Move release from cockpituous to action-release and packit
This gets rid of our "release" environment with high-profile secrets, and the cockpituous/release infra. The upstream release uses our shared https://github.com/cockpit-project/action-release/ action.
This commit is contained in:
Martin Pitt
Allison Karlitskaya
parent
607fbae9d2
commit
f5faff051b
4 changed files with 61 additions and 68 deletions
45
.github/workflows/release.yml.disabled
vendored
45
.github/workflows/release.yml.disabled
vendored
|
|
@ -1,3 +1,6 @@
|
|||
# Create a GitHub upstream release. Replace "TARNAME" with your project tarball
|
||||
# name and enable this by dropping the ".disabled" suffix from the file name.
|
||||
# See README.md.
|
||||
name: release
|
||||
on:
|
||||
push:
|
||||
|
|
@ -5,31 +8,27 @@ on:
|
|||
# this is a glob, not a regexp
|
||||
- '[0-9]*'
|
||||
jobs:
|
||||
cockpituous:
|
||||
source:
|
||||
runs-on: ubuntu-latest
|
||||
environment: release
|
||||
container:
|
||||
image: ghcr.io/cockpit-project/release
|
||||
image: ghcr.io/cockpit-project/unit-tests
|
||||
options: --user root
|
||||
permissions:
|
||||
# create GitHub release
|
||||
contents: write
|
||||
steps:
|
||||
- name: Set up configuration and secrets
|
||||
run: |
|
||||
# override GitHub's bind mount from host, we don't want anything from there and it interferes with ssh
|
||||
export HOME=$(getent passwd $(id -u) | cut -f6 -d:)
|
||||
- name: Clone repository
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
# secrets come from https://github.com/organizations/ORGNAME/settings/secrets or https://github.com/OWNER/REPO/settings/secrets
|
||||
# see https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets
|
||||
echo '${{ secrets.SSH_KNOWN_HOSTS }}' > ~/.ssh/known_hosts
|
||||
echo '${{ secrets.FEDPKG_SSH_PUBLIC }}' > ~/.ssh/id_rsa.pub
|
||||
echo '${{ secrets.FEDPKG_SSH_PRIVATE }}' > ~/.ssh/id_rsa
|
||||
chmod 600 ~/.ssh/id_rsa
|
||||
# FIXME: Set your Fedora user account name here
|
||||
echo 'yourfedorauser' > ~/.config/bodhi-user
|
||||
echo '${{ secrets.GITHUB_TOKEN }}' > ~/.config/github-token
|
||||
echo '${{ secrets.FEDORA_PASSWORD }}' > ~/.fedora-password
|
||||
- name: Workaround for https://github.com/actions/checkout/pull/697
|
||||
run: git fetch --force origin $(git describe --tags):refs/tags/$(git describe --tags)
|
||||
|
||||
- name: Run cockpituous
|
||||
run: |
|
||||
# override GitHub's bind mount from host, we don't want anything from there and it interferes with ssh
|
||||
export HOME=$(getent passwd $(id -u) | cut -f6 -d:)
|
||||
cd /build
|
||||
release-runner -r https://github.com/$GITHUB_REPOSITORY -t $(basename $GITHUB_REF) ./cockpituous-release
|
||||
- name: Build release
|
||||
run: make dist
|
||||
|
||||
- name: Publish GitHub release
|
||||
uses: cockpit-project/action-release@62db9d9850a1adec300500d84035c4f523fd5290
|
||||
with:
|
||||
filename: "TARNAME-${{ github.ref_name }}.tar.xz"
|
||||
|
|
|
|||
28
README.md
28
README.md
|
|
@ -132,19 +132,25 @@ change:
|
|||
# Automated release
|
||||
|
||||
Once your cloned project is ready for a release, you should consider automating
|
||||
that. [Cockpituous release](https://github.com/cockpit-project/cockpituous/tree/main/release)
|
||||
and [Packit](https://packit.dev/) aim to fully automate project releases to
|
||||
GitHub, Fedora, Ubuntu, COPR, Docker Hub, and other places. The intention is
|
||||
that the only manual step for releasing a project is to create a signed tag for
|
||||
the version number; pushing the tag then triggers a [GitHub
|
||||
action](https://github.com/features/actions) that calls a set of release
|
||||
scripts.
