Publish release #121
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (C) 2020 Dremio | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
# Publish Nessie release artifacts | |
# Triggered when a `nessie-*` tag is being pushed. | |
# Publishes the Maven and Docker artifacts. | |
# GitHub environment name: | |
# release | |
# Required secrets: | |
# OSSRH_ACCESS_ID | |
# OSSRH_TOKEN | |
# MAVEN_GPG_PASSPHRASE | |
# PYPI_API_TOKEN | |
# DOCKER_USERNAME | |
# DOCKER_TOKEN | |
name: Publish release | |
on: | |
push: | |
tags: | |
- nessie-* | |
workflow_dispatch: | |
inputs: | |
releaseTag: | |
description: 'Release tag name to re-release' | |
required: true | |
jobs: | |
publish-release: | |
name: Publish release | |
runs-on: ubuntu-22.04 | |
if: github.repository == 'projectnessie/nessie' | |
# Runs in the `release` environment, which has the necessary secrets and defines the reviewers. | |
# See https://docs.github.com/en/actions/reference/environments | |
environment: release | |
steps: | |
# GH doesn't provide just the tag name, so this step strips `/refs/tags/nessie-` from `GITHUB_REF` | |
# and provides the output `VERSION` or, in case of a manual run, uses the input `releaseTag` as | |
# the input tag name. | |
- name: Get release version | |
run: | | |
if [[ "${{ github.event_name }}" == "push" ]] ; then | |
V="${GITHUB_REF/refs\/tags\/}" | |
else | |
V="${{ github.event.inputs.releaseTag }}" | |
fi | |
# check if tag matches patterns like nessie-0.5, nessie-0.10.4.3-alpha1, etc | |
if [[ ${V} =~ ^nessie-[0-9]+[.][0-9.]*[0-9](-[a-zA-Z0-9]+)?$ ]]; then | |
echo "RELEASE_VERSION=${V/nessie-}" >> ${GITHUB_ENV} | |
echo "GIT_TAG=${V}" >> ${GITHUB_ENV} | |
else | |
echo "Tag must start with nessie- followed by a valid version (got tag ${V}, ref is ${GITHUB_REF} )" | |
exit 1 | |
fi | |
### BEGIN runner setup | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
if: ${{ github.event_name == 'push' }} | |
with: | |
fetch-depth: '0' | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
with: | |
fetch-depth: '0' | |
ref: refs/tags/${{ github.event.inputs.releaseTag }} | |
- name: Setup runner | |
uses: ./.github/actions/setup-runner | |
- name: Setup Java, Gradle | |
uses: ./.github/actions/dev-tool-java | |
with: | |
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
- name: Install Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: v3.6.3 | |
### END runner setup | |
# Deploys Maven artifacts. Build and test steps were already ran in previous steps. | |
# Not running tests, because the environment contains secrets. | |
- name: Publish Maven artifacts for release | |
env: | |
# To release with Gradle | |
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.OSSRH_ACCESS_ID }} | |
ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.OSSRH_TOKEN }} | |
# To release commits that used Maven to build | |
MAVEN_USERNAME: ${{ secrets.OSSRH_ACCESS_ID }} | |
MAVEN_OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }} | |
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
ARTIFACTS: ../build-artifacts | |
run: | | |
rm -rf "${ARTIFACTS}" | |
mkdir -p "${ARTIFACTS}" | |
echo "::group::Gradle build" | |
# 2 Retries - due to Gradle's old and unfixed CME bug | |
./gradlew compileAll jar testClasses || \ | |
./gradlew compileAll jar testClasses || \ | |
./gradlew compileAll jar testClasses | |
echo "::endgroup::" | |
echo "::group::Publish to Sonatype" | |
# 2 Retries - to mitigate "HTTP/502 Bad Gateway" issues | |
./gradlew publishToMavenLocal publishToSonatype closeAndReleaseSonatypeStagingRepository -Prelease -Puber-jar || \ | |
