-
Notifications
You must be signed in to change notification settings - Fork 266
186 lines (165 loc) · 7.19 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
name: Release CLI
on:
pull_request:
branches: [main]
paths-ignore: # ignore docs as they are built with Netlify.
- '**/*.md'
- 'site/**'
- 'netlify.toml'
push:
branches: [main]
tags: 'v[0-9]+.[0-9]+.[0-9]+**' # Ex. v0.2.0 v0.2.1-rc2
env: # Update this prior to requiring a higher minor version in go.mod
GO_VERSION: "1.23"
defaults:
run: # use bash for all operating systems unless overridden
shell: bash
concurrency:
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-concurrency-to-cancel-any-in-progress-job-or-run
group: ${{ github.ref }}-${{ github.workflow }}-${{ github.actor }}
cancel-in-progress: true
jobs:
pre_release:
name: Pre-release build
# This only runs on Windows so that we can simplify the installation of necessary toolchain to build artifacts.
runs-on: windows-2022
# This allows us to test in the following job regardless of the event (tag or not).
outputs:
VERSION: ${{ steps.output-version.outputs.VERSION }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
cache: false
go-version: ${{ env.GO_VERSION }}
- uses: actions/cache@v4
with:
path: |
~/go/pkg/mod
~/go/bin
key: pre-release-check-${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum', 'Makefile') }}
# windows-2022 is missing osslsigncode (no issue, yet)
- name: "Install osslsigncode, infozip; setup wix"
run: |
# Find "C:\Program Files (x86)\WiX Toolset <version>\"
WIXDIR=`ls '/c/Program Files (x86)'|grep WiX`
WIXBIN="C:\\Program Files (x86)\\$WIXDIR\\bin"
echo WIXBIN=$WIXBIN
echo $WIXBIN >> $GITHUB_PATH
choco install osslsigncode -y
choco install zip -y
- name: Download Windows code signing certificate
env:
WINDOWS_CODESIGN_P12_BASE64: ${{ secrets.WINDOWS_CODESIGN_P12_BASE64 }}
run: | # On the fork PRs, our org secret is not visible.
if [ $WINDOWS_CODESIGN_P12_BASE64 ]; then
echo $WINDOWS_CODESIGN_P12_BASE64 | base64 --decode > windows-certificate.p12
echo "WINDOWS_CODESIGN_P12=windows-certificate.p12" >> $GITHUB_ENV
fi
shell: bash
- name: Make artifacts (test)
if: github.event_name != 'push' || !contains(github.ref, 'refs/tags/')
run: | # On the fork PRs, our org secret is not visible. We unset the required env so that `make dist` uses default self-signed cert.
if [ $WINDOWS_CODESIGN_P12 ]; then
export WINDOWS_CODESIGN_PASSWORD=${{ secrets.WINDOWS_CODESIGN_PASSWORD }}
fi
VERSION=${{ github.sha }}
make dist VERSION=$VERSION
echo "VERSION=${VERSION}" >> $GITHUB_ENV
shell: bash
- name: Make artifacts
# Triggers only on tag creation.
if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
env:
WINDOWS_CODESIGN_PASSWORD: ${{ secrets.WINDOWS_CODESIGN_PASSWORD }}
run: | # Note: MSI_VERSION requires . as a separator and admits only numbers, so replace "-[a-z]*" in the tag with ".".
VERSION=${GITHUB_REF#refs/tags/v}
MSI_VERSION=${VERSION//-[a-z]*./.}
make dist VERSION=$VERSION MSI_VERSION=$MSI_VERSION
echo "VERSION=${VERSION}" >> $GITHUB_ENV
shell: bash
# This allows us to test in the following job regardless of the event (tag or not).
- id: output-version
run: echo "VERSION=${VERSION}" >> "$GITHUB_OUTPUT"
shell: bash
# In order to share the built artifacts in the subsequent tests, we use cache instead of actions/upload-artifacts.
# The reason is that upload-artifacts are not globally consistent and sometimes pre_release_test won't be able to
# find the artifacts uploaded here. See https://github.com/actions/upload-artifact/issues/21 for more context.
# Downside of this is that, we pressure the cache capacity set per repository. We delete all caches created
# on PRs on close. See .github/workflows/clear_cache.yaml. On main branch, in any way this cache will be deleted
# in 7 days, also this at most a few MB, so this won't be an issue.
- uses: actions/cache@v4
id: cache
with:
# Use share the cache containing archives across OSes.
enableCrossOsArchive: true
# Note: this creates a cache per run.
key: release-artifacts-${{ github.run_id }}
path:
dist/
# pre_release_test tests the artifacts built by pre_release in the OS dependent way.
pre_release_test:
needs: pre_release
name: Pre-release test (${{ matrix.os }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false # don't fail fast as sometimes failures are arch/OS specific
matrix:
os: [ubuntu-22.04, macos-14, windows-2022]
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
id: cache
with:
# We need this cache to run tests.
fail-on-cache-miss: true
enableCrossOsArchive: true
key: release-artifacts-${{ github.run_id }}
path:
dist/
- name: Test (linux)
# Check if the version was correctly inserted with VERSION variable
if: runner.os == 'Linux'
run: |
tar xf dist/wazero_${{ needs.pre_release.outputs.VERSION }}_linux_amd64.tar.gz
./wazero version | grep ${{ needs.pre_release.outputs.VERSION }}
- name: Test (darwin)
# Check if the version was correctly inserted with VERSION variable
if: runner.os == 'macOS'
run: |
tar xf dist/wazero_${{ needs.pre_release.outputs.VERSION }}_darwin_amd64.tar.gz
./wazero version | grep ${{ needs.pre_release.outputs.VERSION }}
# This only checks the installer when built on Windows as it is simpler than switching OS.
# refreshenv is from choco, and lets you reload ENV variables (used here for PATH).
- name: Test Windows Installer
if: runner.os == 'Windows'
run: |
set MSI_FILE="dist\wazero_${{ needs.pre_release.outputs.VERSION }}_windows_amd64.msi"
call packaging\msi\verify_msi.cmd
shell: cmd
# Triggers only on the tag creation.
release:
if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
needs: pre_release_test
name: Release
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with: # Ensure release_notes.sh can see prior commits
fetch-depth: 0
- uses: actions/cache@v4
id: cache
with:
fail-on-cache-miss: true
enableCrossOsArchive: true
key: release-artifacts-${{ github.run_id }}
path:
dist/
- name: Create draft release
run: |
ls dist
tag="${GITHUB_REF#refs/tags/}"
./.github/workflows/release_notes.sh ${tag} > release-notes.txt
gh release create ${tag} --draft --notes-file release-notes.txt --title ${GITHUB_REF#refs/tags/} ./dist/*
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}