-
Notifications
You must be signed in to change notification settings - Fork 143
261 lines (220 loc) · 11.8 KB
/
release-publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
# Copyright (C) 2020 Dremio
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Publish Nessie release artifacts
# Triggered when a `nessie-*` tag is being pushed.
# Publishes the Maven and Docker artifacts.
# GitHub environment name:
# release
# Required secrets:
# OSSRH_ACCESS_ID
# OSSRH_TOKEN
# MAVEN_GPG_PASSPHRASE
# PYPI_API_TOKEN
# DOCKER_USERNAME
# DOCKER_TOKEN
name: Publish release
on:
push:
tags:
- nessie-*
workflow_dispatch:
inputs:
releaseTag:
description: 'Release tag name to re-release'
required: true
jobs:
publish-release:
name: Publish release
runs-on: ubuntu-22.04
if: github.repository == 'projectnessie/nessie'
# Runs in the `release` environment, which has the necessary secrets and defines the reviewers.
# See https://docs.github.com/en/actions/reference/environments
environment: release
steps:
# GH doesn't provide just the tag name, so this step strips `/refs/tags/nessie-` from `GITHUB_REF`
# and provides the output `VERSION` or, in case of a manual run, uses the input `releaseTag` as
# the input tag name.
- name: Get release version
run: |
if [[ "${{ github.event_name }}" == "push" ]] ; then
V="${GITHUB_REF/refs\/tags\/}"
else
V="${{ github.event.inputs.releaseTag }}"
fi
# check if tag matches patterns like nessie-0.5, nessie-0.10.4.3-alpha1, etc
if [[ ${V} =~ ^nessie-[0-9]+[.][0-9.]*[0-9](-[a-zA-Z0-9]+)?$ ]]; then
echo "RELEASE_VERSION=${V/nessie-}" >> ${GITHUB_ENV}
echo "GIT_TAG=${V}" >> ${GITHUB_ENV}
else
echo "Tag must start with nessie- followed by a valid version (got tag ${V}, ref is ${GITHUB_REF} )"
exit 1
fi
### BEGIN runner setup
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
if: ${{ github.event_name == 'push' }}
with:
fetch-depth: '0'
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
if: ${{ github.event_name == 'workflow_dispatch' }}
with:
fetch-depth: '0'
ref: refs/tags/${{ github.event.inputs.releaseTag }}
- name: Setup runner
uses: ./.github/actions/setup-runner
- name: Setup Java, Gradle
uses: ./.github/actions/dev-tool-java
with:
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
- name: Install Helm
uses: azure/setup-helm@v3
with:
version: v3.6.3
### END runner setup
# Deploys Maven artifacts. Build and test steps were already ran in previous steps.
# Not running tests, because the environment contains secrets.
- name: Publish Maven artifacts for release
env:
# To release with Gradle
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.OSSRH_ACCESS_ID }}
ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.OSSRH_TOKEN }}
# To release commits that used Maven to build
MAVEN_USERNAME: ${{ secrets.OSSRH_ACCESS_ID }}
MAVEN_OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
ARTIFACTS: ../build-artifacts
run: |
rm -rf "${ARTIFACTS}"
mkdir -p "${ARTIFACTS}"
