Skip to content

Publish release

Publish release #166

Workflow file for this run

# Copyright (C) 2020 Dremio
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Publishes all Nessie release artifacts and creates a Nessie release in GitHub.
#
# Triggered when a `nessie-*` tag is being pushed.
#
# GitHub environment name: release
#
# This workflow uses separate GH workflow jobs intentionally to be able to re-run
# failed "release targets" (Maven Central, Swaggerhub, GHCR, Helm) and not let
# the whole release fail (and force a completely new release).
#
# Jobs:
# Prepare -->--+
# |
# +-->-- Publish to Maven Central -->--+
# | |
# +-->-- Publish OpenAPI ----------->--+
# | |
# +-->-- Publish Docker images ----->--+
# | |
# +-->-- Publish Helm Chart -------->--+
# |
# +-->-- GitHub Release notes
#
name: Publish release
on:
push:
tags:
- nessie-*
workflow_dispatch:
inputs:
releaseTag:
description: 'Release tag name to re-release'
required: true
jobs:
prepare:
name: Prepare
outputs:
release-version: ${{ steps.get_version.outputs.release-version }}
git-tag: ${{ steps.get_version.outputs.git-tag }}
runs-on: ubuntu-22.04
environment: release
timeout-minutes: 10
steps:
# GH doesn't provide just the tag name, so this step strips `/refs/tags/nessie-` from `GITHUB_REF`
# and provides the outputs for the Git tag and the release-version derived from it, in case of a manual run,
# uses the input `releaseTag` as the input tag name.
- name: Get release version
id: get_version
run: |
if [[ "${{ github.event_name }}" == "push" ]] ; then
V="${GITHUB_REF/refs\/tags\/}"
else
V="${{ github.event.inputs.releaseTag }}"
fi
# check if tag matches patterns like nessie-0.5, nessie-0.10.4.3-alpha1, etc
if [[ ${V} =~ ^nessie-[0-9]+[.][0-9.]*[0-9](-[a-zA-Z0-9]+)?$ ]]; then
echo "release-version=${V/nessie-}" >> ${GITHUB_OUTPUT}
echo "git-tag=${V}" >> ${GITHUB_OUTPUT}
else
echo "Tag must start with nessie- followed by a valid version (got tag ${V}, ref is ${GITHUB_REF} )"
exit 1
fi
publish-maven-central:
name: Publish to Maven Central
runs-on: ubuntu-22.04
environment: release
timeout-minutes: 240
needs:
- prepare
env:
RELEASE_VERSION: ${{needs.prepare.outputs.release-version}}
ARTIFACTS: build-artifacts
steps:
### BEGIN runner setup
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
if: ${{ github.event_name == 'push' }}
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
if: ${{ github.event_name == 'workflow_dispatch' }}
with:
ref: refs/tags/${{ github.event.inputs.releaseTag }}
- name: Setup runner
uses: ./.github/actions/setup-runner
- name: Setup Java, Gradle
uses: ./.github/actions/dev-tool-java
with:
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
### END runner setup
- name: Prepare artifacts directory
run: rm -rf "${ARTIFACTS}" ; mkdir -p "${ARTIFACTS}"
- name: Gradle build
run: |
# 2 Retries - due to Gradle's old and unfixed CME bug
./gradlew --no-scan compileAll jar || ./gradlew --no-scan compileAll jar || ./gradlew --no-scan compileAll jar
