Release Branch #131
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release Branch | |
env: | |
NFPM_VERSION: 'v2.35.3' | |
on: | |
workflow_dispatch: | |
inputs: | |
publishPackages: | |
description: 'Publish packages to up-ap.nginx.com' | |
required: true | |
type: boolean | |
default: false | |
uploadJWT: | |
description: 'Temporary JWT to publish packages to up-ap.nginx.com' | |
required: true | |
type: string | |
default: '' | |
workflow_call: | |
permissions: | |
contents: read | |
jobs: | |
update-draft: | |
permissions: | |
contents: write | |
pull-requests: write | |
name: Update Release | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version-file: 'go.mod' | |
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
- run: npm install [email protected] | |
- name: Create Draft Release | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
id: release | |
with: | |
script: | | |
const semver = require('semver'); | |
const ref = context.ref.split("/")[2] | |
const version_number = ref.split("-")[1] | |
const version = "v"+version_number | |
console.log(`The release version is ${version}`) | |
const releases = (await github.rest.repos.listReleases({ | |
owner: context.payload.repository.owner.login, | |
repo: context.payload.repository.name, | |
per_page: 100, | |
})).data | |
const latest_release = (await github.rest.repos.getLatestRelease({ | |
owner: context.payload.repository.owner.login, | |
repo: context.payload.repository.name, | |
})).data.tag_name | |
console.log(`The latest release was ${latest_release}`) | |
if (latest_release === version) { | |
core.setFailed(`A published release already exists for ${latest_release}`) | |
} else { | |
const draft = releases.find((r) => r.draft && r.tag_name === version) | |
const draft_found = !(draft === undefined) | |
let release | |
if (draft_found){ | |
console.log("Draft release already exists. Deleting current draft release and recreating it") | |
release = (await github.rest.repos.deleteRelease({ | |
owner: context.payload.repository.owner.login, | |
repo: context.payload.repository.name, | |
release_id: draft.id, | |
})) | |
} | |
const release_notes = (await github.rest.repos.generateReleaseNotes({ | |
owner: context.payload.repository.owner.login, | |
repo: context.payload.repository.name, | |
tag_name: version, | |
previous_tag_name: latest_release, | |
target_commitish: ref, | |
})) | |
const footer = ` | |
## Resources | |
- Documentation -- https://github.com/nginx/agent#readme | |
` | |
release = (await github.rest.repos.createRelease({ | |
owner: context.payload.repository.owner.login, | |
repo: context.payload.repository.name, | |
tag_name: version, | |
target_commitish: ref, | |
name: version, | |
body: release_notes.data.body + footer, | |
draft: true, | |
})) | |
console.log(`Release created: ${release.data.html_url}`) | |
console.log(`Release ID: ${release.data.id}`) | |
console.log(`Release notes: ${release_notes.data.body}`) | |
console.log(`Release Upload URL: ${release.data.upload_url}`) | |
return { | |
version: version_number, | |
release_id: release.data.id, | |
release_upload_url: release.data.upload_url, | |
} | |
} | |
- name: Set Environment Variables | |
run: | | |
echo "${{steps.release.outputs.result}}" | |
echo "VERSION=$(echo '${{steps.release.outputs.result}}' | jq -r '.version')" >> $GITHUB_ENV | |
echo "RELEASE_ID=$(echo '${{steps.release.outputs.result}}' | jq -r '.release_id')" >> $GITHUB_ENV | |
echo "RELEASE_UPLOAD_URL=$(echo '${{steps.release.outputs.result}}' | jq -r '.release_upload_url')" >> $GITHUB_ENV | |
- name: Setup build environment | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y gpgv1 monkeysphere | |
go install github.com/goreleaser/nfpm/v2/cmd/[email protected] | |
- name: Generate Changelog | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
git clone https://github.com/nginx/agent-changelog.git | |
cd ./agent-changelog/source | |
pip install -r requirements.txt | |
python agent.py | |
- name: Push Changelog | |
run: | | |
mv agent-changelog/source/changelog.md ./site/content/ | |
git config --global user.name 'github-actions' | |
git config --global user.email '41898282+github-actions[bot]@users.noreply.github.com' | |
git add ./site/content/changelog.md | |
git commit -m "Add generated changelog" | |
git push origin HEAD:${{ github.ref_name }} | |
- name: Tag release | |
run: | | |
git tag -a "v${{env.VERSION}}" -m "CI Autogenerated" | |
git tag -a "sdk/v${{env.VERSION}}" -m "CI Autogenerated" | |
- name: Push Tags | |
if: ${{ inputs.publishPackages == true }} | |
run: | | |
git push origin "v${{env.VERSION}}" | |
git push origin "sdk/v${{env.VERSION}}" | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 | |
- name: Build Docker Image | |
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 | |
with: | |
file: scripts/packages/packager/Dockerfile | |
tags: build-signed-packager:1.0.0 | |
context: '.' | |
push: false | |
load: true | |
no-cache: true | |
build-args: | | |
package_type=signed-package | |
- name: Build Packages | |
env: | |
INDIGO_GPG_AGENT: ${{ secrets.INDIGO_GPG_AGENT }} | |
NFPM_SIGNING_KEY_FILE: .key.asc | |
run: | | |
echo "$INDIGO_GPG_AGENT" | base64 --decode > .key.asc | |
make clean package | |
- name: Azure Login | |
uses: azure/login@6b2456866fc08b011acb422a92a4aa20e2c4de32 # v2.1.0 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: Azure Upload Release Packages | |
uses: azure/CLI@965c8d7571d2231a54e321ddd07f7b10317f34d9 # v2.0.0 | |
with: | |
inlineScript: | | |
for i in ./build/azure/packages/nginx-agent*; do | |
az storage blob upload --auth-mode=login -f "$i" -c ${{ secrets.AZURE_CONTAINER_NAME }} \ | |
--account-name ${{ secrets.AZURE_ACCOUNT_NAME }} --overwrite -n nginx-agent/${GITHUB_REF##*/}/${i##*/} | |
done | |
- name: Azure Logout | |
run: | | |
az logout | |
if: always() | |
- name: Upload Release Assets | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# clobber overwrites existing assets of the same name | |
run: | | |
gh release upload --clobber v${{env.VERSION}} \ | |
$(find ./build/github/packages -type f \( -name "*.deb" -o -name "*.rpm" -o -name "*.pkg" -o -name "*.apk" \)) | |
- name: Publish Release Packages | |
if: ${{ inputs.publishPackages == true }} | |
env: | |
TOKEN: ${{ inputs.uploadJWT }} | |
UPLOAD_URL: ${{ secrets.UPLOAD_URL }} | |
run: | | |
make release | |
- name: Publish Github Release | |
if: ${{ inputs.publishPackages == true }} | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
with: | |
script: | | |
const {RELEASE_ID} = process.env | |
const release = (await github.rest.repos.updateRelease({ | |
owner: context.payload.repository.owner.login, | |
repo: context.payload.repository.name, | |
release_id: `${RELEASE_ID}`, | |
draft: false, | |
})) | |
console.log(`Release published: ${release.data.html_url}`) | |
- name: Create Pull Request | |
if: ${{ inputs.publishPackages == true }} | |
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | |
with: | |
script: | | |
const { repo, owner } = context.repo; | |
const result = await github.rest.pulls.create({ | |
title: 'Merge ${{ github.ref_name }} back into main', | |
owner, | |
repo, | |
head: '${{ github.ref_name }}', | |
base: 'main', | |
body: [ | |
'This PR is auto-generated by the release branch workflow.' | |
].join('\n') | |
}); |