Automate release process
This commit is contained in:
parent
4590c3a3db
commit
231e31656a
2
.github/workflows/ci.yaml
vendored
2
.github/workflows/ci.yaml
vendored
@ -81,7 +81,7 @@ jobs:
|
|||||||
- run: ./ci/steps/release-static.sh
|
- run: ./ci/steps/release-static.sh
|
||||||
env:
|
env:
|
||||||
# Otherwise we get rate limited when fetching the ripgrep binary.
|
# Otherwise we get rate limited when fetching the ripgrep binary.
|
||||||
GITHUB_TOKEN: ${{ secrets.github_token }}
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
- name: Upload release artifacts
|
- name: Upload release artifacts
|
||||||
uses: actions/upload-artifact@v2
|
uses: actions/upload-artifact@v2
|
||||||
with:
|
with:
|
||||||
|
41
.github/workflows/publish.yaml
vendored
Normal file
41
.github/workflows/publish.yaml
vendored
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
name: publish
|
||||||
|
|
||||||
|
on:
|
||||||
|
release:
|
||||||
|
types: [published]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
npm:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v1
|
||||||
|
- name: Run ./ci/steps/publish-npm.sh
|
||||||
|
uses: ./ci/container
|
||||||
|
with:
|
||||||
|
args: ./ci/steps/publish-npm.sh
|
||||||
|
env:
|
||||||
|
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|
||||||
|
|
||||||
|
docker-amd64:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v1
|
||||||
|
- name: Run ./ci/steps/publish-docker.sh
|
||||||
|
uses: ./ci/container
|
||||||
|
with:
|
||||||
|
args: ./ci/steps/publish-docker.sh
|
||||||
|
env:
|
||||||
|
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||||
|
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
|
||||||
|
|
||||||
|
docker-arm64:
|
||||||
|
runs-on: ubuntu-arm64-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v1
|
||||||
|
- name: Run ./ci/steps/publish-docker.sh
|
||||||
|
uses: ./ci/container
|
||||||
|
with:
|
||||||
|
args: ./ci/steps/publish-docker.sh
|
||||||
|
env:
|
||||||
|
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||||
|
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
|
27
ci/README.md
27
ci/README.md
@ -8,17 +8,15 @@ Any file and directory added into this tree should be documented here.
|
|||||||
|
|
||||||
## Publishing a release
|
## Publishing a release
|
||||||
|
|
||||||
1. Change the version of code-server in `package.json` and push this commit.
|
1. Update the version of code-server in `package.json` and push a commit
|
||||||
1. CI will run and generate an NPM package and release packages that you can download
|
1. CI will run and generate the `npm-package` and `release-packages` artifacts on the GH actions workflow
|
||||||
as artifacts on Github Actions.
|
1. Create a new draft release and attach all the files in `release-packages`
|
||||||
1. Create a new draft release with the built release packages.
|
1. Run some basic sanity tests on one of the released packages
|
||||||
1. Run some basic sanity tests on one of the released packages.
|
1. Publish the release
|
||||||
1. Publish.
|
1. CI will automatically grab the artifacts and then
|
||||||
1. Download the built npm package and publish it.
|
1. Publish the NPM package.
|
||||||
1. Place the debian releases into `./release-packages` and then push the docker
|
1. Publish the AMD64 docker image.
|
||||||
image with `./ci/release-container/push.sh`.
|
1. Publish the ARM64 docker image.
|
||||||
1. This will need to be ran on an ARM64 instance as well.
|
|
||||||
1. At some point we need to automate this.
|
|
||||||
|
|
||||||
## dev
|
## dev
|
||||||
|
|
||||||
@ -95,3 +93,10 @@ Just helps avoid clobbering .travis.yml.
|
|||||||
- Generates the npm package at `./release`
|
- Generates the npm package at `./release`
|
||||||
- [./steps/static-release.sh](./steps/static-release.sh)
|
- [./steps/static-release.sh](./steps/static-release.sh)
|
||||||
- Takes the output of the previous script and generates a static release and packages
|
- Takes the output of the previous script and generates a static release and packages
|
||||||
|
- [./steps/lib.sh](./steps/lib.sh)
|
||||||
|
- Contains helpers to download artifacts from github actions workflow runs
|
||||||
|
- [./steps/publish-npm.sh](./steps/publish-npm.sh)
|
||||||
|
- Grabs the `npm-package` release artifact for the current commit and publishes it on NPM
|
||||||
|
- [./steps/publish-docker.sh](./steps/publish-docker.sh)
|
||||||
|
- Grabs the `release-packages` release artifact for the current commit and builds a docker
