Add release-please and renovate

This commit is contained in:
Anatoly Laskaris 2023-01-30 11:06:17 +02:00
parent c717e4dc73
commit a37a4e2a59
9 changed files with 278 additions and 149 deletions

3
.github/actionlint.yaml vendored Normal file
View File

@ -0,0 +1,3 @@
self-hosted-runner:
labels:
- builder

View File

@ -1,14 +0,0 @@
#!/bin/bash
set -o pipefail -o errexit -o nounset
set -x
MARINE_RELEASE="https://api.github.com/repos/fluencelabs/marine/releases/latest"
OUT_DIR=~/.bin
# get metadata about release
curl -s -H "Accept: application/vnd.github.v3+json" $MARINE_RELEASE |
# extract url and name for asset with name "marine"
# also append $OUT_DIR to each name so file is saved to $OUT_DIR
jq -r ".assets | .[] | select(.name == \"marine\") | \"\(.browser_download_url) $OUT_DIR/\(.name)\"" |
# download assets
xargs -n2 bash -c 'curl -L $0 -o $1 && chmod +x $1'

35
.github/release-please/config.json vendored Normal file
View File

@ -0,0 +1,35 @@
{
"release-type": "rust",
"bump-minor-pre-major": true,
"bump-patch-for-minor-pre-major": true,
"plugins": [
{
"type": "cargo-workspace",
"merge": false
},
{
"type": "linked-versions",
"groupName": "trust-graph, wasm and api",
"components": [
"trust-graph",
"trust-graph-api",
"trust-graph-wasm"
]
}
],
"packages": {
".": {
"component": "trust-graph"
},
"aqua": {
"release-type": "node",
"component": "trust-graph-api"
},
"service": {
"component": "trust-graph-wasm"
},
"keypair": {
"component": "keypair"
}
}
}

6
.github/release-please/manifest.json vendored Normal file
View File

@ -0,0 +1,6 @@
{
".": "0.3.2",
"aqua": "0.3.2",
"service": "0.3.2",
"keypair": "0.9.0"
}

38
.github/renovate.json vendored Normal file
View File

@ -0,0 +1,38 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base",
":semanticCommitTypeAll(chore)"
],
"enabledManagers": ["cargo", "npm", "github-actions", "pip_requirements"],
"rangeStrategy": "pin",
"schedule": "every weekend",
"packageRules": [
{
"matchManagers": ["cargo", "npm"],
"matchPackagePatterns": [
"@fluencelabs/.*",
"fluence-.*",
"marine-.*"
],
"semanticCommitType": "fix",
"semanticCommitScope": "deps",
"schedule": "at any time"
},
{
"matchDepTypes": ["devDependencies"],
"prPriority": -1,
"semanticCommitType": "chore",
"semanticCommitScope": "deps"
},
{
"matchUpdateTypes": ["major"],
"prConcurrentLimit": 1
},
{
"matchManagers": ["github-actions"],
"groupName": "all github-actions",
"prPriority": -1
}
]
}

View File

@ -1,6 +0,0 @@
{
"template": "## Changes since ${{FROM_TAG}}\n\n${{CHANGELOG}}\n\n${{UNCATEGORIZED}}",
"pr_template": "- #${{NUMBER}} ${{TITLE}}",
"empty_template": "## No changes since ${{FROM_TAG}}",
"sort": "DESC"
}

35
.github/workflows/lint.yml vendored Normal file
View File

@ -0,0 +1,35 @@
name: lint
on:
pull_request:
types:
- opened
- edited
- synchronize
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true
jobs:
pr:
name: Validate PR title
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@v5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
reviewdog:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Lint actions
uses: reviewdog/action-actionlint@v1
env:
SHELLCHECK_OPTS: "-e SC2086 -e SC2207 -e SC2128"
with:
reporter: github-pr-check
fail_on_error: true