./gradlew publishToMavenLocal publishToSonatype closeAndReleaseSonatypeStagingRepository -Prelease -Puber-jar || \ | |
./gradlew publishToMavenLocal publishToSonatype closeAndReleaseSonatypeStagingRepository -Prelease -Puber-jar | |
mv servers/quarkus-server/build/nessie-quarkus-${RELEASE_VERSION}-runner.jar "${ARTIFACTS}" | |
mv servers/quarkus-cli/build/nessie-quarkus-cli-${RELEASE_VERSION}-runner.jar "${ARTIFACTS}" | |
echo "::endgroup::" | |
echo '${{ secrets.GITHUB_TOKEN }}' | docker login ghcr.io -u $ --password-stdin | |
tools/dockerbuild/build-push-images.sh \ | |
-a "${ARTIFACTS}" \ | |
-g ":nessie-quarkus" \ | |
-p "servers/quarkus-server" \ | |
ghcr.io/projectnessie/nessie | |
# Add version to the openapi file name | |
cp api/model/build/generated/openapi/META-INF/openapi/openapi.yaml api/model/build/nessie-openapi-${RELEASE_VERSION}.yaml | |
cp gc/gc-tool/build/executable/nessie-gc gc/gc-tool/build/executable/nessie-gc-${RELEASE_VERSION} | |
echo "QUARKUS_UBER_JAR=${ARTIFACTS}/nessie-quarkus-${RELEASE_VERSION}-runner.jar" >> ${GITHUB_ENV} | |
echo "CLI_UBER_JAR=${ARTIFACTS}/nessie-quarkus-cli-${RELEASE_VERSION}-runner.jar" >> ${GITHUB_ENV} | |
echo "GC_EXEC=gc/gc-tool/build/executable/nessie-gc-${RELEASE_VERSION}" >> ${GITHUB_ENV} | |
echo "NESSIE_OPENAPI=api/model/build/nessie-openapi-${RELEASE_VERSION}.yaml" >> ${GITHUB_ENV} | |
echo "## Successfully released ${RELEASE_VERSION} to Sonatype" >> $GITHUB_STEP_SUMMARY | |
# Packages Nessie Helm chart | |
- name: Package Nessie Helm chart for release | |
run: | | |
helm package helm/nessie --version ${RELEASE_VERSION} | |
# Rename Nessie Helm chart | |
- name: Rename Nessie Helm chart for release | |
run: | | |
mv nessie-${RELEASE_VERSION}.tgz nessie-helm-${RELEASE_VERSION}.tgz | |
echo "NESSIE_HELM_CHART=nessie-helm-${RELEASE_VERSION}.tgz" >> ${GITHUB_ENV} | |
# Publish Nessie Helm chart to Helm Repo | |
- name: Publish Nessie Helm chart to Helm Repo | |
run: | | |
wget https://raw.githubusercontent.com/projectnessie/charts.projectnessie.org/main/index.yaml | |
helm repo index . --merge index.yaml --url https://github.com/projectnessie/nessie/releases/download/nessie-${RELEASE_VERSION} | |
echo ${{ secrets.CI_REPORTS_TOKEN }} | gh auth login --with-token | |
index_sha=$(gh api -X GET /repos/projectnessie/charts.projectnessie.org/contents/index.yaml --jq '.sha') | |
gh api -X PUT /repos/projectnessie/charts.projectnessie.org/contents/index.yaml -f message="Publishing Nessie Helm chart ${RELEASE_VERSION}" -f content=$(base64 -w0 index.yaml) -f sha=${index_sha} || true | |
echo "## Successfully published Helm chart for ${RELEASE_VERSION}" >> $GITHUB_STEP_SUMMARY | |
# Prepare Nessie release notes for GitHub | |
# | |
# The markdown file for the release is generated using some mostly simple shell script. | |
# | |
# `LAST_TAG` is evaluated using `git describe`, which is the name of the git tag before the release tag | |
# `NUM_COMMITS` is the total number of commits "between" LAST_TAG and GIT_TAG | |
# | |
# "Full Changelog" is the output of a `git log` considering the commits "between" LAST_TAG and | |
# GIT_TAG, removing the commits by `renovate` and `nessie-release-workflow`. | |
# Also removes commits that start with `[release] `. | |
# | |
# The final markdown is just a `cat` of the above information including some basic markdown formatting. | |
# | |
- name: Prepare Nessie release for GitHub | |
run: | | |
DIR=$(mktemp -d) | |
NOTES_FILE=${DIR}/release-notes.md | |
LAST_TAG=$(git describe --abbrev=0 --tags --match=nessie-* ${GIT_TAG}^1) | |
