release: create releases for specified branches (#152)
* release: create releases for specified branches * release: split action into one for branches, one for tags * release: change the NIX_INSTALLER_BINARY_ROOT upon release This way, we can be sure we use the right binaries to match the script.
This commit is contained in:
parent
844faa0d20
commit
d410728461
49
.github/workflows/release-branches.yml
vendored
Normal file
49
.github/workflows/release-branches.yml
vendored
Normal file
|
@ -0,0 +1,49 @@
|
|||
name: Release Branch
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
# NOTE: make sure any branches here are also valid directory names,
|
||||
# otherwise creating the directory and uploading to s3 will fail
|
||||
- 'main'
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
id-token: write # In order to request a JWT for AWS auth
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
- name: Download Buildkite Artifacts
|
||||
uses: EnricoMi/download-buildkite-artifact-action@v1.14
|
||||
with:
|
||||
buildkite_token: ${{ secrets.BUILDKITE_TOKEN }}
|
||||
output_path: artifacts
|
||||
- name: Configure AWS Credentials
|
||||
uses: aws-actions/configure-aws-credentials@v1
|
||||
with:
|
||||
role-to-assume: ${{ secrets.AWS_S3_UPLOAD_ROLE }}
|
||||
aws-region: us-east-2
|
||||
- name: Publish Release (Branch)
|
||||
run: |
|
||||
sudo chown $USER: -R artifacts/
|
||||
|
||||
LATEST_BRANCH="latest_${{ github.ref_name }}"
|
||||
mkdir "$LATEST_BRANCH"
|
||||
mkdir "$GITHUB_SHA"
|
||||
|
||||
sed -i "s@https://install.determinate.systems/nix@https://install.determinate.systems/nix/rev/$GITHUB_SHA@" nix-installer.sh
|
||||
cp nix-installer.sh "$GITHUB_SHA"/
|
||||
cp nix-installer.sh "$LATEST_BRANCH"/
|
||||
|
||||
for artifact in $(find artifacts/ -type f); do
|
||||
chmod +x "$artifact"
|
||||
cp "$artifact" "$GITHUB_SHA"/
|
||||
cp "$artifact" "$LATEST_BRANCH"/
|
||||
done
|
||||
|
||||
# TODO: determine if these binaries have already been uploaded / are the exact same (try download and then hash if already exists as latest_*?)
|
||||
|
||||
aws s3 sync "$GITHUB_SHA"/ s3://${{ secrets.AWS_S3_UPLOAD_BUCKET }}/"$GITHUB_SHA"/ --acl public-read
|
||||
aws s3 sync "$LATEST_BRANCH"/ s3://${{ secrets.AWS_S3_UPLOAD_BUCKET }}/"$LATEST_BRANCH"/ --acl public-read
|
|
@ -1,7 +1,4 @@
|
|||
name: Release
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
name: Release Tags
|
||||
|
||||
on:
|
||||
push:
|
||||
|
@ -11,6 +8,8 @@ on:
|
|||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: write # In order to upload artifacts to GitHub releases
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
|
@ -19,7 +18,10 @@ jobs:
|
|||
with:
|
||||
buildkite_token: ${{ secrets.BUILDKITE_TOKEN }}
|
||||
output_path: artifacts
|
||||
- name: Publish Release
|
||||
- name: Fixup URL in nix-installer.sh
|
||||
run: |
|
||||
sed -i "s@https://install.determinate.systems/nix@https://install.determinate.systems/nix/tag/$GITHUB_REF_NAME@" nix-installer.sh
|
||||
- name: Publish Release (Tag)
|
||||
uses: softprops/action-gh-release@v1
|
||||
with:
|
||||
fail_on_unmatched_files: true
|
Loading…
Reference in a new issue