diff --git a/.github/workflows/release-automation.yaml b/.github/workflows/release-automation.yaml index d5684a7e3..c68a54a46 100644 --- a/.github/workflows/release-automation.yaml +++ b/.github/workflows/release-automation.yaml @@ -2,6 +2,9 @@ name: Release Finch latest version on: workflow_dispatch: workflow_call: + pull_request: + branches: + - main jobs: get-latest-tag: @@ -19,85 +22,10 @@ jobs: - name: 'Get the latest tag' id: latest-tag uses: "WyriHaximus/github-action-get-previous-tag@04e8485ecb6487243907e330d522ff60f02283ce" # v1.4.0 - - build-and-test-finch-pkg: - needs: get-latest-tag - uses: ./.github/workflows/build-and-test-pkg.yaml - secrets: inherit - with: - ref_name: ${{ needs.get-latest-tag.outputs.tag }} - - upload-pkg-and-dependency-source-code-to-release: - needs: - - get-latest-tag - - build-and-test-finch-pkg - uses: ./.github/workflows/upload-installer-to-release.yaml - permissions: - # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on. - # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings - id-token: write - contents: write # this is used to upload to the release - secrets: inherit - with: - ref_name: ${{ needs.get-latest-tag.outputs.tag }} - - build-and-test-finch-msi: - needs: get-latest-tag - uses: ./.github/workflows/build-and-test-msi.yaml - permissions: - # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on. - # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings - id-token: write - contents: read # this is required for actions/checkout - secrets: inherit - with: - ref_name: ${{ needs.get-latest-tag.outputs.tag }} - - upload-msi-to-release: - needs: - - get-latest-tag - - build-and-test-finch-msi - uses: ./.github/workflows/upload-msi-to-release.yaml - permissions: - # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on. - # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings - id-token: write - contents: read # this is required for actions/checkout - secrets: inherit - with: - ref_name: ${{ needs.get-latest-tag.outputs.tag }} - - build-and-test-finch-deb: - needs: get-latest-tag - uses: ./.github/workflows/build-and-test-deb.yaml - permissions: - # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on. - # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings - id-token: write - contents: read # this is required for actions/checkout - secrets: inherit - with: - ref_name: ${{ needs.get-latest-tag.outputs.tag }} - - upload-deb-to-release: - needs: - - get-latest-tag - - build-and-test-finch-deb - uses: ./.github/workflows/upload-deb-to-release.yaml - permissions: - # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on. - # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings - id-token: write - contents: write # this is required for uploading the release assets - secrets: inherit - with: - ref_name: ${{ needs.get-latest-tag.outputs.tag }} - - update-latest-version-in-s3: + + upload-release-definition-to-s3: needs: - get-latest-tag - - upload-pkg-and-dependency-source-code-to-release - - upload-msi-to-release runs-on: ubuntu-latest permissions: id-token: write @@ -106,18 +34,34 @@ jobs: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 with: - role-to-assume: ${{ secrets.ROLE }} - role-session-name: update-latest-version-in-s3 - aws-region: ${{ secrets.REGION }} + role-to-assume: ${{ vars.AWS_RELEASE_TRIGGER_ROLE }} + role-session-name: upload-release-definition-to-s3 + aws-region: ${{ vars.AWS_RELEASE_TRIGGER_REGION }} - - name: Update latest version in S3 + - name: Create and upload release definition to S3 run: | - # Create latest-version.json with the latest Finch release version to track updates - cat > latest-version.json << EOF + # Extract version without 'v' prefix for filename + VERSION="${{ needs.get-latest-tag.outputs.tag }}" + VERSION_NO_V="${VERSION#v}" + + # Create release definition JSON file + cat > "release-def-${VERSION_NO_V}.json" << EOF { - "latest_version": "${{ needs.get-latest-tag.outputs.tag }}" + "tag_name": "${VERSION}", + "assets": [ + { + "name": "Finch-${{ needs.get-latest-tag.outputs.tag }}-aarch64.pkg", + "os": "mac", + "architecture": "aarch64" + }, + { + "name": "Finch-${{ needs.get-latest-tag.outputs.tag }}-x86_64.pkg", + "os": "mac", + "architecture": "x86_64" + } + ] } EOF # Upload to S3 - aws s3 cp latest-version.json s3://${{ secrets.ARTIFACT_BUCKET_NAME }}/manifest/latest-version.json --content-type "application/json" + aws s3 cp "release-def-${VERSION_NO_V}.json" s3://${{ vars.AWS_RELEASE_TRIGGER_BUCKET }}/manifest/release-def-${VERSION_NO_V}.json --content-type "application/json"