Automate release process

This commit is contained in:
Anmol Sethi 2020-05-08 03:08:30 -04:00
parent 4590c3a3db
commit 231e31656a
No known key found for this signature in database
GPG Key ID: 8CEF1878FF10ADEB
9 changed files with 125 additions and 22 deletions

View File

@ -81,7 +81,7 @@ jobs:
- run: ./ci/steps/release-static.sh - run: ./ci/steps/release-static.sh
env: env:
# Otherwise we get rate limited when fetching the ripgrep binary. # Otherwise we get rate limited when fetching the ripgrep binary.
GITHUB_TOKEN: ${{ secrets.github_token }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload release artifacts - name: Upload release artifacts
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:

41
.github/workflows/publish.yaml vendored Normal file
View File

@ -0,0 +1,41 @@
name: publish
on:
release:
types: [published]
jobs:
npm:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Run ./ci/steps/publish-npm.sh
uses: ./ci/container
with:
args: ./ci/steps/publish-npm.sh
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
docker-amd64:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Run ./ci/steps/publish-docker.sh
uses: ./ci/container
with:
args: ./ci/steps/publish-docker.sh
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
docker-arm64:
runs-on: ubuntu-arm64-latest
steps:
- uses: actions/checkout@v1
- name: Run ./ci/steps/publish-docker.sh
uses: ./ci/container
with:
args: ./ci/steps/publish-docker.sh
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}

View File

@ -8,17 +8,15 @@ Any file and directory added into this tree should be documented here.
## Publishing a release ## Publishing a release
1. Change the version of code-server in `package.json` and push this commit. 1. Update the version of code-server in `package.json` and push a commit
1. CI will run and generate an NPM package and release packages that you can download 1. CI will run and generate the `npm-package` and `release-packages` artifacts on the GH actions workflow
as artifacts on Github Actions. 1. Create a new draft release and attach all the files in `release-packages`
1. Create a new draft release with the built release packages. 1. Run some basic sanity tests on one of the released packages
1. Run some basic sanity tests on one of the released packages. 1. Publish the release
1. Publish. 1. CI will automatically grab the artifacts and then
1. Download the built npm package and publish it. 1. Publish the NPM package.
1. Place the debian releases into `./release-packages` and then push the docker 1. Publish the AMD64 docker image.
image with `./ci/release-container/push.sh`. 1. Publish the ARM64 docker image.
1. This will need to be ran on an ARM64 instance as well.
1. At some point we need to automate this.
## dev ## dev
@ -95,3 +93,10 @@ Just helps avoid clobbering .travis.yml.
- Generates the npm package at `./release` - Generates the npm package at `./release`
- [./steps/static-release.sh](./steps/static-release.sh) - [./steps/static-release.sh](./steps/static-release.sh)
- Takes the output of the previous script and generates a static release and packages - Takes the output of the previous script and generates a static release and packages
- [./steps/lib.sh](./steps/lib.sh)
- Contains helpers to download artifacts from github actions workflow runs
- [./steps/publish-npm.sh](./steps/publish-npm.sh)
- Grabs the `npm-package` release artifact for the current commit and publishes it on NPM
- [./steps/publish-docker.sh](./steps/publish-docker.sh)
- Grabs the `release-packages` release artifact for the current commit and builds a docker
image with it and publishes that onto docker hub

View File

@ -6,11 +6,11 @@ RUN apt-get update
RUN apt-get install -y curl gnupg RUN apt-get install -y curl gnupg
# Installs node. # Installs node.
RUN curl -sL https://deb.nodesource.com/setup_14.x | bash - && \ RUN curl -sSL https://deb.nodesource.com/setup_14.x | bash - && \
apt-get install -y nodejs apt-get install -y nodejs
# Installs yarn. # Installs yarn.
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ RUN curl -sSL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \ echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
apt-get update && apt-get install -y yarn apt-get update && apt-get install -y yarn
@ -27,14 +27,14 @@ RUN apt-get install -y gettext-base
RUN apt-get install -y jq git rsync RUN apt-get install -y jq git rsync
# Installs shellcheck. # Installs shellcheck.
RUN curl -L https://github.com/koalaman/shellcheck/releases/download/v0.7.1/shellcheck-v0.7.1.linux.$(uname -m).tar.xz | \ RUN curl -sSL https://github.com/koalaman/shellcheck/releases/download/v0.7.1/shellcheck-v0.7.1.linux.$(uname -m).tar.xz | \
tar -xJ && \ tar -xJ && \
mv shellcheck*/shellcheck /usr/local/bin && \ mv shellcheck*/shellcheck /usr/local/bin && \
rm -R shellcheck* rm -R shellcheck*
# Install Go dependencies # Install Go dependencies
RUN ARCH="$(dpkg --print-architecture)" && \ RUN ARCH="$(dpkg --print-architecture)" && \
curl "https://dl.google.com/go/go1.14.2.linux-$ARCH.tar.gz" | tar -C /usr/local -xz curl -sSL "https://dl.google.com/go/go1.14.2.linux-$ARCH.tar.gz" | tar -C /usr/local -xz
ENV PATH=/usr/local/go/bin:/root/go/bin:$PATH ENV PATH=/usr/local/go/bin:/root/go/bin:$PATH
ENV GO111MODULE=on ENV GO111MODULE=on
RUN go get mvdan.cc/sh/v3/cmd/shfmt RUN go get mvdan.cc/sh/v3/cmd/shfmt

