forked from aws-powertools/powertools-lambda-python
-
Notifications
You must be signed in to change notification settings - Fork 0
186 lines (174 loc) · 7.18 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
name: Release
# RELEASE PROCESS
#
# === Automated activities ===
#
# 1. Run tests, linting, security and complexity base line
# 2. Bump package version and build release artifact
# 3. Publish package to PyPi prod repository using cached artifact
# 4. Compile Layer and kick off pipeline for beta, prod, and canary releases
# 5. Update docs with latest Layer ARNs and Changelog
# 6. Create PR to update trunk so staged docs also point to the latest Layer ARN, when merged
# 7. Builds a new user guide and API docs with release version; update /latest pointing to newly released version
# 8. Create PR to update package version on trunk
# 9. Close all issues labeled "pending-release" and notify customers about the release
#
# === Manual activities ===
#
# 1. Kick off this workflow with the intended version
# 2. Update draft release notes after this workflow completes
# 3. If not already set, use `v<new version>` as a tag, e.g., v1.26.4, and select develop as target branch
# See MAINTAINERS.md "Releasing a new version" for release mechanisms
env:
BRANCH: develop
ORIGIN: awslabs/aws-lambda-powertools-python
on:
workflow_dispatch:
inputs:
version_to_publish:
description: "Version to be released in PyPi, Docs, and Lambda Layer, e.g. v2.0.0, v2.0.0a0 (pre-release)"
default: v2.0.0
required: true
skip_pypi:
description: "Skip publishing to PyPi as it can't publish more than once. Useful for semi-failed releases"
default: false
type: boolean
required: false
skip_code_quality:
description: "Skip tests, linting, and baseline. Only use if release fail for reasons beyond our control and you need a quick release."
default: false
type: boolean
required: false
pre_release:
description: "Publishes documentation using a pre-release tag (v2.0.0a0). You are still responsible for passing a pre-release version tag to the workflow."
default: false
type: boolean
required: false
jobs:
build:
runs-on: aws-lambda-powertools_ubuntu-latest_4-core
permissions:
contents: read
outputs:
RELEASE_VERSION: ${{ steps.release_version.outputs.RELEASE_VERSION }}
env:
RELEASE_TAG_VERSION: ${{ inputs.version_to_publish }}
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
fetch-depth: 0
- name: Install poetry
run: pipx install poetry
- name: Set up Python
uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b # v4.6.0
with:
python-version: "3.10"
cache: "poetry"
- name: Set release notes tag
id: release_version
# transform tag format `v<version` to `<version`
run: |
RELEASE_VERSION="${RELEASE_TAG_VERSION:1}"
echo "RELEASE_VERSION=${RELEASE_VERSION}" >> "$GITHUB_ENV"
echo "RELEASE_VERSION=${RELEASE_VERSION}" >> "$GITHUB_OUTPUT"
- name: Install dependencies
run: make dev
- name: Run all tests, linting and baselines
if: ${{ !inputs.skip_code_quality }}
run: make pr
- name: Bump package version
id: versioning
run: poetry version "${RELEASE_VERSION}"
- name: Build python package and wheel
run: poetry build
- name: Cache release artifact
id: cache-release-build
uses: actions/cache/save@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: dist/
# NOTE: cache key uses a hash of (Runner OS + Version to be released + Deps)
# since a new release might not change a dependency but version
# otherwise we might accidentally reuse a previously cached artifact for a newer release.
# The reason we don't add pyproject.toml here is to avoid racing conditions
# where git checkout might happen too fast and doesn't pick up the latest version
# and also future-proof for when we switch to protected branch and update via PR
key: ${{ runner.os }}-${{ env.RELEASE_VERSION }}-${{ hashFiles('**/poetry.lock') }}
release:
needs: build
environment: release
runs-on: aws-lambda-powertools_ubuntu-latest_4-core
permissions:
id-token: write # OIDC for PyPi Trusted Publisher feature
env:
RELEASE_VERSION: ${{ needs.build.outputs.RELEASE_VERSION }}
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Restore release artifact from cache
id: restore-release-build
uses: actions/cache/restore@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: dist/
key: ${{ runner.os }}-${{ env.RELEASE_VERSION }}-${{ hashFiles('**/poetry.lock') }}
- name: Upload to PyPi prod
if: ${{ !inputs.skip_pypi }}
uses: pypa/gh-action-pypi-publish@a56da0b891b3dc519c7ee3284aff1fad93cc8598 # v1.8.6
# March 1st: PyPi test is under maintenance....
# - name: Upload to PyPi test
# if: ${{ !inputs.skip_pypi }}
# uses: pypa/gh-action-pypi-publish@a56da0b891b3dc519c7ee3284aff1fad93cc8598 # v1.8.6
# with:
# repository-url: https://test.pypi.org/legacy/
# NOTE: Watch out for the depth limit of 4 nested workflow_calls.
# publish_layer -> publish_v2_layer -> reusable_deploy_v2_layer_stack
publish_layer:
needs: [build, release]
secrets: inherit
permissions:
id-token: write
contents: write
pages: write
pull-requests: write
uses: ./.github/workflows/publish_v2_layer.yml
with:
latest_published_version: ${{ needs.build.outputs.RELEASE_VERSION }}
pre_release: ${{ inputs.pre_release }}
bump_version:
needs: [build, release]
permissions:
contents: write # create-pr action creates a temporary branch
pull-requests: write # create-pr action creates a PR using the temporary branch
runs-on: ubuntu-latest
env:
RELEASE_VERSION: ${{ needs.build.outputs.RELEASE_VERSION }}
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Bump package version
id: versioning
run: poetry version "${RELEASE_VERSION}"
- name: Create PR
id: create-pr
uses: ./.github/actions/create-pr
with:
files: "pyproject.toml"
temp_branch_prefix: "ci-bump"
pull_request_title: "chore(ci): bump version to ${{ env.RELEASE_VERSION }}"
github_token: ${{ secrets.GITHUB_TOKEN }}
post_release:
needs: [build, release, publish_layer]
permissions:
contents: read
issues: write
discussions: write
pull-requests: write
runs-on: ubuntu-latest
env:
RELEASE_VERSION: ${{ needs.build.outputs.RELEASE_VERSION }}
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Close issues related to this release
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const post_release = require('.github/scripts/post_release.js')
await post_release({github, context, core})