-
Notifications
You must be signed in to change notification settings - Fork 44
323 lines (278 loc) · 11.9 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
name: Release
on:
# run manually on default branch
workflow_dispatch:
inputs:
dryRun:
type: boolean
description: "Dry-Run"
default: false
includeTests:
type: boolean
description: Include tests
default: true
concurrency:
# only run one publishing at a time to avoid conflicts
group: publish-${{ github.ref }}
env:
# instead of embedded Maven use local Maven CLI
# HALE_BUILD_MAVEN_EMBEDDED: 'false'
# renovate: datasource=npm depName=@semantic-release/changelog
SEMANTIC_RELEASE_CHANGELOG_VERSION: 6.0.3
# renovate: datasource=npm depName=@semantic-release/exec
SEMANTIC_RELEASE_EXEC_VERSION: 6.0.3
# renovate: datasource=npm depName=@semantic-release/git
SEMANTIC_RELEASE_GIT_VERSION: 10.0.1
# renovate: datasource=npm depName=conventional-changelog-conventionalcommits
CONVENTIONAL_CHANGELOG_CONVENTIONALCOMMITS_VERSION: 7.0.2
jobs:
release:
# Only on main repository (don't release on forks)
if: github.repository_owner == 'halestudio'
name: Release
runs-on: ubuntu-latest
outputs:
release-published: ${{ steps.release.outputs.new_release_published }}
release-version: ${{ steps.release.outputs.new_release_version }}
steps:
- name: Determine app token for release
uses: actions/create-github-app-token@c8f55efbd427e7465d6da1106e7979bc8aaee856 # v1.10.1
id: app-token
with:
app-id: ${{ secrets.WE_RELEASE_GITHUB_APP_ID }}
private-key: "${{ secrets.WE_RELEASE_GITHUB_PRIVATE_KEY }}"
- name: Setup Maven
uses: s4u/setup-maven-action@489441643219d2b93ee2a127b2402eb640a1b947 # v1.13.0
# uses: stempler/setup-maven-action@feat/cache-save-always
with:
java-version: 17
java-distribution: temurin
maven-version: 3.9.6
checkout-fetch-depth: 0 # make sure to check out all tags
checkout-token: ${{ steps.app-token.outputs.token }}
checkout-persist-credentials: true # token and persisted credentials required for push (to protected branch)
# Note: currently not working because of https://github.com/actions/cache/issues/1315
# Fix in https://github.com/actions/cache/pull/1325 not merged yet
# cache-save-always: true
- name: Install genisoimage # required for Mac build
run: sudo apt-get install -y genisoimage
- name: Clean
run: ./build.sh clean
working-directory: ./build
- name: Create hale-docker.conf file
run: |
mkdir -p ~/.hale
cat <<EOF > ~/.hale/hale-docker.conf
global {
dockerHost="unix:///var/run/docker.sock"
}
EOF
- name: Login to Docker Hub
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: Test
if: ${{ inputs.includeTests }}
run: ./build.sh integrationStage
working-directory: ./build
- name: Publish Test Report
uses: mikepenz/action-junit-report@ac30be7acb0a361e5492575ab42e47fcadec4928 # v4.2.2
if: ${{ always() && inputs.includeTests }}
with:
# fail if there are no test results
require_tests: true
# Workaround for check that is additionally created being associated
# to the wrong workflow/run. Instead no additional check is created.
# See https://github.com/mikepenz/action-junit-report/issues/40
annotate_only: true
detailed_summary: true
report_paths: 'build/target/testReports/*.xml'
- name: Install NodeJs
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 20
- name: Install AWS CLI # Required for uploading update site
uses: unfor19/install-aws-cli-action@e8b481e524a99f37fbd39fdc1dcb3341ab091367 # v1.0.7
with:
version: 1
- name: Release
id: release
uses: cycjimmy/semantic-release-action@cb425203a562475bca039ba4dbf90c7f9ac790f4 # v4.1.0
env:
# Permissions needed
# contents: write
# issues: write
# pull-requests: write
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
GIT_AUTHOR_NAME: wetransform Bot
GIT_AUTHOR_EMAIL: [email protected]
GIT_COMMITTER_NAME: wetransform Bot
GIT_COMMITTER_EMAIL: [email protected]
RUNNER_DEBUG: 1
# For release commands execution
# Upload update site
# AWS_ACCESS_KEY_ID: ${{ secrets.BUILD_ARCHIVE_ACCESS_KEY }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.BUILD_ARCHIVE_SECRET_KEY }}
# Deploy artifacts
# WETF_ARTIFACTORY_USER: ${{ secrets.WETF_ARTIFACTORY_USER }}
# WETF_ARTIFACTORY_PASSWORD: ${{ secrets.WETF_ARTIFACTORY_PASSWORD }}
JAVA_TOOL_OPTIONS: '-Dmaven.wagon.httpconnectionManager.ttlSeconds=120'
with:
dry_run: ${{ inputs.dryRun }}
semantic_version: 23.1.1
extra_plugins:
"@semantic-release/changelog@\
${{ env.SEMANTIC_RELEASE_CHANGELOG_VERSION }} \
@semantic-release/exec@\
${{ env.SEMANTIC_RELEASE_EXEC_VERSION }} \
@semantic-release/git@\
${{ env.SEMANTIC_RELEASE_GIT_VERSION }} \
conventional-changelog-conventionalcommits@\
${{ env.CONVENTIONAL_CHANGELOG_CONVENTIONALCOMMITS_VERSION }} \
"
# https://github.com/marketplace/actions/slack-notify-build
- name: Notify failure to Slack
if: failure()
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_NOTIFICATIONS_BOT_TOKEN }}
uses: voxmedia/github-action-slack-notify-build@3665186a8c1a022b28a1dbe0954e73aa9081ea9e # v1.6.0
with:
channel: build-failures
