InvenTree/.github/workflows/release.yaml at fd7d0bda0f95b901a284093b30ddee1a40f95b3e · inventree/InvenTree · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
# Runs on releases

name: Publish release
on:
  release:
    types: [published]
permissions:
  contents: read
env:
  python_version: 3.11

jobs:
  stable:
    runs-on: ubuntu-24.04
    name: Write release to stable branch
    permissions:
      contents: write
      pull-requests: write
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
      - name: Checkout Code
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2
        with:
          persist-credentials: false
      - name: Version Check
        run: |
          pip install --require-hashes -r contrib/dev_reqs/requirements.txt
          python3 .github/scripts/version_check.py
      - name: Push to Stable Branch
        uses: ad-m/github-push-action@77c5b412c50b723d2a4fbc6d71fb5723bcd439aa # pin@v1.0.0
        if: env.stable_release == 'true'
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          branch: stable
          force: true

  build:
    runs-on: ubuntu-24.04
    name: Build and attest frontend
    permissions:
      id-token: write
      contents: write
      attestations: write
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2
        with:
          persist-credentials: false
      - name: Environment Setup
        uses: ./.github/actions/setup
        with:
          npm: true
      - name: Install dependencies
        run: cd src/frontend && yarn install
      - name: Build frontend
        run: cd src/frontend && npm run compile && npm run build
      - name: Create SBOM for frontend
        uses: anchore/sbom-action@0b82b0b1a22399a1c542d4d656f70cd903571b5c # pin@v0
        with:
          artifact-name: frontend-build.spdx
          path: src/frontend
      - name: Write version file - SHA
        run: cd src/backend/InvenTree/web/static/web/.vite && echo "$GITHUB_SHA" > sha.txt
      - name: Write version file - TAG
        run: cd src/backend/InvenTree/web/static/web/.vite && echo "${REF_NAME}" > tag.txt
        env:
          REF_NAME: ${{ github.ref_name }}
      - name: Write version file - SOURCE
        run: cd src/backend/InvenTree/web/static/web/.vite && echo "GitHub Actions build on $(date --utc +%Y-%m-%dT%H:%M:%SZ)" > source.txt
      - name: Zip frontend
        run: |
          cd src/backend/InvenTree/web/static/web
          zip -r ../frontend-build.zip * .vite
      - name: Attest Build Provenance
        id: attest
        uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # pin@v1
        with:
          subject-path: "${{ github.workspace }}/src/backend/InvenTree/web/static/frontend-build.zip"

      - name: Upload frontend
        uses: svenstaro/upload-release-action@6b7fa9f267e90b50a19fef07b3596790bb941741 # pin@2.11.3
        with:
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          file: src/backend/InvenTree/web/static/frontend-build.zip
          asset_name: frontend-build.zip
          tag: ${{ github.ref }}
          overwrite: true
      - name: Upload frontend to artifacts
        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # pin@v6.0.0
        with:
          name: frontend-build
          path: src/backend/InvenTree/web/static/frontend-build.zip
      - name: Upload Attestation
        uses: svenstaro/upload-release-action@6b7fa9f267e90b50a19fef07b3596790bb941741 # pin@2.11.3
        with:
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          asset_name: frontend-build.intoto.jsonl
          file: ${{ steps.attest.outputs.bundle-path}}
          tag: ${{ github.ref }}
          overwrite: true

  docs:
    runs-on: ubuntu-24.04
    name: Build and publish documentation
    permissions:
      contents: write
    env:
      INVENTREE_DB_ENGINE: sqlite3
      INVENTREE_DB_NAME: inventree
      INVENTREE_MEDIA_ROOT: /home/runner/work/InvenTree/test_inventree_media
      INVENTREE_STATIC_ROOT: /home/runner/work/InvenTree/test_inventree_static
      INVENTREE_BACKUP_DIR: /home/runner/work/InvenTree/test_inventree_backup
      INVENTREE_SITE_URL: http://localhost:8000
      INVENTREE_DEBUG: true

