-
Notifications
You must be signed in to change notification settings - Fork 6
333 lines (319 loc) · 12.4 KB
/
release_beta.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
name: Release Beta Service
on:
push:
tags:
- "*-beta"
workflow_dispatch:
inputs:
version:
description: "Version to release"
required: true
default: "1.0.0"
remove_old_beta:
description: "Remove old beta releases"
required: false
type: boolean
default: true
jobs:
beta-release:
name: Release Beta version
runs-on: ubuntu-latest
permissions:
contents: write
packages: read
env:
EXT_VERSION: "" # will be set in the workflow
MAJOR_VERSION: "" # will be set in the workflow
UPLOAD_URL: "" # will be set in the workflow
outputs:
version: ${{ env.EXT_VERSION }}
majorVersion: ${{ env.MAJOR_VERSION }}
upload_url: ${{ env.UPLOAD_URL }}
steps:
- uses: actions/checkout@v4
- name: Set new version
run: |
VERSION=${{ github.event.inputs.version }}
MAJOR_VERSION=${VERSION%.*}
NEW_VERSION=${VERSION%.*}.${{ github.run_id }}
echo "Beta Version: $NEW_VERSION"
echo "EXT_VERSION=${NEW_VERSION}" >> "$GITHUB_ENV"
echo "MAJOR_VERSION=${MAJOR_VERSION}" >> "$GITHUB_ENV"
- name: Generate release notes
env:
GH_TOKEN: ${{ secrets.PARALLELS_WORKFLOW_PAT }}
run: |
./.github/workflow_scripts/get-latest-beta-changelog.sh --repo ${{ github.repository }} --output-to-file --version "${EXT_VERSION}"
cat release_notes.md
- name: Create release and upload release asset
uses: actions/github-script@v7
id: create_release
with:
script: |
const fs = require("fs");
const release = await github.rest.repos.createRelease({
owner: context.repo.owner,
repo: context.repo.repo,
body: fs.readFileSync("release_notes.md", "utf8"),
tag_name: "v${{ env.EXT_VERSION }}-beta",
name: "v${{ env.EXT_VERSION }}-beta",
draft: false,
prerelease: true
});
core.exportVariable('UPLOAD_URL', release.data.upload_url);
beta-releases-matrix:
needs:
- beta-release
name: Release Go Binary (Windows, Linux)
runs-on: ubuntu-latest
env:
EXT_VERSION: ${{ needs.beta-release.outputs.version }}
AmplitudeApiKey: ${{ secrets.AMPLITUDE_API_KEY }}
strategy:
fail-fast: false
matrix:
# build and publish in parallel: linux/386, linux/amd64, linux/arm64, windows/386, windows/amd64, darwin/amd64, darwin/arm64
goos: [linux, windows]
goarch: ["386", amd64, arm64]
exclude:
- goarch: "386"
goos: darwin
steps:
- uses: actions/checkout@v4
- name: Setup Go 1.21.x
uses: actions/setup-go@v4
with:
go-version: "1.21.x"
cache-dependency-path: ${{ github.workspace }}/src/go.sum
- name: Add Inbuilt Variables
run: |
sed -i "/@version/c\//\t@version\t\t$EXT_VERSION" ./src/main.go
go install github.com/swaggo/swag/cmd/swag@latest
cd src
go mod tidy
swag fmt
swag init -g main.go
cd ..
- uses: wangyoucao577/go-release-action@v1
timeout-minutes: 10
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
goos: ${{ matrix.goos }}
goarch: ${{ matrix.goarch }}
goversion: "https://dl.google.com/go/go1.21.1.linux-amd64.tar.gz"
project_path: "./src"
binary_name: "prldevops"
release_name: "v${{ env.EXT_VERSION }}-beta"
ldflags: "-s -w -X main.ver=${{ env.EXT_VERSION }} -X 'github.com/Parallels/prl-devops-service/telemetry.AmplitudeApiKey=${{ env.AmplitudeApiKey }}'"
beta-releases-macos:
needs:
- beta-release
runs-on: macos-latest
name: Release Go Binary (macOS)
env:
EXT_VERSION: ${{ needs.beta-release.outputs.version }}
AMPLITUDE_API_KEY: ${{ secrets.AMPLITUDE_API_KEY }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_ISSUER: ${{ secrets.APPLE_API_KEY_ISSUER }}
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
APPLE_DEVELOPER_IDENTITY: ${{ secrets.APPLE_DEVELOPER_IDENTITY }}
strategy:
fail-fast: false
matrix:
# build and publish in parallel: darwin/amd64, darwin/arm64
goos: [darwin]
goarch: [amd64, arm64]
steps:
- uses: actions/checkout@v4
- name: Setup Go 1.21.x
uses: actions/setup-go@v4
with:
go-version: "1.21.x"
cache-dependency-path: ${{ github.workspace }}/src/go.sum
- name: Add Inbuilt Variables
run: |
brew install gnu-sed
gsed -i "/@version/c\//\t@version\t\t$EXT_VERSION" ./src/main.go
go install github.com/swaggo/swag/cmd/swag@latest
cd src
go mod tidy
swag fmt
swag init -g main.go
cd ..