View File

@ -28,14 +28,14 @@ RUN adduser --gecos '' --disabled-password coder && \
echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
RUN ARCH="$(dpkg --print-architecture)" && \ RUN ARCH="$(dpkg --print-architecture)" && \
curl -L "https://github.com/boxboat/fixuid/releases/download/v0.4.1/fixuid-0.4.1-linux-$ARCH.tar.gz" | tar -C /usr/local/bin -xzf - && \ curl -sSL "https://github.com/boxboat/fixuid/releases/download/v0.4.1/fixuid-0.4.1-linux-$ARCH.tar.gz" | tar -C /usr/local/bin -xzf - && \
chown root:root /usr/local/bin/fixuid && \ chown root:root /usr/local/bin/fixuid && \
chmod 4755 /usr/local/bin/fixuid && \ chmod 4755 /usr/local/bin/fixuid && \
mkdir -p /etc/fixuid && \ mkdir -p /etc/fixuid && \
printf "user: coder\ngroup: coder\n" > /etc/fixuid/config.yml printf "user: coder\ngroup: coder\n" > /etc/fixuid/config.yml
COPY release-packages/code-server*.deb /tmp/ COPY release-packages/code-server*.deb /tmp/
RUN dpkg -i /tmp/code-server*.deb && rm /tmp/code-server*.deb RUN dpkg -i /tmp/code-server*-$(dpkg --print-architecture).deb && rm /tmp/code-server*.deb
EXPOSE 8080 EXPOSE 8080
USER coder USER coder

View File

@ -7,10 +7,6 @@ main() {
source ./ci/lib.sh source ./ci/lib.sh
VERSION="$(pkg_json_version)" VERSION="$(pkg_json_version)"
if [[ ${CI-} ]]; then
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
fi
imageTag="codercom/code-server:$VERSION" imageTag="codercom/code-server:$VERSION"
if [[ $(arch) == "arm64" ]]; then if [[ $(arch) == "arm64" ]]; then
imageTag+="-arm64" imageTag+="-arm64"

29
ci/steps/lib.sh Executable file
View File

@ -0,0 +1,29 @@
#!/usr/bin/env bash
source ./ci/lib.sh
# Grabs the most recent ci.yaml github workflow run that was successful and triggered from the same commit being pushd.
# This will contain the artifacts we want.
# https://developer.github.com/v3/actions/workflow-runs/#list-workflow-runs
get_artifacts_url() {
curl -sSL 'https://api.github.com/repos/cdr/code-server/actions/workflows/ci.yaml/runs?status=success&event=push' | jq -r ".workflow_runs[] | select(.head_sha == \"$(git rev-parse HEAD)\") | .artifacts_url" | head -n 1
}
# Grabs the artifact's download url.
# https://developer.github.com/v3/actions/artifacts/#list-workflow-run-artifacts
get_artifact_url() {
local artifact_name="$1"
curl -sSL "$(get_artifacts_url)" | jq -r ".artifacts[] | select(.name == \"$artifact_name\") | .archive_download_url" | head -n 1
}
# Uses the above two functions to download a artifact into a directory.
download_artifact() {
local artifact_name="$1"
local dst="$2"
local tmp_file
tmp_file="$(mktemp)"
curl -sSL "$(get_artifact_url "$artifact_name")" > "$tmp_file"
unzip -o "$tmp_file" -d "$dst"
rm "$tmp_file"
}

16
ci/steps/publish-docker.sh Executable file
View File

@ -0,0 +1,16 @@
#!/usr/bin/env bash
set -euo pipefail
main() {
cd "$(dirname "$0")/../.."
source ./ci/steps/lib.sh
if [[ ${CI-} ]]; then
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
fi
download_artifact release-packages ./release-packages
./ci/release-container/push.sh
}
main "$@"

16
ci/steps/publish-npm.sh Executable file
View File

@ -0,0 +1,16 @@
#!/usr/bin/env bash
set -euo pipefail
main() {
cd "$(dirname "$0")/../.."
source ./ci/steps/lib.sh
if [[ ${CI-} ]]; then
echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc
fi
download_artifact npm-package ./release
yarn publish --non-interactive release
}
main "$@"