From d4107284613ec1821478ea132fbbc29454a71b22 Mon Sep 17 00:00:00 2001 From: Cole Helbling Date: Mon, 9 Jan 2023 08:28:39 -0800 Subject: [PATCH] release: create releases for specified branches (#152) * release: create releases for specified branches * release: split action into one for branches, one for tags * release: change the NIX_INSTALLER_BINARY_ROOT upon release This way, we can be sure we use the right binaries to match the script. --- .github/workflows/release-branches.yml | 49 +++++++++++++++++++ .../{release.yml => release-tags.yml} | 12 +++-- 2 files changed, 56 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/release-branches.yml rename .github/workflows/{release.yml => release-tags.yml} (61%) diff --git a/.github/workflows/release-branches.yml b/.github/workflows/release-branches.yml new file mode 100644 index 0000000..e0e8d74 --- /dev/null +++ b/.github/workflows/release-branches.yml @@ -0,0 +1,49 @@ +name: Release Branch + +on: + push: + branches: + # NOTE: make sure any branches here are also valid directory names, + # otherwise creating the directory and uploading to s3 will fail + - 'main' + +jobs: + release: + runs-on: ubuntu-latest + permissions: + id-token: write # In order to request a JWT for AWS auth + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Download Buildkite Artifacts + uses: EnricoMi/download-buildkite-artifact-action@v1.14 + with: + buildkite_token: ${{ secrets.BUILDKITE_TOKEN }} + output_path: artifacts + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + role-to-assume: ${{ secrets.AWS_S3_UPLOAD_ROLE }} + aws-region: us-east-2 + - name: Publish Release (Branch) + run: | + sudo chown $USER: -R artifacts/ + + LATEST_BRANCH="latest_${{ github.ref_name }}" + mkdir "$LATEST_BRANCH" + mkdir "$GITHUB_SHA" + + sed -i "s@https://install.determinate.systems/nix@https://install.determinate.systems/nix/rev/$GITHUB_SHA@" nix-installer.sh + cp nix-installer.sh "$GITHUB_SHA"/ + cp nix-installer.sh "$LATEST_BRANCH"/ + + for artifact in $(find artifacts/ -type f); do + chmod +x "$artifact" + cp "$artifact" "$GITHUB_SHA"/ + cp "$artifact" "$LATEST_BRANCH"/ + done + + # TODO: determine if these binaries have already been uploaded / are the exact same (try download and then hash if already exists as latest_*?) + + aws s3 sync "$GITHUB_SHA"/ s3://${{ secrets.AWS_S3_UPLOAD_BUCKET }}/"$GITHUB_SHA"/ --acl public-read + aws s3 sync "$LATEST_BRANCH"/ s3://${{ secrets.AWS_S3_UPLOAD_BUCKET }}/"$LATEST_BRANCH"/ --acl public-read diff --git a/.github/workflows/release.yml b/.github/workflows/release-tags.yml similarity index 61% rename from .github/workflows/release.yml rename to .github/workflows/release-tags.yml index e3eb0a9..51097bb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release-tags.yml @@ -1,7 +1,4 @@ -name: Release - -permissions: - contents: write +name: Release Tags on: push: @@ -11,6 +8,8 @@ on: jobs: release: runs-on: ubuntu-latest + permissions: + contents: write # In order to upload artifacts to GitHub releases steps: - name: Checkout uses: actions/checkout@v3 @@ -19,7 +18,10 @@ jobs: with: buildkite_token: ${{ secrets.BUILDKITE_TOKEN }} output_path: artifacts - - name: Publish Release + - name: Fixup URL in nix-installer.sh + run: | + sed -i "s@https://install.determinate.systems/nix@https://install.determinate.systems/nix/tag/$GITHUB_REF_NAME@" nix-installer.sh + - name: Publish Release (Tag) uses: softprops/action-gh-release@v1 with: fail_on_unmatched_files: true