226 lines
7.8 KiB
YAML
226 lines
7.8 KiB
YAML
name: Release (Manual Main Only)
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
description: "Release version (e.g. 0.2.0 or v0.2.0)"
|
|
required: true
|
|
type: string
|
|
deb_revision:
|
|
description: "Debian package revision suffix appended to the upstream version (e.g. 1 for 1.2.3-1)."
|
|
required: true
|
|
default: "1"
|
|
type: string
|
|
prerelease:
|
|
description: "Mark GitHub release as prerelease"
|
|
required: true
|
|
default: false
|
|
type: boolean
|
|
draft:
|
|
description: "Keep release as draft after artifacts upload"
|
|
required: true
|
|
default: false
|
|
type: boolean
|
|
|
|
permissions:
|
|
contents: write
|
|
id-token: write
|
|
|
|
concurrency:
|
|
group: release-manual-main-${{ startsWith(github.event.inputs.version, 'v') && github.event.inputs.version || format('v{0}', github.event.inputs.version) }}
|
|
cancel-in-progress: false
|
|
|
|
env:
|
|
CARGO_TERM_COLOR: always
|
|
|
|
jobs:
|
|
validate:
|
|
name: Validate inputs and branch guard
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 15
|
|
outputs:
|
|
version: ${{ steps.norm.outputs.version }}
|
|
tag: ${{ steps.norm.outputs.tag }}
|
|
prerelease: ${{ steps.flags.outputs.prerelease }}
|
|
draft: ${{ steps.flags.outputs.draft }}
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Enforce main-only dispatch
|
|
run: |
|
|
set -euo pipefail
|
|
if [ "${GITHUB_REF_NAME}" != "main" ]; then
|
|
echo "::error title=Invalid dispatch branch::This workflow may only run from main. Current ref: ${GITHUB_REF_NAME}"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Normalize and validate version/tag
|
|
id: norm
|
|
run: |
|
|
set -euo pipefail
|
|
raw="${{ github.event.inputs.version }}"
|
|
raw="$(echo "$raw" | tr -d '[:space:]')"
|
|
if [ -z "$raw" ]; then
|
|
echo "::error title=Missing version::Input 'version' must not be empty."
|
|
exit 1
|
|
fi
|
|
|
|
ver="${raw#v}"
|
|
if ! [[ "$ver" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-rc\.[0-9]+)?$ ]]; then
|
|
echo "::error title=Invalid version format::Expected semver like 1.2.3 or 1.2.3-rc.1."
|
|
exit 1
|
|
fi
|
|
|
|
tag="v${ver}"
|
|
echo "version=$ver" >> "$GITHUB_OUTPUT"
|
|
echo "tag=$tag" >> "$GITHUB_OUTPUT"
|
|
echo "Release tag: $tag"
|
|
|
|
- name: Verify crate version matches release version
|
|
run: |
|
|
set -euo pipefail
|
|
crate_version="$(sed -n 's/^version = "\([^"]*\)"/\1/p' Cargo.toml | head -n1)"
|
|
wanted="${{ steps.norm.outputs.version }}"
|
|
if [ "$crate_version" != "$wanted" ]; then
|
|
echo "::error title=Version mismatch::Cargo.toml version '$crate_version' does not match requested release '$wanted'."
|
|
exit 1
|
|
fi
|
|
|
|
- name: Ensure tag does not already exist on origin
|
|
run: |
|
|
set -euo pipefail
|
|
tag="${{ steps.norm.outputs.tag }}"
|
|
if git ls-remote --exit-code --tags origin "refs/tags/${tag}" >/dev/null 2>&1; then
|
|
echo "::error title=Tag already exists::Tag ${tag} already exists in origin."
