feat(repo): add Actions workflows to manage versions and releases wit…

…h Pipeline
clementguillot · Apr 17, 2024 · d3d8812 · d3d8812
1 parent b2430dd
commit d3d8812
Show file tree

Hide file tree

Showing 6 changed files with 191 additions and 5 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -86,7 +86,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
-      packages: write
+      packages: write # used to push images to `ghcr.io` if used.
     steps:
       - uses: actions/checkout@v4
         with:

diff --git a/.github/workflows/init-release.yaml b/.github/workflows/init-release.yaml
@@ -0,0 +1,65 @@
+name: Init Nx Cloud CE Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      TARGET_BRANCH:
+        description: 'TARGET_BRANCH to checkout (e.g. main or release-2.5)'
+        required: true
+        type: string
+
+      TARGET_VERSION:
+        description: 'TARGET_VERSION to build artifacts (e.g. 2.5.0-rc1) Note: the `v` prefix is not used'
+        required: true
+        type: string
+
+permissions: {}
+
+jobs:
+  prepare-release:
+    permissions:
+      contents: write  # for peter-evans/create-pull-request to create branch
+      pull-requests: write  # for peter-evans/create-pull-request to create a PR
+    name: Automatically generate version and artifacts on ${{ inputs.TARGET_BRANCH }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+          ref: ${{ inputs.TARGET_BRANCH }}
+
+      - name: Check if TARGET_VERSION is well formed.
+        run: |
+          set -xue
+          # Target version must not contain 'v' prefix
+          if echo "${{ inputs.TARGET_VERSION }}" | grep -e '^v'; then
+            echo "::error::Target version '${{ inputs.TARGET_VERSION }}' should not begin with a 'v' prefix, refusing to continue." >&2
+            exit 1
+          fi
+
+      - name: Create VERSION information
+        run: |
+          set -ue
+          echo "Bumping version from $(cat VERSION) to ${{ inputs.TARGET_VERSION }}"
+          echo "${{ inputs.TARGET_VERSION }}" > VERSION
+
+      - name: Generate new set of artifacts
+        run: |
+          set -ue
+          find . -type f -name 'build.gradle.kts' -exec sed -i -E 's/version = "([0-9]+\.[0-9]+\.[0-9]+(-SNAPSHOT)?)"/version = "${{ inputs.TARGET_VERSION }}"/g' {} +
+          find . -type f -name 'Chart.yaml' -exec sed -i -E 's/version: "[0-9]+\.[0-9]+\.[0-9]"/version: "${{ inputs.TARGET_VERSION }}"/g' {} +
+          find . -type f -name 'Chart.yaml' -exec sed -i -E 's/appVersion: "[0-9]+\.[0-9]+\.[0-9]"/version: "${{ inputs.TARGET_VERSION }}"/g' {} +
+          git diff
+
+      - name: Create pull request
+        uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38  # v5.0.2
+        with:
+          commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}"
+          title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch"
+          body: Updating VERSION and artifacts to ${{ inputs.TARGET_VERSION }}
+          branch: update-version
+          branch-suffix: random
+          signoff: true
+          labels: release
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,120 @@
+name: Publish Nx Cloud CE Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions: {}
+
+jobs:
+  retag-oci-images:
+    name: Re-tag OCI images
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write # for creating OIDC tokens for signing.
+      packages: write # used to push images to `ghcr.io` if used.
+    strategy:
+      matrix:
+        include:
+          - image: ghcr.io/clementguillot/nx-cloud-ce-server
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        with:
+          fetch-depth: 0
+
+      - name: Set up Skopeo
+        uses: warjiang/setup-skopeo@71776e03c10d767c04af8924fe5a67763f9b3d34 # v0.1.3
+        with:
+          version: latest
+
+      - name: Extract tag and commit SHA
+        id: vars
+        run: |
+          echo "TAG=${{ github.ref_name }}" >> $GITHUB_ENV
+          SHORT_SHA=$(git rev-parse --short $GITHUB_SHA)
+          echo "SHORT_SHA=${SHORT_SHA}" >> $GITHUB_ENV
+
+      - name: Copy images to new tag
+        run: |
+          skopeo --version
+          echo ${{ secrets.GITHUB_TOKEN }} | skopeo login -u ${{ github.actor }} --password-stdin ghcr.io
+          skopeo copy --all \
+          docker://${{ matrix.image }}:${{ env.SHORT_SHA }} \
+          docker://${{ matrix.image }}:${{ env.TAG }}
+
+  publish-helm-charts:
+    name: Publish Helm Charts
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write  # for helm/chart-releaser-action to push chart release and create a release
+      packages: write # to push OCI chart package to GitHub Registry
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Set up Helm
+        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        with:
+          version: v3.14.4
+
+      - name: Setup Build Tools
+        uses: ./.github/actions/setup-tools
+
+      - name: Build Helm Chart
+        run: npx nx build apps/helm-chart
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        with:
+          skip_packaging: true
+
+      - name: Login to GHCR
+        uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Push chart to GHCR
+        run: |
+          shopt -s nullglob
+          for pkg in .cr-release-packages/*.tgz; do
+            if [ -z "${pkg:-}" ]; then
+              break
+            fi
+            helm push "${pkg}" "oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/charts"
+          done
+
+
+  release:
+    name: Create Release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write  # for softprops/action-gh-release to create a release
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        with:
+          fetch-depth: 0
+
+      - name: Create Release
+        uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.4
+        with:
+          generate_release_notes: true
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.gitignore b/.gitignore
@@ -43,3 +43,4 @@ Thumbs.db
 build
 
 .nx/cache
+.cr-release-packages
diff --git a/VERSION b/VERSION
@@ -0,0 +1 @@
+0.0.0
diff --git a/apps/helm-chart/project.json b/apps/helm-chart/project.json
@@ -22,11 +22,10 @@
       "dependsOn": ["dependency-build"],
       "executor": "nx:run-commands",
       "options": {
-        "cwd": "apps/helm-chart",
         "commands": [
-          "mkdir -p dist",
-          "helm dependency build src",
-          "helm package src --destination dist"
+          "mkdir -p .cr-release-packages",
+          "helm dependency build apps/helm-chart/src",
+          "helm package apps/helm-chart/src --destination .cr-release-packages"
         ],
         "parallel": false
       },
Original file line number	Diff line number	Diff line change
Expand Up		@@ -43,3 +43,4 @@ Thumbs.db
		build

		.nx/cache
		.cr-release-packages