chore(ci): Add release-please (#183)

* Add release-please * Add bootstrap-sha * Fix * Allow builder
2025-04-24 09:42:14 +00:00 · 2023-01-23 17:50:47 +02:00 · 2023-01-23 17:50:47 +02:00 · 51e9bb8ad4
commit 51e9bb8ad4
parent 201a6602ba
8 changed files with 194 additions and 159 deletions
--- a/.github/actionlint.yaml
+++ b/.github/actionlint.yaml
@ -0,0 +1,3 @@
+self-hosted-runner:
+  labels:
+    - builder
--- a/.github/release-please/config.json
+++ b/.github/release-please/config.json
@ -0,0 +1,12 @@
+{
+  "bootstrap-sha": "1126e01580c2b91674a6c016844e5b1b8c5b2b14",
+  "release-type": "simple",
+  "bump-minor-pre-major": true,
+  "bump-patch-for-minor-pre-major": true,
+  "packages": {
+    ".": {
+      "package-name": "registry",
+      "component": "registry"
+    }
+  }
+}
--- a/.github/release-please/manifest.json
+++ b/.github/release-please/manifest.json
@ -0,0 +1,3 @@
+{
+  ".": "0.7.0"
+}
--- a/.github/workflows/changelog_config.json
+++ b/.github/workflows/changelog_config.json
@ -1,5 +0,0 @@
-{
-    "template": "${{CHANGELOG}}\n\n${{UNCATEGORIZED}}",
-    "pr_template": "- #${{NUMBER}} ${{TITLE}}",
-    "empty_template": "- no changes"
-}
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -0,0 +1,35 @@
+name: lint
+
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  pr:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  reviewdog:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Lint actions
+        uses: reviewdog/action-actionlint@v1
+        env:
+          SHELLCHECK_OPTS: "-e SC2086 -e SC2207 -e SC2128"
+        with:
+          reporter: github-pr-check
+          fail_on_error: true
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -1,162 +1,172 @@
-name: "publish-release"
+name: "release"

 on:
  push:
-    tags:
-      - "v*"
+    branches:
+      - "main"
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"

 jobs:
-  npm-publish:
-    name: "Publish"
-    runs-on: builder
-    container: rust
-    defaults:
-      run:
-        shell: bash
+  release-please:
+    runs-on: ubuntu-latest
+
+    outputs:
+      release-created: ${{ steps.release.outputs['release_created'] }}
+      tag-name: ${{ steps.release.outputs['tag_name'] }}
+      version: ${{ steps.release.outputs['version'] }}
+      pr: ${{ steps.release.outputs['pr'] }}

    steps:
-### Setup
-      - name: Checkout repository
+      - name: Run release-please
+        id: release
+        uses: google-github-actions/release-please-action@v3
+        with:
+          token: ${{ secrets.FLUENCEBOT_RELEASE_PLEASE_PAT }}
+          command: manifest
+          config-file: .github/release-please/config.json
+          manifest-file: .github/release-please/manifest.json
+
+      - name: Show output from release-please
+        if: steps.release.outputs.releases_created
+        env:
+          RELEASE_PLEASE_OUTPUT: ${{ toJSON(steps.release.outputs) }}
+        run: echo "${RELEASE_PLEASE_OUTPUT}" | jq
+
+  bump-version:
+    if: needs.release-please.outputs.pr != null
+    runs-on: builder
+    needs:
+      - release-please
+
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ fromJson(needs.release-please.outputs.pr).headBranchName }}
+
+      - name: Setup Rust toolchain
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+
+      - name: Install cargo-edit
+        uses: baptiste0928/cargo-install@v1.3.0
+        with:
+          crate: cargo-edit
+
+      - name: Get version
+        id: version
+        run: |
+          version="$(jq -r '.[]' .github/release-please/manifest.json)"
+          echo "version=${version}" >> $GITHUB_OUTPUT
+
+      - name: Set version in service
+        working-directory: service
+        run: cargo set-version ${{ steps.version.outputs.version }}
+
+      - name: Set version in aqua
+        working-directory: aqua
+        run: npm version ${{ steps.version.outputs.version }}
+
+      - name: Commit version bump
+        uses: stefanzweifel/git-auto-commit-action@v4
+        with:
+          commit_message: "chore: Bump registry version to ${{ steps.version.outputs.version }}"
+          branch: ${{ fromJson(needs.release-please.outputs.pr).headBranchName }}
+          commit_user_name: fluencebot
+          commit_user_email: devops@fluence.one
+          commit_author: fluencebot <devops@fluence.one>
+
+  registry:
+    runs-on: builder
+
+    needs: release-please
+    if: needs.release-please.outputs.release-created
+
+    permissions:
+      contents: write
+      id-token: write
+
+    steps:
+      - name: Checkout
        uses: actions/checkout@v3

-      - name: Set env
-        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+      - name: Import secrets
+        uses: hashicorp/vault-action@v2.4.3
+        with:
+          url: https://vault.fluence.dev
+          path: jwt/github
+          role: ci
+          method: jwt
+          jwtGithubAudience: "https://github.com/fluencelabs"
+          jwtTtl: 300
+          exportToken: false
+          secrets: |
+            kv/npmjs/fluencebot token | NODE_AUTH_TOKEN

-      - name: "Install marine"
-        uses: baptiste0928/cargo-install@v1
+      - name: Setup Rust toolchain
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+
+      - name: Install Marine
+        uses: baptiste0928/cargo-install@v1.3.0
        with:
          crate: marine

