-
Notifications
You must be signed in to change notification settings - Fork 10
333 lines (286 loc) · 10.6 KB
/
push.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
name: On Push
on:
push:
branches: [main]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
release:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.release.outputs.release }}
steps:
- uses: actions/checkout@v2
- name: Set release
id: semrel
uses: go-semantic-release/action@v1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
allow-initial-development-versions: true
force-bump-patch-version: true
- name: Output release
id: release
run: echo "::set-output name=release::${{ steps.semrel.outputs.version }}"
# Detect changes to specific directories to let downstream release jobs run conditionally
changes:
name: Detect changes in last commit
runs-on: ubuntu-latest
outputs:
protos: ${{ steps.filter.outputs.protos }}
java: ${{ steps.filter.outputs.java }}
steps:
- uses: actions/checkout@v3
- uses: dorny/paths-filter@v2
id: filter
with:
base: main
filters: |
protos:
- 'protos/**'
java:
- 'java/**'
- name: Debug Outputs
run: |
echo "Protos output: ${{ steps.filter.outputs.protos }}"
echo "Java output: ${{ steps.filter.outputs.java }}"
publish_javascript:
# The type of runner that the job will run on
runs-on: ubuntu-latest
needs: release
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v2
- name: Install Node
uses: actions/setup-node@v1
with:
node-version: 16
registry-url: "https://registry.npmjs.org"
- name: Install protoc
run: ./install_protoc.sh
- name: Build package
run: |
set -e
set -x
export PATH=`pwd`/protoc/bin/:$PATH
pushd javascript
npm ci
npm run build
popd
shell: bash
- name: Publish npm package
run: |
export VERSION="${{ needs.release.outputs.version }}"
echo "Publishing package with version $VERSION"
pushd javascript
mv package.json package.json.ORIG
cat package.json.ORIG|jq ". += {\"version\": \"$VERSION\"}" > package.json
npm publish
popd
shell: bash
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
publish_javascript-web:
# The type of runner that the job will run on
runs-on: ubuntu-latest
needs: release
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v2
- name: Install Node
uses: actions/setup-node@v1
with:
node-version: 16
registry-url: "https://registry.npmjs.org"
- name: Install protoc
run: ./install_protoc.sh
- name: Build package
run: |
set -e
set -x
export PATH=`pwd`/protoc/bin/:$PATH
pushd javascript-web
npm ci
npm run build
popd
shell: bash
- name: Publish npm package
run: |
export VERSION="${{ needs.release.outputs.version }}"
echo "Publishing package with version $VERSION"
pushd javascript-web
mv package.json package.json.ORIG
cat package.json.ORIG|jq ". += {\"version\": \"$VERSION\"}" > package.json
npm publish --access public
popd
shell: bash
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
publish_java:
runs-on: ubuntu-latest
needs: [release, changes]
# Temporarily disable this while debugging conditional release action
#if: ${{ needs.changes.outputs.protos == 'true' || needs.changes.outputs.java == 'true' }}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Publish to sonatype
env:
SONATYPE_SIGNING_KEY: ${{ secrets.SONATYPE_SIGNING_KEY }}
SONATYPE_SIGNING_KEY_PASSWORD: ${{ secrets.SONATYPE_SIGNING_KEY_PASSWORD }}
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
JAVA_PROTOS_VERSION: ${{ needs.release.outputs.version }}
uses: gradle/gradle-build-action@v2
with:
build-root-directory: ./java
gradle-version: wrapper
arguments: publishToSonatype closeAndReleaseStagingRepository
publish_kotlin:
runs-on: ubuntu-latest
needs: release
steps:
- name: Assume Role
uses: aws-actions/configure-aws-credentials@v1
with:
# TODO User: arn:aws:iam::***:user/shared-control-plane-deploy-user is not authorized to perform: sts:TagSession on resource: arn:aws:iam::***:role/control-plane-remote-deployer
role-skip-session-tagging: true
aws-access-key-id: ${{ secrets.PROD_CICD_DEPLOY_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.PROD_CICD_DEPLOY_USER_SECRET_ACCESS_KEY }}
aws-region: us-west-2
role-to-assume: arn:aws:iam::401011790710:role/control-plane-remote-deployer
