From 95d66a71e1d92d63fec26621228dfbdf4c892b68 Mon Sep 17 00:00:00 2001 From: Espen Albert Date: Fri, 2 May 2025 13:06:40 +0100 Subject: [PATCH 01/11] chore: refactor release job to do all builds in step 1 and only download and publish in subsequent steps --- .github/workflows/release.yml | 308 +++++++++++++++------------------- 1 file changed, 131 insertions(+), 177 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3aae1b4a..70664443 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,6 +23,23 @@ jobs: uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e with: node-version: 18.x + - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b + name: Setup Java + with: + distribution: temurin + java-version: 11.x + - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 + name: Setup Python + with: + python-version: 3.x + - uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 + name: Setup .NET + with: + dotnet-version: 9.0.x + - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b + name: Setup Go + with: + go-version: ^1.16.0 - name: Install dependencies run: yarn install --check-files --frozen-lockfile - name: release @@ -55,33 +72,24 @@ jobs: - name: Restore build artifact permissions run: cd dist && setfacl --restore=permissions-backup.acl continue-on-error: true - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - with: - path: .repo - - name: Install Dependencies - run: cd .repo && yarn install --check-files --frozen-lockfile - - name: Create js artifact - run: cd .repo && npx projen compile && npx projen package:js - - name: Collect js Artifact - run: mv .repo/dist/js dist/js - name: Release env: NPM_DIST_TAG: latest NPM_REGISTRY: registry.npmjs.org NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - run: npx -p publib@latest publib-npm - - name: Extract Version - id: extract-version - if: ${{ failure() }} - run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" - - name: Create Issue - if: ${{ failure() }} - uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd - with: - labels: failed-release - title: Publishing v${{ steps.extract-version.outputs.VERSION }} to npm failed - body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + # run: npx -p publib@latest publib-npm + run: ls -l dist/js + # - name: Extract Version + # id: extract-version + # if: ${{ failure() }} + # run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" + # - name: Create Issue + # if: ${{ failure() }} + # uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd + # with: + # labels: failed-release + # title: Publishing v${{ steps.extract-version.outputs.VERSION }} to npm failed + # body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} release_maven: name: Publish to Maven Central needs: release @@ -90,10 +98,6 @@ jobs: contents: read issues: write steps: - - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b - with: - distribution: temurin - java-version: 11.x - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e with: node-version: 18.x @@ -105,16 +109,6 @@ jobs: - name: Restore build artifact permissions run: cd dist && setfacl --restore=permissions-backup.acl continue-on-error: true - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - with: - path: .repo - - name: Install Dependencies - run: cd .repo && yarn install --check-files --frozen-lockfile - - name: Create java artifact - run: cd .repo && npx projen compile && npx projen package:java - - name: Collect java Artifact - run: mv .repo/dist/java dist/java - name: Release env: MAVEN_GPG_PRIVATE_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} @@ -122,18 +116,19 @@ jobs: MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_STAGING_PROFILE_ID: ${{ secrets.MAVEN_STAGING_PROFILE_ID }} - run: npx -p publib@latest publib-maven - - name: Extract Version - id: extract-version - if: ${{ failure() }} - run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" - - name: Create Issue - if: ${{ failure() }} - uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd - with: - labels: failed-release - title: Publishing v${{ steps.extract-version.outputs.VERSION }} to Maven Central failed - body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + # run: npx -p publib@latest publib-maven + run: ls -l dist/java + # - name: Extract Version + # id: extract-version + # if: ${{ failure() }} + # run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" + # - name: Create Issue + # if: ${{ failure() }} + # uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd + # with: + # labels: failed-release + # title: Publishing v${{ steps.extract-version.outputs.VERSION }} to Maven Central failed + # body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} release_pypi: name: Publish to PyPI needs: release @@ -145,9 +140,6 @@ jobs: - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e with: node-version: 18.x - - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 - with: - python-version: 3.x - name: Download build artifacts uses: actions/download-artifact@533298bc57c27f112a2c04a74a04a4d43e2866fd with: @@ -156,32 +148,23 @@ jobs: - name: Restore build artifact permissions run: cd dist && setfacl --restore=permissions-backup.acl continue-on-error: true - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - with: - path: .repo - - name: Install Dependencies - run: cd .repo && yarn install --check-files --frozen-lockfile - - name: Create python artifact - run: cd .repo && npx projen compile && npx projen package:python - - name: Collect python Artifact - run: mv .repo/dist/python dist/python - name: Release env: TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }} TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} - run: npx -p publib@latest publib-pypi - - name: Extract Version - id: extract-version - if: ${{ failure() }} - run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" - - name: Create Issue - if: ${{ failure() }} - uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd - with: - labels: failed-release - title: Publishing v${{ steps.extract-version.outputs.VERSION }} to PyPI failed - body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + # run: npx -p publib@latest publib-pypi + run: ls -l dist/python + # - name: Extract Version + # id: extract-version + # if: ${{ failure() }} + # run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" + # - name: Create Issue + # if: ${{ failure() }} + # uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd + # with: + # labels: failed-release + # title: Publishing v${{ steps.extract-version.outputs.VERSION }} to PyPI failed + # body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} release_nuget: name: Publish to NuGet Gallery needs: release @@ -193,9 +176,6 @@ jobs: - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e with: node-version: 18.x - - uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 - with: - dotnet-version: 9.0.x - name: Download build artifacts uses: actions/download-artifact@533298bc57c27f112a2c04a74a04a4d43e2866fd with: @@ -204,50 +184,36 @@ jobs: - name: Restore build artifact permissions run: cd dist && setfacl --restore=permissions-backup.acl continue-on-error: true - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - with: - path: .repo - fetch-depth: 0 - - name: Install Dependencies - run: cd .repo && yarn install --check-files --frozen-lockfile - - name: Create dotnet artifact - run: | - cd .repo - npx projen bump - npx projen compile - npx projen package:dotnet - - name: Collect dotnet Artifact - run: mv .repo/dist/dotnet dist/dotnet - name: Extract Version id: extract-version run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" - - name: Log in to MongoDB Docker registry - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 - with: - registry: ${{ secrets.ARTIFACTORY_REGISTRY }} - username: ${{ secrets.ARTIFACTORY_USER }} - password: ${{ secrets.ARTIFACTORY_PASSWORD }} - - name: Sign NuGet package - run: | - docker run \ - -e GRS_CONFIG_USER1_USERNAME="${{ secrets.ARTIFACTORY_SIGN_USER }}" \ - -e GRS_CONFIG_USER1_PASSWORD="${{ secrets.ARTIFACTORY_SIGN_PASSWORD }}" \ - --rm -v "$(pwd)":"$(pwd)" -w "$(pwd)" \ - "${{ secrets.ARTIFACTORY_REGISTRY }}/${{ secrets.ARTIFACTORY_SIGN_TOOL }}" \ - /bin/bash -c "jsign --tsaurl http://timestamp.digicert.com -a ${{ secrets.AUTHENTICODE_KEY_NAME }} \ - ./dist/dotnet/MongoDB.AWSCDKResourcesMongoDBAtlas.${{ steps.extract-version.outputs.VERSION }}.nupkg" + # - name: Log in to MongoDB Docker registry + # uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 + # with: + # registry: ${{ secrets.ARTIFACTORY_REGISTRY }} + # username: ${{ secrets.ARTIFACTORY_USER }} + # password: ${{ secrets.ARTIFACTORY_PASSWORD }} + # - name: Sign NuGet package + # run: | + # docker run \ + # -e GRS_CONFIG_USER1_USERNAME="${{ secrets.ARTIFACTORY_SIGN_USER }}" \ + # -e GRS_CONFIG_USER1_PASSWORD="${{ secrets.ARTIFACTORY_SIGN_PASSWORD }}" \ + # --rm -v "$(pwd)":"$(pwd)" -w "$(pwd)" \ + # "${{ secrets.ARTIFACTORY_REGISTRY }}/${{ secrets.ARTIFACTORY_SIGN_TOOL }}" \ + # /bin/bash -c "jsign --tsaurl http://timestamp.digicert.com -a ${{ secrets.AUTHENTICODE_KEY_NAME }} \ + # ./dist/dotnet/MongoDB.AWSCDKResourcesMongoDBAtlas.