From 3f49fe224ee30b98acdbf3898d179e25089d3428 Mon Sep 17 00:00:00 2001 From: Skylar Simoncelli <128400943+skylar-simoncelli@users.noreply.github.com> Date: Thu, 14 Nov 2024 11:47:14 +0100 Subject: [PATCH 01/10] fix: permissions --- .github/workflows/publish.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 70699d5c0..d5de2e13f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -12,6 +12,11 @@ on: required: true type: string +permissions: + id-token: write + contents: write + packages: write + jobs: build-and-publish-ghcr: permissions: @@ -45,4 +50,4 @@ jobs: with: tag: ${{ inputs.tag }} env: - GITHUB_TOKEN: ${{ github.token }} \ No newline at end of file + GITHUB_TOKEN: ${{ github.token }} From a93febc5c5a38c2ad2ae72fd390ef0986a7fbd64 Mon Sep 17 00:00:00 2001 From: Skylar Simoncelli <128400943+skylar-simoncelli@users.noreply.github.com> Date: Thu, 14 Nov 2024 11:47:40 +0100 Subject: [PATCH 02/10] fix: PAT --- .github/workflows/cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 09dc3c1b9..aabf5e3f0 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -435,7 +435,7 @@ jobs: - name: Trigger Publish Workflow run: | curl -X POST \ - -H "Authorization: token ${{ secrets.ACTIONS_PAT }}" \ + -H "Authorization: token ${{ secrets.ACTIONS_PUBLISH_PAT }}" \ -H "Accept: application/vnd.github.v3+json" \ https://api.github.com/repos/${{ github.repository }}/actions/workflows/publish.yml/dispatches \ -d '{"ref": "main", "inputs": {"sha": "${{ github.sha }}", "tag": "${{ github.ref }}"}}' From d5aa05200e0ff4a1609382748f160dff1b624c50 Mon Sep 17 00:00:00 2001 From: Skylar Simoncelli <128400943+skylar-simoncelli@users.noreply.github.com> Date: Thu, 14 Nov 2024 12:15:00 +0100 Subject: [PATCH 03/10] fix: append -rc --- .github/actions/release/create-draft-release/action.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/actions/release/create-draft-release/action.yml b/.github/actions/release/create-draft-release/action.yml index 4653e3459..fe69ff2fe 100644 --- a/.github/actions/release/create-draft-release/action.yml +++ b/.github/actions/release/create-draft-release/action.yml @@ -79,6 +79,7 @@ runs: if: ${{ steps.check_release.outputs.release_exists == 'false' }} run: | tag="${{ inputs.tag }}" + release_name="${tag}-rc" release_body="### Pre-release candidate for version $tag\n\n" release_body+="This is a draft pre-release candidate for release $tag that is undergoing testing. The current testing status is:\n\n" release_body+="- [x] Local environment\n" @@ -87,7 +88,7 @@ runs: release_body+="Please note: this release is not yet fully verified and is pending further testing.\n" release_response=$(curl -s -X POST -H "Authorization: token ${{ env.GITHUB_TOKEN }}" \ - -d '{"tag_name": "'$tag'", "name": "'$tag'", "body": "'"$release_body"'", "draft": true, "generate_release_notes": true, "prerelease": true}' \ + -d '{"tag_name": "'$tag'", "name": "'$release_name'", "body": "'"$release_body"'", "draft": true, "generate_release_notes": true, "prerelease": true}' \ "https://api.github.com/repos/${{ github.repository }}/releases") echo "release_id=$(echo $release_response | jq -r .id)" >> $GITHUB_ENV echo "::set-output name=release_id::$(echo $release_response | jq -r .id)" From dce96255c4b534827030d88a5c8e9dc299d7b4c1 Mon Sep 17 00:00:00 2001 From: Skylar Simoncelli <128400943+skylar-simoncelli@users.noreply.github.com> Date: Thu, 14 Nov 2024 12:16:42 +0100 Subject: [PATCH 04/10] fix: remove -rc --- .../release/publish-draft-release/action.yml | 44 +++++-------------- 1 file changed, 12 insertions(+), 32 deletions(-) diff --git a/.github/actions/release/publish-draft-release/action.yml b/.github/actions/release/publish-draft-release/action.yml index fa883b122..dfef14ad2 100644 --- a/.github/actions/release/publish-draft-release/action.yml +++ b/.github/actions/release/publish-draft-release/action.yml @@ -23,9 +23,7 @@ runs: tag="${{ inputs.tag }}" release_response=$(curl -s -H "Authorization: token ${{ env.GITHUB_TOKEN }}" \ "https://api.github.com/repos/${{ github.repository }}/releases?per_page=100") - release_id=$(echo "$release_response" | jq -r '.[] | select(.tag_name=="'"$tag"'") | .id') - if [ -z "$release_id" ] || [ "$release_id" == "null" ]; then echo "release_exists=false" >> "$GITHUB_OUTPUT" echo "release_id=" >> "$GITHUB_OUTPUT" @@ -40,45 +38,27 @@ runs: set -e if [[ "${{ steps.check_release.outputs.release_exists }}" == "true" ]]; then release_id="${{ steps.check_release.outputs.release_id }}" - - # Set draft to false + release_data=$(curl -s -H "Authorization: token ${{ env.GITHUB_TOKEN }}" \ + "https://api.github.com/repos/${{ github.repository }}/releases/$release_id") + current_body=$(echo "$release_data" | jq -r .body) + updated_body=$(echo "$current_body" | \ + sed 's/- \[ \] Staging preview environment/- [x] Staging preview environment/g' | \ + sed 's/This is a draft pre-release candidate/This is a pre-release candidate/g') + json_data=$(jq -n \ + --arg name "$tag" \ + --arg body "$updated_body" \ + '{"draft": false, "name": $name, "body": $body}') response=$(curl -s -X PATCH -H "Authorization: token ${{ env.GITHUB_TOKEN }}" \ - -d '{"draft": false}' \ + -d "$json_data" \ "https://api.github.com/repos/${{ github.repository }}/releases/$release_id") - echo "Response: $response" - - # Verify the release was updated if echo "$response" | jq -e '.id' >/dev/null; then echo "Release updated successfully" else echo "Failed to update release" exit 1 fi - - # Extract the current release body - current_body=$(echo "$response" | jq -r .body) - - # Perform the desired replacements - updated_body=$(echo "$current_body" | \ - sed 's/- \[ \] Staging preview environment/- [x] Staging preview environment/g' | \ - sed 's/This is a draft pre-release/This is a pre-release/g') - - # Update the release body with the modified content - updated_response=$(curl -s -X PATCH -H "Authorization: token ${{ env.GITHUB_TOKEN }}" \ - -d '{"body": "'"$updated_body"'"}' \ - "https://api.github.com/repos/${{ github.repository }}/releases/$release_id") - - echo "Body Update Response: $updated_response" - - # Verify the release body was updated - if echo "$updated_response" | jq -e '.body' >/dev/null; then - echo "Release body updated successfully" - else - echo "Failed to update release body" - exit 1 - fi else echo "Release does not exist, skipping publish step." fi - shell: bash \ No newline at end of file + shell: bash From 5c27a0574b4c3153d946b79d09af6cc004633e53 Mon Sep 17 00:00:00 2001 From: Skylar Simoncelli <128400943+skylar-simoncelli@users.noreply.github.com> Date: Thu, 14 Nov 2024 12:28:10 +0100 Subject: [PATCH 05/10] fix: publish --- .github/workflows/cd.