release #6
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: Version to release (e.g. v1.2.3) | |
required: true | |
kind: | |
description: Release kind | |
type: choice | |
options: [minor, patch] | |
required: true | |
default: minor | |
env: | |
container_registry: ghcr.io/edgelesssys | |
concurrency: | |
group: ${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
process-inputs: | |
name: Process inputs | |
runs-on: ubuntu-22.04 | |
env: | |
FULL_VERSION: ${{ inputs.version }} | |
outputs: | |
WITHOUT_V: ${{ steps.version-info.outputs.WITHOUT_V }} | |
PART_MAJOR: ${{ steps.version-info.outputs.PART_MAJOR }} | |
PART_MINOR: ${{ steps.version-info.outputs.PART_MINOR }} | |
PART_PATCH: ${{ steps.version-info.outputs.PART_PATCH }} | |
MAJOR: ${{ steps.version-info.outputs.MAJOR }} | |
MAJOR_MINOR: ${{ steps.version-info.outputs.MAJOR_MINOR }} | |
MAJOR_MINOR_PATCH: ${{ steps.version-info.outputs.MAJOR_MINOR_PATCH }} | |
RELEASE_BRANCH: ${{ steps.version-info.outputs.RELEASE_BRANCH }} | |
WORKING_BRANCH: ${{ steps.version-info.outputs.WORKING_BRANCH }} | |
NEXT_MINOR_PRE_WITHOUT_V: ${{ steps.version-info.outputs.NEXT_MINOR_PRE_WITHOUT_V }} | |
NEXT_PATCH_PRE_WITHOUT_V: ${{ steps.version-info.outputs.NEXT_PATCH_PRE_WITHOUT_V }} | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Working branch | |
run: | | |
echo "WORKING_BRANCH=$(git branch --show-current)" | tee -a "$GITHUB_ENV" | |
- name: Verify minor version bump | |
if: ${{ inputs.kind == 'minor' }} | |
run: | | |
if [[ ! "${FULL_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
echo "Version must be in the form of vX.Y.Z" | |
exit 1 | |
fi | |
- name: Verify patch version bump | |
if: ${{ inputs.kind == 'patch' }} | |
run: | | |
if [[ ! "${FULL_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[1-9]+$ ]]; then | |
echo "Version must be in the form of vX.Y.Z, where Z > 0" | |
exit 1 | |
fi | |
- name: Verify temporary branch for minor release | |
run: | | |
if [[ ! "${WORKING_BRANCH}" =~ ^tmp/v[0-9]+\.[0-9]+\.[0-9] ]]; then | |
echo "Workflow can only be triggered from a temporary branch in the form of tmp/vX.Y.Z" | |
exit 1 | |
fi | |
- name: Extract version info | |
id: version-info | |
run: | | |
WITHOUT_V=${FULL_VERSION#v} | |
PART_MAJOR=${WITHOUT_V%%.*} | |
PART_MINOR=${WITHOUT_V#*.} | |
PART_MINOR=${PART_MINOR%%.*} | |
PART_PATCH=${WITHOUT_V##*.} | |
RELEASE_BRANCH=release/v${PART_MAJOR}.${PART_MINOR} | |
NEXT_MINOR_PRE_WITHOUT_V=${PART_MAJOR}.$((PART_MINOR + 1)).0-pre | |
NEXT_PATCH_PRE_WITHOUT_V=${PART_MAJOR}.${PART_MINOR}.$((PART_PATCH + 1))-pre | |
{ | |
echo "WITHOUT_V=${WITHOUT_V}" | |
echo "PART_MAJOR=${PART_MAJOR}" | |
echo "PART_MINOR=${PART_MINOR}" | |
echo "PART_PATCH=${PART_PATCH}" | |
echo "MAJOR=${PART_MAJOR}" | |
echo "MAJOR_MINOR=${PART_MAJOR}.${PART_MINOR}" | |
echo "MAJOR_MINOR_PATCH=${PART_MAJOR}.${PART_MINOR}.${PART_PATCH}" | |
echo "RELEASE_BRANCH=${RELEASE_BRANCH}" | |
echo "WORKING_BRANCH=${WORKING_BRANCH}" | |
echo "NEXT_MINOR_PRE_WITHOUT_V=${NEXT_MINOR_PRE_WITHOUT_V}" | |
echo "NEXT_PATCH_PRE_WITHOUT_V=${NEXT_PATCH_PRE_WITHOUT_V}" | |
} | tee -a "$GITHUB_OUTPUT" | |
echo "RELEASE_BRANCH=${RELEASE_BRANCH}" | tee -a "$GITHUB_ENV" | |
- name: Check if we are strictly ahead of the release branch (if it exists) | |
run: | | |
git fetch | |
git pull | |
git checkout "${RELEASE_BRANCH}" || exit 0 | |
git checkout "${WORKING_BRANCH}" | |
ahead=$(git rev-list HEAD --not "${RELEASE_BRANCH}" | wc -l) | |
if [[ "${ahead}" -eq 0 ]]; then | |
echo "The current branch is not strictly ahead of the release branch. Please rebase." | |
exit 1 | |
fi | |
update-main: | |
name: Update main branch | |
if: ${{ inputs.kind == 'minor' }} | |
runs-on: ubuntu-22.04 | |
needs: process-inputs | |
permissions: | |
contents: write | |
env: | |
RELEASE_BRANCH: ${{ needs.process-inputs.outputs.RELEASE_BRANCH }} | |
WORKING_BRANCH: ${{ needs.process-inputs.outputs.WORKING_BRANCH }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
ref: main | |
- name: Bump flake version to post release patch pre-version | |
uses: ./.github/actions/bump_version | |
with: | |
version: ${{ needs.process-inputs.outputs.NEXT_MINOR_PRE_WITHOUT_V }} | |
commit: true | |
release: | |
name: Build and push artifacts, create release | |
runs-on: ubuntu-22.04 | |
needs: process-inputs | |
permissions: | |
contents: write | |
packages: write | |
env: | |
RELEASE_BRANCH: ${{ needs.process-inputs.outputs.RELEASE_BRANCH }} | |
WORKING_BRANCH: ${{ needs.process-inputs.outputs.WORKING_BRANCH }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
ref: ${{ needs.process-inputs.outputs.WORKING_BRANCH }} | |
- uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25 | |
with: | |
github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
- uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 | |
with: | |
name: edgelesssys | |
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
- name: Log in to ghcr.io Container registry | |
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Bump flake version temporarily to release version | |
uses: ./.github/actions/bump_version | |
with: | |
version: ${{ needs.process-inputs.outputs.WITHOUT_V }} | |
commit: false | |
- name: Push containers with release tag | |
run: | | |
nix run .#push-coordinator -- "$container_registry/nunki/coordinator" | |
nix run .#push-initializer -- "$container_registry/nunki/initializer" | |
- name: Build CLI | |
run: | | |
nix build .#cli | |
- name: Create draft release | |
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 | |
with: | |
draft: true | |
generate_release_notes: true | |
tag_name: ${{ inputs.version }} | |
target_commitish: ${{ needs.process-inputs.outputs.WORKING_BRANCH }} | |
files: | | |
result-cli/bin/nunki | |
- name: Bump flake version to post release patch pre-version | |
uses: ./.github/actions/bump_version | |
with: | |
version: ${{ needs.process-inputs.outputs.NEXT_PATCH_PRE_WITHOUT_V }} | |
commit: true |