1name: Release CLI
2on:
3 pull_request:
4 branches: [main]
5 paths-ignore: # ignore docs as they are built with Netlify.
6 - '**/*.md'
7 - 'site/**'
8 - 'netlify.toml'
9 push:
10 branches: [main]
11 tags: 'v[0-9]+.[0-9]+.[0-9]+**' # Ex. v0.2.0 v0.2.1-rc2
12
13env: # Update this prior to requiring a higher minor version in go.mod
14 GO_VERSION: "1.21" # 1.xx == latest patch of 1.xx
15
16defaults:
17 run: # use bash for all operating systems unless overridden
18 shell: bash
19
20concurrency:
21 # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-concurrency-to-cancel-any-in-progress-job-or-run
22 group: ${{ github.ref }}-${{ github.workflow }}-${{ github.actor }}
23 cancel-in-progress: true
24
25jobs:
26 pre_release:
27 name: Pre-release build
28 # This only runs on Windows so that we can simplify the installation of necessary toolchain to build artifacts.
29 runs-on: windows-2022
30 # This allows us to test in the following job regardless of the event (tag or not).
31 outputs:
32 VERSION: ${{ steps.output-version.outputs.VERSION }}
33 steps:
34 - uses: actions/checkout@v3
35
36 - uses: actions/setup-go@v4
37 with:
38 cache: false
39 go-version: ${{ env.GO_VERSION }}
40
41 - uses: actions/cache@v3
42 with:
43 path: |
44 ~/go/pkg/mod
45 ~/go/bin
46 key: pre-release-check-${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum', 'Makefile') }}
47
48 # windows-2022 is missing osslsigncode (no issue, yet)
49 - name: "Install osslsigncode, infozip; setup wix"
50 run: |
51 choco install osslsigncode -y
52 choco install zip -y
53 echo "C:\Program Files (x86)\WiX Toolset v3.11\bin" >> $GITHUB_PATH
54
55 - name: Download Windows code signing certificate
56 env:
57 WINDOWS_CODESIGN_P12_BASE64: ${{ secrets.WINDOWS_CODESIGN_P12_BASE64 }}
58 run: | # On the fork PRs, our org secret is not visible.
59 if [ $WINDOWS_CODESIGN_P12_BASE64 ]; then
60 echo $WINDOWS_CODESIGN_P12_BASE64 | base64 --decode > windows-certificate.p12
61 echo "WINDOWS_CODESIGN_P12=windows-certificate.p12" >> $GITHUB_ENV
62 fi
63 shell: bash
64
65 - name: Make artifacts (test)
66 if: github.event_name != 'push' || !contains(github.ref, 'refs/tags/')
67 run: | # On the fork PRs, our org secret is not visible. We unset the required env so that `make dist` uses default self-signed cert.
68 if [ $WINDOWS_CODESIGN_P12 ]; then
69 export WINDOWS_CODESIGN_PASSWORD=${{ secrets.WINDOWS_CODESIGN_PASSWORD }}
70 fi
71 VERSION=${{ github.sha }}
72 make dist VERSION=$VERSION
73 echo "VERSION=${VERSION}" >> $GITHUB_ENV
74 shell: bash
75
76 - name: Make artifacts
77 # Triggers only on tag creation.
78 if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
79 env:
80 WINDOWS_CODESIGN_PASSWORD: ${{ secrets.WINDOWS_CODESIGN_PASSWORD }}
81 run: | # Note: MSI_VERSION requires . as a separator, so replace "-" in the tag with ".".
82 VERSION=${GITHUB_REF#refs/tags/v}
83 MSI_VERSION=${VERSION//-/.}
84 make dist VERSION=$VERSION MSI_VERSION=$MSI_VERSION
85 echo "VERSION=${VERSION}" >> $GITHUB_ENV
86 shell: bash
87
88 # This allows us to test in the following job regardless of the event (tag or not).
89 - id: output-version
90 run: echo "VERSION=${VERSION}" >> "$GITHUB_OUTPUT"
91 shell: bash
92
93 # In order to share the built artifacts in the subsequent tests, we use cache instead of actions/upload-artifacts.
94 # The reason is that upload-artifacts are not globally consistent and sometimes pre_release_test won't be able to
95 # find the artifacts uploaded here. See https://github.com/actions/upload-artifact/issues/21 for more context.
96 # Downside of this is that, we pressure the cache capacity set per repository. We delete all caches created
97 # on PRs on close. See .github/workflows/clear_cache.yaml. On main branch, in any way this cache will be deleted
98 # in 7 days, also this at most a few MB, so this won't be an issue.
99 - uses: actions/cache@v3
100 id: cache
101 with:
102 # Use share the cache containing archives across OSes.
103 enableCrossOsArchive: true
104 # Note: this creates a cache per run.
105 key: release-artifacts-${{ github.run_id }}
106 path:
107 dist/
108
109 # pre_release_test tests the artifacts built by pre_release in the OS dependent way.
110 pre_release_test:
111 needs: pre_release
112 name: Pre-release test (${{ matrix.os }})
113 runs-on: ${{ matrix.os }}
114 strategy:
115 fail-fast: false # don't fail fast as sometimes failures are arch/OS specific
116 matrix:
117 os: [ubuntu-22.04, macos-12, windows-2022]
118
119 steps:
120 - uses: actions/checkout@v3
121
122 - uses: actions/cache@v3
123 id: cache
124 with:
125 # We need this cache to run tests.
126 fail-on-cache-miss: true
127 enableCrossOsArchive: true
128 key: release-artifacts-${{ github.run_id }}
129 path:
130 dist/
131
132 - name: Test (linux)
133 # Check if the version was correctly inserted with VERSION variable
134 if: runner.os == 'Linux'
135 run: |
136 tar xf dist/wazero_${{ needs.pre_release.outputs.VERSION }}_linux_amd64.tar.gz
137 ./wazero version | grep ${{ needs.pre_release.outputs.VERSION }}
138
139 - name: Test (darwin)
140 # Check if the version was correctly inserted with VERSION variable
141 if: runner.os == 'macOS'
142 run: |
143 tar xf dist/wazero_${{ needs.pre_release.outputs.VERSION }}_darwin_amd64.tar.gz
144 ./wazero version | grep ${{ needs.pre_release.outputs.VERSION }}
145
146 # This only checks the installer when built on Windows as it is simpler than switching OS.
147 # refreshenv is from choco, and lets you reload ENV variables (used here for PATH).
148 - name: Test Windows Installer
149 if: runner.os == 'Windows'
150 run: |
151 set MSI_FILE="dist\wazero_${{ needs.pre_release.outputs.VERSION }}_windows_amd64.msi"
152 call packaging\msi\verify_msi.cmd
153 shell: cmd
154
155 # Triggers only on the tag creation.
156 release:
157 if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
158 needs: pre_release_test
159 name: Release
160 runs-on: ubuntu-22.04
161 steps:
162 - uses: actions/checkout@v3
163 with: # Ensure release_notes.sh can see prior commits
164 fetch-depth: 0
165
166 - uses: actions/cache@v3
167 id: cache
168 with:
169 fail-on-cache-miss: true
170 enableCrossOsArchive: true
171 key: release-artifacts-${{ github.run_id }}
172 path:
173 dist/
174
175 - name: Create draft release
176 run: |
177 ls dist
178 tag="${GITHUB_REF#refs/tags/}"
179 ./.github/workflows/release_notes.sh ${tag} > release-notes.txt
180 gh release create ${tag} --draft --notes-file release-notes.txt --title ${GITHUB_REF#refs/tags/} ./dist/*
181 env:
182 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
View as plain text