Skip to content

5.7.3 (#1254)

5.7.3 (#1254) #1274

Workflow file for this run

# This is the workflow for building release artifacts.
# Optionally, creating a release with those artifacts is possible by pushing a tag.
---
name: Release
on:
# Allow running this workflow manually from the Actions tab
workflow_dispatch:
push:
branches:
- main
tags:
- '*'
jobs:
Generate-Completion-Files:
name: Generate shell completion files
runs-on: ubuntu-latest
steps:
- name: Checkout the repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install Rust toolchain
run: |
rustup toolchain install stable --profile minimal
rustup default stable
- name: Generate shell completion files
run: cargo run --package xtask gencomp
- name: Upload shell completions
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: shell-completions
path: ./target/completions/
if-no-files-found: error
retention-days: 7
Build-CLI:
name: Build the CLI binary
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-unknown-linux-gnu
os: ubuntu-20.04
- target: aarch64-unknown-linux-gnu
os: [self-hosted, linux, arm64]
- target: x86_64-apple-darwin
os: macos-latest
- target: aarch64-apple-darwin
os: [self-hosted, macos, arm64]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout the repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with:
fetch-depth: 0
- name: Install Rust toolchain
run: |
curl https://sh.rustup.rs -sSf \
| sh -s -- -y --default-toolchain stable --profile minimal --target ${{ matrix.target }}
echo "$HOME/.cargo/bin" >> "$GITHUB_PATH"
- name: Build Distributions
run: cargo build --release --target ${{ matrix.target }}
- name: Upload release artifacts
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: phylum-${{ matrix.target }}
path: ./target/${{ matrix.target }}/release/phylum
if-no-files-found: error
retention-days: 7
Build-Release-Artifacts:
name: Build the release artifacts
needs: [Generate-Completion-Files, Build-CLI]
runs-on: ubuntu-latest
steps:
- name: Install host dependencies
run: sudo apt install -yq zip
- name: Checkout the repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with:
path: cli
- name: Download release artifacts
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
- name: Prep archives
run: |
for archive in phylum-*/;
do
archive=$(echo "${archive}" | sed -e "s/\/$//")
cp -R shell-completions "${archive}/completions"
mkdir "${archive}/extensions"
for extension in npm poetry yarn pip bundle cargo
do
cp -R "cli/extensions/${extension}" "${archive}/extensions/${extension}"
done
cp cli/cli/src/install.sh "${archive}/install.sh"
chmod a+x "${archive}/phylum"
zip -r "${archive}.zip" "${archive}"
done
- name: Upload release artifacts
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: release-archives
path: phylum-*.zip
if-no-files-found: error
retention-days: 7
- name: Create release notes
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
with:
script: |
const fs = require("node:fs");
const tag = process.env.GITHUB_REF_NAME;
const prerelease = !tag.match(/^v(\d+\.)*\d+$/);
const ver = prerelease ? "Unreleased" : tag.replace("v", "");
const changelog = fs
.readFileSync("cli/CHANGELOG.md", { encoding: "utf-8" })
.split("\n");
const header = changelog.findIndex((line) => line.startsWith(`## [${ver}]`));
const nextHeader = changelog.findIndex((line, idx) => idx > header && line.startsWith("## ["));
if (header == -1 || nextHeader == -1) throw "Could not find headers";
const releaseNotes = changelog.slice(header + 1, nextHeader).join("\n").trim();
fs.writeFileSync("RELEASE-NOTES.txt", releaseNotes);
- name: Upload release notes
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: RELEASE-NOTES.txt
path: RELEASE-NOTES.txt
if-no-files-found: error
retention-days: 7
Release:
name: Create release from tag
needs: Build-Release-Artifacts
# Only run this job when pushing a tag
if: startsWith(github.ref, 'refs/tags/')
environment:
name: release
url: ${{ fromJSON(steps.create_release.outputs.result).data.html_url }}
runs-on: ubuntu-latest
steps:
- name: Download release artifacts
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: release-archives
- name: Sign archives
env:
OPENSSL_KEY: ${{ secrets.OPENSSL_KEY }}
run: |
for archive in phylum-*.zip;
do
openssl dgst -sha256 -sign <(printf "%s" "$OPENSSL_KEY") -out "${archive}.signature" "${archive}"
done
- name: Download release notes
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: RELEASE-NOTES.txt
- name: Create GitHub release
id: create_release
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
with:
# The response is explicitly returned here so it will be available for other steps
script: |
const fs = require("node:fs");
const body = fs.readFileSync("RELEASE-NOTES.txt", { encoding: "utf-8" });
const response = await github.rest.repos.createRelease({
owner: context.repo.owner,
repo: context.repo.repo,
tag_name: process.env.GITHUB_REF_NAME,
prerelease: ${{ contains(github.ref, 'rc') }},
name: process.env.GITHUB_REF_NAME,
body: body,
});
console.log(response);
return response;
- name: Upload release assets
env:
UPLOAD_URL: ${{ fromJSON(steps.create_release.outputs.result).data.upload_url }}
# NOTE: The `UPLOAD_URL` is provided as an RFC 6570 URI templates, which is not usable directly
# without first trimming off the form-style query expansion part (e.g., {?var})
# Reference: https://docs.github.com/en/rest/releases/assets?apiVersion=2022-11-28#upload-a-release-asset
run: |
API_URL=$(printf "%s" "$UPLOAD_URL" | cut -d '{' -f 1)
for asset in phylum-*.zip*;
do
curl \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
-H "Content-Type: application/octet-stream" \
--data-binary "@$asset" \
"$API_URL?name=$asset"
done
- name: Trigger phylum-ci Docker image creation
# Don't trigger for pre-releases
if: ${{ !contains(github.ref, 'rc') }}
# Reference: https://docs.github.com/en/rest/repos/repos#create-a-repository-dispatch-event
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
with:
github-token: ${{ secrets.GH_RELEASE_PAT }}
script: |
const response = await github.rest.repos.createDispatchEvent({
owner: "phylum-dev",
repo: "phylum-ci",
event_type: "build-push-docker-images",
client_payload: {CLI_version: process.env.GITHUB_REF_NAME},
});
console.log(response);
- name: Trigger homebrew-cli Formula bump
# Don't trigger for pre-releases
if: ${{ !contains(github.ref, 'rc') }}
# Reference: https://docs.github.com/en/rest/repos/repos#create-a-repository-dispatch-event
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
with:
github-token: ${{ secrets.GH_RELEASE_PAT }}
script: |
const response = await github.rest.repos.createDispatchEvent({
owner: "phylum-dev",
repo: "homebrew-cli",
event_type: "trigger-bump-formula-pr",
client_payload: {CLI_version: process.env.GITHUB_REF_NAME},
});
console.log(response);
Update-Documentation:
name: Update the documentation
needs: Release
# Don't trigger for pre-releases
if: ${{ !contains(github.ref, 'rc') }}
runs-on: ubuntu-latest
steps:
- name: Checkout the repo
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Update v2-latest using rdme
uses: readmeio/rdme@51a80867c45de15e2b41af0c4bd5bbc61b932804 # v8.6.6
with:
rdme: docs ./docs --key=${{ secrets.README_API }} --version=2-latest