-
Notifications
You must be signed in to change notification settings - Fork 421
156 lines (148 loc) · 5.6 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
name: Release
# RELEASE PROCESS
#
# === Automated activities ===
#
# 1. Run tests, linting, security and complexity base line
# 2. Bump package version and generate latest Changelog
# 3. Publish package to PyPi test and prod repository
# 4. Kick off SAR App pipeline to publish latest version with minimal and extra dependencies
# 5. Builds and publish latest changelog from tip of the branch
# 6. Builds a new user guide and API docs with release version; update /latest pointing to newly released version
# 7. Close all issues labeled "pending-release" and notify customers about the release
#
# === Manual activities ===
#
# 1. Edit the current draft release notes
# 2. If not already set, use `v<new version>` as a tag, e.g., v1.26.4, and select develop as target branch
# See MAINTAINERS.md "Releasing a new version" for release mechanisms
env:
BRANCH: develop
ORIGIN: awslabs/aws-lambda-powertools-python
on:
workflow_dispatch:
inputs:
version_to_publish:
description: "Version to be released in PyPi, Docs, and Lambda Layer, e.g. v2.0.0, v2.0.0a0 (pre-release)"
default: v2.0.0
required: true
skip_pypi:
description: "Skip publishing to PyPi as it can't publish more than once. Useful for semi-failed releases"
default: false
type: boolean
required: false
skip_code_quality:
description: "Skip tests, linting, and baseline. Only use if release fail for reasons beyond our control and you need a quick release."
default: false
type: boolean
required: false
pre_release:
description: "Publishes documentation using a pre-release tag (v2.0.0a0). You are still responsible for passing a pre-release version tag to the workflow."
default: false
type: boolean
required: false
jobs:
release:
environment: release
runs-on: aws-lambda-powertools_ubuntu-latest_4-core
permissions:
contents: write
outputs:
RELEASE_VERSION: ${{ steps.release_version.outputs.RELEASE_VERSION }}
env:
RELEASE_TAG_VERSION: ${{ inputs.version_to_publish }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install poetry
run: pipx install poetry
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.10"
cache: "poetry"
- name: Set release notes tag
id: release_version
# transform tag format `v<version` to `<version`
run: |
RELEASE_VERSION="${RELEASE_TAG_VERSION:1}"
echo "RELEASE_VERSION=${RELEASE_VERSION}" >> "$GITHUB_ENV"
echo "RELEASE_VERSION=${RELEASE_VERSION}" >> "$GITHUB_OUTPUT"
- name: Install dependencies
run: make dev
- name: Run all tests, linting and baselines
if: ${{ !inputs.skip_code_quality }}
run: make pr
- name: Git client setup and refresh tip
run: |
git config user.name "Release bot"
git config user.email "[email protected]"
git config pull.rebase true
git config remote.origin.url >&- || git remote add origin https://github.com/"${ORIGIN}" # Git Detached mode (release notes) doesn't have origin
git pull origin "${BRANCH}"
- name: Bump package version
id: versioning
run: poetry version "${RELEASE_VERSION}"
- name: Build python package and wheel
if: ${{ !inputs.skip_pypi }}
run: poetry build
# March 1st: PyPi test is under maintenance....
# - name: Upload to PyPi test
# if: ${{ !inputs.skip_pypi }}
# run: make release-test
# env:
# PYPI_USERNAME: __token__
# PYPI_TEST_TOKEN: ${{ secrets.PYPI_TEST_TOKEN }}
- name: Upload to PyPi prod
if: ${{ !inputs.skip_pypi }}
run: make release-prod
env:
PYPI_USERNAME: __token__
PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
- name: Update version in trunk
if: steps.versioning.outcome == 'success'
run: |
HAS_CHANGE=$(git status --porcelain)
test -z "${HAS_CHANGE}" && echo "Nothing to update" && exit 0
git add pyproject.toml
git commit -m "bump version to ${RELEASE_VERSION}" --no-verify
git pull origin "${BRANCH}" # prevents concurrent branch update failing push
git push origin HEAD:refs/heads/"${BRANCH}"
changelog:
needs: release
permissions:
contents: write
uses: ./.github/workflows/reusable_publish_changelog.yml
# NOTE: Watch out for the depth limit of 4 nested workflow_calls.
# publish_layer -> publish_v2_layer -> reusable_deploy_v2_layer_stack -> reusable_update_v2_layer_arn_docs
publish_layer:
needs: release
secrets: inherit
permissions:
id-token: write
contents: write
pages: write
uses: ./.github/workflows/publish_v2_layer.yml
with:
latest_published_version: ${{ needs.release.outputs.RELEASE_VERSION }}
pre_release: ${{ inputs.pre_release }}
post_release:
needs: [release, publish_layer]
permissions:
contents: read
issues: write
discussions: write
pull-requests: write
runs-on: ubuntu-latest
env:
RELEASE_VERSION: ${{ needs.release.outputs.RELEASE_VERSION }}
steps:
- uses: actions/checkout@v3
- name: Close issues related to this release
uses: actions/github-script@v6
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const post_release = require('.github/scripts/post_release.js')
await post_release({github, context, core})