|
||||
that. The intention is that the only manual step for releasing a project is to create
|
||||
a signed tag for the version number, which includes a summary of the noteworthy
|
||||
changes:
|
||||
|
||||
starter-kit includes an example [cockpitous release script](./cockpituous-release)
|
||||
```
|
||||
123
|
||||
|
||||
and a [packit.yaml](./packit.yaml) control file with detailed comments how to
|
||||
use it. There is also an [example GitHub release action](.github/workflows/release.yml.disabled)
|
||||
to set up secrets and run cockpituous.
|
||||
- this new feature
|
||||
- fix bug #123
|
||||
```
|
||||
|
||||
Pushing the release tag triggers the [release.yml](.github/workflows/release.yml.disabled)
|
||||
[GitHub action](https://github.com/features/actions) workflow. This creates the
|
||||
official release tarball and publishes as upstream release to GitHub. The
|
||||
workflow is disabled by default -- to use it, edit the file as per the comment
|
||||
at the top, and rename it to just `*.yml`.
|
||||
|
||||
The Fedora and COPR releases are done with [Packit](https://packit.dev/),
|
||||
see the [packit.yaml](./packit.yaml) control file.
|
||||
|
||||
# Automated maintenance
|
||||
|
||||
|
|
|
|||
|
|
@ -1,34 +0,0 @@
|
|||
# This is a script run to release this project through Cockpituous:
|
||||
# https://github.com/cockpit-project/cockpituous/tree/main/release
|
||||
|
||||
# Anything that start with 'job' may run in a way that it SIGSTOP's
|
||||
# itself when preliminary preparition and then gets a SIGCONT in
|
||||
# order to complete its work.
|
||||
#
|
||||
# Check cockpituous documentation for available release targets.
|
||||
#
|
||||
# This gets run through a GitHub action: enable and adjust
|
||||
# .github/workflows/release.yml.disabled once you are ready.
|
||||
|
||||
RELEASE_SOURCE="_release/source"
|
||||
RELEASE_SPEC="cockpit-starter-kit.spec"
|
||||
RELEASE_SRPM="_release/srpm"
|
||||
|
||||
job release-source
|
||||
job release-srpm -V
|
||||
|
||||
# Once you have a Fedora package, can upload to Fedora automatically: Provide the
|
||||
# secrets in .github/workflows/release.yml on GitHub, and enable the following:
|
||||
|
||||
## Authenticate for pushing into Fedora dist-git
|
||||
# cat ~/.fedora-password | kinit yourfedorauser@FEDORAPROJECT.ORG
|
||||
## Do fedora builds for the tag, using tarball
|
||||
# job release-koji rawhide
|
||||
# job release-koji f36
|
||||
# job release-bodhi F36
|
||||
|
||||
# These are likely the first of your release targets; but run them after Fedora uploads,
|
||||
# so that failures there will fail the release early, before publishing on GitHub
|
||||
|
||||
# this needs no explicit secrets, just the GitHub action provided default one
|
||||
# job release-github
|
||||
22
packit.yaml
22
packit.yaml
|
|
@ -3,6 +3,8 @@
|
|||
# See https://packit.dev/docs/configuration/ for the format of this file
|
||||
|
||||
specfile_path: cockpit-starter-kit.spec
|
||||
# use the nicely formatted release description from our upstream release, instead of git shortlog
|
||||
copy_upstream_release_description: true
|
||||
|
||||
srpm_build_deps:
|
||||
- make
|
||||
|
|
@ -37,3 +39,23 @@ jobs:
|
|||
# targets:
|
||||
# - fedora-all
|
||||
# - centos-stream-9-x86_64
|
||||
|
||||
# Build releases in Fedora: https://packit.dev/docs/configuration/#propose_downstream
|
||||
#- job: propose_downstream
|
||||
# trigger: release
|
||||
# metadata:
|
||||
# dist_git_branches:
|
||||
# - fedora-all
|
||||
|
||||
#- job: koji_build
|
||||
# trigger: commit
|
||||
# metadata:
|
||||
# dist_git_branches:
|
||||
# - fedora-all
|
||||
|
||||
#- job: bodhi_update
|
||||
# trigger: commit
|
||||
# metadata:
|
||||
# dist_git_branches:
|
||||
# # rawhide updates are created automatically
|
||||
# - fedora-branched
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue