ci: Automate patch releases and pre-releases #638
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
- v[0-9]+ | |
tags: | |
- devel | |
- v* | |
concurrency: | |
# Terminate all previous runs of the same workflow for pull requests | |
group: ci-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
docs: | |
name: Docs | |
uses: ./.github/workflows/docs.yaml | |
test: | |
name: Test | |
uses: ./.github/workflows/test.yaml | |
secrets: | |
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
build: | |
name: Build | |
uses: ./.github/workflows/build.yaml | |
secrets: | |
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
arm: | |
name: Build / Cabal - aarch64 GHC 9.4.8 | |
if: vars.SSH_ARM_ENABLED | |
runs-on: ubuntu-latest | |
outputs: | |
remotepath: ${{ steps.Remote-Dir.outputs.remotepath }} | |
env: | |
GITHUB_COMMIT: ${{ github.sha }} | |
GHC_VERSION: '9.4.8' | |
steps: | |
- uses: actions/checkout@v4 | |
- id: Remote-Dir | |
name: Unique directory name for the remote build | |
run: echo "remotepath=postgrest-build-$(uuidgen)" >> "$GITHUB_OUTPUT" | |
- name: Copy script files to the remote server | |
uses: appleboy/scp-action@master | |
with: | |
host: ${{ secrets.SSH_ARM_HOST }} | |
username: ubuntu | |
key: ${{ secrets.SSH_ARM_PRIVATE_KEY }} | |
fingerprint: ${{ secrets.SSH_ARM_FINGERPRINT }} | |
source: ".github/scripts/arm/*" | |
target: ${{ steps.Remote-Dir.outputs.remotepath }} | |
strip_components: 3 | |
- name: Build ARM | |
uses: appleboy/ssh-action@master | |
env: | |
REMOTE_DIR: ${{ steps.Remote-Dir.outputs.remotepath }} | |
with: | |
host: ${{ secrets.SSH_ARM_HOST }} | |
username: ubuntu | |
key: ${{ secrets.SSH_ARM_PRIVATE_KEY }} | |
fingerprint: ${{ secrets.SSH_ARM_FINGERPRINT }} | |
command_timeout: 120m | |
script_stop: true | |
envs: GITHUB_COMMIT,REMOTE_DIR,GHC_VERSION | |
script: bash ~/$REMOTE_DIR/build.sh "$GITHUB_COMMIT" "$REMOTE_DIR" "GHC_VERSION" | |
- name: Download binaries from remote server | |
uses: nicklasfrahm/scp-action@main | |
with: | |
direction: download | |
host: ${{ secrets.SSH_ARM_HOST }} | |
username: ubuntu | |
key: ${{ secrets.SSH_ARM_PRIVATE_KEY }} | |
fingerprint: ${{ secrets.SSH_ARM_FINGERPRINT }} | |
source: "${{ steps.Remote-Dir.outputs.remotepath }}/result.tar.xz" | |
target: "result.tar.xz" | |
- name: Remove uploaded files from server | |
if: ${{ !startsWith(github.ref, 'refs/tags/v') }} | |
uses: appleboy/ssh-action@master | |
env: | |
REMOTE_DIR: ${{ steps.Remote-Dir.outputs.remotepath }} | |
with: | |
host: ${{ secrets.SSH_ARM_HOST }} | |
username: ubuntu | |
key: ${{ secrets.SSH_ARM_PRIVATE_KEY }} | |
fingerprint: ${{ secrets.SSH_ARM_FINGERPRINT }} | |
envs: REMOTE_DIR | |
script: rm -rf $REMOTE_DIR | |
- name: Extract downloaded binaries | |
run: tar -xvf result.tar.xz && rm result.tar.xz | |
- name: Save aarch64 executable as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: postgrest-ubuntu-aarch64 | |
path: result/postgrest | |
if-no-files-found: error | |
tag: | |
name: Release / Tag | |
if: startsWith(github.ref, 'refs/heads/') | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
needs: | |
- docs | |
- test | |
- build | |