|
||||||
|
image with it and publishes that onto docker hub
|
||||||
|
@ -6,11 +6,11 @@ RUN apt-get update
|
|||||||
RUN apt-get install -y curl gnupg
|
RUN apt-get install -y curl gnupg
|
||||||
|
|
||||||
# Installs node.
|
# Installs node.
|
||||||
RUN curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
|
RUN curl -sSL https://deb.nodesource.com/setup_14.x | bash - && \
|
||||||
apt-get install -y nodejs
|
apt-get install -y nodejs
|
||||||
|
|
||||||
# Installs yarn.
|
# Installs yarn.
|
||||||
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
|
RUN curl -sSL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
|
||||||
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
|
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
|
||||||
apt-get update && apt-get install -y yarn
|
apt-get update && apt-get install -y yarn
|
||||||
|
|
||||||
@ -27,14 +27,14 @@ RUN apt-get install -y gettext-base
|
|||||||
RUN apt-get install -y jq git rsync
|
RUN apt-get install -y jq git rsync
|
||||||
|
|
||||||
# Installs shellcheck.
|
# Installs shellcheck.
|
||||||
RUN curl -L https://github.com/koalaman/shellcheck/releases/download/v0.7.1/shellcheck-v0.7.1.linux.$(uname -m).tar.xz | \
|
RUN curl -sSL https://github.com/koalaman/shellcheck/releases/download/v0.7.1/shellcheck-v0.7.1.linux.$(uname -m).tar.xz | \
|
||||||
tar -xJ && \
|
tar -xJ && \
|
||||||
mv shellcheck*/shellcheck /usr/local/bin && \
|
mv shellcheck*/shellcheck /usr/local/bin && \
|
||||||
rm -R shellcheck*
|
rm -R shellcheck*
|
||||||
|
|
||||||
# Install Go dependencies
|
# Install Go dependencies
|
||||||
RUN ARCH="$(dpkg --print-architecture)" && \
|
RUN ARCH="$(dpkg --print-architecture)" && \
|
||||||
curl "https://dl.google.com/go/go1.14.2.linux-$ARCH.tar.gz" | tar -C /usr/local -xz
|
curl -sSL "https://dl.google.com/go/go1.14.2.linux-$ARCH.tar.gz" | tar -C /usr/local -xz
|
||||||
ENV PATH=/usr/local/go/bin:/root/go/bin:$PATH
|
ENV PATH=/usr/local/go/bin:/root/go/bin:$PATH
|
||||||
ENV GO111MODULE=on
|
ENV GO111MODULE=on
|
||||||
RUN go get mvdan.cc/sh/v3/cmd/shfmt
|
RUN go get mvdan.cc/sh/v3/cmd/shfmt
|
||||||
|
@ -28,14 +28,14 @@ RUN adduser --gecos '' --disabled-password coder && \
|
|||||||
echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
|
echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
|
||||||
|
|
||||||
RUN ARCH="$(dpkg --print-architecture)" && \
|
RUN ARCH="$(dpkg --print-architecture)" && \
|
||||||
curl -L "https://github.com/boxboat/fixuid/releases/download/v0.4.1/fixuid-0.4.1-linux-$ARCH.tar.gz" | tar -C /usr/local/bin -xzf - && \
|
curl -sSL "https://github.com/boxboat/fixuid/releases/download/v0.4.1/fixuid-0.4.1-linux-$ARCH.tar.gz" | tar -C /usr/local/bin -xzf - && \
|
||||||
chown root:root /usr/local/bin/fixuid && \
|
chown root:root /usr/local/bin/fixuid && \
|
||||||
chmod 4755 /usr/local/bin/fixuid && \
|
chmod 4755 /usr/local/bin/fixuid && \
|
||||||
mkdir -p /etc/fixuid && \
|
mkdir -p /etc/fixuid && \
|
||||||
printf "user: coder\ngroup: coder\n" > /etc/fixuid/config.yml
|
printf "user: coder\ngroup: coder\n" > /etc/fixuid/config.yml
|
||||||
|
|
||||||
COPY release-packages/code-server*.deb /tmp/
|
COPY release-packages/code-server*.deb /tmp/
|
||||||
RUN dpkg -i /tmp/code-server*.deb && rm /tmp/code-server*.deb
|
