-
Notifications
You must be signed in to change notification settings - Fork 120
178 lines (162 loc) · 6.31 KB
/
release.yml
File metadata and controls
178 lines (162 loc) · 6.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
name: release
on:
push:
tags:
- "*"
workflow_dispatch:
# To test this workflow: Go to Actions -> release -> Run workflow
# Or using the CLI: gh workflow run release --ref <branch> -f version_suffix=test-draft-release
# This creates a draft release tagged with the specified version
# Remember to delete the draft release after testing!
inputs:
version_suffix:
description: "Suffix for draft release tag (e.g., experimental-foo-2)"
required: false
default: test-draft-release
type: string
permissions:
contents: write
issues: write
pull-requests: write
jobs:
prepare:
runs-on: ubuntu-latest
steps:
- name: Checkout (for tag->master validation)
if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') }}
uses: actions/checkout@v6
with:
fetch-depth: 0
ref: ${{ github.sha }}
- name: Abort if tag is not on master
if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') }}
run: |
set -euo pipefail
git fetch origin master
if git merge-base --is-ancestor "${GITHUB_SHA}" "origin/master"; then
echo "Tag commit ${GITHUB_SHA} is reachable from master."
else
echo "Error: Tag commit ${GITHUB_SHA} is not on master. Aborting workflow."
exit 1
fi
- name: Prepare release
run: echo "Preparing release ref=${{ github.ref_name }} suffix=${{ inputs.version_suffix }}"
- name: Validate draft suffix (workflow_dispatch only)
if: ${{ github.event_name == 'workflow_dispatch' }}
run: |
set -eu
SUFFIX="${{ inputs.version_suffix }}"
if [ -z "${SUFFIX:-}" ]; then
echo "Error: inputs.version_suffix (draft suffix) is empty"
exit 1
fi
# Allow only letters, digits, and hyphens
if ! printf '%s' "${SUFFIX}" | grep -Eq '^[A-Za-z0-9-]+$'; then
echo "Error: inputs.version_suffix must contain only letters, digits, and hyphens (e.g., experimental-foo-2)"
exit 1
fi
# Check that the changelog is in good order and extract the changelog.
changelog:
runs-on: ubuntu-latest
needs: prepare
steps:
- uses: actions/checkout@v6
- name: Extract changelog
# Skip this step for draft releases. Leave the release body empty.
if: ${{ github.event_name != 'workflow_dispatch' }}
id: read_changelog
uses: ./.github/actions/extract-changelog
with:
version: ${{ github.ref_name }}
outputs:
release_body: ${{ steps.read_changelog.outputs.release_body }}
build:
needs: prepare
strategy:
matrix:
os: [ubuntu-latest, macos-15-intel, ubuntu-24.04-arm, macos-latest]
concurrency:
group: release-build-${{ matrix.os }}-${{ github.ref_name }}
cancel-in-progress: true
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v6
- uses: cachix/install-nix-action@v31
- uses: cachix/cachix-action@v16
with:
name: ic-hs-test
# NB: No auth token, we don't expect to push new stuff here
- name: Build platform-specific release files
run: nix build --max-jobs 1 '.#"release-files-${{ matrix.os }}"'
- name: Upload Release Artifacts
uses: actions/upload-artifact@v7
with:
name: release-files-${{ matrix.os }}
path: result/*
- name: Test release files
run: |
uname -s -m
moc="$(nix build --max-jobs 1 .#release.moc --print-out-paths)"
"$moc/bin/moc" --version
file "$moc/bin/moc"
ldd "$moc/bin/moc" || true
publish:
runs-on: ubuntu-latest
needs: [prepare, changelog, build]
steps:
- name: Download all release artifacts
uses: actions/download-artifact@v8
with:
path: release-assets
pattern: release-files-*
merge-multiple: true
- name: Rewrite artifact filenames with draft suffix
id: rewrite_draft_assets
if: ${{ github.event_name == 'workflow_dispatch' }}
env:
DRAFT_SUFFIX: ${{ inputs.version_suffix }}
run: |
set -eu
echo "Applying draft suffix: ${DRAFT_SUFFIX}"
dir="release-assets"
# Extract numeric version from moc-<version>.js
version="$(ls "$dir"/moc-*.js 2>/dev/null | sed -n 's#.*moc-\([0-9.]\+\)\.js#\1#p' | head -n1 || true)"
if [ -z "${version}" ]; then
echo "Could not determine base version from moc-*.js; skipping rename."
exit 0
fi
echo "Detected base version: ${version}"
# Rename JS artifacts
if [ -f "$dir/moc-${version}.js" ]; then
mv "$dir/moc-${version}.js" "$dir/moc-${version}-${DRAFT_SUFFIX}.js"
fi
if [ -f "$dir/moc-interpreter-${version}.js" ]; then
mv "$dir/moc-interpreter-${version}.js" "$dir/moc-interpreter-${version}-${DRAFT_SUFFIX}.js"
fi
# Rename tarballs
for f in "$dir"/*-"${version}".tar.gz; do
[ -e "$f" ] || continue
mv "$f" "${f%.tar.gz}-${DRAFT_SUFFIX}.tar.gz"
done
# Expose computed draft tag as a step output
echo "tag=${version}-${DRAFT_SUFFIX}" >> "$GITHUB_OUTPUT"
- name: List downloaded files
run: |
echo "Contents of release-assets directory:"
find release-assets -type f -ls || true
- name: Create GitHub App Token
uses: actions/create-github-app-token@v2
id: app-token
with:
app-id: ${{ vars.GENERIC_CI_RW_APP_ID }}
private-key: ${{ secrets.GENERIC_CI_RW_APP_PRIVATE_KEY }}
- name: Upload Release Assets
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ steps.app-token.outputs.token }}
tag: ${{ github.event_name == 'workflow_dispatch' && steps.rewrite_draft_assets.outputs.tag || github.ref_name }}
file: release-assets/*
file_glob: true
body: ${{ needs.changelog.outputs.release_body || 'Draft release created for testing purposes' }}
draft: ${{ github.event_name == 'workflow_dispatch' }}
prerelease: ${{ github.event_name == 'workflow_dispatch' }}