-
Notifications
You must be signed in to change notification settings - Fork 42
136 lines (120 loc) · 5.67 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# `name` value will appear "as is" in the badge.
# See https://docs.github.com/en/actions/configuring-and-managing-workflows/configuring-a-workflow#adding-a-workflow-status-badge-to-your-repository
# yamllint --format github .github/workflows/release.yaml
---
name: "release"
on:
push:
tags: 'v[0-9]+.[0-9]+.[0-9]+**' # Ex. v0.2.0 v0.2.1-rc2
defaults:
run: # use bash for all operating systems unless overridden
shell: bash
jobs:
func-e:
name: "Release `func-e` CLI"
runs-on: windows-2022
steps:
- name: "Checkout"
uses: actions/checkout@v3
with: # fetch all history for all tags and branches (needed for changelog)
fetch-depth: 0
# windows-2022 is missing osslsigncode (no issue, yet)
- name: "Install osslsigncode, infozip; setup wix"
run: |
choco install osslsigncode -y
choco install zip -y
echo "C:\Program Files (x86)\WiX Toolset v3.11\bin" >> $GITHUB_PATH
- name: Download Windows code signing certificate
env:
WINDOWS_CODESIGN_P12_BASE64: ${{ secrets.WINDOWS_CODESIGN_P12_BASE64 }}
run: | # On the fork PRs, our org secret is not visible.
if [ $WINDOWS_CODESIGN_P12_BASE64 ]; then
echo $WINDOWS_CODESIGN_P12_BASE64 | base64 --decode > windows-certificate.p12
echo "WINDOWS_CODESIGN_P12=windows-certificate.p12" >> $GITHUB_ENV
fi
shell: bash
- name: "Make release assets (test)"
if: github.event_name != 'push' || !contains(github.ref, 'refs/tags/')
run: | # On the fork PRs, our org secret is not visible. We unset the required env so that `make dist` uses default self-signed cert.
if [ $WINDOWS_CODESIGN_P12 ]; then
export WINDOWS_CODESIGN_PASSWORD=${{ secrets.WINDOWS_CODESIGN_PASSWORD }}
fi
VERSION=${GITHUB_REF#refs/tags/v}
make dist VERSION=$VERSION
echo "VERSION=${VERSION}" >> $GITHUB_ENV
shell: bash
- name: "Make release assets"
# Triggers only on tag creation.
if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
run: | # On the fork PRs, our org secret is not visible. We unset the required env so that `make dist` uses default self-signed cert.
if [ $WINDOWS_CODESIGN_P12 ]; then
export WINDOWS_CODESIGN_PASSWORD=${{ secrets.WINDOWS_CODESIGN_PASSWORD }}
fi
VERSION=${GITHUB_REF#refs/tags/v}
make dist VERSION=$VERSION
echo "VERSION=${VERSION}" >> $GITHUB_ENV
shell: bash
- name: "Create draft release"
run: |
tag="${GITHUB_REF#refs/tags/}"
./.github/workflows/release_notes.sh ${tag} > release-notes.txt
gh release create ${tag} --draft \
--title ${tag} --notes-file release-notes.txt ./dist/*
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Note: We don't test arm64 on release as it is unlikely to fail and too much effort.
e2e:
needs: func-e
name: Run e2e tests (${{ matrix.os }})
runs-on: ${{ matrix.os }}
timeout-minutes: 90 # instead of 360 by default
strategy:
matrix:
include:
- os: ubuntu-20.04 # Hard-coding an LTS means maintenance, but only once each 2 years!
pattern: '*linux_amd64.tar.gz'
- os: macos-12
pattern: '*darwin_amd64.tar.gz'
- os: windows-2022
pattern: '*windows_amd64.*'
unzip: | # the above downloads both the zip and msi, stash the msi name
printf "::set-output name=msi::%s\n" *.msi
unzip -o *.zip && rm *.zip
steps:
- name: "Checkout"
uses: actions/checkout@v3
- name: "Extract `func-e` binary from GitHub release assets"
id: download # allows variables like ${{ steps.download.outputs.X }}
run: |
gh release download "${GITHUB_REF#refs/tags/}" -p '${{ matrix.pattern }}'
${{ matrix.unzip || 'tar -xzf *.tar.gz && rm *.tar.gz' }}
env: # authenticate release downloads as drafts are not public
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Run e2e tests using draft `func-e` binary"
run: E2E_FUNC_E_PATH=. make e2e
# This only checks the installer when built on Windows as it is simpler than switching OS.
# refreshenv is from choco, and lets you reload ENV variables (used here for PATH).
- name: "Test Windows Installer (Windows)"
if: runner.os == 'Windows'
run: | # delete func-e.exe which was just tested, so it doesn't taint the tests
del func-e.exe
call packaging\msi\verify_msi.cmd
shell: cmd
env: # use the stashed msi name instead of parsing it
MSI_FILE: ${{ steps.download.outputs.msi }}
- name: "Test Debian package"
if: runner.os == 'Linux'
run: |
gh release download "${GITHUB_REF#refs/tags/}" -p '*linux_amd64.deb' -D dist
packaging/nfpm/verify_deb.sh
env: # authenticate release downloads as drafts are not public
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Test RPM package (CentOS)"
if: runner.os == 'Linux'
run: | # Note: the naming convention is intentionally different for RPM: x86_64 not amd64!
gh release download "${GITHUB_REF#refs/tags/}" -p '*linux_x86_64.rpm' -D dist
docker run --rm -v $PWD:/work --entrypoint packaging/nfpm/verify_rpm.sh ${CENTOS_IMAGE}
env: # authenticate release downloads as drafts are not public
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CENTOS_IMAGE: ghcr.io/tetratelabs/func-e-internal:centos-9 # See internal-images.yaml