Skip to content
.github/workflows/release-automation.yaml

chore: testing #10

Sign in to view logs

chore: testing

chore: testing #10

Workflow file for this run

.github/workflows/release-automation.yaml at 0118d79
name: Release Finch latest version
on:
workflow_dispatch:
workflow_call:
<<<<<<< Updated upstream

Check failure on line 6 in .github/workflows/release-automation.yaml

View workflow run for this annotation

GitHub Actions / .github/workflows/release-automation.yaml

Invalid workflow file 

You have an error in your yaml syntax on line 6
=======
permissions:
id-token: write
contents: write
>>>>>>> Stashed changes
jobs:
get-latest-tag:
name: Get the latest release tag
runs-on: ubuntu-latest
permissions:
contents: read
timeout-minutes: 2
outputs:
tag: ${{ steps.latest-tag.outputs.tag }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
- name: 'Get the latest tag'
id: latest-tag
uses: "WyriHaximus/github-action-get-previous-tag@04e8485ecb6487243907e330d522ff60f02283ce" # v1.4.0
build-and-test-finch-pkg:
needs: get-latest-tag
uses: ./.github/workflows/build-and-test-pkg.yaml
secrets: inherit
with:
ref_name: ${{ needs.get-latest-tag.outputs.tag }}
upload-pkg-and-dependency-source-code-to-release:
needs:
- get-latest-tag
- build-and-test-finch-pkg
uses: ./.github/workflows/upload-installer-to-release.yaml
permissions:
# This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
# More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
id-token: write
contents: write # this is used to upload to the release
secrets: inherit
with:
ref_name: ${{ needs.get-latest-tag.outputs.tag }}
build-and-test-finch-msi:
needs: get-latest-tag
uses: ./.github/workflows/build-and-test-msi.yaml
permissions:
# This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
# More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
id-token: write
contents: read # this is required for actions/checkout
secrets: inherit
with:
ref_name: ${{ needs.get-latest-tag.outputs.tag }}
upload-msi-to-release:
needs:
- get-latest-tag
- build-and-test-finch-msi
uses: ./.github/workflows/upload-msi-to-release.yaml
permissions:
# This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
# More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
id-token: write
contents: read # this is required for actions/checkout
secrets: inherit
with:
ref_name: ${{ needs.get-latest-tag.outputs.tag }}
build-and-test-finch-deb:
needs: get-latest-tag
uses: ./.github/workflows/build-and-test-deb.yaml
permissions:
# This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
# More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
id-token: write
contents: read # this is required for actions/checkout
secrets: inherit
with:
ref_name: ${{ needs.get-latest-tag.outputs.tag }}
upload-deb-to-release:
needs:
- get-latest-tag
- build-and-test-finch-deb
uses: ./.github/workflows/upload-deb-to-release.yaml
permissions:
# This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
# More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
id-token: write
contents: write # this is required for uploading the release assets
secrets: inherit
with:
ref_name: ${{ needs.get-latest-tag.outputs.tag }}
update-latest-version-in-s3:
needs:
- get-latest-tag
- upload-pkg-and-dependency-source-code-to-release
- upload-msi-to-release
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
with:
role-to-assume: ${{ secrets.ROLE }}
role-session-name: update-latest-version-in-s3
aws-region: ${{ secrets.REGION }}
- name: Update latest version in S3
run: |
# Create latest-version.json with the latest Finch release version to track updates
cat > latest-version.json << EOF
{
"latest_version": "${{ needs.get-latest-tag.outputs.tag }}"
}
EOF
# Upload to S3
aws s3 cp latest-version.json s3://${{ secrets.ARTIFACT_BUCKET_NAME }}/manifest/latest-version.json --content-type "application/json"
upload-release-definition-to-s3:
needs:
- get-latest-tag
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0
with:
role-to-assume: ${{ vars.AWS_RELEASE_TRIGGER_ROLE }}
role-session-name: upload-release-definition-to-s3
aws-region: ${{ vars.AWS_RELEASE_TRIGGER_REGION }}
- name: Create and upload release definition to S3
run: |
# Extract version without 'v' prefix for filename
VERSION="${{ needs.get-latest-tag.outputs.tag }}"
VERSION_NO_V="${VERSION#v}"
# Create release definition JSON file
cat > "release-def-${VERSION_NO_V}.json" << EOF
{
"tag_name": "${VERSION}",
"assets": [
{
"name": "Finch-${{ needs.get-latest-tag.outputs.tag }}-aarch64.pkg",
"os": "mac",
"architecture": "aarch64"
},
{
"name": "Finch-${{ needs.get-latest-tag.outputs.tag }}-x86_64.pkg",
"os": "mac",
"architecture": "x86_64"
}
]
}
EOF
# Upload to S3
aws s3 cp "release-def-${VERSION_NO_V}.json" s3://${{ vars.AWS_RELEASE_TRIGGER_BUCKET }}/manifest/release-def-${VERSION_NO_V}.json --content-type "application/json"