RUN dpkg -i /tmp/code-server*-$(dpkg --print-architecture).deb && rm /tmp/code-server*.deb
|
||||||
|
|
||||||
EXPOSE 8080
|
EXPOSE 8080
|
||||||
USER coder
|
USER coder
|
||||||
|
@ -7,10 +7,6 @@ main() {
|
|||||||
source ./ci/lib.sh
|
source ./ci/lib.sh
|
||||||
VERSION="$(pkg_json_version)"
|
VERSION="$(pkg_json_version)"
|
||||||
|
|
||||||
if [[ ${CI-} ]]; then
|
|
||||||
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
|
|
||||||
fi
|
|
||||||
|
|
||||||
imageTag="codercom/code-server:$VERSION"
|
imageTag="codercom/code-server:$VERSION"
|
||||||
if [[ $(arch) == "arm64" ]]; then
|
if [[ $(arch) == "arm64" ]]; then
|
||||||
imageTag+="-arm64"
|
imageTag+="-arm64"
|
||||||
|
29
ci/steps/lib.sh
Executable file
29
ci/steps/lib.sh
Executable file
@ -0,0 +1,29 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
source ./ci/lib.sh
|
||||||
|
|
||||||
|
# Grabs the most recent ci.yaml github workflow run that was successful and triggered from the same commit being pushd.
|
||||||
|
# This will contain the artifacts we want.
|
||||||
|
# https://developer.github.com/v3/actions/workflow-runs/#list-workflow-runs
|
||||||
|
get_artifacts_url() {
|
||||||
|
curl -sSL 'https://api.github.com/repos/cdr/code-server/actions/workflows/ci.yaml/runs?status=success&event=push' | jq -r ".workflow_runs[] | select(.head_sha == \"$(git rev-parse HEAD)\") | .artifacts_url" | head -n 1
|
||||||
|
}
|
||||||
|
|
||||||
|
# Grabs the artifact's download url.
|
||||||
|
# https://developer.github.com/v3/actions/artifacts/#list-workflow-run-artifacts
|
||||||
|
get_artifact_url() {
|
||||||
|
local artifact_name="$1"
|
||||||
|
curl -sSL "$(get_artifacts_url)" | jq -r ".artifacts[] | select(.name == \"$artifact_name\") | .archive_download_url" | head -n 1
|
||||||
|
}
|
||||||
|
|
||||||
|
# Uses the above two functions to download a artifact into a directory.
|
||||||
|
download_artifact() {
|
||||||
|
local artifact_name="$1"
|
||||||
|
local dst="$2"
|
||||||
|
|
||||||
|
local tmp_file
|
||||||
|
tmp_file="$(mktemp)"
|
||||||
|
|
||||||
|
curl -sSL "$(get_artifact_url "$artifact_name")" > "$tmp_file"
|
||||||
|
unzip -o "$tmp_file" -d "$dst"
|
||||||
|
rm "$tmp_file"
|
||||||
|
}
|
16
ci/steps/publish-docker.sh
Executable file
16
ci/steps/publish-docker.sh
Executable file
@ -0,0 +1,16 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
main() {
|
||||||
|
cd "$(dirname "$0")/../.."
|
||||||
|
source ./ci/steps/lib.sh
|
||||||
|
|
||||||
|
if [[ ${CI-} ]]; then
|
||||||
|
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
|
||||||
|
fi
|
||||||
|
|
||||||
|
download_artifact release-packages ./release-packages
|
||||||
|
./ci/release-container/push.sh
|
||||||
|
}
|
||||||
|
|
||||||
|
main "$@"
|
16
ci/steps/publish-npm.sh
Executable file
16
ci/steps/publish-npm.sh
Executable file
@ -0,0 +1,16 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
main() {
|
||||||
|
cd "$(dirname "$0")/../.."
|
||||||
|
source ./ci/steps/lib.sh
|
||||||
|
|
||||||
|
if [[ ${CI-} ]]; then
|
||||||
|
echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc
|
||||||
|
fi
|
||||||
|
|
||||||
|
download_artifact npm-package ./release
|
||||||
|
yarn publish --non-interactive release
|
||||||
|
}
|
||||||
|
|
||||||
|
main "$@"
|
Reference in New Issue
Block a user