Move release from cockpituous to action-release and packit

This gets rid of our "release" environment with high-profile secrets, and the cockpituous/release infra. The upstream release uses our shared https://github.com/cockpit-project/action-release/ action.
2022-06-07 09:35:28 +02:00 · 2022-06-07 09:35:28 +02:00 · f5faff051b
commit f5faff051b
parent 607fbae9d2
4 changed files with 61 additions and 68 deletions
--- a/.github/workflows/release.yml.disabled
+++ b/.github/workflows/release.yml.disabled
@ -1,3 +1,6 @@
+# Create a GitHub upstream release. Replace "TARNAME" with your project tarball
+# name and enable this by dropping the ".disabled" suffix from the file name.
+# See README.md.
 name: release
 on:
  push:
@ -5,31 +8,27 @@ on:
      # this is a glob, not a regexp
      - '[0-9]*'
 jobs:
-  cockpituous:
+  source:
    runs-on: ubuntu-latest
-    environment: release
    container:
-      image: ghcr.io/cockpit-project/release
+      image: ghcr.io/cockpit-project/unit-tests
+      options: --user root
+    permissions:
+      # create GitHub release
+      contents: write
    steps:
-      - name: Set up configuration and secrets
-        run: |
-          # override GitHub's bind mount from host, we don't want anything from there and it interferes with ssh
-          export HOME=$(getent passwd $(id -u) | cut -f6 -d:)
+      - name: Clone repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0

-          # secrets come from https://github.com/organizations/ORGNAME/settings/secrets or https://github.com/OWNER/REPO/settings/secrets
-          # see https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets
-          echo '${{ secrets.SSH_KNOWN_HOSTS }}' > ~/.ssh/known_hosts
-          echo '${{ secrets.FEDPKG_SSH_PUBLIC }}' > ~/.ssh/id_rsa.pub
-          echo '${{ secrets.FEDPKG_SSH_PRIVATE }}' > ~/.ssh/id_rsa
-          chmod 600 ~/.ssh/id_rsa
-          # FIXME: Set your Fedora user account name here
-          echo 'yourfedorauser' > ~/.config/bodhi-user
-          echo '${{ secrets.GITHUB_TOKEN }}' > ~/.config/github-token
-          echo '${{ secrets.FEDORA_PASSWORD }}' > ~/.fedora-password
+      - name: Workaround for https://github.com/actions/checkout/pull/697
+        run: git fetch --force origin $(git describe --tags):refs/tags/$(git describe --tags)

-      - name: Run cockpituous
-        run: |
-          # override GitHub's bind mount from host, we don't want anything from there and it interferes with ssh
-          export HOME=$(getent passwd $(id -u) | cut -f6 -d:)
-          cd /build
-          release-runner -r https://github.com/$GITHUB_REPOSITORY -t $(basename $GITHUB_REF) ./cockpituous-release
+      - name: Build release
+        run: make dist
+
+      - name: Publish GitHub release
+        uses: cockpit-project/action-release@62db9d9850a1adec300500d84035c4f523fd5290
+        with:
+          filename: "TARNAME-${{ github.ref_name }}.tar.xz"
--- a/README.md
+++ b/README.md
@ -132,19 +132,25 @@ change:
 # Automated release

 Once your cloned project is ready for a release, you should consider automating
-that.  [Cockpituous release](https://github.com/cockpit-project/cockpituous/tree/main/release)
-and [Packit](https://packit.dev/) aim to fully automate project releases to
-GitHub, Fedora, Ubuntu, COPR, Docker Hub, and other places. The intention is
-that the only manual step for releasing a project is to create a signed tag for
-the version number; pushing the tag then triggers a [GitHub
-action](https://github.com/features/actions) that calls a set of release
-scripts.
+that. The intention is that the only manual step for releasing a project is to create
+a signed tag for the version number, which includes a summary of the noteworthy
+changes:

-starter-kit includes an example [cockpitous release script](./cockpituous-release)
+```
+123

-and a [packit.yaml](./packit.yaml) control file with detailed comments how to
-use it. There is also an [example GitHub release action](.github/workflows/release.yml.disabled)
-to set up secrets and run cockpituous.
+- this new feature
+- fix bug #123
+```
+
+Pushing the release tag triggers the [release.yml](.github/workflows/release.yml.disabled)
+[GitHub action](https://github.com/features/actions) workflow. This creates the
+official release tarball and publishes as upstream release to GitHub. The
+workflow is disabled by default -- to use it, edit the file as per the comment
+at the top, and rename it to just `*.yml`.
+
+The Fedora and COPR releases are done with [Packit](https://packit.dev/),
+see the [packit.yaml](./packit.yaml) control file.

 # Automated maintenance

--- a/34
+++ b/34
@ -1,34 +0,0 @@
-# This is a script run to release this project through Cockpituous:
-# https://github.com/cockpit-project/cockpituous/tree/main/release
-
-# Anything that start with 'job' may run in a way that it SIGSTOP's
-# itself when preliminary preparition and then gets a SIGCONT in
-# order to complete its work.
-#
-# Check cockpituous documentation for available release targets.
-#
-# This gets run through a GitHub action: enable and adjust
-# .github/workflows/release.yml.disabled once you are ready.
-
-RELEASE_SOURCE="_release/source"
-RELEASE_SPEC="cockpit-starter-kit.spec"
-RELEASE_SRPM="_release/srpm"
-
-job release-source
-job release-srpm -V
-
-# Once you have a Fedora package, can upload to Fedora automatically: Provide the
-# secrets in .github/workflows/release.yml on GitHub, and enable the following:
-
-## Authenticate for pushing into Fedora dist-git
-# cat ~/.fedora-password | kinit yourfedorauser@FEDORAPROJECT.ORG
-## Do fedora builds for the tag, using tarball
-# job release-koji rawhide
-# job release-koji f36
-# job release-bodhi F36
-
-# These are likely the first of your release targets; but run them after Fedora uploads,
-# so that failures there will fail the release early, before publishing on GitHub
-
-# this needs no explicit secrets, just the GitHub action provided default one
-# job release-github
--- a/packit.yaml
+++ b/packit.yaml
@ -3,6 +3,8 @@
 # See https://packit.dev/docs/configuration/ for the format of this file

 specfile_path: cockpit-starter-kit.spec
+# use the nicely formatted release description from our upstream release, instead of git shortlog
+copy_upstream_release_description: true

 srpm_build_deps:
  - make
@ -37,3 +39,23 @@ jobs:
  #    targets:
  #      - fedora-all
  #      - centos-stream-9-x86_64
+
+  # Build releases in Fedora: https://packit.dev/docs/configuration/#propose_downstream
+  #- job: propose_downstream
+  #  trigger: release
+  #  metadata:
+  #    dist_git_branches:
+  #      - fedora-all
+
+  #- job: koji_build
+  #  trigger: commit
+  #  metadata:
+  #    dist_git_branches:
+  #      - fedora-all
+
+  #- job: bodhi_update
+  #  trigger: commit
+  #  metadata:
+  #    dist_git_branches:
+  #      # rawhide updates are created automatically
+  #      - fedora-branched