name: Release CLI on: pull_request: branches: [main] paths-ignore: # ignore docs as they are built with Netlify. - '**/*.md' - 'site/**' - 'netlify.toml' push: branches: [main] tags: 'v[0-9]+.[0-9]+.[0-9]+**' # Ex. v0.2.0 v0.2.1-rc2 env: # Update this prior to requiring a higher minor version in go.mod GO_VERSION: "1.21" # 1.xx == latest patch of 1.xx defaults: run: # use bash for all operating systems unless overridden shell: bash concurrency: # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-concurrency-to-cancel-any-in-progress-job-or-run group: ${{ github.ref }}-${{ github.workflow }}-${{ github.actor }} cancel-in-progress: true jobs: pre_release: name: Pre-release build # This only runs on Windows so that we can simplify the installation of necessary toolchain to build artifacts. runs-on: windows-2022 # This allows us to test in the following job regardless of the event (tag or not). outputs: VERSION: ${{ steps.output-version.outputs.VERSION }} steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v4 with: cache: false go-version: ${{ env.GO_VERSION }} - uses: actions/cache@v3 with: path: | ~/go/pkg/mod ~/go/bin key: pre-release-check-${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum', 'Makefile') }} # windows-2022 is missing osslsigncode (no issue, yet) - name: "Install osslsigncode, infozip; setup wix" run: | choco install osslsigncode -y choco install zip -y echo "C:\Program Files (x86)\WiX Toolset v3.11\bin" >> $GITHUB_PATH - name: Download Windows code signing certificate env: WINDOWS_CODESIGN_P12_BASE64: ${{ secrets.WINDOWS_CODESIGN_P12_BASE64 }} run: | # On the fork PRs, our org secret is not visible. if [ $WINDOWS_CODESIGN_P12_BASE64 ]; then echo $WINDOWS_CODESIGN_P12_BASE64 | base64 --decode > windows-certificate.p12 echo "WINDOWS_CODESIGN_P12=windows-certificate.p12" >> $GITHUB_ENV fi shell: bash - name: Make artifacts (test) if: github.event_name != 'push' || !contains(github.ref, 'refs/tags/') run: | # On the fork PRs, our org secret is not visible. We unset the required env so that `make dist` uses default self-signed cert. if [ $WINDOWS_CODESIGN_P12 ]; then export WINDOWS_CODESIGN_PASSWORD=${{ secrets.WINDOWS_CODESIGN_PASSWORD }} fi VERSION=${{ github.sha }} make dist VERSION=$VERSION echo "VERSION=${VERSION}" >> $GITHUB_ENV shell: bash - name: Make artifacts # Triggers only on tag creation. if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') env: WINDOWS_CODESIGN_PASSWORD: ${{ secrets.WINDOWS_CODESIGN_PASSWORD }} run: | # Note: MSI_VERSION requires . as a separator, so replace "-" in the tag with ".". VERSION=${GITHUB_REF#refs/tags/v} MSI_VERSION=${VERSION//-/.} make dist VERSION=$VERSION MSI_VERSION=$MSI_VERSION echo "VERSION=${VERSION}" >> $GITHUB_ENV shell: bash # This allows us to test in the following job regardless of the event (tag or not). - id: output-version run: echo "VERSION=${VERSION}" >> "$GITHUB_OUTPUT" shell: bash # In order to share the built artifacts in the subsequent tests, we use cache instead of actions/upload-artifacts. # The reason is that upload-artifacts are not globally consistent and sometimes pre_release_test won't be able to # find the artifacts uploaded here. See https://github.com/actions/upload-artifact/issues/21 for more context. # Downside of this is that, we pressure the cache capacity set per repository. We delete all caches created # on PRs on close. See .github/workflows/clear_cache.yaml. On main branch, in any way this cache will be deleted # in 7 days, also this at most a few MB, so this won't be an issue. - uses: actions/cache@v3 id: cache with: # Use share the cache containing archives across OSes. enableCrossOsArchive: true # Note: this creates a cache per run. key: release-artifacts-${{ github.run_id }} path: dist/ # pre_release_test tests the artifacts built by pre_release in the OS dependent way. pre_release_test: needs: pre_release name: Pre-release test (${{ matrix.os }}) runs-on: ${{ matrix.os }} strategy: fail-fast: false # don't fail fast as sometimes failures are arch/OS specific matrix: os: [ubuntu-22.04, macos-12, windows-2022] steps: - uses: actions/checkout@v3 - uses: actions/cache@v3 id: cache with: # We need this cache to run tests. fail-on-cache-miss: true enableCrossOsArchive: true key: release-artifacts-${{ github.run_id }} path: dist/ - name: Test (linux) # Check if the version was correctly inserted with VERSION variable if: runner.os == 'Linux' run: | tar xf dist/wazero_${{ needs.pre_release.outputs.VERSION }}_linux_amd64.tar.gz ./wazero version | grep ${{ needs.pre_release.outputs.VERSION }} - name: Test (darwin) # Check if the version was correctly inserted with VERSION variable if: runner.os == 'macOS' run: | tar xf dist/wazero_${{ needs.pre_release.outputs.VERSION }}_darwin_amd64.tar.gz ./wazero version | grep ${{ needs.pre_release.outputs.VERSION }} # This only checks the installer when built on Windows as it is simpler than switching OS. # refreshenv is from choco, and lets you reload ENV variables (used here for PATH). - name: Test Windows Installer if: runner.os == 'Windows' run: | set MSI_FILE="dist\wazero_${{ needs.pre_release.outputs.VERSION }}_windows_amd64.msi" call packaging\msi\verify_msi.cmd shell: cmd # Triggers only on the tag creation. release: if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') needs: pre_release_test name: Release runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 with: # Ensure release_notes.sh can see prior commits fetch-depth: 0 - uses: actions/cache@v3 id: cache with: fail-on-cache-miss: true enableCrossOsArchive: true key: release-artifacts-${{ github.run_id }} path: dist/ - name: Create draft release run: | ls dist tag="${GITHUB_REF#refs/tags/}" ./.github/workflows/release_notes.sh ${tag} > release-notes.txt gh release create ${tag} --draft --notes-file release-notes.txt --title ${GITHUB_REF#refs/tags/} ./dist/* env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}