Skip to content

Automated Release

Automated Release #125

Workflow file for this run

name: Automated Release
on:
workflow_dispatch:
inputs:
component:
description: "The component to release"
required: true
type: choice
options:
- orb-attest
- orb-hil
- orb-mcu-util
- orb-slot-ctrl
- orb-supervisor
- orb-thermal-cam-ctrl
- orb-ui
- orb-update-verifier
channel:
description: |
Which release channel?
`beta` can only be used on `main` and is permanent.
`tmp` can be any ref and gets deleted after 1 week. Only use it for testing,
dont ever merge it to `main` of orb-os.
required: true
type: choice
options:
- "beta"
- "tmp"
overall_version:
description: |
In which orb-os version will this release be used?
required: true
type: choice
default: LL
options:
- JJ
- KK
- LL
- MM
env:
CI_CHANNEL: ${{ inputs.channel }}
CI_COMPONENT: ${{ inputs.component }}
CI_OVERALL_VERSION: ${{ inputs.overall_version }}
GH_TOKEN: ${{ github.token }} # For gh cli
jobs:
check-inputs:
name: Check Workflow Inputs
runs-on: ubuntu-22.04
outputs:
release-name: ${{ steps.release-name.outputs.CI_RELEASE_NAME }}
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3
with:
token: ${{ github.token }}
- name: Ensure git ref is valid for the selected channel
env:
CI_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
run: |
set -Eeuxo pipefail
CI_CURRENT_BRANCH="$(git branch --show-current)"
echo "CI_CURRENT_BRANCH=${CI_CURRENT_BRANCH}"
echo "CI_DEFAULT_BRANCH=${CI_DEFAULT_BRANCH}"
if [[ "${CI_CHANNEL}" != "tmp" ]]; then
if [[ "${CI_CURRENT_BRANCH}" != "${CI_DEFAULT_BRANCH}" ]]; then
echo "We are on the ${CI_CURRENT_BRANCH} branch, but only commits on ${CI_DEFAULT_BRANCH} are allowed for the ${CI_CHANNEL} channel!"
exit 1
fi
fi
- name: Extract Package Version
run: |
set -Eeuxo pipefail
# Cargo metadata is a machine readable description of the workspace.
# We parse this with jq to extract the current version number of the
# software component
jq_query=".packages[] | select(.name == \"${CI_COMPONENT}\") | .version"
CI_SEMVER="$(cargo metadata --format-version=1 --no-deps --frozen --offline | jq -r "${jq_query}")"
echo "CI_SEMVER=${CI_SEMVER}" >>${GITHUB_ENV}
if ! [[ "${CI_SEMVER}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Cargo crate version was not in expected X.Y.Z format."
exit 1
fi
- name: Calculate Release Name
id: release-name
run: |
set -Eeuxo pipefail
echo "CI_CHANNEL=${CI_CHANNEL}"
echo "CI_COMPONENT=${CI_COMPONENT}"
echo "CI_SEMVER=${CI_SEMVER}"
echo "CI_OVERALL_VERSION=${CI_OVERALL_VERSION}"
prefix="${CI_COMPONENT}/v${CI_SEMVER}-${CI_CHANNEL}"
# This regex searches for the prerelease number `.0` in `foo/v1.2.3-beta.0+KK`
regex="${CI_COMPONENT}\/v${CI_SEMVER}-${CI_CHANNEL}\.([0-9]+)\+[A-Z]{2}"
# This finds the latest prerelease number.
channel_num=$(gh release list | awk '{print $1}' | (grep ${prefix} || true) | sed -E "s/${regex}/\1/" | sort -n | tail -1)
channel_num=$((${channel_num:--1} + 1)) # increment number
echo "Detected next channel num to be ${channel_num}"
CI_RELEASE_NAME="${CI_COMPONENT}/v${CI_SEMVER}-${CI_CHANNEL}.${channel_num}+${CI_OVERALL_VERSION}"
echo "CI_RELEASE_NAME=${CI_RELEASE_NAME}" >>${GITHUB_ENV}
echo "CI_RELEASE_NAME=${CI_RELEASE_NAME}" >>${GITHUB_OUTPUT}
rust-ci:
name: Rust CI
uses: ./.github/workflows/rust-ci.yaml
needs: check-inputs
secrets:
GIT_HUB_TOKEN: ${{ secrets.GIT_HUB_TOKEN }}
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
release:
name: Create Release and Tag
runs-on: ubuntu-22.04
needs:
- rust-ci
- check-inputs
steps:
- name: Download Rust Artifacts
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # pin@v4.1.7
with:
# didn't specify artifact name, so all artifacts are downloaded and merged
# into the `artifacts` dir
path: artifacts
merge-multiple: true
- name: List Downloaded Artifacts
run: ls -aRsh artifacts
- name: Extract relevant component's tar
run: |
set -Eeux -o pipefail
mkdir -p extracted
tar -xvf artifacts/${CI_COMPONENT}.tar.zst -C extracted
ls -aRsh extracted
- name: Compute sha256 checksums
run: |
set -Eeuxo pipefail
pushd extracted
for f in *; do
sha256sum "${f}" > "${f}.sha256"
done
ls -aRsh
popd
- name: Upload Release and Create Tag
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # pin@v1
with:
tag_name: ${{ needs.check-inputs.outputs.release-name }}
draft: ${{ env.CI_CHANNEL == 'tmp' }}
fail_on_unmatched_files: true
files: extracted/*