Skip to content
.github/workflows/release-branch.yml

add package version to call #194

Sign in to view logs

add package version to call

add package version to call #194

Workflow file for this run

.github/workflows/release-branch.yml at 2096b5d
name: Release Agent

Check failure on line 1 in .github/workflows/release-branch.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/release-branch.yml

Invalid workflow file 

(Line: 297, Col: 9): Unexpected value 'secrets'
on:
workflow_dispatch:
inputs:
githubRelease:
description: 'Setup release in github'
type: boolean
default: false
packageVersion:
description: 'Package version number'
default: "3.0.0"
type: string
packageBuildNo:
description: 'Package Build number'
default: "1"
type: string
uploadAzure:
description: 'Publish packages Azure storage'
default: true
type: boolean
publishPackages:
description: 'Publish packages to nginx repo'
default: true
type: boolean
tagRelease:
description: 'Add tag to release branch'
default: false
type: boolean
createPullRequest:
description: 'Create pull request back into main'
default: false
type: boolean
releaseBranch:
description: 'Release branch to build & publish from'
required: true
type: string
uploadUrl:
description: 'Location to publish packages to'
required: false
default: "https://up-ap.nginx.com"
env:
NFPM_VERSION: 'v2.35.3'
GOPROXY: "https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@azr.artifactory.f5net.com/artifactory/api/go/f5-nginx-go-local-approved-dependency"
defaults:
run:
shell: bash
concurrency:
group: ${{ github.ref_name }}-v3-release
cancel-in-progress: true
permissions:
contents: read
jobs:
vars:
name: Set workflow variables
runs-on: ubuntu-22.04
outputs:
github_release: ${{steps.vars.outputs.github_release }}
upload_azure: ${{steps.vars.outputs.upload_azure }}
publish_packages: ${{steps.vars.outputs.publish_packages }}
tag_release: ${{steps.vars.outputs.tag_release }}
create_pull_request: ${{steps.vars.outputs.create_pull_request }}
steps:
- name: Checkout Repository
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
with:
ref: ${{ inputs.releaseBranch }}
- name: Set variables
id: vars
run: |
echo "github_release=${{ inputs.githubRelease }}" >> $GITHUB_OUTPUT
echo "upload_azure=${{ inputs.uploadAzure }}" >> $GITHUB_OUTPUT
echo "publish_packages=${{ inputs.publishPackages }}" >> $GITHUB_OUTPUT
echo "tag_release=${{ inputs.tagRelease }}" >> $GITHUB_OUTPUT
echo "create_pull_request=${{ inputs.createPullRequest }}" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
release-draft:
name: Update Release Draft
runs-on: ubuntu-22.04
needs: [vars]
if: ${{ needs.vars.outputs.github_release == 'true' }}
permissions:
contents: write # Needed to create draft release
outputs:
release_id: ${{ steps.vars.outputs.RELEASE_ID }}
steps:
- name: Checkout Repository
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
with:
ref: ${{ inputs.releaseBranch }}
- name: Setup Node Environment
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
- name: Create Draft Release
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
id: release
env:
version: ${{ inputs.packageVersion }}
with:
script: |
const ref = context.ref.split("/")[2]
const {version} = process.env
console.log(`The release version is v${version}`)
const releases = (await github.rest.repos.listReleases({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
per_page: 100,
})).data
const latest_release = (await github.rest.repos.getLatestRelease({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
})).data.tag_name
console.log(`The latest release was ${latest_release}`)
if (latest_release === "v"+version) {
core.setFailed(`A published release already exists for ${latest_release}`)
} else {
const draft = releases.find((r) => r.draft && r.tag_name === "v"+version)
const draft_found = !(draft === undefined)
let release
if (draft_found){
console.log("Draft release already exists. Deleting current draft release and recreating it")
release = (await github.rest.repos.deleteRelease({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
release_id: draft.id,
}))
}
const release_notes = (await github.rest.repos.generateReleaseNotes({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
tag_name: "v"+version,
previous_tag_name: latest_release,
target_commitish: ref,
}))
const footer = `
## Resources
- Documentation -- https://github.com/nginx/agent#readme
`
release = (await github.rest.repos.createRelease({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