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2
        with:
          persist-credentials: false
      - name: Environment Setup
        uses: ./.github/actions/setup
        with:
          install: true
          npm: true
      - name: Install dependencies
        run: |
          pip install --require-hashes -r contrib/dev_reqs/requirements.txt
          pip install --require-hashes -r docs/requirements.txt
      - name: Build documentation
        run: |
          invoke build-docs --mkdocs
      - name: Zip build docs
        run: |
          cd docs/site
          zip -r docs-html.zip *
      - name: Publish documentation
        uses: svenstaro/upload-release-action@6b7fa9f267e90b50a19fef07b3596790bb941741 # pin@2.11.3
        with:
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          file: docs/site/docs-html.zip
          asset_name: docs-html.zip
          tag: ${{ github.ref }}
          overwrite: true

  build-pkgr:
    if: github.repository == 'inventree/InvenTree'
    name: ${{ matrix.target }}
    runs-on: ubuntu-latest
    needs: [build, docs]
    strategy:
      fail-fast: false
      matrix:
        target:
          - ubuntu:22.04
          - ubuntu:24.04
          - debian:12
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2
        with:
          fetch-depth: 0
          persist-credentials: false

      - name: Get frontend artifact
        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # pin@v7.0.0
        with:
          name: frontend-build
      - name: Setup
        id: setup
        env:
          NODE_ID: ${{ github.event.release.node_id }}
          BRANCH: ${{ github.event.release.target_commitish }}
          TARGET: ${{github.event.release.target_commitish}}
          REPO: ${{ github.repository }}

        run: |
          # Get info
          gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/$REPO/commits/$TARGET > commit.json

          # Extract info
          echo "INFO extract | Extracting info from github"
          DATE=$(jq -r '.commit.committer.date' commit.json)
          SIGNATURE=$(jq -r '.commit.verification.signature' commit.json)
          FULL_SHA=$(jq -r '.sha' commit.json)
          SHA=$(echo "$FULL_SHA" | cut -c1-7)

          echo "INFO write | Write VERSION information"
          echo "$VERSION" > VERSION
          echo "INVENTREE_COMMIT_HASH='$SHA'" >> VERSION
          echo "INVENTREE_COMMIT_SHA='$FULL_SHA'" >> VERSION
          echo "INVENTREE_COMMIT_DATE='$DATE'" >> VERSION
          echo "INVENTREE_PKG_INSTALLER='PKG'" >> VERSION
          echo "INVENTREE_PKG_BRANCH='$BRANCH'" >> VERSION
          echo "INVENTREE_PKG_TARGET='$TARGET'" >> VERSION
          echo "NODE_ID='$NODE_ID'" >> VERSION
          echo "SIGNATURE='$SIGNATURE'" >> VERSION

          echo "INFO write | Written VERSION information"
          echo "### VERSION ###"
          cat VERSION
          echo "### VERSION ###"

          # Move frontend build into place
          mkdir -p src/backend/InvenTree/web/static
          unzip -qq frontend-build.zip -d src/backend/InvenTree/web/static/web
      - name: Package
        uses: pkgr/action/package@c5666febcd31750da6428042193fc5b2fb765435 # pin@main
        id: package
        with:
          target: ${{ matrix.target }}
          version: ${{ steps.setup.outputs.version }}
          debug: true
          cache_prefix: ${{ github.ref_name }}
          env: |
            INVENTREE_DB_ENGINE=sqlite3
            INVENTREE_DB_NAME=database.sqlite3
            INVENTREE_PLUGINS_ENABLED=true
            INVENTREE_MEDIA_ROOT=/opt/inventree/media
            INVENTREE_STATIC_ROOT=/opt/inventree/static
            INVENTREE_BACKUP_DIR=/opt/inventree/backup
            INVENTREE_PLUGIN_FILE=/opt/inventree/plugins.txt
            INVENTREE_CONFIG_FILE=/opt/inventree/config.yaml
            APP_REPO=inventree/InvenTree
      - name: Publish to go.packager.io
        uses: pkgr/action/publish@3bce081ae512c5020856e237d37b3f5479d4aa71 # pin@main
        with:
          target: ${{ matrix.target }}
          token: ${{ secrets.PACKAGER_RELEASE_TOKEN }}
          repository: inventree/inventree
          channel: ${{ github.ref_name }}
          file: ${{ steps.package.outputs.package_path }}
      - name: Publish to artifact
        uses: svenstaro/upload-release-action@6b7fa9f267e90b50a19fef07b3596790bb941741 # pin@2.11.3
        with:
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          file: ${{ steps.package.outputs.package_path }}
          asset_name: ${{ matrix.target }}-{{ steps.setup.outputs.version }}.tar.gz
          tag: ${{ github.ref }}
          overwrite: true