- name: Build
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
run: |
cd src && CGO_ENABLED=0 GOOS=${{ matrix.goos }} GOARCH=${{ matrix.goarch }} go build -ldflags="-s -w -X main.ver=$EXT_VERSION -X 'github.com/Parallels/prl-devops-service/constants.AmplitudeApiKey=$AMPLITUDE_API_KEY'" -o prldevops
- name: Create and Unlock Temporary Keychain
run: |
security create-keychain -p "github" temp.keychain
security unlock-keychain -p "github" temp.keychain
security set-keychain-settings -lut 3600 temp.keychain
security list-keychains -s temp.keychain
- name: Import sign certificate
run: |
echo "${{ secrets.APPLE_CERTIFICATE }}" | base64 --decode > apple_developer_identity.p12
security import apple_developer_identity.p12 -k temp.keychain -P ${{ secrets.APPLE_CERT_PASSWORD }} -T /usr/bin/codesign
rm apple_developer_identity.p12
security set-key-partition-list -S apple-tool:,apple: -s -k "github" temp.keychain
security list-keychains
security find-identity -v -p codesigning temp.keychain
- name: Import notary credentials
run: |
echo "${{ secrets.APPLE_API_KEY }}" | base64 --decode > apple_api_key.p8
xcrun notarytool store-credentials "notary-credentials" \
--key apple_api_key.p8 \
--key-id ${{ secrets.APPLE_API_KEY_ID }} \
--issuer ${{ secrets.APPLE_API_KEY_ISSUER }}
- name: Sign binary
run: |
cd src
codesign --force --deep --strict --verbose --options=runtime,library --sign "${{ secrets.APPLE_DEVELOPER_IDENTITY }}" prldevops
ditto -c -k --sequesterRsrc prldevops prldevops.zip
xcrun notarytool submit prldevops.zip --keychain-profile "notary-credentials" --wait
- name: Verify signed binary
run: |
cd src
codesign --verify --verbose prldevops
spctl -t open --context context:primary-signature -a -vvv prldevops
- name: Compress asset to tar.gz
run: |
cd src
tar -czf prldevops--${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz prldevops
md5 prldevops--${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz | awk '{print $4}' > prldevops--${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz.md5
- name: Upload release asset
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.beta-release.outputs.upload_url }}
asset_path: src/prldevops--${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz
asset_name: prldevops--${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz
asset_content_type: application/octet-stream
- name: Upload release asset checksum
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.beta-release.outputs.upload_url }}
asset_path: src/prldevops--${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz.md5
asset_name: prldevops--${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz.md5
asset_content_type: application/octet-stream
- name: Clean Up Keychain
if: always()
run: |
security delete-keychain temp.keychain
build-containers:
needs:
- beta-release
env:
EXT_VERSION: ${{ needs.beta-release.outputs.version }}
AmplitudeApiKey: ${{ secrets.AMPLITUDE_API_KEY }}
name: Build Docker Images
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- name: Clean old beta images
if: ${{ github.event.inputs.remove_old_beta == true }}
run: |
./.github/workflow_scripts/remove-docker-images.sh rm --filter '.*beta.*$'
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
push: true
build-args: |
VERSION=${{ env.EXT_VERSION }}
secrets: |
amplitude_api_key=${{ secrets.AMPLITUDE_API_KEY }}
tags: |
${{ secrets.DOCKER_USERNAME }}/prl-devops-service:latest-beta
${{ secrets.DOCKER_USERNAME }}/prl-devops-service:${{ env.EXT_VERSION }}-beta
remove-old-beta-release:
if: ${{ github.event.inputs.remove_old_beta == true }}
name: Remove old beta release
needs:
- beta-release
- beta-releases-matrix
- beta-releases-macos
- build-containers
runs-on: ubuntu-latest
permissions:
contents: write
packages: read
env:
EXT_VERSION: ${{ needs.beta-release.outputs.version }}
MAJOR_VERSION: ${{ needs.beta-release.outputs.version }}
steps:
- name: Remove old beta release
uses: actions/github-script@v7
with:
script: |
const fs = require("fs");
let version ='${{ github.event.inputs.version }}'.trim().split('.').slice(0, 2).join('.');
let currentVersion = `${version}.${{github.run_id}}-beta`;
console.log(`Current Version: ${currentVersion}`);
const releases = await github.rest.repos.listReleases({
owner: context.repo.owner,
repo: context.repo.repo
});
for(const idx in releases.data) {
const release = releases.data[idx];
if (release.tag_name.includes("-beta") && release.tag_name !== `v${currentVersion}`) {
for(const assetIdx in release.assets) {
const asset = release.assets[assetIdx];
console.log(`Deleting asset: ${asset.name}`);
await github.rest.repos.deleteReleaseAsset({
owner: context.repo.owner,
repo: context.repo.repo,
asset_id: asset.id
});
}
console.log(`Deleting release: ${release.tag_name}`);
await github.rest.repos.deleteRelease({
owner: context.repo.owner,
repo: context.repo.repo,
release_id: release.id
});
console.log(`Deleting tag: tags/${release.tag_name}`);
await github.rest.git.deleteRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: `tags/${release.tag_name}`
});
}
}
discord-announce:
needs:
- beta-release
- beta-releases-matrix
- beta-releases-macos
- build-containers
name: Announce on Discord
runs-on: ubuntu-latest
env:
DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
VERSION: ${{ needs.beta-release.outputs.version }}
steps:
- uses: actions/checkout@v4
- name: Get version
id: get_version
run: |
VERSION=$(cat VERSION)
echo "VERSION=${VERSION}" >> "$GITHUB_ENV"
- name: Announce on discord
id: announce_discord
run: |
./.github/workflow_scripts/announce_discord.sh --webhook-url $DISCORD_WEBHOOK --version $VERSION --beta
env:
SLACK_WEBHOOKS: ${{ env.DISCORD_WEBHOOK }}