release #200
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| workflow_dispatch: | |
| jobs: | |
| goreleaser-windows: | |
| environment: sign | |
| runs-on: windows-latest | |
| steps: | |
| - name: Checkout repository and submodules | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Setup Go | |
| uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 | |
| with: | |
| go-version-file: go.mod | |
| cache-dependency-path: | | |
| go.sum | |
| .goreleaser-windows.yaml | |
| - name: Install Azure Code Signing tools | |
| shell: pwsh | |
| run: | | |
| # Download and install Azure Code Signing tools | |
| Invoke-WebRequest -Uri "https://www.nuget.org/api/v2/package/Microsoft.Trusted.Signing.Client" -OutFile "$env:TEMP\TrustedSigning.zip" | |
| Expand-Archive -Path "$env:TEMP\TrustedSigning.zip" -DestinationPath "$env:TEMP\TrustedSigning" -Force | |
| # Add to PATH so signtool can find the dlib | |
| $dllPath = (Get-ChildItem -Path "$env:TEMP\TrustedSigning" -Recurse -Filter "Azure.CodeSigning.Dlib.dll" | Select-Object -First 1).DirectoryName | |
| echo "$dllPath" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append | |
| - name: Azure Login | |
| shell: pwsh | |
| run: | | |
| az login --service-principal ` | |
| -u ${{ secrets.DECO_SIGN_AZURE_CLIENT_ID }} ` | |
| -p ${{ secrets.DECO_SIGN_AZURE_CLIENT_SECRET }} ` | |
| --tenant ${{ secrets.DECO_SIGN_AZURE_TENANT_ID }} | |
| - name: Create Azure Code Signing metadata | |
| shell: pwsh | |
| run: | | |
| $metadata = @{ | |
| "Endpoint" = "https://eus.codesigning.azure.net/" | |
| "CodeSigningAccountName" = "deco-sign" | |
| "CertificateProfileName" = "deco-sign" | |
| } | |
| $metadata | ConvertTo-Json | Out-File -FilePath "metadata.json" -Encoding utf8 | |
| - name: Run GoReleaser for Windows | |
| uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 | |
| with: | |
| version: ~> v2 | |
| args: release -f .goreleaser-windows.yaml --snapshot --skip docker | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| goreleaser-unix: | |
| if: false # Temporarily disabled for testing | |
| runs-on: | |
| group: databricks-deco-testing-runner-group | |
| labels: ubuntu-latest-deco | |
| outputs: | |
| artifacts: ${{ steps.releaser.outputs.artifacts }} | |
| steps: | |
| - name: Checkout repository and submodules | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Setup Go | |
| uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 | |
| with: | |
| go-version-file: go.mod | |
| cache-dependency-path: | | |
| go.sum | |
| .goreleaser-unix.yaml | |
| # Log into the GitHub Container Registry. The goreleaser action will create | |
| # the docker images and push them to the GitHub Container Registry. | |
| - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: "ghcr.io" | |
| username: "${{ github.actor }}" | |
| password: "${{ secrets.GITHUB_TOKEN }}" | |
| # QEMU is required to build cross platform docker images using buildx. | |
| # It allows virtualization of the CPU architecture at the application level. | |
| - name: Set up QEMU dependency | |
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 | |
| - name: Run GoReleaser for Unix | |
| id: releaser | |
| uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 | |
| with: | |
| version: ~> v2 | |
| args: release -f .goreleaser-unix.yaml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| create-setup-cli-release-pr: | |
| if: false # Temporarily disabled for testing | |
| runs-on: | |
| group: databricks-deco-testing-runner-group | |
| labels: ubuntu-latest-deco | |
| needs: [goreleaser-windows, goreleaser-unix] | |
| steps: | |
| - name: Set VERSION variable from tag | |
| run: | | |
| VERSION=${{ github.ref_name }} | |
| echo "VERSION=${VERSION:1}" >> $GITHUB_ENV | |
| - name: Update setup-cli | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| with: | |
| github-token: ${{ secrets.DECO_GITHUB_TOKEN }} | |
| script: | | |
| await github.rest.actions.createWorkflowDispatch({ | |
| owner: 'databricks', | |
| repo: 'setup-cli', | |
| workflow_id: 'release-pr.yml', | |
| ref: 'main', | |
| inputs: { | |
| version: "${{ env.VERSION }}", | |
| } | |
| }); | |
| create-homebrew-tap-release-pr: | |
| if: false # Temporarily disabled for testing | |
| runs-on: | |
| group: databricks-deco-testing-runner-group | |
| labels: ubuntu-latest-deco | |
| needs: goreleaser-unix | |
| steps: | |
| - name: Set VERSION variable from tag | |
| run: | | |
| VERSION=${{ github.ref_name }} | |
| echo "VERSION=${VERSION:1}" >> $GITHUB_ENV | |
| - name: Update homebrew-tap | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| with: | |
| github-token: ${{ secrets.DECO_GITHUB_TOKEN }} | |
| script: | | |
| let artifacts = ${{ needs.goreleaser-unix.outputs.artifacts }} | |
| artifacts = artifacts.filter(a => a.type == "Archive") | |
| artifacts = new Map( | |
