-
Notifications
You must be signed in to change notification settings - Fork 4
246 lines (210 loc) · 8.81 KB
/
release.yml
File metadata and controls
246 lines (210 loc) · 8.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
name: Release Process
on:
push:
branches: [master]
workflow_dispatch:
inputs:
force_release:
description: 'Force release even if not from dev merge'
required: false
default: 'false'
type: boolean
jobs:
# Check if this push is from a dev branch merge
check-merge-source:
runs-on: ubuntu-latest
outputs:
is-dev-merge: ${{ steps.check.outputs.is-dev-merge }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Check if merge is from dev branch
id: check
run: |
echo "Event: ${{ github.event_name }}"
if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
echo "🔧 Manual workflow dispatch triggered"
if [[ "${{ github.event.inputs.force_release }}" == "true" ]]; then
echo "✅ Force release enabled - proceeding"
echo "is-dev-merge=true" >> $GITHUB_OUTPUT
else
echo "⚠️ Manual trigger without force_release - checking current branch is master"
if [[ "${{ github.ref_name }}" == "master" ]]; then
echo "✅ On master branch - proceeding with manual release"
echo "is-dev-merge=true" >> $GITHUB_OUTPUT
else
echo "❌ Not on master branch for manual release"
echo "is-dev-merge=false" >> $GITHUB_OUTPUT
fi
fi
else
echo "Checking merge source..."
echo "Commit message: ${{ github.event.head_commit.message }}"
# Check if this is a merge commit from dev
if [[ "${{ github.event.head_commit.message }}" == *"Merge pull request"* ]] && \
[[ "${{ github.event.head_commit.message }}" == *"/dev"* ]]; then
echo "✅ Detected merge from dev branch"
echo "is-dev-merge=true" >> $GITHUB_OUTPUT
else
echo "❌ Not a dev branch merge - skipping release"
echo "is-dev-merge=false" >> $GITHUB_OUTPUT
fi
fi
# Main release job
release:
needs: check-merge-source
if: needs.check-merge-source.outputs.is-dev-merge == 'true'
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
actions: read
id-token: write # Required for PyPI Trusted Publishing
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
# Use GITHUB_TOKEN which has permissions to bypass branch protection
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install build dependencies
run: |
python -m pip install --upgrade pip
pip install build
- name: Read and clean version
id: version
run: |
# Read current version and clean it
CURRENT_VERSION=$(cat abm/VERSION)
# Handle both -dev0 and -dev.11 formats, plus -rc variants
CLEAN_VERSION=$(echo "$CURRENT_VERSION" | sed 's/-dev[0-9.]*$//' | sed 's/-rc[0-9.]*$//')
# Calculate next dev version (minor bump)
IFS='.' read -r major minor patch <<< "$CLEAN_VERSION"
NEXT_MINOR=$((minor + 1))
NEXT_DEV_VERSION="${major}.${NEXT_MINOR}.0-dev0"
echo "current-version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
echo "clean-version=$CLEAN_VERSION" >> $GITHUB_OUTPUT
echo "next-dev-version=$NEXT_DEV_VERSION" >> $GITHUB_OUTPUT
echo "Current version: $CURRENT_VERSION"
echo "Clean version: $CLEAN_VERSION"
echo "Next dev version: $NEXT_DEV_VERSION"
- name: Update version for release
run: |
echo "${{ steps.version.outputs.clean-version }}" > abm/VERSION
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add abm/VERSION
git commit -m "Release v${{ steps.version.outputs.clean-version }}"
git push origin master
- name: Create and push tag
id: tag
run: |
TAG_NAME="v${{ steps.version.outputs.clean-version }}"
git tag "$TAG_NAME"
git push origin "$TAG_NAME"
echo "tag-name=$TAG_NAME" >> $GITHUB_OUTPUT
- name: Build Python package
run: |
python -m build
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
# Uses OIDC Trusted Publisher - no API token required
attestations: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Quay.io
uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: |
quay.io/galaxyproject/abm:${{ steps.version.outputs.clean-version }}
quay.io/galaxyproject/abm:latest
platforms: linux/amd64,linux/arm64
- name: Create GitHub Release
id: create-release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.tag.outputs.tag-name }}
release_name: ${{ steps.tag.outputs.tag-name }}
body: |
# gxabm ${{ steps.tag.outputs.tag-name }}
This release includes all changes merged from the development branch.
Release notes will be updated with detailed changes shortly...
draft: false
prerelease: false
- name: Generate detailed release notes
run: |
# Get the previous tag for comparison
PREV_TAG=$(git describe --tags --abbrev=0 ${{ steps.tag.outputs.tag-name }}^ 2>/dev/null || echo "")
if [ -n "$PREV_TAG" ]; then
# Generate release notes between previous tag and current
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
/repos/${{ github.repository }}/releases/generate-notes \
-f tag_name="${{ steps.tag.outputs.tag-name }}" \
-f previous_tag_name="$PREV_TAG" > release-notes.json
# Extract the generated notes
GENERATED_NOTES=$(cat release-notes.json | jq -r '.body')
# Update the release with detailed notes
gh api \
--method PATCH \
-H "Accept: application/vnd.github+json" \
/repos/${{ github.repository }}/releases/${{ steps.create-release.outputs.id }} \
-f body="# gxabm ${{ steps.tag.outputs.tag-name }}
This release includes all changes merged from the development branch.
## What's Changed
$GENERATED_NOTES
**Full Changelog**: https://github.com/${{ github.repository }}/compare/$PREV_TAG...${{ steps.tag.outputs.tag-name }}"
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Merge master back to dev
run: |
git checkout dev
git pull origin dev
git merge master --no-ff -m "Merge release ${{ steps.tag.outputs.tag-name }} back to dev"
echo "${{ steps.version.outputs.next-dev-version }}" > abm/VERSION
git add abm/VERSION
git commit -m "Bump version to ${{ steps.version.outputs.next-dev-version }}"
git push origin dev
# Rollback on failure
- name: Rollback on failure
if: failure()
run: |
echo "Release process failed. Rolling back..."
# Delete the tag if it was created
if [ -n "${{ steps.tag.outputs.tag-name }}" ]; then
git tag -d "${{ steps.tag.outputs.tag-name }}" || true
git push --delete origin "${{ steps.tag.outputs.tag-name }}" || true
fi
# Delete the GitHub release if it was created
if [ -n "${{ steps.create-release.outputs.id }}" ]; then
gh api \
--method DELETE \
-H "Accept: application/vnd.github+json" \
/repos/${{ github.repository }}/releases/${{ steps.create-release.outputs.id }} || true
fi
# Reset the version file to original
echo "${{ steps.version.outputs.current-version }}" > abm/VERSION
git add abm/VERSION
git commit -m "Rollback: restore version to ${{ steps.version.outputs.current-version }}"
git push origin master
echo "Rollback completed. Please check the logs and fix any issues before retrying."
exit 1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}