Skip to content

Commit

Permalink
chore(ci): move draft releases to github actions (#634)
Browse files Browse the repository at this point in the history 
* chore(ci): move draft releases to gh actions

* use dropdown

* fix local action name

* test

* test

* set env

* add shell where missing, cleanup, add additional validations

* add shell

* set segment key

* nicer error

* update contributing docs

* fix name
  • Loading branch information
@mcasimir
mcasimir authored Jan 2, 2024
1 parent 88ffb48 commit 28668ed
Show file tree
Hide file tree
Showing 7 changed files with 267 additions and 1,985 deletions.
144 changes: 144 additions & 0 deletions .github/workflows/actions/test-and-build/action.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,144 @@
name: Run test and build
description: Test and build action, reused among workflows
inputs:
SEGMENT_KEY:
required: true
ARTIFACTORY_HOST:
required: true
ARTIFACTORY_PASSWORD:
required: true
ARTIFACTORY_USERNAME:
required: true
GARASIGN_PASSWORD:
required: true
GARASIGN_USERNAME:
required: true
SNYK_TOKEN:
required: true
JIRA_API_TOKEN:
required: true

runs:
using: "composite"
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Install Deps Ubuntu
if: ${{ runner.os == 'Linux' }}
run: sudo apt-get update -y && sudo apt-get -y install libkrb5-dev libsecret-1-dev net-tools libstdc++6 gnome-keyring
shell: bash

# Default Python (3.12) doesn't have support for distutils because of
# which the dep install fails constantly on macos
# https://github.com/nodejs/node-gyp/issues/2869
- uses: actions/setup-python@v4
with:
python-version: '3.11'

- name: Run node-gyp bug workaround script
run: |
curl -sSfLO https://raw.githubusercontent.com/mongodb-js/compass/42e6142ae08be6fec944b80ff6289e6bcd11badf/.evergreen/node-gyp-bug-workaround.sh && bash node-gyp-bug-workaround.sh
shell: bash

- name: Set SEGMENT_KEY
env:
SEGMENT_KEY: ${{ inputs.SEGMENT_KEY }}
run: |
echo "SEGMENT_KEY=${SEGMENT_KEY}" >> $GITHUB_ENV
shell: bash

- name: Validate SEGMENT_KEY
run: |
if [ -z "${SEGMENT_KEY}" ]; then
echo "SEGMENT_KEY is not set or is empty"
exit 1
fi
shell: bash

- name: Install npm
run: npm install -g [email protected]
shell: bash

- name: Install Dependencies
shell: bash
run: |
npm ci --omit=optional
- name: Run Checks
run: npm run check
# the glob here just fails
if: ${{ runner.os != 'Windows' }}
shell: bash

- name: Run Tests
run: |
npm run test
shell: bash

- name: Build .vsix
env:
NODE_OPTIONS: "--require ./scripts/no-npm-list-fail.js"
# NOTE: --githubBranch is "The GitHub branch used to infer relative links in README.md."
run: |
npx vsce package --githubBranch main
shell: bash

- name: Check .vsix filesize
run: npm run check-vsix-size
shell: bash

- name: Sign .vsix
if: runner.os == 'Linux'
env:
ARTIFACTORY_HOST: ${{ inputs.ARTIFACTORY_HOST }}
ARTIFACTORY_PASSWORD: ${{ inputs.ARTIFACTORY_PASSWORD }}
ARTIFACTORY_USERNAME: ${{ inputs.ARTIFACTORY_USERNAME }}
GARASIGN_PASSWORD: ${{ inputs.GARASIGN_PASSWORD }}
GARASIGN_USERNAME: ${{ inputs.GARASIGN_USERNAME }}
run: |
bash scripts/sign-vsix.sh
ls *.vsix.sig
shell: bash

