release: create releases for specified branches (#152)

* release: create releases for specified branches

* release: split action into one for branches, one for tags

* release: change the NIX_INSTALLER_BINARY_ROOT upon release

This way, we can be sure we use the right binaries to match the script.
This commit is contained in:
Cole Helbling 2023-01-09 08:28:39 -08:00 committed by GitHub
parent 844faa0d20
commit d410728461
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 56 additions and 5 deletions

49
.github/workflows/release-branches.yml vendored Normal file
View file

@ -0,0 +1,49 @@
name: Release Branch
on:
push:
branches:
# NOTE: make sure any branches here are also valid directory names,
# otherwise creating the directory and uploading to s3 will fail
- 'main'
jobs:
release:
runs-on: ubuntu-latest
permissions:
id-token: write # In order to request a JWT for AWS auth
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Download Buildkite Artifacts
uses: EnricoMi/download-buildkite-artifact-action@v1.14
with:
buildkite_token: ${{ secrets.BUILDKITE_TOKEN }}
output_path: artifacts
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_S3_UPLOAD_ROLE }}
aws-region: us-east-2
- name: Publish Release (Branch)
run: |
sudo chown $USER: -R artifacts/
LATEST_BRANCH="latest_${{ github.ref_name }}"
mkdir "$LATEST_BRANCH"
mkdir "$GITHUB_SHA"
sed -i "s@https://install.determinate.systems/nix@https://install.determinate.systems/nix/rev/$GITHUB_SHA@" nix-installer.sh
cp nix-installer.sh "$GITHUB_SHA"/
cp nix-installer.sh "$LATEST_BRANCH"/
for artifact in $(find artifacts/ -type f); do
chmod +x "$artifact"
cp "$artifact" "$GITHUB_SHA"/
cp "$artifact" "$LATEST_BRANCH"/
done
# TODO: determine if these binaries have already been uploaded / are the exact same (try download and then hash if already exists as latest_*?)
aws s3 sync "$GITHUB_SHA"/ s3://${{ secrets.AWS_S3_UPLOAD_BUCKET }}/"$GITHUB_SHA"/ --acl public-read
aws s3 sync "$LATEST_BRANCH"/ s3://${{ secrets.AWS_S3_UPLOAD_BUCKET }}/"$LATEST_BRANCH"/ --acl public-read

View file

@ -1,7 +1,4 @@
name: Release name: Release Tags
permissions:
contents: write
on: on:
push: push:
@ -11,6 +8,8 @@ on:
jobs: jobs:
release: release:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write # In order to upload artifacts to GitHub releases
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
@ -19,7 +18,10 @@ jobs:
with: with:
buildkite_token: ${{ secrets.BUILDKITE_TOKEN }} buildkite_token: ${{ secrets.BUILDKITE_TOKEN }}
output_path: artifacts output_path: artifacts
- name: Publish Release - name: Fixup URL in nix-installer.sh
run: |
sed -i "s@https://install.determinate.systems/nix@https://install.determinate.systems/nix/tag/$GITHUB_REF_NAME@" nix-installer.sh
- name: Publish Release (Tag)
uses: softprops/action-gh-release@v1 uses: softprops/action-gh-release@v1
with: with:
fail_on_unmatched_files: true fail_on_unmatched_files: true