|
|
exit 1
|
|
fi
|
|
|
|
- name: Normalize boolean flags
|
|
id: flags
|
|
run: |
|
|
set -euo pipefail
|
|
echo "prerelease=${{ github.event.inputs.prerelease }}" >> "$GITHUB_OUTPUT"
|
|
echo "draft=${{ github.event.inputs.draft }}" >> "$GITHUB_OUTPUT"
|
|
|
|
create_release:
|
|
name: Create tag and draft GitHub release
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 20
|
|
needs: validate
|
|
environment: release
|
|
outputs:
|
|
release_id: ${{ steps.create_release.outputs.release_id }}
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Create annotated tag at current main commit
|
|
run: |
|
|
set -euo pipefail
|
|
tag="${{ needs.validate.outputs.tag }}"
|
|
git config user.name "github-actions[bot]"
|
|
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
|
|
git tag -a "$tag" -m "GitComet $tag"
|
|
git push origin "$tag"
|
|
|
|
- name: Create draft GitHub release
|
|
id: create_release
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
run: |
|
|
set -euo pipefail
|
|
tag="${{ needs.validate.outputs.tag }}"
|
|
prerelease="${{ needs.validate.outputs.prerelease }}"
|
|
|
|
args=(release create "$tag" --repo "$GITHUB_REPOSITORY" --title "GitComet $tag" --target "$GITHUB_SHA" --generate-notes --draft)
|
|
if [ "$prerelease" = "true" ]; then
|
|
args+=(--prerelease)
|
|
fi
|
|
|
|
gh "${args[@]}"
|
|
release_id="$(gh release view "$tag" --repo "$GITHUB_REPOSITORY" --json id --jq '.id')"
|
|
echo "release_id=$release_id" >> "$GITHUB_OUTPUT"
|
|
|
|
build_and_upload:
|
|
name: Build and upload release artifacts
|
|
needs: [validate, create_release]
|
|
uses: ./.github/workflows/build-release-artifacts.yml
|
|
with:
|
|
tag: ${{ needs.validate.outputs.tag }}
|
|
version: ${{ needs.validate.outputs.version }}
|
|
deb_revision: ${{ github.event.inputs.deb_revision }}
|
|
release_id: ${{ needs.create_release.outputs.release_id }}
|
|
secrets: inherit
|
|
|
|
publish_release:
|
|
name: Publish GitHub release
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 10
|
|
needs: [validate, create_release, build_and_upload]
|
|
if: ${{ fromJSON(needs.validate.outputs.draft) == false }}
|
|
permissions:
|
|
contents: write
|
|
steps:
|
|
- name: Publish draft release
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
run: |
|
|
set -euo pipefail
|
|
tag="${{ needs.validate.outputs.tag }}"
|
|
gh release edit "$tag" --repo "$GITHUB_REPOSITORY" --draft=false
|
|
gh release view "$tag" --repo "$GITHUB_REPOSITORY"
|
|
|
|
deploy_homebrew_tap:
|
|
name: Deploy Homebrew tap formula
|
|
needs: [validate, build_and_upload, publish_release]
|
|
if: ${{ fromJSON(needs.validate.outputs.draft) == false && needs.build_and_upload.result == 'success' }}
|
|
uses: ./.github/workflows/deploy-homebrew-tap.yml
|
|
with:
|
|
tag: ${{ needs.validate.outputs.tag }}
|
|
version: ${{ needs.validate.outputs.version }}
|
|
tap_repo: ${{ vars.HOMEBREW_TAP_REPO }}
|
|
tap_branch: ${{ vars.HOMEBREW_TAP_BRANCH }}
|
|
dry_run: false
|
|
secrets: inherit
|
|
|
|
deploy_apt_repo:
|
|
name: Deploy Azure APT repository
|
|
needs: [validate, build_and_upload, publish_release]
|
|
if: ${{ fromJSON(needs.validate.outputs.draft) == false && needs.build_and_upload.result == 'success' }}
|
|
uses: ./.github/workflows/deploy-apt-repo.yml
|
|
with:
|
|
tag: ${{ needs.validate.outputs.tag }}
|
|
version: ${{ needs.validate.outputs.version }}
|
|
storage_account: ${{ vars.APT_STORAGE_ACCOUNT }}
|
|
storage_container: ${{ vars.APT_STORAGE_CONTAINER }}
|
|
storage_prefix: ${{ vars.APT_STORAGE_PREFIX }}
|
|
distribution: ${{ vars.APT_REPO_DISTRIBUTION }}
|
|
component: ${{ vars.APT_REPO_COMPONENT }}
|
|
architecture: "amd64"
|
|
repo_origin: ${{ vars.APT_REPO_ORIGIN }}
|
|
repo_label: ${{ vars.APT_REPO_LABEL }}
|
|
repo_description: ${{ vars.APT_REPO_DESCRIPTION }}
|
|
container_public_access: ${{ vars.APT_STORAGE_PUBLIC_ACCESS }}
|
|
dry_run: false
|
|
secrets: inherit
|
|
|
|
cleanup_failed_release:
|
|
name: Cleanup failed draft/tag
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 10
|
|
needs: [validate, create_release, build_and_upload]
|
|
if: ${{ always() && needs.create_release.result == 'success' && needs.build_and_upload.result != 'success' }}
|
|
permissions:
|
|
contents: write
|
|
steps:
|
|
- name: Delete failed draft release and tag
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
run: |
|
|
set -euo pipefail
|
|
tag="${{ needs.validate.outputs.tag }}"
|
|
gh release delete "$tag" --repo "$GITHUB_REPOSITORY" --cleanup-tag --yes || true
|