- name: Upload artifacts
uses: actions/upload-artifact@v2
with:
name: VSIX built on ${{ runner.os }}
path: |
*.vsix
*.vsix.sig
- name: Run Snyk Test
if: runner.os == 'Linux'
shell: bash
env:
SNYK_TOKEN: ${{ inputs.SNYK_TOKEN }}
run: |
npm run snyk-test > /dev/null 2>&1
- name: Create Jira Tickets
if: >
runner.os == 'Linux' &&
(
github.event_name == 'push' && github.ref == 'refs/heads/main' ||
github.event_name == 'workflow_dispatch' ||
github.event_name == 'schedule'
)
shell: bash
env:
JIRA_API_TOKEN: ${{ inputs.JIRA_API_TOKEN }}
JIRA_BASE_URL: "https://jira.mongodb.org"
JIRA_PROJECT: "VSCODE"
JIRA_VULNERABILITY_BUILD_INFO: "- [GitHub Run|https://github.com/mongodb-js/vscode/actions/runs/${{github.run_id}}/jobs/${{github.job}}]"
run: |
npm run create-vulnerability-tickets > /dev/null
- name: Generate Vulnerability Report (Fail on >= High)
if: runner.os == 'Linux'
continue-on-error: ${{ github.event_name == 'pull_request' }}
shell: bash
run: |
# The standard output is suppressed since Github Actions logs are
# available for everyone with read access to the repo, which is everyone that is
# logged in for public repos.
# This command is only here to fail on failures for `main` and tags.
npm run generate-vulnerability-report > /dev/null
110 changes: 110 additions & 0 deletions .github/workflows/draft-release.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
name: Draft release

on:
workflow_dispatch:
inputs:
versionBump:
description: 'Version bump'
type: choice
required: true
default: 'patch'
options:
- patch
- minor
- major
- exact-version

exactVersion:
description: 'Exact version: (Only effective selecting "exact-version" as version bump)'
required: false

jobs:
prepare-release:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
# NOTE: this is necessary to get the full history
# and check if tags are already present
fetch-depth: 0

- name: Setup Node.js Environment
uses: actions/setup-node@v3
with:
node-version: 16.x

- name: Determine Next Version
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -e
VERSION_BUMP=${{ github.event.inputs.versionBump }}
if [[ "$VERSION_BUMP" == "major" || "$VERSION_BUMP" == "minor" || "$VERSION_BUMP" == "patch" ]]; then
PREV_VERSION_TAG=$(gh api repos/:owner/:repo/releases --jq '. | map(select(.draft == false)) | .[0] | .tag_name')
PREV_VERSION=$(npx semver --coerce ${PREV_VERSION_TAG})
NEXT_VERSION=$(npx semver -i $VERSION_INPUT $PREV_VERSION)
else
NEXT_VERSION=${{ github.event.inputs.exactVersion }}
fi
# Remove the 'v' prefix from NEXT_VERSION if it exists
NEXT_VERSION="${NEXT_VERSION#v}"
# Validates the version before using it
npx semver v"${NEXT_VERSION}"
npm version "${NEXT_VERSION}" --no-git-tag-version
echo "RELEASE_TAG=v${NEXT_VERSION}" >> $GITHUB_ENV
- name: Validate release tag
shell: bash
run: |
RELEASE_TAG=${{ inputs.RELEASE_TAG }}
if [ -z "${RELEASE_TAG}" ]; then
echo "RELEASE_TAG is not set or is empty"
exit 1
fi
if git rev-parse "$RELEASE_TAG" >/dev/null 2>&1; then
echo "Error: Tag $RELEASE_TAG already existing"
echo "If you are trying to re-create a draft release with this version, please delete the release and the tag first."
echo "If this version has already been release consider using a different one."
exit 1
fi
- name: Run tests and build
uses: ./.github/workflows/actions/test-and-build
with:
SEGMENT_KEY: ${{ secrets.SEGMENT_KEY_PROD }}
ARTIFACTORY_HOST: ${{ secrets.ARTIFACTORY_HOST }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
GARASIGN_PASSWORD: ${{ secrets.GARASIGN_PASSWORD }}
GARASIGN_USERNAME: ${{ secrets.GARASIGN_USERNAME }}
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}

- name: Create Draft Release
run: |
set -e
echo Creating draft release for: "${RELEASE_TAG}"
ls *.vsix
ls *.vsix.sig
gh release create "${RELEASE_TAG}" \
--title "${RELEASE_VERSION}" \
--notes "Edit the release notes before publishing." \
--target main \
--draft \
*.vsix \
*.vsix.sig
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Loading

0 comments on commit 28668ed

Please sign in to comment.