tag_name: "v"+version,
target_commitish: ref,
name: "v"+version,
body: release_notes.data.body + footer,
draft: true,
}))
console.log(`Release created: ${release.data.html_url}`)
console.log(`Release ID: ${release.data.id}`)
console.log(`Release notes: ${release_notes.data.body}`)
console.log(`Release Upload URL: ${release.data.upload_url}`)
return {
version: version,
release_id: release.data.id,
release_upload_url: release.data.upload_url,
}
}
- name: Set Environment Variables
id: vars
run: |
echo "RELEASE_ID=$(echo '${{steps.release.outputs.result}}' | jq -r '.release_id')" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
tag-release:
name: Tag Release
runs-on: ubuntu-22.04
needs: [vars,release-draft]
if: ${{ needs.vars.outputs.tag_release == 'true' }}
permissions:
contents: write
steps:
- name: Checkout Repository
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
with:
ref: ${{ inputs.releaseBranch }}
- name: Tag release
run: |
git config --global user.name 'github-actions'
git config --global user.email '41898282+github-actions[bot]@users.noreply.github.com'
git tag -a "v${{ inputs.packageVersion }}" -m "CI Autogenerated"
- name: Push Tags
run: |
git push origin "v${{ inputs.packageVersion }}"
build-and-upload-packages:
name: Build and upload release packages
runs-on: ubuntu-22.04-amd64
needs: [vars,release-draft,tag-release]
permissions:
id-token: write
contents: write # Needed to update a github release
steps:
- name: Checkout Repository
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
with:
ref: ${{ inputs.releaseBranch }}
- name: Setup go
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with:
go-version-file: 'go.mod'
cache: false
- name: Setup package build environment
run: |
go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }}
sudo apt-get update
sudo apt-get install -y gpgv1 monkeysphere
make install-tools
export PATH=$PATH:~/go/bin
nfpm --version
- name: Set the VERSION environment variable
run: echo VERSION=v${{ inputs.packageVersion }} >> $GITHUB_ENV
- name: Build Packages
env:
GPG_KEY: ${{ secrets.INDIGO_GPG_AGENT }}
NFPM_SIGNING_KEY_FILE: .key.asc
VERSION: ${{ env.VERSION }}
PACKAGE_BUILD: ${{ inputs.packageBuildNo }}
run: |
export PATH=$PATH:~/go/bin
echo "$GPG_KEY" | base64 --decode > ${NFPM_SIGNING_KEY_FILE}
make package
- name: Archive AMD64 Binaries
uses: actions/upload-artifact@v3.1.2 # v3.1.2
with:
name: nginx-agent-binaries-${{ inputs.packageVersion }}-amd64
path: |
build/amd64/nginx-agent
build/amd64/nginx-agent.sha256
build/amd64/nginx-agent.buildstart
build/amd64/nginx-agent.buildend
- name: Archive ARM64 Binaries
uses: actions/upload-artifact@v3.1.2 # v3.1.2
with:
name: nginx-agent-binaries-${{ inputs.packageVersion }}-arm64
path: |
build/arm64/nginx-agent
build/arm64/nginx-agent.sha256
build/arm64/nginx-agent.buildstart
build/arm64/nginx-agent.buildend
- name: Install GPG tools
if: ${{ inputs.publishPackages == true }}
run: |
sudo apt-get update
sudo apt-get install -y gpgv1 monkeysphere
- name: Get Id Token
if: ${{ inputs.publishPackages == true }}
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
id: idtoken
with:
script: |
let id_token = await core.getIDToken()
core.setOutput('id_token', id_token)
- name: Upload Release Packages to NGINX repo
if: ${{ inputs.publishPackages == true }}
env:
TOKEN: ${{ steps.idtoken.outputs.id_token }}
UPLOAD_URL: ${{ inputs.uploadUrl }}
run: |
make release
- name: Generate assertion documents
uses: ./.github/workflows/assertion.yml
continue-on-error: true
with:
packageVersion: ${{ inputs.packageVersion }}
secrets:
ARTIFACTORY_USER: ${{ secrets.ARTIFACTORY_USER }}
ARTIFACTORY_TOKEN: ${{ secrets.ARTIFACTORY_TOKEN }}
ARTIFACTORY_URL: ${{ secrets.ARTIFACTORY_URL_PROD }}
merge-release:
if: ${{ needs.vars.outputs.create_pull_request == 'true' }}
name: Merge release branch back into main branch
runs-on: ubuntu-22.04
needs: [vars,tag-release]
permissions:
pull-requests: write
steps:
- name: Checkout Repository
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
with:
ref: ${{ inputs.releaseBranch }}
- name: Create Pull Request
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const { repo, owner } = context.repo;
const result = await github.rest.pulls.create({
title: 'Merge ${{ inputs.releaseBranch }} back into main',
owner,
repo,
head: '${{ inputs.releaseBranch }}',
base: 'main',
body: [
'This PR is auto-generated by the release workflow.'
].join('\n')
});