Release Ansible package #54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Copyright (c) Ansible Project | |
# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) | |
# SPDX-License-Identifier: GPL-3.0-or-later | |
name: Release Ansible package | |
'on': | |
workflow_dispatch: | |
inputs: | |
ansible-version: | |
description: >- | |
Release Version. Example: 11.1.0 | |
required: true | |
preserve-deps: | |
description: >- | |
Whether to preserve existing `.deps` files. | |
type: boolean | |
default: false | |
allow-reset-build-deps: | |
description: >- | |
Whether to allow resetting existing .build files during alpha and beta-1 releases. | |
Only set to false for special alpha or beta-1 releases if the deps and build files | |
have been prepared manually! | |
type: boolean | |
default: true | |
existing-branch: | |
description: >- | |
If provided, assumes that a branch of this name exists in the ansible-build-data | |
repository. Changes will be pushed to this branch, and the PR will be created from | |
it. | |
type: string | |
default: '' | |
env: | |
CI_COMMIT_MESSAGE: >- | |
Ansible ${{ inputs.ansible-version }}: | |
Dependencies, changelog and porting guide | |
ANSIBLE_VERSION: ${{ inputs.ansible-version }} | |
ANSIBLE_BRANCH_NAME: ${{ inputs.existing-branch || format('publish-{0}', inputs.ansible-version) }} | |
jobs: | |
build: | |
name: Build Ansible (${{ inputs.ansible-version }}) | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
contents: write | |
outputs: | |
pr_url: ${{ steps.create-pr.outputs.pr_url }} | |
steps: | |
- name: Check out antsibull-build | |
uses: actions/checkout@v4 | |
with: | |
repository: ansible-community/antsibull-build | |
ref: main | |
path: antsibull-build | |
- name: Pre-create build directory | |
run: mkdir -p antsibull-build/build | |
- name: Check out ansible-build-data under antsibull-build build directory | |
uses: actions/checkout@v4 | |
with: | |
# This is where the antsibull-build build-release role expects it by default | |
path: antsibull-build/build/ansible-build-data | |
ref: ${{ inputs.existing-branch || '' }} | |
- name: Set up Python 3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.12 | |
- name: Install dependencies | |
working-directory: antsibull-build | |
run: | | |
python3 -m pip install packaging ansible-core antsibull-build | |
ansible-galaxy install -r requirements.yml | |
- name: Validate version and extract major version | |
shell: python | |
id: extract-version | |
run: | | |
import os | |
import pathlib | |
import sys | |
from packaging.version import Version | |
FILE_APPEND_MODE = 'a' | |
OUTPUTS_FILE_PATH = pathlib.Path(os.environ['GITHUB_OUTPUT']) | |
VERSION = os.environ['ANSIBLE_VERSION'] | |
def set_output(name, value): | |
with OUTPUTS_FILE_PATH.open(FILE_APPEND_MODE) as outputs_file: | |
outputs_file.writelines(f'{name}={value}{os.linesep}') | |
try: | |
version = Version(VERSION) | |
except Exception as exc: | |
sys.exit( | |
f'::error ::The version {VERSION!r} cannot be parsed: {exc}.' | |
) | |
set_output('major-version', version.major) | |
- name: Checking out to a new branch | |
if: inputs.existing-branch == '' | |
working-directory: antsibull-build/build/ansible-build-data | |
run: | | |
git checkout -b "${ANSIBLE_BRANCH_NAME}" | |
- name: Setting the user details | |
run: | | |
git config --global user.name "Github Actions" | |
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
# Run the playbook according to the current release process | |
- name: Building a release with the defaults | |
working-directory: antsibull-build | |
env: | |
PRESERVE_DEPS: ${{ inputs.preserve-deps }} | |
ALLOW_RESET_BUILD_DEPS: ${{ inputs.allow-reset-build-deps }} | |
# Make result better readable | |
ANSIBLE_CALLBACK_RESULT_FORMAT: yaml | |
run: >- | |
ansible-playbook -vv playbooks/build-single-release.yaml | |
-e antsibull_data_reset=false | |
-e "antsibull_build_reset=${ALLOW_RESET_BUILD_DEPS}" | |
-e "antsibull_ansible_version=${ANSIBLE_VERSION}" | |
-e "antsibull_preserve_deps=${PRESERVE_DEPS}" | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
id: upload-artifact | |
with: | |
name: sdist-and-wheel | |
path: antsibull-build/build/ansible-*.* | |
- name: Commit ansible-build-data and push the changes to github | |
working-directory: >- | |
antsibull-build/build/ansible-build-data/${{ steps.extract-version.outputs.major-version }} | |
run: | | |
git add . | |
git commit -m "${CI_COMMIT_MESSAGE}" | |
git push origin "${ANSIBLE_BRANCH_NAME}" | |
- name: Create PR to the ansible-build-data | |
id: create-pr | |
working-directory: antsibull-build/build/ansible-build-data | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
ARTIFACT_URL: ${{ steps.upload-artifact.outputs.artifact-url }} | |
run: | | |
body="$(echo -e "${CI_COMMIT_MESSAGE}\nRelease artifacts: <${ARTIFACT_URL}>")" | |
echo -n "pr_url=" >> "${GITHUB_OUTPUT}" | |
gh pr create \ | |
--base main \ | |
--head "${ANSIBLE_BRANCH_NAME}" \ | |
--title "Release Ansible ${ANSIBLE_VERSION}" \ | |
--body "${body}" | tee -a "$GITHUB_OUTPUT" | |
# publish job downloads the arifacts and publish it to PyPI | |
publish: | |
needs: build | |
name: Upload Ansible (${{ inputs.ansible-version }}) to PyPI | |
runs-on: ubuntu-latest | |
environment: | |
name: pypi | |
url: https://pypi.org/project/ansible/${{ inputs.ansible-version }} | |
permissions: | |
id-token: write | |
outputs: | |
pr_url: ${{ needs.build.outputs.pr_url }} | |
steps: | |
- name: Ensure that the PR was merged | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PR_URL: ${{ needs.build.outputs.pr_url }} | |
run: | | |
STATE="$(gh pr view "${PR_URL}" --json state --template "{{.state}}")" | |
if [ "${STATE}" != "MERGED" ]; then | |
echo "::error ::The state of PR ${PR_URL} must be MERGED, not ${STATE}" | |
exit 1 | |
fi | |
- name: Download artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: sdist-and-wheel | |
path: dist/ | |
- name: Upload Ansible sdist and wheel to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
# git-tag job creates the git tag | |
git-tag: | |
needs: publish | |
name: Creates git tag for Ansible (${{ inputs.ansible-version }}) | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
steps: | |
- name: Figure out merge commit | |
id: merge-commit | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PR_URL: ${{ needs.publish.outputs.pr_url }} | |
run: | | |
MERGE_COMMIT="$(gh pr view "${PR_URL}" --json mergeCommit --template "{{.mergeCommit.oid}}")" | |
echo "merge_commit=${MERGE_COMMIT}" >> "${GITHUB_OUTPUT}" | |
- name: Check out ansible-build-data | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.repository.default_branch }} | |
fetch-depth: 0 | |
- name: Create git tag | |
env: | |
MERGE_COMMIT: ${{steps.merge-commit.outputs.merge_commit}} | |
run: | | |
git config --global user.name "Github Actions" | |
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
git tag -a "${ANSIBLE_VERSION}" "${MERGE_COMMIT}" -m "Ansible ${ANSIBLE_VERSION}: Changelog, Porting Guide and Dependent Collection Details" | |
git push origin "${ANSIBLE_VERSION}" |