View File

@ -1,134 +1,191 @@
name: "publish-release" name: "release"
on: on:
push: push:
tags: branches:
- "v*" - "master"
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
jobs: jobs:
release: release-please:
name: "Publish" runs-on: ubuntu-latest
runs-on: builder
outputs:
releases-created: ${{ steps.release.outputs['releases_created'] }}
trust-graph-api-release-created: ${{ steps.release.outputs['aqua--release-created'] }}
trust-graph-release-created: ${{ steps.release.outputs['release-created'] }}
trust-graph-tag-name: ${{ steps.release.outputs['tag_name'] }}
steps: steps:
### Setup - name: Run release-please
- name: Checkout repository id: release
uses: google-github-actions/release-please-action@v3
with:
token: ${{ secrets.FLUENCEBOT_RELEASE_PLEASE_PAT }}
command: manifest
config-file: .github/release-please/config.json
manifest-file: .github/release-please/manifest.json
- name: Show output from release-please
if: steps.release.outputs.releases_created
env:
RELEASE_PLEASE_OUTPUT: ${{ toJSON(steps.release.outputs) }}
run: echo "${RELEASE_PLEASE_OUTPUT}" | jq
publish:
runs-on: builder
needs: release-please
if: needs.release-please.outputs.releases-created
permissions:
contents: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Set env - name: Import secrets
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV uses: hashicorp/vault-action@v2.4.3
- uses: actions/setup-node@v3
with: with:
node-version: "15" url: https://vault.fluence.dev
registry-url: "https://registry.npmjs.org" path: jwt/github
cache: npm role: ci
cache-dependency-path: "aqua/package-lock.json" method: jwt
jwtGithubAudience: "https://github.com/fluencelabs"
- run: mkdir -p ~/.bin jwtTtl: 300
- run: echo "~/.bin" >> $GITHUB_PATH exportToken: false
secrets: |
kv/npmjs/fluencebot token | NODE_AUTH_TOKEN ;
kv/crates.io/fluencebot token | CARGO_REGISTRY_TOKEN
- name: Setup Rust toolchain - name: Setup Rust toolchain
uses: actions-rust-lang/setup-rust-toolchain@v1 uses: actions-rust-lang/setup-rust-toolchain@v1
- name: Download marine - name: Install cargo-workspaces
run: bash $GITHUB_WORKSPACE/.github/download_marine.sh uses: baptiste0928/cargo-install@v1.3.0
- name: Build trust-graph
working-directory: ./service
run: ./build.sh
- name: Check Aqua compiles
working-directory: ./aqua
run: |
npm i
npm run build
- name: Create distribution package
run: |
./builtin-package/package.sh
- name: Build Changelog
id: changelog
uses: mikepenz/release-changelog-builder-action@v1
with: with:
configuration: ".github/workflows/changelog_config.json" crate: cargo-workspaces
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
### Publish - name: Publish to crates.io
- name: Release to GitHub run: |
id: release cargo ws publish \
--no-git-commit \
--allow-dirty \
--from-git \
--skip-published \
--yes
- name: Install Marine
uses: baptiste0928/cargo-install@v1.3.0
with:
crate: marine
- name: Build service
run: ./build.sh
working-directory: service
- name: Setup node
uses: actions/setup-node@v3
with:
node-version: "16"
registry-url: "https://registry.npmjs.org"
cache-dependency-path: "aqua/package-lock.json"
cache: "npm"
- run: npm i
working-directory: aqua
- run: npm run build
working-directory: aqua
- name: Publish to NPM registry
if: needs.release-please.outputs.trust-graph-api-release-created
run: npm publish --access public
working-directory: aqua
- name: Create builtin distribution package
if: needs.release-please.outputs.trust-graph-release-created
run: ./builtin-package/package.sh
- name: Calculate SHA256
if: needs.release-please.outputs.trust-graph-release-created
id: sha
run: |
# Calculate sha256
du -hs trust-graph.tar.gz
sha256sum trust-graph.tar.gz
sha=($(sha256sum trust-graph.tar.gz))
echo "sha256=${sha}" >> $GITHUB_OUTPUT
- name: Upload trust-graph package
if: needs.release-please.outputs.trust-graph-release-created
uses: softprops/action-gh-release@v1 uses: softprops/action-gh-release@v1
