release #197
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| workflow_dispatch: | |
| jobs: | |
| goreleaser-windows: | |
| environment: sign | |
| runs-on: windows-latest | |
| steps: | |
| - name: Checkout repository and submodules | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Setup Go | |
| uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 | |
| with: | |
| go-version-file: go.mod | |
| cache-dependency-path: | | |
| go.sum | |
| .goreleaser-windows.yaml | |
| - name: Azure Login | |
| shell: pwsh | |
| run: | | |
| az cloud set --name AzureGermanCloud | |
| az login --service-principal ` | |
| -u ${{ secrets.DECO_SIGN_AZURE_CLIENT_ID }} ` | |
| -p ${{ secrets.DECO_SIGN_AZURE_CLIENT_SECRET }} ` | |
| --tenant ${{ secrets.DECO_SIGN_AZURE_TENANT_ID }} | |
| az account set --subscription ${{ secrets.DECO_SIGN_AZURE_SUBSCRIPTION_ID }} | |
| - name: Setup Azure Trusted Signing | |
| uses: azure/[email protected] | |
| with: | |
| azure-tenant-id: ${{ secrets.DECO_SIGN_AZURE_TENANT_ID }} | |
| azure-client-id: ${{ secrets.DECO_SIGN_AZURE_CLIENT_ID }} | |
| azure-client-secret: ${{ secrets.DECO_SIGN_AZURE_CLIENT_SECRET }} | |
| endpoint: https://eus.codesigning.azure.net/ | |
| trusted-signing-account-name: deco-sign | |
| certificate-profile-name: deco-sign | |
| - name: Run GoReleaser for Windows | |
| uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 | |
| with: | |
| version: ~> v2 | |
| args: release -f .goreleaser-windows.yaml --snapshot --skip docker | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| goreleaser-unix: | |
| if: false # Temporarily disabled for testing | |
| runs-on: | |
| group: databricks-deco-testing-runner-group | |
| labels: ubuntu-latest-deco | |
| outputs: | |
| artifacts: ${{ steps.releaser.outputs.artifacts }} | |
| steps: | |
| - name: Checkout repository and submodules | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Setup Go | |
| uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 | |
| with: | |
| go-version-file: go.mod | |
| cache-dependency-path: | | |
| go.sum | |
| .goreleaser-unix.yaml | |
| # Log into the GitHub Container Registry. The goreleaser action will create | |
| # the docker images and push them to the GitHub Container Registry. | |
| - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: "ghcr.io" | |
| username: "${{ github.actor }}" | |
| password: "${{ secrets.GITHUB_TOKEN }}" | |
| # QEMU is required to build cross platform docker images using buildx. | |
| # It allows virtualization of the CPU architecture at the application level. | |
| - name: Set up QEMU dependency | |
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 | |
| - name: Run GoReleaser for Unix | |
| id: releaser | |
| uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 | |
| with: | |
| version: ~> v2 | |
| args: release -f .goreleaser-unix.yaml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| create-setup-cli-release-pr: | |
| if: false # Temporarily disabled for testing | |
| runs-on: | |
| group: databricks-deco-testing-runner-group | |
| labels: ubuntu-latest-deco | |
| needs: [goreleaser-windows, goreleaser-unix] | |
| steps: | |
| - name: Set VERSION variable from tag | |
| run: | | |
| VERSION=${{ github.ref_name }} | |
| echo "VERSION=${VERSION:1}" >> $GITHUB_ENV | |
| - name: Update setup-cli | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| with: | |
| github-token: ${{ secrets.DECO_GITHUB_TOKEN }} | |
| script: | | |
| await github.rest.actions.createWorkflowDispatch({ | |
| owner: 'databricks', | |
| repo: 'setup-cli', | |
| workflow_id: 'release-pr.yml', | |
| ref: 'main', | |
| inputs: { | |
| version: "${{ env.VERSION }}", | |
| } | |
| }); | |
| create-homebrew-tap-release-pr: | |
| if: false # Temporarily disabled for testing | |
| runs-on: | |
| group: databricks-deco-testing-runner-group | |
| labels: ubuntu-latest-deco | |
| needs: goreleaser-unix | |
| steps: | |
| - name: Set VERSION variable from tag | |
| run: | | |
| VERSION=${{ github.ref_name }} | |
| echo "VERSION=${VERSION:1}" >> $GITHUB_ENV | |
| - name: Update homebrew-tap | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| with: | |
| github-token: ${{ secrets.DECO_GITHUB_TOKEN }} | |
| script: | | |
| let artifacts = ${{ needs.goreleaser-unix.outputs.artifacts }} | |
| artifacts = artifacts.filter(a => a.type == "Archive") | |
| artifacts = new Map( | |
| artifacts.map(a => [ | |
| a.goos + "_" + a.goarch + "_" + a.extra.Format, | |
| a.extra.Checksum.replace("sha256:", "") | |
| ]) | |
| ) | |
| await github.rest.actions.createWorkflowDispatch({ | |
| owner: 'databricks', | |
