forked from apache/beam
-
Notifications
You must be signed in to change notification settings - Fork 3
162 lines (149 loc) · 6.46 KB
/
finalize_release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
name: finalize_release
# Workflow added after https://github.com/apache/beam/commit/4183e747becebd18becee5fff547af365910fc9c
# If help is needed debugging issues, you can view the release guide at that commit for guidance on how to do this manually.
# (https://github.com/apache/beam/blob/4183e747becebd18becee5fff547af365910fc9c/website/www/site/content/en/contribute/release-guide.md)
on:
workflow_dispatch:
inputs:
RELEASE:
description: Beam version of current release (e.g. 2.XX.0)
required: true
default: '2.XX.0'
RC:
description: Integer RC version for the release that we'd like to finalize (e.g. 3 for RC3)
required: true
PYPI_USER:
description: PyPi username to perform the PyPi upload with
required: false
PYPI_PASSWORD:
description: PyPi password to perform the PyPi upload with
required: false
PUSH_DOCKER_ARTIFACTS:
description: Whether to push SDK docker images to docker hub Apache organization. Should be yes unless you've already completed this step.
required: true
default: 'no'
PUBLISH_PYTHON_ARTIFACTS:
description: Whether to publish the python artifacts into PyPi. Should be yes unless you've already completed this step.
required: true
default: 'no'
TAG_RELEASE:
description: Whether to tag the release on GitHub. Should be yes unless you've already completed this step.
required: true
default: 'no'
env:
GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}
GRADLE_ENTERPRISE_CACHE_USERNAME: ${{ secrets.GE_CACHE_USERNAME }}
GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GE_CACHE_PASSWORD }}
permissions:
contents: write
pull-requests: write
jobs:
push_docker_artifacts:
if: ${{github.event.inputs.PUSH_DOCKER_ARTIFACTS == 'yes'}}
runs-on: [self-hosted, ubuntu-20.04, main]
steps:
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Publish to Docker
env:
RELEASE: "${{ github.event.inputs.RELEASE }}"
RC_NUM: "${{ github.event.inputs.RC }}"
RC_VERSION: "rc${{ github.event.inputs.RC }}"
run: |
echo "Publish SDK docker images to Docker Hub."
echo "================Pull RC Containers from DockerHub==========="
IMAGES=$(docker search apache/beam_ --format "{{.Name}}" --limit 100)
KNOWN_IMAGES=()
echo "We are using ${RC_VERSION} to push docker images for ${RELEASE}."
while read IMAGE; do
# Try pull verified RC from dockerhub.
if docker pull "${IMAGE}:${RELEASE}${RC_VERSION}" 2>/dev/null ; then
KNOWN_IMAGES+=( $IMAGE )
fi
done < <(echo "${IMAGES}")
echo "================Confirming Release and RC version==========="
echo "Publishing the following images:"
# Sort by name for easy examination
IFS=$'\n' KNOWN_IMAGES=($(sort <<<"${KNOWN_IMAGES[*]}"))
unset IFS
printf "%s\n" ${KNOWN_IMAGES[@]}
for IMAGE in "${KNOWN_IMAGES[@]}"; do
# Perform a carbon copy of ${RC_VERSION} to dockerhub with a new tag as ${RELEASE}.
docker buildx imagetools create --tag "${IMAGE}:${RELEASE}" "${IMAGE}:${RELEASE}${RC_VERSION}"
# Perform a carbon copy of ${RC_VERSION} to dockerhub with a new tag as latest.
docker buildx imagetools create --tag "${IMAGE}:latest" "${IMAGE}:${RELEASE}"
done
publish_python_artifacts:
if: ${{github.event.inputs.PUBLISH_PYTHON_ARTIFACTS == 'yes'}}
runs-on: [self-hosted, ubuntu-20.04, main]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Mask PyPi password
run: |
# Workaround for Actions bug - https://github.com/actions/runner/issues/643
PYPI_PASSWORD=$(jq -r '.inputs.PYPI_PASSWORD' $GITHUB_EVENT_PATH)
echo "::add-mask::$PYPI_PASSWORD"
- name: Validate PyPi id/password
run: |
if [ "${{ github.event.inputs.PYPI_USER }}" == "" ]
then
echo "Must provide a PyPi username to publish artifacts to PyPi"
exit 1
fi
if [ "${{ github.event.inputs.PYPI_PASSWORD }}" == "" ]
then
echo "Must provide a PyPi password to publish artifacts to PyPi"
exit 1
fi
- name: Setup environment
uses: ./.github/actions/setup-environment-action
with:
python-version: 3.11
- name: Install dependencies
run: |
pip install python-dateutil
pip install requests
pip install twine
- name: Deploy to Pypi
env:
RELEASE: "${{ github.event.inputs.RELEASE }}"
run: |
wget -r --no-parent -A tar.gz,whl "https://dist.apache.org/repos/dist/dev/beam/${RELEASE}/python"
cd "dist.apache.org/repos/dist/dev/beam/${RELEASE}/python/"
echo "Will upload the following files to PyPI:"
ls
twine upload * -u "${{ github.event.inputs.PYPI_USER }}" -p "${{ github.event.inputs.PYPI_PASSWORD }}"
push_git_tags:
if: ${{github.event.inputs.TAG_RELEASE == 'yes'}}
runs-on: [self-hosted, ubuntu-20.04, main]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set git config
run: |
git config user.name $GITHUB_ACTOR
git config user.email actions@"$RUNNER_NAME".local
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
- name: Push tags
env:
VERSION_TAG: "v${{ github.event.inputs.RELEASE }}"
RC_TAG: "v${{ github.event.inputs.RELEASE }}-RC${{ github.event.inputs.RC }}"
run: |
# Ensure local tags are in sync. If there's a mismatch, it will tell you.
git fetch --all --tags --prune
# If the tag exists, a commit number is produced, otherwise there's an error.
git rev-list $RC_TAG -n 1
# Tag for Go SDK
git tag "sdks/$VERSION_TAG" "$RC_TAG" -m "Tagging release" --local-user="${{steps.import_gpg.outputs.name}}"
git push https://github.com/apache/beam "sdks/$VERSION_TAG"
# Tag for repo root.
git tag "$VERSION_TAG" "$RC_TAG" -m "Tagging release" --local-user="${{steps.import_gpg.outputs.name}}"
git push https://github.com/apache/beam "$VERSION_TAG"