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index aabf5e3f0..ac37d0de6 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -420,7 +420,7 @@ jobs: threads: 1 publish: - if: ${{ github.event.inputs.no-release != 'true' && (github.event.inputs.no-tests == 'true' || needs.run-all-tests-on-n2-epoch.result == 'success') }} + if: ${{ always() && github.event.inputs.no-release != 'true' && (github.event.inputs.no-tests == 'true' || needs.run-all-tests-on-n2-epoch.result == 'success') }} permissions: id-token: write contents: write @@ -440,6 +440,7 @@ jobs: https://api.github.com/repos/${{ github.repository }}/actions/workflows/publish.yml/dispatches \ -d '{"ref": "main", "inputs": {"sha": "${{ github.sha }}", "tag": "${{ github.ref }}"}}' + # deploy-staging-preprod: # if: ${{ github.event.inputs.no-deploy != 'true' }} # permissions: From 9dcfc0ed207551ca03ca04fd5d87f2143776c8b1 Mon Sep 17 00:00:00 2001 From: Skylar Simoncelli <128400943+skylar-simoncelli@users.noreply.github.com> Date: Thu, 14 Nov 2024 13:01:35 +0100 Subject: [PATCH 06/10] Update cd.yml --- .github/workflows/cd.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index ac37d0de6..3951ef460 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -435,11 +435,10 @@ jobs: - name: Trigger Publish Workflow run: | curl -X POST \ - -H "Authorization: token ${{ secrets.ACTIONS_PUBLISH_PAT }}" \ + -H "Authorization: token ${{ secrets.ACTIONS_PAT }}" \ -H "Accept: application/vnd.github.v3+json" \ https://api.github.com/repos/${{ github.repository }}/actions/workflows/publish.yml/dispatches \ - -d '{"ref": "main", "inputs": {"sha": "${{ github.sha }}", "tag": "${{ github.ref }}"}}' - + -d '{"ref": "${{ github.ref_name }}", "inputs": {"sha": "${{ github.sha }}", "tag": "${{ inputs.tag }}"}}' # deploy-staging-preprod: # if: ${{ github.event.inputs.no-deploy != 'true' }} From 301866095cb6d2776c151ca6da8165799e9c1b18 Mon Sep 17 00:00:00 2001 From: Skylar Simoncelli <128400943+skylar-simoncelli@users.noreply.github.com> Date: Thu, 14 Nov 2024 13:32:57 +0100 Subject: [PATCH 07/10] Update cd.yml --- .github/workflows/cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 3951ef460..8a83f6949 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -435,7 +435,7 @@ jobs: - name: Trigger Publish Workflow run: | curl -X POST \ - -H "Authorization: token ${{ secrets.ACTIONS_PAT }}" \ + -H "Authorization: token ${{ secrets.ACTIONS_PUBLISH_PAT }}" \ -H "Accept: application/vnd.github.v3+json" \ https://api.github.com/repos/${{ github.repository }}/actions/workflows/publish.yml/dispatches \ -d '{"ref": "${{ github.ref_name }}", "inputs": {"sha": "${{ github.sha }}", "tag": "${{ inputs.tag }}"}}' From f4da66dd01fa6f99a4b6a5cd007052356fade06c Mon Sep 17 00:00:00 2001 From: Skylar Simoncelli <128400943+skylar-simoncelli@users.noreply.github.com> Date: Thu, 14 Nov 2024 13:35:43 +0100 Subject: [PATCH 08/10] feat: repository_dispatch 1 --- .github/workflows/cd.yml | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 8a83f6949..c19506c91 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -420,25 +420,28 @@ jobs: threads: 1 publish: - if: ${{ always() && github.event.inputs.no-release != 'true' && (github.event.inputs.no-tests == 'true' || needs.run-all-tests-on-n2-epoch.result == 'success') }} - permissions: - id-token: write - contents: write - packages: write + if: ${{ github.event.inputs.no-release != 'true' && (github.event.inputs.no-tests == 'true' || needs.run-all-tests-on-n2-epoch.result == 'success') }} + runs-on: ubuntu-latest needs: - build-linux - build-macos-x86_64 - build-macos-arm64 - run-all-tests-on-n2-epoch - runs-on: ubuntu-latest steps: - - name: Trigger Publish Workflow + - name: Trigger Publish