- name: Check Licenses
run: ./gradlew --no-scan aggregatedLicenseReportsZip
# Deploys Maven artifacts. Build and test steps were already ran in previous steps.
# Not running tests, because the environment contains secrets.
- name: Publish Maven artifacts for release
env:
# To release with Gradle
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
ORG_GRADLE_PROJECT_sonatypeUsername: ${{ secrets.OSSRH_ACCESS_ID }}
ORG_GRADLE_PROJECT_sonatypePassword: ${{ secrets.OSSRH_TOKEN }}
# To release commits that used Maven to build
MAVEN_USERNAME: ${{ secrets.OSSRH_ACCESS_ID }}
MAVEN_OSSRH_TOKEN: ${{ secrets.OSSRH_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
run: |
# 2 Retries - to mitigate "HTTP/502 Bad Gateway" issues
./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository -Prelease -Puber-jar --no-scan --stacktrace || \
./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository -Prelease -Puber-jar --no-scan --stacktrace || \
./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository -Prelease -Puber-jar --no-scan --stacktrace
- name: Generate changelog
run: ./gradlew --no-scan --quiet --console=plain getChangelog --no-header --no-links > "${ARTIFACTS}/nessie-changelog-${RELEASE_VERSION}.md"
- name: Collect artifacts
run: |
mv servers/quarkus-server/build/nessie-quarkus-${RELEASE_VERSION}-runner.jar "${ARTIFACTS}"
mv cli/cli/build/libs/nessie-cli-${RELEASE_VERSION}.jar "${ARTIFACTS}"
mv tools/server-admin/build/nessie-server-admin-tool-${RELEASE_VERSION}-runner.jar "${ARTIFACTS}"
mv gc/gc-tool/build/executable/nessie-gc.jar "${ARTIFACTS}/nessie-gc-${RELEASE_VERSION}.jar"
cp tools/aggregated-license-report/build/distributions/nessie-aggregated-license-report-${RELEASE_VERSION}.zip "${ARTIFACTS}"
- name: Archive release artifacts
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4
with:
name: nessie-release-artifacts
path: build-artifacts
if-no-files-found: error
publish-images:
name: Publish images
runs-on: ubuntu-22.04
environment: release
timeout-minutes: 60
needs:
- prepare
steps:
### BEGIN runner setup
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
if: ${{ github.event_name == 'push' }}
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
if: ${{ github.event_name == 'workflow_dispatch' }}
with:
ref: refs/tags/${{ github.event.inputs.releaseTag }}
- name: Setup runner
uses: ./.github/actions/setup-runner
- name: Setup Java, Gradle
uses: ./.github/actions/dev-tool-java
### END runner setup
- name: Gradle build
run: |
# 2 Retries - due to Gradle's old and unfixed CME bug
./gradlew --no-scan compileAll jar || ./gradlew --no-scan compileAll jar || ./gradlew --no-scan compileAll jar
- name: Docker login
run: |
echo '${{ secrets.GITHUB_TOKEN }}' | docker login ghcr.io -u $ --password-stdin
- name: Publish Nessie Server
run: |
tools/dockerbuild/build-push-images.sh \
-g ":nessie-quarkus" \
-p "servers/quarkus-server" \
-d "Dockerfile-server" \
ghcr.io/projectnessie/nessie
- name: Publish Nessie GC
run: |
tools/dockerbuild/build-push-images.sh \
-g ":nessie-gc-tool" \
-p "gc/gc-tool" \
-d "Dockerfile-gctool" \
ghcr.io/projectnessie/nessie-gc
- name: Publish Nessie Server Admin Tool
run: |
tools/dockerbuild/build-push-images.sh \
-g ":nessie-server-admin-tool" \
-p "tools/server-admin" \
-d "Dockerfile-admintool" \
ghcr.io/projectnessie/nessie-server-admin
- name: Publish Nessie CLI
run: |
tools/dockerbuild/build-push-images.sh \
-g ":nessie-cli" \
-p "cli/cli" \
-d "Dockerfile-cli" \
ghcr.io/projectnessie/nessie-cli
# NOTE: GH container registry behaves a bit weird when new images are added.
# The first push/publication of a _new_ image (package) fails with a HTTP/403,
# but the next one works.
# See also the note in .github/docker-sync/regsync.yml about quay.io.
#
# Also make sure to add the new image to the site, currently in:
# site/docs/downloads/index.md
# site/in-dev/index.md
# site/in-dev/index-release.md
publish-helm:
name: Publish Helm Chart
runs-on: ubuntu-22.04
environment: release
timeout-minutes: 60
needs:
- prepare
- publish-images
env:
RELEASE_VERSION: ${{needs.prepare.outputs.release-version}}
steps:
### BEGIN runner setup
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
if: ${{ github.event_name == 'push' }}
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
if: ${{ github.event_name == 'workflow_dispatch' }}
with:
ref: refs/tags/${{ github.event.inputs.releaseTag }}
- name: Install Helm
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4
with:
version: v3.6.3
### END runner setup
- name: Package Nessie Helm chart
run: |
helm package helm/nessie --version ${RELEASE_VERSION}
mv nessie-${RELEASE_VERSION}.tgz nessie-helm-${RELEASE_VERSION}.tgz
- name: Publish Nessie Helm chart to Helm Repo
run: |
wget https://raw.githubusercontent.com/projectnessie/charts.projectnessie.org/main/index.yaml
helm repo index . --merge index.yaml --url https://github.com/projectnessie/nessie/releases/download/nessie-${RELEASE_VERSION}
echo ${{ secrets.CI_REPORTS_TOKEN }} | gh auth login --with-token
index_sha=$(gh api -X GET /repos/projectnessie/charts.projectnessie.org/contents/index.yaml --jq '.sha')
gh api -X PUT /repos/projectnessie/charts.projectnessie.org/contents/index.yaml -f message="Publishing Nessie Helm chart ${RELEASE_VERSION}" -f content=$(base64 -w0 index.yaml) -f sha=${index_sha} || true
- name: Archive Helm chart artifact
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4
with:
name: nessie-release-helm
path: ./nessie-helm-*.tgz
if-no-files-found: error
publish-openapi:
runs-on: ubuntu-22.04
timeout-minutes: 60
environment: release
needs:
- prepare
env:
RELEASE_VERSION: ${{needs.prepare.outputs.release-version}}
steps:
### BEGIN runner setup
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
if: ${{ github.event_name == 'push' }}
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
if: ${{ github.event_name == 'workflow_dispatch' }}
with:
ref: refs/tags/${{ github.event.inputs.releaseTag }}
- name: Setup runner
uses: ./.github/actions/setup-runner
- name: Setup Java, Gradle
uses: ./.github/actions/dev-tool-java
### END runner setup
- name: Gradle build
run: |
# 2 Retries - due to Gradle's old and unfixed CME bug
./gradlew --no-scan :nessie-model:jar || ./gradlew --no-scan :nessie-model:jar || ./gradlew --no-scan :nessie-model:jar
- name: Copy OpenAPI yaml
run: cp api/model/build/generated/openapi/META-INF/openapi/openapi.yaml ./nessie-openapi-${RELEASE_VERSION}.yaml
- name: Archive OpenAPI artifact
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4
with:
