Working release-and-package workflow

3 years ago · 18389530f5
--- a/.github/workflows/release-and-package.yml
+++ b/.github/workflows/release-and-package.yml
@ -1,5 +1,19 @@
 # Hacked together from https://github.com/qemu-riscv-xpack/.github/workflows/build-all.yml
 # and https://github.com/palmetto/palm-cli/blob/develop/.github/workflows/pypi-deploy.yaml
 # ==========================
 # Can test locally using act (https://github.com/nektos/act)
 # ==========================
 # ./bin/act -s GITHUB_TOKEN=<fine-grained-token> --directory runner --workflows "../.github/workflows/" -e ../payloads.json --no-skip-checkout -j deploy
 #
 # where payloads.json is:
 # {
 # 	"inputs": {
 #         "tags": "2.47"
 #     }
 # }
 #
 # ==========================
 # Can debug remotely on github actions instance by uncommenting the 'tmate' section below
 # ==========================


 name: Deploy getssl

@ -15,15 +29,33 @@ jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: prepare
        # Keep the outputs persistent outside the docker container to use for the other steps
        run: |
          mkdir -p ${{ github.workspace }}/bin
          mkdir -p ${{ github.workspace }}/debbuild/BUILD
          mkdir -p ${{ github.workspace }}/debbuild/DEBS/all
          mkdir -p ${{ github.workspace }}/debbuild/SDEBS
          mkdir -p ${{ github.workspace }}/debbuild/SOURCES
          mkdir -p ${{ github.workspace }}/debbuild/SPECS
          mkdir -p ${{ github.workspace }}/rpmbuild/SOURCES
          mkdir -p ${{ github.workspace }}/rpmbuild/RPMS/noarch
          mkdir -p ${{ github.workspace }}/rpmbuild/RPMS/SRPMS

      - name: Checkout
        uses: actions/checkout@v3
        with:
          path: "getssl"
          path: source

      - name: Get version number
        id: get_version
        run: |
          echo ::set-output name=VERSION::$(bash ./getssl/getssl --version)
          echo "VERSION=$(bash ${{ github.workspace }}/source/getssl --version)" >> $GITHUB_OUTPUT

      - name: Get release
        id: get_release
        run: |
          echo "RELEASE=$(grep Release source/getssl.spec | awk '{ print $2 }')" >> $GITHUB_OUTPUT

      - name: Check version matches tag
        run: |
@ -35,23 +67,26 @@ jobs:
      - name: build .deb package
        id: build_deb
        run: |
          sudo apt-get update
          sudo apt-get install -y build-essential devscripts debhelper pax liblocale-gettext-perl
          sudo apt-get update -qq
          sudo apt-get install --no-install-recommends -qq -y build-essential devscripts debhelper pax liblocale-gettext-perl wget
          wget https://github.com/debbuild/debbuild/releases/download/22.02.1/debbuild_22.02.1-0ubuntu20.04_all.deb
          sudo dpkg --install debbuild_22.02.1-0ubuntu20.04_all.deb
          # Line 1959 has an extra ")" bracket
          sudo patch /usr/bin/debbuild < ./getssl/debbuild.patch
          mkdir -p /root/debbuild/BUILD
          mkdir -p /root/debbuild/DEBS/all
          mkdir -p /root/debbuild/SDEBS
          mkdir -p /root/debbuild/SOURCES
          mkdir -p /root/debbuild/SPECS
          tar -czf /root/debbuild/SOURCES/getssl-${{ github.event.inputs.tags }}.tar.gz ./getssl/* --transform "s/getssl\//getssl-${{ github.event.inputs.tags }}\//"
          tar --append -f /root/getssl-${{ github.event.inputs.tags }}.sdeb /root/debbuild/SOURCES/getssl-${{ github.event.inputs.tags }}.tar.gz --transform 's,\.,SOURCES,'
          tar --append -f /root/getssl-${{ github.event.inputs.tags }}.sdeb -C ./getssl getssl.crontab getssl.logrotate --transform 's,^,SOURCES/,'
          tar --append -f /root/getssl-${{ github.event.inputs.tags }}.sdeb -C ./getssl getssl.spec --transform 's,^,SPECS/,'
          debbuild --install /root/getssl-${{ github.event.inputs.tags }}.sdeb
          debbuild -vv -ba /root/debbuild/SPECS/getssl.spec
          sudo chmod +w /usr/bin/debbuild
          sudo patch /usr/bin/debbuild < ${GITHUB_WORKSPACE}/source/debbuild.patch
          tar --absolute-names -czf ${GITHUB_WORKSPACE}/getssl-${{ github.event.inputs.tags }}.tar.gz ${GITHUB_WORKSPACE}/source/* --transform "s,${GITHUB_WORKSPACE}/source,getssl-${{ github.event.inputs.tags }},"
          tar --absolute-names -cf ${GITHUB_WORKSPACE}/debbuild/SDEBS/getssl-${{ github.event.inputs.tags }}.sdeb ${GITHUB_WORKSPACE}/getssl-${{ github.event.inputs.tags }}.tar.gz --transform "s,${GITHUB_WORKSPACE},SOURCES,"
          tar --append -f ${GITHUB_WORKSPACE}/debbuild/SDEBS/getssl-${{ github.event.inputs.tags }}.sdeb -C ${GITHUB_WORKSPACE}/source getssl.crontab getssl.logrotate --transform 's,^,SOURCES/,'
          tar --append -f ${GITHUB_WORKSPACE}/debbuild/SDEBS/getssl-${{ github.event.inputs.tags }}.sdeb -C ${GITHUB_WORKSPACE}/source getssl.spec --transform 's,^,SPECS/,'
          ln -s ${GITHUB_WORKSPACE}/debbuild ${HOME}/debbuild
          /usr/bin/debbuild -vv --install ${GITHUB_WORKSPACE}/debbuild/SDEBS/getssl-${{ github.event.inputs.tags }}.sdeb
          /usr/bin/debbuild -vv -ba ${GITHUB_WORKSPACE}/debbuild/SPECS/getssl.spec
          echo "getssl_deb=${GITHUB_WORKSPACE}/debbuild/DEBS/all/getssl_${{ github.event.inputs.tags }}-${{ steps.get_release.outputs.RELEASE }}_all.deb" >> $GITHUB_OUTPUT