NUM_COMMITS=$(git log --format='format:%h' ${LAST_TAG}..HEAD^1 | wc -l) | |
git log --perl-regexp --author '^(?!.*renovate|.*nessie-release-workflow).*$' --format='format:* %s' ${LAST_TAG}..${GIT_TAG} | grep -v '^\* \[release\] .*$' > ${DIR}/release-log | |
Q_GC_EXEC="https://github.com/projectnessie/nessie/releases/download/nessie-${RELEASE_VERSION}/nessie-gc-${RELEASE_VERSION}" | |
Q_UBER_URL="https://github.com/projectnessie/nessie/releases/download/nessie-${RELEASE_VERSION}/nessie-quarkus-${RELEASE_VERSION}-runner.jar" | |
Q_HELM_CHART_URL="https://github.com/projectnessie/nessie/releases/download/nessie-${RELEASE_VERSION}/nessie-helm-${RELEASE_VERSION}.tgz" | |
Q_MC_URL="https://search.maven.org/search?q=g:org.projectnessie+AND+a:nessie-quarkus+AND+v:${RELEASE_VERSION}" | |
cat <<EOF > ${NOTES_FILE} | |
# Nessie ${RELEASE_VERSION} release | |
* ${NUM_COMMITS} commits since ${LAST_TAG#nessie-} | |
* Maven Central: https://search.maven.org/search?q=g:org.projectnessie.nessie+v:${RELEASE_VERSION} | |
* Docker images: https://github.com/projectnessie/nessie/pkgs/container/nessie and https://quay.io/repository/projectnessie/nessie?tab=tags | |
It is a multiplatform Java image (amd64, arm64, ppc64le, s390x): \`docker pull ghcr.io/projectnessie/nessie:${RELEASE_VERSION}-java\` | |
* PyPI: https://pypi.org/project/pynessie/ (See [pynessie](https://github.com/projectnessie/pynessie/releases)) | |
* Helm Chart repo: https://charts.projectnessie.org/ | |
## Try it | |
The attached [\`nessie-quarkus-${RELEASE_VERSION}-runner.jar\`](${Q_UBER_URL}) is a standalone uber-jar file that runs on Java 17 or newer and it is also available via [Maven Central](${Q_MC_URL}). Download and run it (requires Java 17): | |
\`\`\` | |
wget ${Q_UBER_URL} | |
java -jar nessie-quarkus-${RELEASE_VERSION}-runner.jar | |
\`\`\` | |
Nessie GC tool is attached as [\`nessie-gc-${RELEASE_VERSION}\`](${Q_GC_EXEC}), which is an executable. | |
(\`chmod 744 nessie-gc-${RELEASE_VERSION}\` after download.) | |
Can also be run using \`java -jar nessie-gc-${RELEASE_VERSION}\`, because it is actually a Java archive. | |
Shell completion can be generated from the \`nessie-gc\` tool. | |
The attached [\`nessie-helm-${RELEASE_VERSION}.tgz\`](${Q_HELM_CHART_URL}) is a packaged Helm chart, which can be downloaded and installed via Helm. | |
There is also the [Nessie Helm chart repo](https://charts.projectnessie.org/), which can be added and used to install the Nessie Helm chart. | |
## Changelog | |
$(./gradlew --quiet --console=plain getChangelog --no-header --no-links) | |
## Full Changelog (minus renovate commits): | |
$(cat ${DIR}/release-log) | |
EOF | |
echo "NOTES_FILE=${NOTES_FILE}" >> ${GITHUB_ENV} | |
cat "${NOTES_FILE}" >> $GITHUB_STEP_SUMMARY | |
- name: Create Nessie release in GitHub | |
run: | | |
echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token | |
gh release create ${GIT_TAG} \ | |
--notes-file ${{ env.NOTES_FILE }} \ | |
--title "Nessie ${RELEASE_VERSION}" \ | |
"${QUARKUS_UBER_JAR}" \ | |
"${CLI_UBER_JAR}" \ | |
"${GC_EXEC}" \ | |
"${NESSIE_OPENAPI}" \ | |
"${NESSIE_HELM_CHART}" | |
- name: Update SwaggerHub | |
uses: smartbear/[email protected] | |
env: | |
XDG_CONFIG_HOME: "/tmp" | |
SWAGGERHUB_API_KEY: ${{ secrets.SWAGGERHUB_API_KEY }} | |
SWAGGERHUB_URL: "https://api.swaggerhub.com" | |
with: | |
args: api:create projectnessie/nessie -f ${{ env.NESSIE_OPENAPI }} --published=publish --setdefault --visibility=public | |
- name: SwaggerHub info | |
run: echo "## Successfully updated SwaggerHub for ${RELEASE_VERSION}" >> $GITHUB_STEP_SUMMARY |