with: with:
name: trust-graph ${{ env.RELEASE_VERSION }} files: trust-graph.tar.gz
tag_name: ${{ env.RELEASE_VERSION }} tag_name: ${{ needs.release-please.outputs.trust-graph-tag-name }}
files: |
./trust-graph.tar.gz
body: ${{steps.changelog.outputs.changelog}}
draft: false
prerelease: false
fail_on_unmatched_files: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
### Publish Aqua API
- name: Publish Aqua API to NPM
run: |
npm version ${{ env.RELEASE_VERSION }}
npm publish --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
working-directory: ./aqua
## Update node-distro repo
- name: Calculate SHA256
run: |
du -hs trust-graph.tar.gz
echo $(sha256sum trust-graph.tar.gz)
echo "SHA256=$(sha256sum trust-graph.tar.gz | awk '{ print $1 }')" >> $GITHUB_ENV
- name: Get tar.gz URL
id: package-url
uses: actions/github-script@v4
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
result-encoding: string
script: |
try {
let assets = await github.repos.listReleaseAssets({
owner: context.repo.owner,
repo: context.repo.repo,
release_id: "${{ steps.release.outputs.id }}",
});
console.dir(assets);
let package = assets.data.find((a) => a.name === 'trust-graph.tar.gz');
let url = package.browser_download_url;
console.log("URL: " + url);
return url;
} catch (e) {
console.log("Err: " + e);
throw e;
}
- name: Update version in node-distro repo - name: Update version in node-distro repo
if: needs.release-please.outputs.trust-graph-release-created
uses: benc-uk/workflow-dispatch@v1 uses: benc-uk/workflow-dispatch@v1
with: with:
workflow: update_service workflow: update_service
repo: fluencelabs/node-distro repo: fluencelabs/node-distro
ref: 'main' ref: "main"
token: ${{ secrets.PERSONAL_TOKEN }} token: ${{ secrets.PERSONAL_TOKEN }}
inputs: '{ inputs: '{
"name": "trust-graph", "name": "trust-graph",
"version": "${{ env.RELEASE_VERSION }}", "version": "${{ needs.release-please.outputs.version }}",
"url": "${{ steps.package-url.outputs.result }}", "url": "https://github.com/fluencelabs/aqua-ipfs/releases/download/${{ needs.release-please.outputs.trust-graph-tag-name }}/trust-graph.tar.gz",
"sha256": "${{ env.SHA256 }}" "sha256": "${{ steps.sha.outputs.sha256 }}"
}' }'
- name: Log notice slack:
uses: actions/github-script@v4 if: always()
name: "Notify"
runs-on: ubuntu-latest
needs:
- release-please
- trust-graph
permissions:
contents: read
id-token: write
steps:
- uses: lwhiteley/dependent-jobs-result-check@v1
id: status
with: with:
github-token: ${{ secrets.GITHUB_TOKEN }} statuses: failure
script: | dependencies: ${{ tojson(needs) }}
console.dir(core);
core.info("trust-graph was updated to ${{ env.RELEASE_VERSION }} in node-distro repo"); - name: log output
run: |
echo "statuses:" "${{ steps.status.outputs.statuses }}"
echo "jobs:" "${{ steps.status.outputs.jobs }}"
echo "found any?:" "${{ steps.status.outputs.found }}"
- name: import secrets
uses: hashicorp/vault-action@v2.4.3
with:
url: https://vault.fluence.dev
path: jwt/github
role: ci
method: jwt
jwtgithubaudience: "https://github.com/fluencelabs"
jwtttl: 300
exporttoken: false
secrets: |
kv/slack/release-please webhook | slack_webhook_url
- uses: ravsamhq/notify-slack-action@v2
if: steps.status.outputs.found == 'true'
with:
status: "failure"
notification_title: "*{workflow}* has {status_message}"
message_format: "${{ steps.status.outputs.jobs }} {status_message} in <{repo_url}|{repo}>"
footer: "<{run_url}>"

View File

@ -1,25 +0,0 @@
name: "tag"
on:
workflow_dispatch:
jobs:
tag:
name: "Tag"
runs-on: "ubuntu-latest"
steps:
- uses: actions/checkout@v2
- name: Get branch
run: |
BRANCH=${GITHUB_REF#refs/*/}
SANITIZED=$(echo "$BRANCH" | sed -e 's/[^a-zA-Z0-9-]/-/g')
echo "BRANCH=$SANITIZED" >> $GITHUB_ENV
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v5.5
with:
append_to_pre_release_tag: ${{ env.BRANCH }}
github_token: ${{ secrets.PERSONAL_TOKEN }}