| repo: 'homebrew-tap', | |
| workflow_id: 'release-pr.yml', | |
| ref: 'main', | |
| inputs: { | |
| version: "${{ env.VERSION }}", | |
| darwin_amd64_sha: artifacts.get('darwin_amd64_zip'), | |
| darwin_arm64_sha: artifacts.get('darwin_arm64_zip'), | |
| linux_amd64_sha: artifacts.get('linux_amd64_zip'), | |
| linux_arm64_sha: artifacts.get('linux_arm64_zip') | |
| } | |
| }); | |
| create-vscode-extension-update-pr: | |
| if: false # Temporarily disabled for testing | |
| runs-on: | |
| group: databricks-deco-testing-runner-group | |
| labels: ubuntu-latest-deco | |
| needs: [goreleaser-windows, goreleaser-unix] | |
| steps: | |
| - name: Set VERSION variable from tag | |
| run: | | |
| VERSION=${{ github.ref_name }} | |
| echo "VERSION=${VERSION:1}" >> $GITHUB_ENV | |
| - name: Update CLI version in the VSCode extension | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| with: | |
| github-token: ${{ secrets.DECO_GITHUB_TOKEN }} | |
| script: | | |
| await github.rest.actions.createWorkflowDispatch({ | |
| owner: 'databricks', | |
| repo: 'databricks-vscode', | |
| workflow_id: 'update-cli-version.yml', | |
| ref: 'main', | |
| inputs: { | |
| version: "${{ env.VERSION }}", | |
| } | |
| }); | |
| pypi-publish: | |
| if: false # Temporarily disabled for testing | |
| runs-on: | |
| group: databricks-deco-testing-runner-group | |
| labels: ubuntu-latest-deco | |
| needs: [goreleaser-windows, goreleaser-unix] | |
| # IMPORTANT: | |
| # - 'id-token: write' is mandatory for OIDC and trusted publishing to PyPi | |
| # - 'environment: release' is a part of OIDC assertion done by PyPi | |
| # | |
| # See: https://docs.pypi.org/trusted-publishers/creating-a-project-through-oidc/ | |
| environment: release | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Checkout repository and submodules | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 # v7.1.2 | |
| with: | |
| version: "0.6.5" | |
| - name: Build wheel | |
| working-directory: python | |
| run: make build | |
| - name: Publish package distributions to PyPI | |
| uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 | |
| with: | |
| packages-dir: python/dist | |
| publish-to-winget-pkgs: | |
| if: false # Temporarily disabled for testing | |
| runs-on: | |
| group: databricks-deco-testing-runner-group | |
| labels: ubuntu-latest-deco | |
| needs: goreleaser-windows | |
| environment: release | |
| steps: | |
| - name: Checkout repository and submodules | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| # When updating the version of komac, make sure to update the checksum in the next step. | |
| # Find both at https://github.com/russellbanks/Komac/releases. | |
| - name: Download komac binary | |
| run: | | |
| curl -s -L -o $RUNNER_TEMP/komac-2.9.0-x86_64-unknown-linux-gnu.tar.gz https://github.com/russellbanks/Komac/releases/download/v2.9.0/komac-2.9.0-x86_64-unknown-linux-gnu.tar.gz | |
| - name: Verify komac binary | |
| run: | | |
| echo "d07a12831ad5418fee715488542a98ce3c0e591d05c850dd149fe78432be8c4c $RUNNER_TEMP/komac-2.9.0-x86_64-unknown-linux-gnu.tar.gz" | sha256sum -c - | |
| - name: Untar komac binary to temporary path | |
| run: | | |
| mkdir -p $RUNNER_TEMP/komac | |
| tar -xzf $RUNNER_TEMP/komac-2.9.0-x86_64-unknown-linux-gnu.tar.gz -C $RUNNER_TEMP/komac | |
| - name: Add komac to PATH | |
| run: echo "$RUNNER_TEMP/komac" >> $GITHUB_PATH | |
| - name: Confirm komac version | |
| run: komac --version | |
| # Use the tag from the input, or the ref name if the input is not provided. | |
| # The ref name is equal to the tag name when this workflow is triggered by the "sign-cli" command. | |
| - name: Strip "v" prefix from version | |
| id: strip_version | |
| run: echo "version=$(echo ${{ github.ref_name }} | sed 's/^v//')" >> "$GITHUB_OUTPUT" | |
| - name: Get URLs of signed Windows binaries | |
| id: get_windows_urls | |
| run: | | |
| urls=$( | |
| gh api https://api.github.com/repos/databricks/cli/releases/tags/${{ github.ref_name }} | \ | |
| jq -r .assets[].browser_download_url | \ | |
| grep -E '_windows_.*\.zip$' | \ | |
| tr '\n' ' ' | |
| ) | |
| if [ -z "$urls" ]; then | |
| echo "No signed Windows binaries found" >&2 | |
| exit 1 | |
| fi | |
| echo "urls=$urls" >> "$GITHUB_OUTPUT" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Publish to Winget | |
| run: | | |
| komac update Databricks.DatabricksCLI \ | |
| --version ${{ steps.strip_version.outputs.version }} \ | |
| --submit \ | |
| --urls ${{ steps.get_windows_urls.outputs.urls }} \ | |
| env: | |
| KOMAC_FORK_OWNER: eng-dev-ecosystem-bot | |
| GITHUB_TOKEN: ${{ secrets.ENG_DEV_ECOSYSTEM_BOT_TOKEN }} |