${{ steps.extract-version.outputs.VERSION }}.nupkg" - name: Release env: NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }} - run: npx -p publib@latest publib-nuget - - name: Create Issue - if: ${{ failure() }} - uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd - with: - labels: failed-release - title: Publishing v${{ steps.extract-version.outputs.VERSION }} to NuGet Gallery failed - body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + # run: npx -p publib@latest publib-nuget + run: ls -l dist/dotnet + # - name: Create Issue + # if: ${{ failure() }} + # uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd + # with: + # labels: failed-release + # title: Publishing v${{ steps.extract-version.outputs.VERSION }} to NuGet Gallery failed + # body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} release_golang: name: Publish to GitHub Go Module Repository needs: release @@ -259,9 +225,6 @@ jobs: - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e with: node-version: 18.x - - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b - with: - go-version: ^1.16.0 - name: Download build artifacts uses: actions/download-artifact@533298bc57c27f112a2c04a74a04a4d43e2866fd with: @@ -270,68 +233,59 @@ jobs: - name: Restore build artifact permissions run: cd dist && setfacl --restore=permissions-backup.acl continue-on-error: true - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - with: - path: .repo - - name: Install Dependencies - run: cd .repo && yarn install --check-files --frozen-lockfile - - name: Create go artifact - run: cd .repo && npx projen compile && npx projen package:go - - name: Collect go Artifact - run: mv .repo/dist/go dist/go - name: Release env: GITHUB_TOKEN: ${{ secrets.GO_GITHUB_TOKEN }} GIT_USER_NAME: ${{ secrets.GO_GIT_USER_NAME }} GIT_USER_EMAIL: ${{ secrets.GO_GIT_USER_EMAIL }} - run: npx -p publib@latest publib-golang - - name: Extract Version - id: extract-version - if: ${{ failure() }} - run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" - - name: Create Issue - if: ${{ failure() }} - uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd - with: - labels: failed-release - title: Publishing v${{ steps.extract-version.outputs.VERSION }} to GitHub Go Module Repository failed - body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} - release_github: - name: Publish to GitHub Releases - needs: [release, release_npm, release_maven, release_pypi, release_nuget, release_golang] - runs-on: ubuntu-latest - permissions: - contents: write - issues: write - steps: - - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e - with: - node-version: 18.x - - name: Download build artifacts - uses: actions/download-artifact@533298bc57c27f112a2c04a74a04a4d43e2866fd - with: - name: build-artifact - path: dist - - name: Restore build artifact permissions - run: cd dist && setfacl --restore=permissions-backup.acl - continue-on-error: true - - name: Release - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITHUB_REPOSITORY: ${{ github.repository }} - GITHUB_REF: ${{ github.ref }} - run: errout=$(mktemp); gh release create "$(cat dist/releasetag.txt)" -R "${GITHUB_REPOSITORY}" -F dist/changelog.md -t "$(cat dist/releasetag.txt)" --target "${GITHUB_REF}" 2> "$errout" && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" "$errout"; then cat "$errout"; exit $exitcode; fi - - name: Extract Version - id: extract-version - if: ${{ failure() }} - run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" - - name: Create Issue - if: ${{ failure() }} - uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - labels: failed-release - title: Publishing v${{ steps.extract-version.outputs.VERSION }} to GitHub Releases failed - body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + # run: npx -p publib@latest publib-golang + run: ls -l dist/go + # - name: Extract Version + # id: extract-version + # if: ${{ failure() }} + # run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" + # - name: Create Issue + # if: ${{ failure() }} + # uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd + # with: + # labels: failed-release + # title: Publishing v${{ steps.extract-version.outputs.VERSION }} to GitHub Go Module Repository failed + # body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + # release_github: + # name: Publish to GitHub Releases + # needs: [release, release_npm, release_maven, release_pypi, release_nuget, release_golang] + # runs-on: ubuntu-latest + # permissions: + # contents: write + # issues: write + # steps: + # - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e + # with: + # node-version: 18.x + # - name: Download build artifacts + # uses: actions/download-artifact@533298bc57c27f112a2c04a74a04a4d43e2866fd + # with: + # name: