86_64-unknown-linux-gnu.zip
fda-aarch64-unknown-linux-gnu.zip
sql2dbsp-jar-with-dependencies-v${{ env.CURRENT_VERSION }}.jar
feldera-sbom-source.spdx.json
feldera-sbom-image.spdx.json
# A custom token is necessary so the ci-post-release.yml workflow is triggered
# see also https://github.com/softprops/action-gh-release/issues/59
token: ${{ steps.release-token.outputs.token }}
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v5.1.0
with:
role-to-assume: arn:aws:iam::737834633458:role/GhaSql2DbspJarUpload
role-session-name: gha-${{ github.run_id }}
aws-region: ${{ vars.SQL2DBSP_S3_REGION }}
- name: Upload JAR to S3
run: |
JAR_FILE=sql2dbsp-jar-with-dependencies-v${{ env.CURRENT_VERSION }}.jar
aws s3 cp "$JAR_FILE" "s3://${{ vars.SQL2DBSP_S3_BUCKET }}/$JAR_FILE" \
--content-type application/java-archive
# Update docs.feldera.com
- name: Update docs.feldera.com
run: unzip feldera-docs.zip -d docs
- name: Deploy docs.feldera.com
if: ${{ vars.RELEASE_DRY_RUN == 'false' }}
uses: JamesIves/github-pages-deploy-action@6c2d9db40f9296374acc17b90404b6e8864128c8
with:
folder: docs
token: ${{ steps.app-token.outputs.token }}
branch: ${{ vars.DOCS_PUBLISH_BRANCH }}
git-config-name: feldera-ci
git-config-email: dev@feldera.com
repository-name: feldera/docs.feldera.com
commit-message: Update docs for v${{ env.CURRENT_VERSION }}
# Publish Docker images
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: latest
- name: Tag docker image with version and latest
if: ${{ vars.RELEASE_DRY_RUN == 'false' }}
run: |
docker buildx imagetools create -t ${{ vars.FELDERA_IMAGE_NAME }}:${{ env.CURRENT_VERSION }} ${{ vars.FELDERA_IMAGE_NAME }}:sha-${{ env.SHA_TO_RELEASE }}
docker buildx imagetools create -t ${{ vars.FELDERA_IMAGE_NAME }}:latest ${{ vars.FELDERA_IMAGE_NAME }}:sha-${{ env.SHA_TO_RELEASE }}