echo "::group::Gradle build"
# 2 Retries - due to Gradle's old and unfixed CME bug
./gradlew compileAll jar testClasses || \
./gradlew compileAll jar testClasses || \
./gradlew compileAll jar testClasses
echo "::endgroup::"
echo "::group::Publish to Sonatype"
# 2 Retries - to mitigate "HTTP/502 Bad Gateway" issues
./gradlew publishToMavenLocal publishToSonatype closeAndReleaseSonatypeStagingRepository -Prelease -Puber-jar || \
./gradlew publishToMavenLocal publishToSonatype closeAndReleaseSonatypeStagingRepository -Prelease -Puber-jar || \
./gradlew publishToMavenLocal publishToSonatype closeAndReleaseSonatypeStagingRepository -Prelease -Puber-jar
mv servers/quarkus-server/build/nessie-quarkus-${RELEASE_VERSION}-runner.jar "${ARTIFACTS}"
mv servers/quarkus-cli/build/nessie-quarkus-cli-${RELEASE_VERSION}-runner.jar "${ARTIFACTS}"
echo "::endgroup::"
echo '${{ secrets.GITHUB_TOKEN }}' | docker login ghcr.io -u $ --password-stdin
tools/dockerbuild/build-push-images.sh \
-a "${ARTIFACTS}" \
-g ":nessie-quarkus" \
-p "servers/quarkus-server" \
ghcr.io/projectnessie/nessie
# Add version to the openapi file name
cp api/model/build/generated/openapi/META-INF/openapi/openapi.yaml api/model/build/nessie-openapi-${RELEASE_VERSION}.yaml
cp gc/gc-tool/build/executable/nessie-gc gc/gc-tool/build/executable/nessie-gc-${RELEASE_VERSION}
echo "QUARKUS_UBER_JAR=${ARTIFACTS}/nessie-quarkus-${RELEASE_VERSION}-runner.jar" >> ${GITHUB_ENV}
echo "CLI_UBER_JAR=${ARTIFACTS}/nessie-quarkus-cli-${RELEASE_VERSION}-runner.jar" >> ${GITHUB_ENV}
echo "GC_EXEC=gc/gc-tool/build/executable/nessie-gc-${RELEASE_VERSION}" >> ${GITHUB_ENV}
echo "NESSIE_OPENAPI=api/model/build/nessie-openapi-${RELEASE_VERSION}.yaml" >> ${GITHUB_ENV}
echo "## Successfully released ${RELEASE_VERSION} to Sonatype" >> $GITHUB_STEP_SUMMARY
# Packages Nessie Helm chart
- name: Package Nessie Helm chart for release
run: |
helm package helm/nessie --version ${RELEASE_VERSION}
# Rename Nessie Helm chart
- name: Rename Nessie Helm chart for release
run: |
mv nessie-${RELEASE_VERSION}.tgz nessie-helm-${RELEASE_VERSION}.tgz
echo "NESSIE_HELM_CHART=nessie-helm-${RELEASE_VERSION}.tgz" >> ${GITHUB_ENV}
# Publish Nessie Helm chart to Helm Repo
- name: Publish Nessie Helm chart to Helm Repo
run: |
wget https://raw.githubusercontent.com/projectnessie/charts.projectnessie.org/main/index.yaml
helm repo index . --merge index.yaml --url https://github.com/projectnessie/nessie/releases/download/nessie-${RELEASE_VERSION}
echo ${{ secrets.CI_REPORTS_TOKEN }} | gh auth login --with-token
index_sha=$(gh api -X GET /repos/projectnessie/charts.projectnessie.org/contents/index.yaml --jq '.sha')
gh api -X PUT /repos/projectnessie/charts.projectnessie.org/contents/index.yaml -f message="Publishing Nessie Helm chart ${RELEASE_VERSION}" -f content=$(base64 -w0 index.yaml) -f sha=${index_sha} || true
echo "## Successfully published Helm chart for ${RELEASE_VERSION}" >> $GITHUB_STEP_SUMMARY