| artifacts.map(a => [ | |
| a.goos + "_" + a.goarch + "_" + a.extra.Format, | |
| a.extra.Checksum.replace("sha256:", "") | |
| ]) | |
| ) | |
| await github.rest.actions.createWorkflowDispatch({ | |
| owner: 'databricks', | |
| repo: 'homebrew-tap', | |
| workflow_id: 'release-pr.yml', | |
| ref: 'main', | |
| inputs: { | |
| version: "${{ env.VERSION }}", | |
| darwin_amd64_sha: artifacts.get('darwin_amd64_zip'), | |
| darwin_arm64_sha: artifacts.get('darwin_arm64_zip'), | |
| linux_amd64_sha: artifacts.get('linux_amd64_zip'), | |
| linux_arm64_sha: artifacts.get('linux_arm64_zip') | |
| } | |
| }); | |
| create-vscode-extension-update-pr: | |
| if: false # Temporarily disabled for testing | |
| runs-on: | |
| group: databricks-deco-testing-runner-group | |
| labels: ubuntu-latest-deco | |
| needs: [goreleaser-windows, goreleaser-unix] | |
| steps: | |
| - name: Set VERSION variable from tag | |
| run: | | |
| VERSION=${{ github.ref_name }} | |
| echo "VERSION=${VERSION:1}" >> $GITHUB_ENV | |
| - name: Update CLI version in the VSCode extension | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| with: | |
| github-token: ${{ secrets.DECO_GITHUB_TOKEN }} | |
| script: | | |
| await github.rest.actions.createWorkflowDispatch({ | |
| owner: 'databricks', | |
| repo: 'databricks-vscode', | |
| workflow_id: 'update-cli-version.yml', | |
| ref: 'main', | |
| inputs: { | |
| version: "${{ env.VERSION }}", | |
| } | |
| }); | |
| pypi-publish: | |
| if: false # Temporarily disabled for testing | |
| runs-on: | |
| group: databricks-deco-testing-runner-group | |
| labels: ubuntu-latest-deco | |
| needs: [goreleaser-windows, goreleaser-unix] | |
| # IMPORTANT: | |
| # - 'id-token: write' is mandatory for OIDC and trusted publishing to PyPi | |
| # - 'environment: release' is a part of OIDC assertion done by PyPi | |
| # | |
| # See: https://docs.pypi.org/trusted-publishers/creating-a-project-through-oidc/ | |
| environment: release | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Checkout repository and submodules | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 # v7.1.2 | |
| with: | |
| version: "0.6.5" | |
| - name: Build wheel | |
| working-directory: python | |
| run: make build | |
| - name: Publish package distributions to PyPI | |
| uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 | |
| with: | |
| packages-dir: python/dist | |
| publish-to-winget-pkgs: | |
| if: false # Temporarily disabled for testing | |
| runs-on: | |
| group: databricks-deco-testing-runner-group | |
| labels: ubuntu-latest-deco | |
| needs: goreleaser-windows | |
| environment: release | |
| steps: | |
| - name: Checkout repository and submodules | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| # When updating the version of komac, make sure to update the checksum in the next step. | |
| # Find both at https://github.com/russellbanks/Komac/releases. | |
| - name: Download komac binary | |
| run: | | |
| curl -s -L -o $RUNNER_TEMP/komac-2.9.0-x86_64-unknown-linux-gnu.tar.gz https://github.com/russellbanks/Komac/releases/download/v2.9.0/komac-2.9.0-x86_64-unknown-linux-gnu.tar.gz | |
| - name: Verify komac binary | |
| run: | | |
| echo "d07a12831ad5418fee715488542a98ce3c0e591d05c850dd149fe78432be8c4c $RUNNER_TEMP/komac-2.9.0-x86_64-unknown-linux-gnu.tar.gz" | sha256sum -c - | |
| - name: Untar komac binary to temporary path | |
| run: | | |
| mkdir -p $RUNNER_TEMP/komac | |
| tar -xzf $RUNNER_TEMP/komac-2.9.0-x86_64-unknown-linux-gnu.tar.gz -C $RUNNER_TEMP/komac | |
| - name: Add komac to PATH | |
| run: echo "$RUNNER_TEMP/komac" >> $GITHUB_PATH | |
| - name: Confirm komac version | |
| run: komac --version | |
| # Use the tag from the input, or the ref name if the input is not provided. | |
| # The ref name is equal to the tag name when this workflow is triggered by the "sign-cli" command. | |
| - name: Strip "v" prefix from version | |
| id: strip_version | |
| run: echo "version=$(echo ${{ github.ref_name }} | sed 's/^v//')" >> "$GITHUB_OUTPUT" | |
| - name: Get URLs of signed Windows binaries | |
| id: get_windows_urls | |
| run: | | |
| urls=$( | |
| gh api https://api.github.com/repos/databricks/cli/releases/tags/${{ github.ref_name }} | \ | |
| jq -r .assets[].browser_download_url | \ | |
| grep -E '_windows_.*\.zip$' | \ | |
| tr '\n' ' ' | |
| ) | |
| if [ -z "$urls" ]; then | |
| echo "No signed Windows binaries found" >&2 | |
| exit 1 | |
| fi | |
| echo "urls=$urls" >> "$GITHUB_OUTPUT" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Publish to Winget | |
| run: | | |
| komac update Databricks.DatabricksCLI \ | |
| --version ${{ steps.strip_version.outputs.version }} \ | |
| --submit \ | |
| --urls ${{ steps.get_windows_urls.outputs.urls }} \ | |
| env: | |
| KOMAC_FORK_OWNER: eng-dev-ecosystem-bot | |
| GITHUB_TOKEN: ${{ secrets.ENG_DEV_ECOSYSTEM_BOT_TOKEN }} |