-
Notifications
You must be signed in to change notification settings - Fork 43
231 lines (200 loc) · 7.83 KB
/
ansible-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
name: Release Ansible package
'on':
workflow_dispatch:
inputs:
ansible-version:
description: >-
Release Version. Example: 11.1.0
required: true
preserve-deps:
description: >-
Whether to preserve existing `.deps` files.
type: boolean
default: false
allow-reset-build-deps:
description: >-
Whether to allow resetting existing .build files during alpha and beta-1 releases.
Only set to false for special alpha or beta-1 releases if the deps and build files
have been prepared manually!
type: boolean
default: true
existing-branch:
description: >-
If provided, assumes that a branch of this name exists in the ansible-build-data
repository. Changes will be pushed to this branch, and the PR will be created from
it.
type: string
default: ''
env:
CI_COMMIT_MESSAGE: >-
Ansible ${{ inputs.ansible-version }}:
Dependencies, changelog and porting guide
ANSIBLE_VERSION: ${{ inputs.ansible-version }}
ANSIBLE_BRANCH_NAME: ${{ inputs.existing-branch || format('publish-{0}', inputs.ansible-version) }}
jobs:
build:
name: Build Ansible (${{ inputs.ansible-version }})
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: write
outputs:
pr_url: ${{ steps.create-pr.outputs.pr_url }}
steps:
- name: Check out antsibull-build
uses: actions/checkout@v4
with:
repository: ansible-community/antsibull-build
ref: main
path: antsibull-build
- name: Pre-create build directory
run: mkdir -p antsibull-build/build
- name: Check out ansible-build-data under antsibull-build build directory
uses: actions/checkout@v4
with:
# This is where the antsibull-build build-release role expects it by default
path: antsibull-build/build/ansible-build-data
ref: ${{ inputs.existing-branch || '' }}
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: 3.12
- name: Install dependencies
working-directory: antsibull-build
run: |
python3 -m pip install packaging ansible-core antsibull-build
ansible-galaxy install -r requirements.yml
- name: Validate version and extract major version
shell: python
id: extract-version
run: |
import os
import pathlib
import sys
from packaging.version import Version
FILE_APPEND_MODE = 'a'
OUTPUTS_FILE_PATH = pathlib.Path(os.environ['GITHUB_OUTPUT'])
VERSION = os.environ['ANSIBLE_VERSION']
def set_output(name, value):
with OUTPUTS_FILE_PATH.open(FILE_APPEND_MODE) as outputs_file:
outputs_file.writelines(f'{name}={value}{os.linesep}')
try:
version = Version(VERSION)
except Exception as exc:
sys.exit(
f'::error ::The version {VERSION!r} cannot be parsed: {exc}.'
)
set_output('major-version', version.major)
- name: Checking out to a new branch
if: inputs.existing-branch == ''
working-directory: antsibull-build/build/ansible-build-data
run: |
git checkout -b "${ANSIBLE_BRANCH_NAME}"
- name: Setting the user details
run: |
git config --global user.name "Github Actions"
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
# Run the playbook according to the current release process
- name: Building a release with the defaults
working-directory: antsibull-build
env:
PRESERVE_DEPS: ${{ inputs.preserve-deps }}
ALLOW_RESET_BUILD_DEPS: ${{ inputs.allow-reset-build-deps }}
# Make result better readable
ANSIBLE_CALLBACK_RESULT_FORMAT: yaml
run: >-
ansible-playbook -vv playbooks/build-single-release.yaml
-e antsibull_data_reset=false
-e "antsibull_build_reset=${ALLOW_RESET_BUILD_DEPS}"
-e "antsibull_ansible_version=${ANSIBLE_VERSION}"
-e "antsibull_preserve_deps=${PRESERVE_DEPS}"
- name: Upload artifact
uses: actions/upload-artifact@v4
id: upload-artifact
with:
name: sdist-and-wheel
path: antsibull-build/build/ansible-*.*
- name: Commit ansible-build-data and push the changes to github
working-directory: >-
antsibull-build/build/ansible-build-data/${{ steps.extract-version.outputs.major-version }}
run: |
git add .
git commit -m "${CI_COMMIT_MESSAGE}"
git push origin "${ANSIBLE_BRANCH_NAME}"
- name: Create PR to the ansible-build-data
id: create-pr
working-directory: antsibull-build/build/ansible-build-data
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ARTIFACT_URL: ${{ steps.upload-artifact.outputs.artifact-url }}
run: |
body="$(echo -e "${CI_COMMIT_MESSAGE}\nRelease artifacts: <${ARTIFACT_URL}>")"
echo -n "pr_url=" >> "${GITHUB_OUTPUT}"
gh pr create \
--base main \
--head "${ANSIBLE_BRANCH_NAME}" \
--title "Release Ansible ${ANSIBLE_VERSION}" \
--body "${body}" | tee -a "$GITHUB_OUTPUT"
# publish job downloads the arifacts and publish it to PyPI
publish:
needs: build
name: Upload Ansible (${{ inputs.ansible-version }}) to PyPI
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/project/ansible/${{ inputs.ansible-version }}
permissions:
id-token: write
outputs:
pr_url: ${{ needs.build.outputs.pr_url }}
steps:
- name: Ensure that the PR was merged
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_URL: ${{ needs.build.outputs.pr_url }}
run: |
STATE="$(gh pr view "${PR_URL}" --json state --template "{{.state}}")"
if [ "${STATE}" != "MERGED" ]; then
echo "::error ::The state of PR ${PR_URL} must be MERGED, not ${STATE}"
exit 1
fi
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: sdist-and-wheel
path: dist/
- name: Upload Ansible sdist and wheel to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
# git-tag job creates the git tag
git-tag:
needs: publish
name: Creates git tag for Ansible (${{ inputs.ansible-version }})
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Figure out merge commit
id: merge-commit
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_URL: ${{ needs.publish.outputs.pr_url }}
run: |
MERGE_COMMIT="$(gh pr view "${PR_URL}" --json mergeCommit --template "{{.mergeCommit.oid}}")"
echo "merge_commit=${MERGE_COMMIT}" >> "${GITHUB_OUTPUT}"
- name: Check out ansible-build-data
uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 0
- name: Create git tag
env:
MERGE_COMMIT: ${{steps.merge-commit.outputs.merge_commit}}
run: |
git config --global user.name "Github Actions"
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
git tag -a "${ANSIBLE_VERSION}" "${MERGE_COMMIT}" -m "Ansible ${ANSIBLE_VERSION}: Changelog, Porting Guide and Dependent Collection Details"
git push origin "${ANSIBLE_VERSION}"