role-session-name: cicd-deployer
role-duration-seconds: 900
- name: Get CodeArtifact token
run: |
TOKEN=$(aws codeartifact get-authorization-token \
--domain momento-prod --domain-owner 401011790710 \
--query authorizationToken --output text)
echo "::add-mask::$TOKEN"
echo "CODEARTIFACT_AUTH_TOKEN=$TOKEN" >> $GITHUB_ENV
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: Checkout code
uses: actions/checkout@v2
- name: Publish to CodeArtifact
run: |
VERSION="${{needs.release.outputs.version}}"
echo "version: ${VERSION}"
pushd kotlin-messages
./gradlew publish -Pversion=$VERSION
popd
publish_python:
# The type of runner that the job will run on
runs-on: ubuntu-latest
needs: release
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v3
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Bootstrap poetry
run: |
curl -sL https://install.python-poetry.org | python - -y --version 1.4.2
- name: Configure poetry
run: poetry config virtualenvs.in-project true
- name: Install dependencies
working-directory: python
run: make install
- name: Bump version
working-directory: python
run: poetry version ${{ needs.release.outputs.version }}
- name: Build package
working-directory: python
run: make build
- name: Publish package
working-directory: python
env:
POETRY_PYPI_TOKEN_PYPI: ${{ secrets.CLIENT_PROTO_PYPI_TOKEN }}
run: poetry publish
publish_csharp:
# The type of runner that the job will run on
runs-on: ubuntu-latest
needs: release
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v2
- uses: actions/setup-dotnet@v1
with:
dotnet-version: "6.0.x"
- name: Pack and Publish
run: |
set -x
pushd csharp
VERSION="${{needs.release.outputs.version}}"
echo "version: ${VERSION}"
dotnet build --configuration Release
dotnet pack -property:Version=${VERSION} --configuration Release
pushd bin/Release
dotnet nuget push Momento.Protos.${VERSION}.nupkg --source https://api.nuget.org/v3/index.json --api-key=${{secrets.NUGET_API_KEY}}
popd
popd
shell: bash
publish_rust:
runs-on: ubuntu-latest
needs: release
steps:
- name: Get current time
uses: gerred/actions/current-time@master
id: current-time
- uses: actions/checkout@v2
- name: Install protoc
run: ./install_protoc.sh
- name: Update Cargo Version
run: |
pushd rust
chmod +x set_cargo_package_version.sh
./set_cargo_package_version.sh ${{needs.release.outputs.version}}
popd
shell: bash
- name: Build
run: |
set -e
set -x
pushd rust/momento-protos
echo make sure the code generator runs first so the files are there when we build momento-protos
cargo build -p codegenerator
VERSION="${{needs.release.outputs.version}}"
cargo build --release
popd
shell: bash
- name: Remove crates publish blocker
run: |
set -e
set -x
pushd rust/momento-protos/src
echo Removing .gitignore file so cargo publish picks up the generated proto *.rs files.
echo Cargo publish respects .gitignore, but we use that file to help developers changing protos.
echo Once we are on github and publishing, the presence of that file blocks us from publishing the
echo generated protos. Since that is what we are trying to do, we have to remove it during the
echo github publish.
echo Note that it is still helpful to have it in local clones, as you can still generate your protos
echo and inspect the output over here in momento-protos/src without fear of accidentally submitting
echo locally generated source files. This is a publish-time concern only!
echo In case you are curious, we are doing all of this so end users of the momento client sdk do not
echo need to have protoc installed solely on our account.
ls -alh
rm .gitignore
popd
shell: bash
- name: Release
env:
# TODO: Match the token with https://github.com/momentohq/client-sdk-rust/blob/main/.github/workflows/cd.yml
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_PUBLISH_TOKEN }}
run: |
set -e
set -x
pushd rust
# Because we locally modify Cargo.toml earlier during this publish workflow, we can't simply disallow dirty
# and we can't verify. We did a check at PR time to help catch some classes of proto error, but it's still
# kind of a loose publish check here.
cargo publish -p momento-protos --allow-dirty --no-verify
popd
shell: bash