      # *** Uncomment this to debug remotely ***
      # - name: Setup tmate session
      #   if: ${{ failure() }}
      #   uses: mxschmitt/action-tmate@v3

      - name: build .rpm package
        id: build_rpm
@ -59,16 +94,20 @@ jobs:
        uses: addnab/docker-run-action@v3
        with:
          image: rockylinux:8
          options: -v ${{ github.workspace }}:/root/getssl -e GITHUB_REF=${{ github.ref }}
          options: -v ${{ github.workspace }}:/root -e GITHUB_REF=${{ github.ref }}
          run: |
            sudo yum install -y rpm-build make
            mkdir -p /root/rpmbuild/SOURCES /root/rpmbuild/RPMS/SRPMS /root/rpmbuild/RPMS/noarch
            tar -czf /root/rpmbuild/SOURCES/getssl-${{ github.event.inputs.tags }}.tar.gz /root/getssl/* --transform "s/root\/getssl\//getssl-${{ github.event.inputs.tags }}\//"
            cp /root/getssl/getssl.crontab /root/rpmbuild/SOURCES
            cp /root/getssl/getssl.logrotate /root/rpmbuild/SOURCES
            rpmbuild -ba /root/getssl/getssl.spec
            cp /root/rpmbuild/SRPMS/getssl-*.rpm /root/getssl
            cp /root/rpmbuild/RPMS/noarch/getssl-*.rpm /root/getssl
            yum install -y rpm-build make
            tar -czf /root/rpmbuild/SOURCES/getssl-${{ github.event.inputs.tags }}.tar.gz /root/source/* --transform "s/root\/source\//getssl-${{ github.event.inputs.tags }}\//"
            cp /root/source/getssl.crontab /root/rpmbuild/SOURCES
            cp /root/source/getssl.logrotate /root/rpmbuild/SOURCES
            rpmbuild -ba /root/source/getssl.spec

      - name: output .rpm packages
        id: output_rpm
        if: ${{ success() }}
        run: |
          echo "getssl_rpm=${GITHUB_WORKSPACE}/rpmbuild/RPMS/noarch/getssl-${{ github.event.inputs.tags }}-${{ steps.get_release.outputs.RELEASE }}.noarch.rpm" >> $GITHUB_OUTPUT
          echo "getssl_srpm=${GITHUB_WORKSPACE}/rpmbuild/SRPMS/getssl-${{ github.event.inputs.tags }}-${{ steps.get_release.outputs.RELEASE }}.src.rpm" >> $GITHUB_OUTPUT

      - name: create_release
        id: create_release
@ -77,12 +116,12 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag: ${{ github.ref }}
          name: Draft Release ${{ github.ref }}
          tag: ${{ github.event.inputs.tags }}
          name: Draft Release ${{ github.event.inputs.tags }}
          generateReleaseNotes: true
          draft: true
          prerelease: false
          artifacts: |
            /root/debbuild/DEBS/all/getssl_${{ github.event.inputs.tags }}-*_all.deb
            /root/getssl-${{ github.event.inputs.tags }}-*.src.rpm
            /root/getssl-${{ github.event.inputs.tags }}-*.noarch.rpm
            ${{ steps.build_deb.outputs.getssl_deb }}
            ${{ steps.output_rpm.outputs.getssl_rpm }}
            ${{ steps.output_rpm.outputs.getssl_srpm }}
--- a/RELEASE.md
+++ b/RELEASE.md
@ -0,0 +1,32 @@
 # How to do a release of getssl

 ## Update the version and tag the release

 1. git pull
 2. git branch -c release_2_nn
 3. git switch release_2_nn
 4. update VERSION in `getssl` and `getssl.spec`
 5. git commit -m"Update version to v2.nn"
 6. git tag -a v2.nn
 7. git push origin release_2_nn
 8. git push --tags

 ## The github release-and-package action should:

 1. Build the .deb and .rpm packages
 2. create a draft release containing the packages and the release note

 ## Can test the .deb file using the following steps:

 1. Change the status from draft to pre-release
 2. Test that the package can be installed using a cloud instance
   1. Start an Ubuntu ec2 instance from AWS Console (or Azure or Google Cloud)
   2. Or use the instant-ec2.sh script from my Github gist to start an Ubuntu ec2 instance
      1. git clone git@gist.github.com:12c297e0645920c413273c9d15edbc68.git instant-ec2
      2. ./instant-ec2/instant-ec2.sh
 3. download the deb package
   `wget https://github.com/srvrco/getssl/releases/download/v2.nn/getssl_2.nn-1_all.deb`
 4. install the deb package
   `dpkg -i getssl_2.nn-1_all.deb`
 5. Check it's installed correctly
   `getssl --version`