name: nessie-release-openapi
path: ./nessie-openapi-*.yaml
if-no-files-found: error
# Try to create the API on SwaggerHub. This step will fail, if the version already exists.
# To make this job idempotent, we allow the "api:create" to fail but have another step to
# update an existing version.
- name: Create on SwaggerHub
uses: smartbear/swaggerhub-cli@20e5eaf4866bbbc44d72e9eb8a48a942c0d9e43b # v0.9.0
continue-on-error: true
env:
XDG_CONFIG_HOME: "/tmp"
SWAGGERHUB_API_KEY: ${{ secrets.SWAGGERHUB_API_KEY }}
SWAGGERHUB_URL: "https://api.swaggerhub.com"
with:
args: api:create projectnessie/nessie -f ./nessie-openapi-${{ env.RELEASE_VERSION }}.yaml --visibility=public
- name: Unpublish on SwaggerHub
uses: smartbear/swaggerhub-cli@20e5eaf4866bbbc44d72e9eb8a48a942c0d9e43b # v0.9.0
continue-on-error: true
env:
XDG_CONFIG_HOME: "/tmp"
SWAGGERHUB_API_KEY: ${{ secrets.SWAGGERHUB_API_KEY }}
SWAGGERHUB_URL: "https://api.swaggerhub.com"
with:
args: api:unpublish projectnessie/nessie/${{ env.RELEASE_VERSION }}.yaml
- name: Update SwaggerHub
uses: smartbear/swaggerhub-cli@20e5eaf4866bbbc44d72e9eb8a48a942c0d9e43b # v0.9.0
env:
XDG_CONFIG_HOME: "/tmp"
SWAGGERHUB_API_KEY: ${{ secrets.SWAGGERHUB_API_KEY }}
SWAGGERHUB_URL: "https://api.swaggerhub.com"
with:
args: api:update projectnessie/nessie -f ./nessie-openapi-${{ env.RELEASE_VERSION }}.yaml --published=publish --setdefault --visibility=public
create-github-release:
runs-on: ubuntu-22.04
timeout-minutes: 60
environment: release
needs:
- prepare
- publish-maven-central
- publish-images
- publish-helm
- publish-openapi
env:
RELEASE_VERSION: ${{needs.prepare.outputs.release-version}}
GIT_TAG: ${{needs.prepare.outputs.git-tag}}
NOTES_FILE: current-release-notes.md
steps:
### BEGIN runner setup
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
if: ${{ github.event_name == 'push' }}
with:
fetch-depth: 0
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
if: ${{ github.event_name == 'workflow_dispatch' }}
with:
fetch-depth: 0
ref: refs/tags/${{ github.event.inputs.releaseTag }}
### END runner setup
- name: Create dir
run: mkdir current-release-artifacts
- name: Get release + OpenAPI + Helm chart artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
with:
path: current-release-artifacts
merge-multiple: true
- name: Create release notes file for GitHub release
run: |
LAST_TAG=$(git describe --abbrev=0 --tags "--match=nessie-*" ${GIT_TAG}^1)
tools/releases/create-gh-release-notes.sh \
-n ${NOTES_FILE} \
-l ${LAST_TAG} \
-t ${GIT_TAG} \
-r ${RELEASE_VERSION} \
-c current-release-artifacts/nessie-changelog-${RELEASE_VERSION}.md
rm current-release-artifacts/nessie-changelog-${RELEASE_VERSION}.md
cat "${NOTES_FILE}" >> $GITHUB_STEP_SUMMARY
- name: GitHub login
run: echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token
- name: Create Nessie release in GitHub
run: gh release create ${GIT_TAG} --notes-file ${NOTES_FILE} --title "Nessie ${RELEASE_VERSION}" current-release-artifacts/*