dfinity · NikolaMilosa · Jan 15, 2025 · Jan 14, 2025 · Jan 14, 2025 · Jan 14, 2025
@@ -7,4 +7,4 @@ replica-releases.*
 Cargo.Bazel.lock
 pyproject.toml
 requirements.*lock
-CHANGELOG.md
+VERSION
@@ -0,0 +1,121 @@
+name: Release DRE binary
+on:
+  push:
+    tags:
+      - "v*"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  test:
+    runs-on: 
+      labels: dre-runner-custom
+    container: ghcr.io/dfinity/dre/actions-runner:3dd4f38f076cad73fdcc68ad37fd29bed4fa3e4d
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: "☁️ Setup runner"
+        uses: ./.github/workflows/manage-runner-pre
+
+      - name: "🚀 Testing"
+        env:
+          STAGING_PRIVATE_KEY_PEM: "${{ secrets.STAGING_PRIVATE_KEY_PEM }}"
+        run: |
+          mkdir -p ~/.config/dfx/identity/bootstrap-super-leader/
+          echo $STAGING_PRIVATE_KEY_PEM > ~/.config/dfx/identity/bootstrap-super-leader/identity.pem
+          bazel test //rs/cli:unit_test --spawn_strategy=local --test_env=HOME=/home/runner
+
+  release:
+    needs: [ test ]
+    runs-on: 
+      labels: dre-runner-custom
+    container: ghcr.io/dfinity/dre/actions-runner:3dd4f38f076cad73fdcc68ad37fd29bed4fa3e4d
+    permissions:
+      contents: write
+      packages: write
+      pages: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-tags: true
+          fetch-depth: 0
+
+      - name: "☁️ Setup runner"
+        uses: ./.github/workflows/manage-runner-pre
+
+      # The GitHub App token is necessary for pushing changed files back to the repository
+      # If regular secrets.GITHUB_TOKEN is used instead, the push will not trigger any actions
+      # https://github.com/orgs/community/discussions/25702
+      - name: Create GitHub App Token
+        uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }}
+          private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }}
+
+      - name: Determine tag
+        shell: bash
+        id: tag
+        run: |
+          TAG=${GITHUB_REF#refs/tags/}
+          if [[ $TAG == refs/* ]]; then
+            echo "Invalid value for tag $TAG"
+            exit 1
+          fi
+
+          echo "Will be using tag $TAG"
+          echo "tag=$TAG" >> $GITHUB_OUTPUT
+
+      - name: Update tags in code
+        shell: bash
+        run: |
+          rye run python bin/mk-release.py ${{ steps.tag.outputs.tag }}
+
+      - name: Build artifacts
+        shell: bash
+        run: |
+          cargo install git-cliff
+          rustup target add x86_64-apple-darwin
+          CARGO_BAZEL_REPIN=true bazel build --config=ci //rs/cli:dre 
+          cargo drecross
+
+          mkdir -p release/artifacts
+          cp --dereference bazel-out/k8-opt/bin/rs/cli/dre release/artifacts/dre-x86_64-unknown-linux
+          cp target/x86_64-apple-darwin/release/dre release/artifacts/dre-x86_64-apple-darwin
+
+          git cliff --current --sort newest > release/CHANGELOG.md
+
+      - name: "🆕 📢 Prepare release"
+        # v0.1.15
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844
+        id: release
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          name: ${{ steps.tag.outputs.tag }}
+          tag_name: ${{ steps.tag.outputs.tag }}
+          body_path: release/CHANGELOG.md
+          draft: true
+          prerelease: true
+          files: |
+            release/artifacts/*
+
+      - name: "Clean up release artifacts"
+        shell: bash
+        run: |
+          rm -rf release
+
+      - name: "🆕 Create a new Pull Request with the changes"
+        uses: peter-evans/create-pull-request@v7
+        with:
+          commit-message: "chore(release): New release of `dre` version ${{ steps.tag.outputs.tag }}"
+          branch: bot-release-${{ steps.tag.outputs.tag }}
+          title: "chore(release): New release of `dre` version ${{ steps.tag.outputs.tag }}"
+          body: |
+            This PR updates versions in the code used to generate the contents of a new release [${{ steps.tag.outputs.tag }}](${{ steps.release.outputs.url }})
+
+            If the release notes are correct, set it as latest release and publish it. 
+          token: ${{ steps.app-token.outputs.token }}
+          base: main
+
@@ -3,8 +3,6 @@ on:
   push:
     branches:
       - "main"
-    tags:
-      - "v*"
     paths-ignore:
       - "release-index.yaml"
       - "replica-releases/**"
@@ -87,16 +85,6 @@ jobs:
           name: test-artifacts
           path: bazel-out/k8-opt/bin/rs/ic-observability/multiservice-discovery/multiservice-discovery
 
-      ########################################
-      # Prepare release
-      ########################################
-      - name: "🚢 Prepare release"
-        if: ${{ startsWith(github.ref, 'refs/tags/v') }}
-        uses: ./.github/workflows/prepare-release
-        with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PUSH_TOKEN: ${{ steps.app-token.outputs.token }}
-
       ########################################
       # Upload container images
       ########################################
@@ -107,7 +95,7 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: "📦 Push images to GitHub Container Registry"
-        if: ${{ startsWith(github.ref, 'refs/tags/v') || startsWith(github.head_ref, 'container') || startsWith(github.ref, 'refs/heads/container') || (github.ref == 'refs/heads/main') }}
+        if: ${{ startsWith(github.head_ref, 'container') || startsWith(github.ref, 'refs/heads/container') || (github.ref == 'refs/heads/main') }}
         run: bazel query --noshow_progress 'kind("oci_push", ...)' | xargs -I_target bazel run _target -- --tag ${GITHUB_SHA}
 
       ########################################