Automated Release #121
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Automated Release | |
on: | |
workflow_dispatch: | |
inputs: | |
component: | |
description: "The component to release" | |
required: true | |
type: choice | |
options: | |
- orb-attest | |
- orb-hil | |
- orb-mcu-util | |
- orb-slot-ctrl | |
- orb-supervisor | |
- orb-thermal-cam-ctrl | |
- orb-ui | |
- orb-update-agent | |
- orb-update-verifier | |
channel: | |
description: | | |
Which release channel? | |
`beta` can only be used on `main` and is permanent. | |
`tmp` can be any ref and gets deleted after 1 week. Only use it for testing, | |
dont ever merge it to `main` of orb-os. | |
required: true | |
type: choice | |
options: | |
- "beta" | |
- "tmp" | |
overall_version: | |
description: | | |
In which orb-os version will this release be used? | |
required: true | |
type: choice | |
default: LL | |
options: | |
- JJ | |
- KK | |
- LL | |
- MM | |
env: | |
CI_CHANNEL: ${{ inputs.channel }} | |
CI_COMPONENT: ${{ inputs.component }} | |
CI_OVERALL_VERSION: ${{ inputs.overall_version }} | |
GH_TOKEN: ${{ github.token }} # For gh cli | |
jobs: | |
check-inputs: | |
name: Check Workflow Inputs | |
runs-on: ubuntu-24.04 | |
outputs: | |
release-name: ${{ steps.release-name.outputs.CI_RELEASE_NAME }} | |
steps: | |
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3 | |
with: | |
token: ${{ github.token }} | |
- name: Ensure git ref is valid for the selected channel | |
env: | |
CI_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | |
run: | | |
set -Eeuxo pipefail | |
CI_CURRENT_BRANCH="$(git branch --show-current)" | |
echo "CI_CURRENT_BRANCH=${CI_CURRENT_BRANCH}" | |
echo "CI_DEFAULT_BRANCH=${CI_DEFAULT_BRANCH}" | |
if [[ "${CI_CHANNEL}" != "tmp" ]]; then | |
if [[ "${CI_CURRENT_BRANCH}" != "${CI_DEFAULT_BRANCH}" ]]; then | |
echo "We are on the ${CI_CURRENT_BRANCH} branch, but only commits on ${CI_DEFAULT_BRANCH} are allowed for the ${CI_CHANNEL} channel!" | |
exit 1 | |
fi | |
fi | |
- name: Extract Package Version | |
run: | | |
set -Eeuxo pipefail | |
# Cargo metadata is a machine readable description of the workspace. | |
# We parse this with jq to extract the current version number of the | |
# software component | |
jq_query=".packages[] | select(.name == \"${CI_COMPONENT}\") | .version" | |
CI_SEMVER="$(cargo metadata --format-version=1 --no-deps --frozen --offline | jq -r "${jq_query}")" | |
echo "CI_SEMVER=${CI_SEMVER}" >>${GITHUB_ENV} | |
if ! [[ "${CI_SEMVER}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
echo "Cargo crate version was not in expected X.Y.Z format." | |
exit 1 | |
fi | |
- name: Calculate Release Name | |
id: release-name | |
run: | | |
set -Eeuxo pipefail | |
echo "CI_CHANNEL=${CI_CHANNEL}" | |
echo "CI_COMPONENT=${CI_COMPONENT}" | |
echo "CI_SEMVER=${CI_SEMVER}" | |
echo "CI_OVERALL_VERSION=${CI_OVERALL_VERSION}" | |
prefix="${CI_COMPONENT}/v${CI_SEMVER}-${CI_CHANNEL}" | |
# This regex searches for the prerelease number `.0` in `foo/v1.2.3-beta.0+KK` | |
regex="${CI_COMPONENT}\/v${CI_SEMVER}-${CI_CHANNEL}\.([0-9]+)\+[A-Z]{2}" | |
# This finds the latest prerelease number. | |
channel_num=$(gh release list | awk '{print $1}' | (grep ${prefix} || true) | sed -E "s/${regex}/\1/" | sort -n | tail -1) | |
channel_num=$((${channel_num:--1} + 1)) # increment number | |
echo "Detected next channel num to be ${channel_num}" | |
CI_RELEASE_NAME="${CI_COMPONENT}/v${CI_SEMVER}-${CI_CHANNEL}.${channel_num}+${CI_OVERALL_VERSION}" | |
echo "CI_RELEASE_NAME=${CI_RELEASE_NAME}" >>${GITHUB_ENV} | |
echo "CI_RELEASE_NAME=${CI_RELEASE_NAME}" >>${GITHUB_OUTPUT} | |
rust-ci: | |
name: Rust CI | |
uses: ./.github/workflows/rust-ci.yaml | |
needs: check-inputs | |
secrets: | |
GIT_HUB_TOKEN: ${{ secrets.GIT_HUB_TOKEN }} | |
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
release: | |
name: Create Release and Tag | |
runs-on: ubuntu-24.04 | |
needs: | |
- rust-ci | |
- check-inputs | |
steps: | |
- name: Download Rust Artifacts | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # [email protected] | |
with: | |
# didn't specify artifact name, so all artifacts are downloaded and merged | |
# into the `artifacts` dir | |
path: artifacts | |
merge-multiple: true | |
- name: List Downloaded Artifacts | |
run: ls -aRsh artifacts | |
- name: Extract relevant component's tar | |
run: | | |
set -Eeux -o pipefail | |
mkdir -p extracted | |
tar -xvf artifacts/${CI_COMPONENT}.tar.zst -C extracted | |
ls -aRsh extracted | |
- name: Compute sha256 checksums | |
run: | | |
set -Eeuxo pipefail | |
pushd extracted | |
for f in *; do | |
sha256sum "${f}" > "${f}.sha256" | |
done | |
ls -aRsh | |
popd | |
- name: Upload Release and Create Tag | |
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # pin@v1 | |
with: | |
tag_name: ${{ needs.check-inputs.outputs.release-name }} | |
draft: ${{ env.CI_CHANNEL == 'tmp' }} | |
fail_on_unmatched_files: true | |
files: extracted/* |