- arm | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Tag latest commit | |
run: | | |
cabal_version="$(grep -oP '^version:\s*\K.*' postgrest.cabal)" | |
if [[ "$cabal_version" == *.*.* ]]; then | |
git tag "v$cabal_version" | |
git push origin "v$cabal_version" | |
else | |
git tag -f "devel" | |
git push -f origin "devel" | |
fi | |
prepare: | |
name: Release / Prepare | |
if: | | |
startsWith(github.ref, 'refs/tags/') && | |
(success() || needs.arm.result == 'skipped') | |
runs-on: ubuntu-latest | |
needs: | |
- docs | |
- test | |
- build | |
- arm | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Check the version to be released | |
run: | | |
cabal_version="$(grep -oP '^version:\s*\K.*' postgrest.cabal)" | |
if [ "${GITHUB_REF_NAME}" != "devel" ] && [ "${GITHUB_REF_NAME}" != "v$cabal_version" ]; then | |
echo "Tagged version ($GITHUB_REF_NAME) does not match the one in postgrest.cabal (v$cabal_version). Aborting release..." | |
exit 1 | |
fi | |
- name: Identify changes from CHANGELOG.md | |
run: | | |
if [ "${GITHUB_REF_NAME}" == "devel" ]; then | |
echo "Getting unreleased changes..." | |
sed -n "1,/## Unreleased/d;/## \[/q;p" CHANGELOG.md > CHANGES.md | |
else | |
echo "Full release (no '-' in version), getting changes for version $version ..." | |
sed -n "1,/## \[$version\]/d;/## \[/q;p" CHANGELOG.md > CHANGES.md | |
fi | |
echo "Relevant extract from CHANGELOG.md:" | |
cat CHANGES.md | |
- name: Save CHANGES.md as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: release-changes | |
path: CHANGES.md | |
if-no-files-found: error | |
github: | |
name: Release / GitHub | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
needs: prepare | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download all artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: artifacts | |
- name: Create release bundle with archives for all builds | |
run: | | |
find artifacts -type f -iname postgrest -exec chmod +x {} \; | |
mkdir -p release-bundle | |
tar cJvf "release-bundle/postgrest-${GITHUB_REF_NAME}-linux-static-x64.tar.xz" \ | |
-C artifacts/postgrest-linux-static-x64 postgrest | |
tar cJvf "release-bundle/postgrest-${GITHUB_REF_NAME}-macos-x64.tar.xz" \ | |
-C artifacts/postgrest-macos-x64 postgrest | |
tar cJvf "release-bundle/postgrest-${GITHUB_REF_NAME}-freebsd-x64.tar.xz" \ | |
-C artifacts/postgrest-freebsd-x64 postgrest | |
tar cJvf "release-bundle/postgrest-${GITHUB_REF_NAME}-ubuntu-aarch64.tar.xz" \ | |
-C artifacts/postgrest-ubuntu-aarch64 postgrest | |
zip "release-bundle/postgrest-${GITHUB_REF_NAME}-windows-x64.zip" \ | |
artifacts/postgrest-windows-x64/postgrest.exe | |
- name: Save release bundle | |
uses: actions/upload-artifact@v4 | |
with: | |
name: release-bundle | |
path: release-bundle | |
if-no-files-found: error | |
- name: Publish release on GitHub | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
echo "Releasing version ${GITHUB_REF_NAME} on GitHub..." | |
if [ "${GITHUB_REF_NAME}" == "devel" ]; then | |
isprerelease=1 | |
fi | |
gh release delete "${GITHUB_REF_NAME}" || true | |
gh release create "${GITHUB_REF_NAME}" \ | |
-F artifacts/release-changes/CHANGES.md \ | |
