Release » Process release tag #6
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release » Process release tag | |
| on: | |
| workflow_dispatch: | |
| push: | |
| tags: | |
| # CF: 17.x-YYYY-MM-DD | |
| - '*.x-*-*-*' | |
| jobs: | |
| build-release-tarballs: | |
| name: Create release from tag | |
| if: github.repository_owner == 'opencast' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| checksum: ${{ steps.tarball.outputs.checksum }} | |
| tag: ${{ steps.tarball.outputs.tag }} | |
| branch: ${{ steps.tarball.outputs.branch }} | |
| permissions: | |
| contents: write #for the release | |
| pull-requests: write #For the PR in the upstream repo | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v5 | |
| - name: Get Node.js | |
| uses: actions/setup-node@v5 | |
| with: | |
| node-version: 20 | |
| - name: Run npm ci | |
| run: npm ci | |
| - name: Build the app | |
| env: | |
| PUBLIC_URL: /admin-ui | |
| run: npm run build | |
| - name: Create release tarball | |
| id: tarball | |
| working-directory: build | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| tar -czf "../oc-admin-ui-$(git describe --tags).tar.gz" * | |
| echo checksum=`sha256sum ../oc-admin-ui-$(git describe --tags).tar.gz | cut -f 1 -d " "` >> $GITHUB_OUTPUT | |
| echo tag=$(git describe --tags) >> $GITHUB_OUTPUT | |
| while read branchname | |
| do | |
| LAST_BRANCH="$branchname" | |
| #branchname looks like 'r/17.x', the describe + cut looks like '17.x', so we prefix with r/ | |
| # NB: branchname == develop is not handled here, it's handled below | |
| if [ "$branchname" != "r/`git describe --tags | cut -f 1 -d -`" ]; then | |
| continue | |
| fi | |
| echo "Base branch is $branchname" | |
| BASE_BRANCH="$branchname" | |
| echo "branch=$BASE_BRANCH" >> $GITHUB_OUTPUT | |
| break | |
| done <<< `gh api \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| /repos/${{ github.repository_owner }}/opencast/branches?per_page=100 | \ | |
| jq -r '. | map(select(.name | match("r/[0-9]*.x"))) | .[].name'` | |
| #Figure out what develop branch's version should be | |
| # Bash is, without a doubt, the worst possible way to do this, but here we are... | |
| export DEVELOP_VERSION=$(($(echo $LAST_BRANCH | cut -f 2 -d '/' | cut -f 1 -d '.') + 1)).x | |
| #If we didn't find a match above, *and* the develop branch matches the tag | |
| if [ -z "${BASE_BRANCH}" -a "$DEVELOP_VERSION" == "`git describe --tags | cut -f 1 -d -`" ]; then | |
| echo "Base branch is develop, version $DEVELOP_VERSION" | |
| # Develop is by definition (LAST_BRANCH + 1).x | |
| echo "branch=develop" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Create new release in github | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: oc-admin-ui-*.tar.gz | |
| fail_on_unmatched_files: true | |
| generate_release_notes: true | |
| file-upstream-release-pr: | |
| name: Create upstream PR to incorporate release | |
| if: github.repository_owner == 'opencast' | |
| runs-on: ubuntu-latest | |
| needs: build-release-tarballs | |
| permissions: | |
| contents: write #for the release | |
| pull-requests: write #For the PR in the upstream repo | |
| steps: | |
| - name: Prepare git | |
| run: | | |
| git config --global user.name "Release Bot" | |
| git config --global user.email "cloud@opencast.org" | |
| - name: Prepare GitHub SSH key | |
| env: | |
| DEPLOY_KEY: ${{ secrets.MODULE_PR_DEPLOY_KEY }} | |
| run: | | |
| install -dm 700 ~/.ssh/ | |
| echo "${DEPLOY_KEY}" > ~/.ssh/id_ed25519 | |
| chmod 600 ~/.ssh/id_ed25519 | |
| ssh-keyscan github.com >> ~/.ssh/known_hosts | |
| - name: Clone upstream repository | |
| run: | | |
| git clone -b ${{ needs.build-release-tarballs.outputs.branch }} "git@github.com:${{ github.repository_owner }}/opencast.git" opencast | |
| cd opencast | |
| git checkout -b t/admin-ui-${{ needs.build-release-tarballs.outputs.tag }} | |
| - name: Update the admin ui pom file | |
| working-directory: opencast | |
| run: | | |
| sed -i "s#<interface.sha256>.*</interface.sha256>#<interface.sha256>${{ needs.build-release-tarballs.outputs.checksum }}</interface.sha256>#" modules/admin-ui-interface/pom.xml | |
| sed -i "s#<interface.url>.*</interface.url>#<interface.url>https://github.com/${{ github.repository_owner }}/opencast-admin-interface/releases/download/${{ needs.build-release-tarballs.outputs.tag }}/oc-admin-ui-${{ needs.build-release-tarballs.outputs.tag }}.tar.gz</interface.url>#" modules/admin-ui-interface/pom.xml | |
| git add modules/admin-ui-interface/pom.xml | |
| git commit -m "Updating admin ui to ${{ needs.build-release-tarballs.outputs.tag }}" | |
| git push origin t/admin-ui-${{ needs.build-release-tarballs.outputs.tag }} | |
| #This token is an account wide token which allows creation of PRs and pushes. | |
| echo "${{ secrets.MODULE_PR_TOKEN }}" > token.txt | |
| gh auth login --with-token < token.txt | |
| gh pr create \ | |
| --title "Update ${{ needs.build-release-tarballs.outputs.branch }} Admin UI to ${{ needs.build-release-tarballs.outputs.tag }}" \ | |
| --body "Updating Opencast ${{ needs.build-release-tarballs.outputs.branch }} Admin UI module to [${{ needs.build-release-tarballs.outputs.tag }}](https://github.com/${{ github.repository_owner }}/opencast-admin-interface/releases/tag/${{ needs.build-release-tarballs.outputs.tag }})" \ | |
| --head=${{ github.repository_owner }}:t/admin-ui-${{ needs.build-release-tarballs.outputs.tag }} \ | |
| --base ${{ needs.build-release-tarballs.outputs.branch }} \ | |
| -R ${{ github.repository_owner }}/opencast | |
| #FIXME: fine grained PATs can't apply labels | |
| #FIXME: classic PATs don't have the permissions because the PR isn't in an opencastproject (the user) repo | |
| #--label admin-ui --label maintenance \ |