Techognito/starter-kit
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move release from cockpituous to action-release and packit

Browse source 
This gets rid of our "release" environment with high-profile secrets,
and the cockpituous/release infra.

The upstream release uses our shared
https://github.com/cockpit-project/action-release/ action.
This commit is contained in:
Martin Pitt 2022-06-07 09:35:28 +02:00 committed by Allison Karlitskaya
parent 607fbae9d2
commit f5faff051b
4 changed files with 61 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

45
.github/workflows/release.yml.disabled vendored
View file

@ -1,3 +1,6 @@
# Create a GitHub upstream release. Replace "TARNAME" with your project tarball
# name and enable this by dropping the ".disabled" suffix from the file name.
# See README.md.
name: release name: release
on: on:
push: push:
@ -5,31 +8,27 @@ on:
# this is a glob, not a regexp # this is a glob, not a regexp
- '[0-9]*' - '[0-9]*'
jobs: jobs:
cockpituous: source:
runs-on: ubuntu-latest runs-on: ubuntu-latest
environment: release
container: container:
image: ghcr.io/cockpit-project/release image: ghcr.io/cockpit-project/unit-tests
options: --user root
permissions:
# create GitHub release
contents: write
steps: steps:
- name: Set up configuration and secrets - name: Clone repository
run: | uses: actions/checkout@v3
# override GitHub's bind mount from host, we don't want anything from there and it interferes with ssh with:
export HOME=$(getent passwd $(id -u) | cut -f6 -d:) fetch-depth: 0
# secrets come from https://github.com/organizations/ORGNAME/settings/secrets or https://github.com/OWNER/REPO/settings/secrets - name: Workaround for https://github.com/actions/checkout/pull/697
# see https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets run: git fetch --force origin $(git describe --tags):refs/tags/$(git describe --tags)
echo '${{ secrets.SSH_KNOWN_HOSTS }}' > ~/.ssh/known_hosts
echo '${{ secrets.FEDPKG_SSH_PUBLIC }}' > ~/.ssh/id_rsa.pub
echo '${{ secrets.FEDPKG_SSH_PRIVATE }}' > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
# FIXME: Set your Fedora user account name here
echo 'yourfedorauser' > ~/.config/bodhi-user
echo '${{ secrets.GITHUB_TOKEN }}' > ~/.config/github-token
echo '${{ secrets.FEDORA_PASSWORD }}' > ~/.fedora-password
- name: Run cockpituous - name: Build release
run: | run: make dist
# override GitHub's bind mount from host, we don't want anything from there and it interferes with ssh
export HOME=$(getent passwd $(id -u) | cut -f6 -d:) - name: Publish GitHub release
cd /build uses: cockpit-project/action-release@62db9d9850a1adec300500d84035c4f523fd5290
release-runner -r https://github.com/$GITHUB_REPOSITORY -t $(basename $GITHUB_REF) ./cockpituous-release with:
filename: "TARNAME-${{ github.ref_name }}.tar.xz"

28
README.md
View file

@ -132,19 +132,25 @@ change:
# Automated release # Automated release
Once your cloned project is ready for a release, you should consider automating Once your cloned project is ready for a release, you should consider automating
that. [Cockpituous release](https://github.com/cockpit-project/cockpituous/tree/main/release) that. The intention is that the only manual step for releasing a project is to create
and [Packit](https://packit.dev/) aim to fully automate project releases to a signed tag for the version number, which includes a summary of the noteworthy
GitHub, Fedora, Ubuntu, COPR, Docker Hub, and other places. The intention is changes:
that the only manual step for releasing a project is to create a signed tag for
the version number; pushing the tag then triggers a [GitHub
action](https://github.com/features/actions) that calls a set of release
scripts.
starter-kit includes an example [cockpitous release script](./cockpituous-release) ```
123
and a [packit.yaml](./packit.yaml) control file with detailed comments how to - this new feature
use it. There is also an [example GitHub release action](.github/workflows/release.yml.disabled) - fix bug #123
to set up secrets and run cockpituous. ```
Pushing the release tag triggers the [release.yml](.github/workflows/release.yml.disabled)
[GitHub action](https://github.com/features/actions) workflow. This creates the
official release tarball and publishes as upstream release to GitHub. The
workflow is disabled by default -- to use it, edit the file as per the comment
at the top, and rename it to just `*.yml`.
The Fedora and COPR releases are done with [Packit](https://packit.dev/),
see the [packit.yaml](./packit.yaml) control file.
# Automated maintenance # Automated maintenance

34
cockpituous-release
View file

@ -1,34 +0,0 @@
# This is a script run to release this project through Cockpituous:
# https://github.com/cockpit-project/cockpituous/tree/main/release
# Anything that start with 'job' may run in a way that it SIGSTOP's
# itself when preliminary preparition and then gets a SIGCONT in
# order to complete its work.
#
# Check cockpituous documentation for available release targets.
#
# This gets run through a GitHub action: enable and adjust
# .github/workflows/release.yml.disabled once you are ready.
RELEASE_SOURCE="_release/source"
RELEASE_SPEC="cockpit-starter-kit.spec"
RELEASE_SRPM="_release/srpm"
job release-source
job release-srpm -V
# Once you have a Fedora package, can upload to Fedora automatically: Provide the
# secrets in .github/workflows/release.yml on GitHub, and enable the following:
## Authenticate for pushing into Fedora dist-git
# cat ~/.fedora-password | kinit yourfedorauser@FEDORAPROJECT.ORG
## Do fedora builds for the tag, using tarball
# job release-koji rawhide
# job release-koji f36
# job release-bodhi F36
# These are likely the first of your release targets; but run them after Fedora uploads,
# so that failures there will fail the release early, before publishing on GitHub
# this needs no explicit secrets, just the GitHub action provided default one
# job release-github

22
packit.yaml
View file

@ -3,6 +3,8 @@
# See https://packit.dev/docs/configuration/ for the format of this file # See https://packit.dev/docs/configuration/ for the format of this file
specfile_path: cockpit-starter-kit.spec specfile_path: cockpit-starter-kit.spec
# use the nicely formatted release description from our upstream release, instead of git shortlog
copy_upstream_release_description: true
srpm_build_deps: srpm_build_deps:
- make - make
@ -37,3 +39,23 @@ jobs:
# targets: # targets:
# - fedora-all # - fedora-all
# - centos-stream-9-x86_64 # - centos-stream-9-x86_64
# Build releases in Fedora: https://packit.dev/docs/configuration/#propose_downstream
#- job: propose_downstream
# trigger: release
# metadata:
# dist_git_branches:
# - fedora-all
#- job: koji_build
# trigger: commit
# metadata:
# dist_git_branches:
# - fedora-all
#- job: bodhi_update
# trigger: commit
# metadata:
# dist_git_branches:
# # rawhide updates are created automatically
# - fedora-branched