# Prepare Nessie release notes for GitHub
#
# The markdown file for the release is generated using some mostly simple shell script.
#
# `LAST_TAG` is evaluated using `git describe`, which is the name of the git tag before the release tag
# `NUM_COMMITS` is the total number of commits "between" LAST_TAG and GIT_TAG
#
# "Full Changelog" is the output of a `git log` considering the commits "between" LAST_TAG and
# GIT_TAG, removing the commits by `renovate` and `nessie-release-workflow`.
# Also removes commits that start with `[release] `.
#
# The final markdown is just a `cat` of the above information including some basic markdown formatting.
#
- name: Prepare Nessie release for GitHub
run: |
DIR=$(mktemp -d)
NOTES_FILE=${DIR}/release-notes.md
LAST_TAG=$(git describe --abbrev=0 --tags --match=nessie-* ${GIT_TAG}^1)
NUM_COMMITS=$(git log --format='format:%h' ${LAST_TAG}..HEAD^1 | wc -l)
git log --perl-regexp --author '^(?!.*renovate|.*nessie-release-workflow).*$' --format='format:* %s' ${LAST_TAG}..${GIT_TAG} | grep -v '^\* \[release\] .*$' > ${DIR}/release-log
Q_GC_EXEC="https://github.com/projectnessie/nessie/releases/download/nessie-${RELEASE_VERSION}/nessie-gc-${RELEASE_VERSION}"
Q_UBER_URL="https://github.com/projectnessie/nessie/releases/download/nessie-${RELEASE_VERSION}/nessie-quarkus-${RELEASE_VERSION}-runner.jar"
Q_HELM_CHART_URL="https://github.com/projectnessie/nessie/releases/download/nessie-${RELEASE_VERSION}/nessie-helm-${RELEASE_VERSION}.tgz"
Q_MC_URL="https://search.maven.org/search?q=g:org.projectnessie+AND+a:nessie-quarkus+AND+v:${RELEASE_VERSION}"
cat <<EOF > ${NOTES_FILE}
# Nessie ${RELEASE_VERSION} release
* ${NUM_COMMITS} commits since ${LAST_TAG#nessie-}
* Maven Central: https://search.maven.org/search?q=g:org.projectnessie.nessie+v:${RELEASE_VERSION}
* Docker images: https://github.com/projectnessie/nessie/pkgs/container/nessie and https://quay.io/repository/projectnessie/nessie?tab=tags
It is a multiplatform Java image (amd64, arm64, ppc64le, s390x): \`docker pull ghcr.io/projectnessie/nessie:${RELEASE_VERSION}-java\`
* PyPI: https://pypi.org/project/pynessie/ (See [pynessie](https://github.com/projectnessie/pynessie/releases))
* Helm Chart repo: https://charts.projectnessie.org/
## Try it
The attached [\`nessie-quarkus-${RELEASE_VERSION}-runner.jar\`](${Q_UBER_URL}) is a standalone uber-jar file that runs on Java 17 or newer and it is also available via [Maven Central](${Q_MC_URL}). Download and run it (requires Java 17):
\`\`\`
wget ${Q_UBER_URL}
java -jar nessie-quarkus-${RELEASE_VERSION}-runner.jar
\`\`\`
Nessie GC tool is attached as [\`nessie-gc-${RELEASE_VERSION}\`](${Q_GC_EXEC}), which is an executable.
(\`chmod 744 nessie-gc-${RELEASE_VERSION}\` after download.)
Can also be run using \`java -jar nessie-gc-${RELEASE_VERSION}\`, because it is actually a Java archive.
Shell completion can be generated from the \`nessie-gc\` tool.
The attached [\`nessie-helm-${RELEASE_VERSION}.tgz\`](${Q_HELM_CHART_URL}) is a packaged Helm chart, which can be downloaded and installed via Helm.
There is also the [Nessie Helm chart repo](https://charts.projectnessie.org/), which can be added and used to install the Nessie Helm chart.
## Changelog
$(./gradlew --quiet --console=plain getChangelog --no-header --no-links)
## Full Changelog (minus renovate commits):
$(cat ${DIR}/release-log)
EOF
echo "NOTES_FILE=${NOTES_FILE}" >> ${GITHUB_ENV}
cat "${NOTES_FILE}" >> $GITHUB_STEP_SUMMARY
- name: Create Nessie release in GitHub
run: |
echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token
gh release create ${GIT_TAG} \
--notes-file ${{ env.NOTES_FILE }} \
--title "Nessie ${RELEASE_VERSION}" \
"${QUARKUS_UBER_JAR}" \
"${CLI_UBER_JAR}" \
"${GC_EXEC}" \
"${NESSIE_OPENAPI}" \
"${NESSIE_HELM_CHART}"
- name: Update SwaggerHub
uses: smartbear/[email protected]
env:
XDG_CONFIG_HOME: "/tmp"
SWAGGERHUB_API_KEY: ${{ secrets.SWAGGERHUB_API_KEY }}
SWAGGERHUB_URL: "https://api.swaggerhub.com"
with:
args: api:create projectnessie/nessie -f ${{ env.NESSIE_OPENAPI }} --published=publish --setdefault --visibility=public
- name: SwaggerHub info
run: echo "## Successfully updated SwaggerHub for ${RELEASE_VERSION}" >> $GITHUB_STEP_SUMMARY