status: FAILED
color: danger
# Note: one reason deploy artifacts is handled as separate job is that it currently usually fails (connection reset issue)
# and should not impact the main release job
deploy-artifacts:
name: Deploy Maven artifacts
runs-on: ubuntu-latest
needs: [release]
if: ${{ !inputs.dryRun && needs.release.outputs.release-published != 'false' }}
steps:
- name: Setup Maven
uses: s4u/setup-maven-action@489441643219d2b93ee2a127b2402eb640a1b947 # v1.13.0
with:
java-version: 17
java-distribution: temurin
maven-version: 3.9.6
checkout-ref: refs/tags/v${{needs.release.outputs.release-version}} # check out release tag
- name: Deploy Artifacts
env:
WETF_ARTIFACTORY_USER: ${{ secrets.WETF_ARTIFACTORY_USER }}
WETF_ARTIFACTORY_PASSWORD: ${{ secrets.WETF_ARTIFACTORY_PASSWORD }}
JAVA_TOOL_OPTIONS: '-Dmaven.wagon.httpconnectionManager.ttlSeconds=120'
run: ./build.sh deployArtifacts
working-directory: ./build
# https://github.com/marketplace/actions/slack-notify-build
- name: Notify failure to Slack
if: failure()
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_NOTIFICATIONS_BOT_TOKEN }}
uses: voxmedia/github-action-slack-notify-build@3665186a8c1a022b28a1dbe0954e73aa9081ea9e # v1.6.0
with:
channel: build-failures
status: FAILED
color: danger
publish-products:
name: Publish products and update site
runs-on: ubuntu-latest
needs: [release]
if: ${{ !inputs.dryRun && needs.release.outputs.release-published != 'false' }}
steps:
- name: Setup Maven
uses: s4u/setup-maven-action@489441643219d2b93ee2a127b2402eb640a1b947 # v1.13.0
with:
java-version: 17
java-distribution: temurin
maven-version: 3.9.6
checkout-ref: refs/tags/v${{needs.release.outputs.release-version}} # check out release tag
- name: Install genisoimage # required for Mac build
run: sudo apt-get install -y genisoimage
- name: Login to Docker Hub
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: Install AWS CLI # Required for uploading update site
uses: unfor19/install-aws-cli-action@e8b481e524a99f37fbd39fdc1dcb3341ab091367 # v1.0.7
with:
version: 1
- name: Clean
run: ./build.sh clean
working-directory: ./build
- name: Build products
run: |
./build.sh product --arch x86_64 --os linux HALE
./build.sh product --arch x86_64 --os windows HALE
./build.sh product --arch x86_64 --os macosx HALE
./build.sh product --arch x86_64 --os linux --publish Infocenter
working-directory: ./build
# use GitHub CLI to upload asset to release
# see https://cli.github.com/manual/gh_release_upload
- name: Add HALE products to release
env:
GH_TOKEN: ${{ github.token }}
run: |
echo "Adding to release assets..."
gh release upload v${{needs.release.outputs.release-version}} build/target/*.tar.gz --repo ${{ github.repository }}
gh release upload v${{needs.release.outputs.release-version}} build/target/*.zip --repo ${{ github.repository }}
gh release upload v${{needs.release.outputs.release-version}} build/target/*.dmg --repo ${{ github.repository }}
shell: bash
- name: Upload update site
env:
AWS_ACCESS_KEY_ID: ${{ secrets.BUILD_ARCHIVE_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.BUILD_ARCHIVE_SECRET_KEY }}
run: ./upload-site.sh
working-directory: ./build
# https://github.com/marketplace/actions/slack-notify-build
- name: Notify failure to Slack
if: failure()
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_NOTIFICATIONS_BOT_TOKEN }}
uses: voxmedia/github-action-slack-notify-build@3665186a8c1a022b28a1dbe0954e73aa9081ea9e # v1.6.0
with:
channel: build-failures
status: FAILED
color: danger
windows-build:
name: Build Windows installer
runs-on: windows-latest
needs: [release]
if: ${{ !inputs.dryRun && needs.release.outputs.release-published != 'false' }}
steps:
- name: Setup Maven
uses: s4u/setup-maven-action@489441643219d2b93ee2a127b2402eb640a1b947 # v1.13.0
with:
java-version: 17
java-distribution: temurin
maven-version: 3.9.6
checkout-ref: refs/tags/v${{needs.release.outputs.release-version}} # check out release tag
# WiX is already installed on default Windows runner (currently WiX 3.x)
# Note: adding to path not required as our build looks for the installation folder
#
# - name: Add WiX toolkit to PATH
# shell: bash
# run: echo "${WIX}bin" >> $GITHUB_PATH
- name: Build installer
run: |
build.bat product -o windows -a x86_64 HALE
shell: cmd
# use GitHub CLI to upload asset to release
# see https://cli.github.com/manual/gh_release_upload
- name: Add installer to release
env:
GH_TOKEN: ${{ github.token }}
run: |
echo "Adding to release assets..."
gh release upload v${{needs.release.outputs.release-version}} build/target/*.msi --repo ${{ github.repository }}
shell: bash
# https://github.com/marketplace/actions/slack-notify-build
- name: Notify failure to Slack
if: failure()
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_NOTIFICATIONS_BOT_TOKEN }}
uses: voxmedia/github-action-slack-notify-build@3665186a8c1a022b28a1dbe0954e73aa9081ea9e # v1.6.0
with:
channel: build-failures
status: FAILED
color: danger