${isprerelease:+"--prerelease"} \ | |
release-bundle/* | |
docker: | |
name: Release / Docker Hub | |
runs-on: ubuntu-latest | |
needs: | |
- prepare | |
env: | |
DOCKER_REPO: postgrest | |
DOCKER_USER: stevechavez | |
DOCKER_PASS: ${{ secrets.DOCKER_PASS }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Nix Environment | |
uses: ./.github/actions/setup-nix | |
with: | |
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
tools: release | |
- name: Download Docker image | |
uses: actions/download-artifact@v4 | |
with: | |
name: postgrest-docker-x64 | |
- name: Publish images on Docker Hub | |
run: | | |
docker login -u "$DOCKER_USER" -p "$DOCKER_PASS" | |
docker load -i postgrest-docker.tar.gz | |
docker tag postgrest:latest "$DOCKER_REPO/postgrest:${GITHUB_REF_NAME}" | |
docker push "$DOCKER_REPO/postgrest:${GITHUB_REF_NAME}" | |
# Only tag 'latest' for full releases | |
if [ "${GITHUB_REF_NAME}" != "devel" ]; then | |
echo "Pushing to 'latest' tag for full release of ${GITHUB_REF_NAME} ..." | |
docker tag postgrest:latest "$DOCKER_REPO"/postgrest:latest | |
docker push "$DOCKER_REPO"/postgrest:latest | |
else | |
echo "Skipping push to 'latest' tag for pre-release..." | |
fi | |
# TODO: Enable dockerhub description update again, once a solution for the permission problem is found: | |
# https://github.com/docker/hub-feedback/issues/1927 | |
# - name: Update descriptions on Docker Hub | |
# env: | |
# DOCKER_PASS: ${{ secrets.DOCKER_PASS }} | |
# run: | | |
# if [[ -z "$ISPRERELEASE" ]]; then | |
# echo "Updating description on Docker Hub..." | |
# postgrest-release-dockerhub-description | |
# else | |
# echo "Skipping updating description for pre-release..." | |
# fi | |
docker-arm: | |
name: Release / Docker Hub Arm | |
runs-on: ubuntu-latest | |
needs: | |
- arm | |
- prepare | |
- docker | |
env: | |
GITHUB_COMMIT: ${{ github.sha }} | |
DOCKER_REPO: postgrest | |
DOCKER_USER: stevechavez | |
DOCKER_PASS: ${{ secrets.DOCKER_PASS }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Publish images for ARM builds on Docker Hub | |
uses: appleboy/ssh-action@master | |
env: | |
REMOTE_DIR: ${{ needs.arm.outputs.remotepath }} | |
with: | |
host: ${{ secrets.SSH_ARM_HOST }} | |
username: ubuntu | |
key: ${{ secrets.SSH_ARM_PRIVATE_KEY }} | |
fingerprint: ${{ secrets.SSH_ARM_FINGERPRINT }} | |
script_stop: true | |
envs: GITHUB_COMMIT,DOCKER_REPO,DOCKER_USER,DOCKER_PASS,REMOTE_DIR,GITHUB_REF_NAME | |
script: bash ~/$REMOTE_DIR/docker-publish.sh "$GITHUB_COMMIT" "$DOCKER_REPO" "$DOCKER_USER" "$DOCKER_PASS" "$REMOTE_DIR" "$GITHUB_REF_NAME" | |
clean-arm: | |
name: Build / Cleanup | |
needs: | |
- arm | |
- docker-arm | |
if: startsWith(github.ref, 'refs/tags/v') | |
runs-on: ubuntu-latest | |
env: | |
REMOTE_DIR: ${{ needs.arm.outputs.remotepath }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Remove uploaded files from server | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ secrets.SSH_ARM_HOST }} | |
username: ubuntu | |
key: ${{ secrets.SSH_ARM_PRIVATE_KEY }} | |
fingerprint: ${{ secrets.SSH_ARM_FINGERPRINT }} | |
envs: REMOTE_DIR | |
script: rm -rf $REMOTE_DIR |