-      - uses: actions/setup-java@v3
-        with:
-          distribution: 'adopt'
-          java-version: '11'
-
-      - name: Cache npm
-        uses: actions/cache@v3
-        with:
-          path: ~/.npm
-          key: ${{ runner.os }}-node-v03-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-v03-
-
-      - uses: actions/setup-node@v3
-        with:
-          node-version: "15"
-          registry-url: "https://registry.npmjs.org"
-
-      - name: Cache cargo
-        uses: actions/cache@v3
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            ~/.cargo/bin
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
-
-      - name: Install Rust
-        working-directory: ./service
-        run: |
-          rustup toolchain install nightly-2022-09-01-x86_64-unknown-linux-gnu
-          rustup default nightly-2022-09-01-x86_64-unknown-linux-gnu
-          rustup override set nightly-2022-09-01-x86_64-unknown-linux-gnu
-          rustup target add wasm32-wasi --toolchain nightly-2022-09-01-x86_64-unknown-linux-gnu
-
-### Build
-      - name: Build registry.wasm
-        working-directory: ./service
+      - name: Build service
        run: ./build.sh
+        working-directory: service

-      - name: Check Aqua compiles
-        working-directory: ./aqua
-        run: |
-          npm i
-          npm run build
+      - name: Setup node
+        uses: actions/setup-node@v3
+        with:
+          node-version: "16"
+          registry-url: "https://registry.npmjs.org"
+          cache-dependency-path: "aqua/package-lock.json"
+          cache: "npm"
+
+      - run: npm i
+        working-directory: aqua
+
+      - run: npm run build
+        working-directory: aqua
+
+      - name: Publish to NPM registry
+        run: npm publish --access public
+        working-directory: aqua

      - name: Create builtin distribution package
-        run: |
-          ./builtin-package/package.sh
-
-      - name: Build Changelog
-        id: changelog
-        uses: mikepenz/release-changelog-builder-action@v3
-        with:
-          configuration: ".github/workflows/changelog_config.json"
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-## Publish
-      - name: Release
-        id: release
-        uses: softprops/action-gh-release@v1
-        with:
-          name: registry ${{ env.RELEASE_VERSION }}
-          tag_name: ${{ env.RELEASE_VERSION }}
-          files: |
-            registry.tar.gz
-          body: ${{steps.changelog.outputs.changelog}}
-          draft: false
-          prerelease: false
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      ### Publish Aqua API
-      - name: Publish Aqua API
-        run: |
-          npm version ${{ env.RELEASE_VERSION }} --allow-same-version
-          npm publish --access public
-        env:
-            NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-        working-directory: ./aqua
-
-## Update node-distro repo
-      - name: Get tar.gz URL
-        id: package-url
-        uses: actions/github-script@v6
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          result-encoding: string
-          script: |
-            try {
-                let assets = await github.repos.listReleaseAssets({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  release_id: "${{ steps.release.outputs.id }}",
-                });
-                console.dir(assets);
-                let package = assets.data.find((a) => a.name === 'registry.tar.gz');
-                let url = package.browser_download_url;
-                console.log("URL: " + url);
-                return url;
-            } catch (e) {
-              console.log("Err: " + e);
-              throw e;
-            }
+        run: ./builtin-package/package.sh

      - name: Calculate SHA256
+        id: sha
        run: |
+          # Calculate sha256
          du -hs registry.tar.gz
-          echo $(sha256sum registry.tar.gz)
-          echo "SHA256=$(sha256sum registry.tar.gz | awk '{ print $1 }')" >> $GITHUB_ENV
+          sha256sum registry.tar.gz
+          sha=($(sha256sum registry.tar.gz))
+          echo "sha256=${sha}" >> $GITHUB_OUTPUT
+
+      - name: Upload registry package
+        if: needs.release-please.outputs.release-created
+        uses: softprops/action-gh-release@v1
+        with:
+          files: registry.tar.gz
+          tag_name: ${{ needs.release-please.outputs.tag-name }}

      - name: Update version in node-distro repo
+        if: needs.release-please.outputs.release-created
        uses: benc-uk/workflow-dispatch@v1
        with:
          workflow: update_service
          repo: fluencelabs/node-distro
-          ref: 'main'
+          ref: "main"
          token: ${{ secrets.PERSONAL_TOKEN }}
          inputs: '{
            "name": "registry",
-            "version": "${{ env.RELEASE_VERSION }}",
-            "url": "${{ steps.package-url.outputs.result }}",
-            "sha256": "${{ env.SHA256 }}"
+            "version": "${{ needs.release-please.outputs.version }}",
+            "url": "https://github.com/fluencelabs/registry/releases/download/${{ needs.release-please.outputs.tag-name }}/registry.tar.gz",
+            "sha256": "${{ steps.sha.outputs.sha256 }}"
          }'
-
-      - name: Log notice
-        uses: actions/github-script@v6
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-              console.dir(core);
-              core.info("registry was updated to ${{ env.RELEASE_VERSION }} in node-distro repo");
--- a/.github/workflows/tag.yml
+++ b/.github/workflows/tag.yml
@ -1,17 +0,0 @@
-name: "tag"
-
-on:
-  workflow_dispatch:
-
-jobs:
-  tag:
-    name: "Tag"
-    runs-on: "ubuntu-latest"
-
-    steps:
-      - uses: actions/checkout@v3
-      - name: Bump version and push tag
-        id: tag_version
-        uses: mathieudutour/github-tag-action@v6.1
-        with:
-          github_token: ${{ secrets.PERSONAL_TOKEN }}
--- a/package-lock.json
+++ b/package-lock.json
@ -1,6 +0,0 @@
-{
-  "name": "registry",
-  "lockfileVersion": 2,
-  "requires": true,
-  "packages": {}
-}