Workflow via Repository Dispatch run: | curl -X POST \ -H "Authorization: token ${{ secrets.ACTIONS_PUBLISH_PAT }}" \ -H "Accept: application/vnd.github.v3+json" \ - https://api.github.com/repos/${{ github.repository }}/actions/workflows/publish.yml/dispatches \ - -d '{"ref": "${{ github.ref_name }}", "inputs": {"sha": "${{ github.sha }}", "tag": "${{ inputs.tag }}"}}' + https://api.github.com/repos/${{ github.repository }}/dispatches \ + -d '{ + "event_type": "publish", + "client_payload": { + "sha": "${{ github.sha }}", + "tag": "${{ inputs.tag }}", + "skip_release": "${{ github.event.inputs.no-release }}" + } + }' # deploy-staging-preprod: # if: ${{ github.event.inputs.no-deploy != 'true' }} From 263cfb2a3ac96f800eaf38ad690248c24aa6d53f Mon Sep 17 00:00:00 2001 From: Skylar Simoncelli <128400943+skylar-simoncelli@users.noreply.github.com> Date: Thu, 14 Nov 2024 13:36:35 +0100 Subject: [PATCH 09/10] feat: repository_dispatch 2 --- .github/workflows/publish.yml | 37 ++++++++++++----------------------- 1 file changed, 13 insertions(+), 24 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index d5de2e13f..f52fd5f95 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,16 +1,8 @@ -name: Publish the draft release created by cd.yml, and upload GHCR image +name: Publish the Draft Release on: - workflow_dispatch: - inputs: - sha: - description: 'The SHA of the commit to build' - required: true - type: string - tag: - description: 'The tag for the release' - required: true - type: string + repository_dispatch: + types: [publish] permissions: id-token: write @@ -19,35 +11,32 @@ permissions: jobs: build-and-publish-ghcr: - permissions: - id-token: write - contents: write - packages: write + if: ${{ github.event.client_payload.skip_release != 'true' }} runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 + - name: Build and Publish to GHCR uses: ./.github/actions/images/build-and-publish-ghcr with: - sha: ${{ inputs.sha }} - tag: ${{ inputs.tag }} + sha: ${{ github.event.client_payload.sha }} + tag: ${{ github.event.client_payload.tag }} env: GITHUB_ACTOR: ${{ github.actor }} - GITHUB_TOKEN: ${{ github.token }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} publish-release: - permissions: - id-token: write - contents: write - packages: write + if: ${{ github.event.client_payload.skip_release != 'true' }} + needs: build-and-publish-ghcr runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 + - name: Publish Release uses: ./.github/actions/release/publish-draft-release with: - tag: ${{ inputs.tag }} + tag: ${{ github.event.client_payload.tag }} env: - GITHUB_TOKEN: ${{ github.token }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 604e8d1424fe0cf853d2524e1f45e753168724b9 Mon Sep 17 00:00:00 2001 From: Skylar Simoncelli <128400943+skylar-simoncelli@users.noreply.github.com> Date: Thu, 14 Nov 2024 14:25:51 +0100 Subject: [PATCH 10/10] fix: always --- .github/workflows/cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index c19506c91..69daa7ac1 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -420,7 +420,7 @@ jobs: threads: 1 publish: - if: ${{ github.event.inputs.no-release != 'true' && (github.event.inputs.no-tests == 'true' || needs.run-all-tests-on-n2-epoch.result == 'success') }} + if: ${{ always() && github.event.inputs.no-release != 'true' && (github.event.inputs.no-tests == 'true' || needs.run-all-tests-on-n2-epoch.result == 'success') }} runs-on: ubuntu-latest needs: - build-linux