build-artifact + # path: dist + # - name: Restore build artifact permissions + # run: cd dist && setfacl --restore=permissions-backup.acl + # continue-on-error: true + # - name: Release + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # GITHUB_REPOSITORY: ${{ github.repository }} + # GITHUB_REF: ${{ github.ref }} + # run: errout=$(mktemp); gh release create "$(cat dist/releasetag.txt)" -R "${GITHUB_REPOSITORY}" -F dist/changelog.md -t "$(cat dist/releasetag.txt)" --target "${GITHUB_REF}" 2> "$errout" && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" "$errout"; then cat "$errout"; exit $exitcode; fi + # - name: Extract Version + # id: extract-version + # if: ${{ failure() }} + # run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" + # - name: Create Issue + # if: ${{ failure() }} + # uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # with: + # labels: failed-release + # title: Publishing v${{ steps.extract-version.outputs.VERSION }} to GitHub Releases failed + # body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} From 4801cd39105cf4f8c7d5870d0ef025314f69cc7d Mon Sep 17 00:00:00 2001 From: Espen Albert Date: Fri, 2 May 2025 13:48:06 +0100 Subject: [PATCH 02/11] chore: comment out CI environment variable in release workflow to build all artifacts --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 70664443..1b749e42 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,8 +6,8 @@ jobs: permissions: contents: write issues: write - env: - CI: "true" + # env: + # CI: "true" steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 From c2dd73fd0daa08c81a8929595e8682f50f4338ca Mon Sep 17 00:00:00 2001 From: Espen Albert Date: Fri, 2 May 2025 14:03:02 +0100 Subject: [PATCH 03/11] chore: update CI environment variable to "0" in release workflow --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1b749e42..515cf3db 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,8 +6,8 @@ jobs: permissions: contents: write issues: write - # env: - # CI: "true" + env: + CI: "0" steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 From 5cb23a72edd279a20afd452f1617f6004169166f Mon Sep 17 00:00:00 2001 From: Espen Albert Date: Fri, 2 May 2025 14:06:44 +0100 Subject: [PATCH 04/11] alternative method for CI --- .github/workflows/release.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 515cf3db..7abf668a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,7 +7,7 @@ jobs: contents: write issues: write env: - CI: "0" + CI: "true" steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 @@ -43,7 +43,9 @@ jobs: - name: Install dependencies run: yarn install --check-files --frozen-lockfile - name: release - run: npx projen release + run: | + unset CI + npx projen release - name: Backup artifact permissions run: cd dist && getfacl -R . > permissions-backup.acl continue-on-error: true From aee7625f8a36dff6e387f5057810ec3d34e261d6 Mon Sep 17 00:00:00 2001 From: Espen Albert Date: Fri, 2 May 2025 15:17:23 +0100 Subject: [PATCH 05/11] uncomment code --- .github/workflows/release.yml | 223 +++++++++++++++++----------------- 1 file changed, 109 insertions(+), 114 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7abf668a..b24be163 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -79,19 +79,18 @@ jobs: NPM_DIST_TAG: latest NPM_REGISTRY: registry.npmjs.org NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - # run: npx -p publib@latest publib-npm - run: ls -l dist/js - # - name: Extract Version - # id: extract-version - # if: ${{ failure() }} - # run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" - # - name: Create Issue - # if: ${{ failure() }} - # uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd - # with: - # labels: failed-release - # title: Publishing v${{ steps.extract-version.outputs.VERSION }} to npm failed - # body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + run: npx -p publib@latest publib-npm + - name: Extract Version + id: extract-version + if: ${{ failure() }} + run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" + - name: Create Issue + if: ${{ failure() }} + uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd + with: + labels: failed-release + title: Publishing v${{ steps.extract-version.outputs.VERSION }} to npm failed + body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} release_maven: name: Publish to Maven Central needs: release @@ -118,19 +117,18 @@ jobs: MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_STAGING_PROFILE_ID: ${{ secrets.MAVEN_STAGING_PROFILE_ID }} - # run: npx -p publib@latest publib-maven - run: ls -l dist/java - # - name: Extract Version - # id: extract-version - # if: ${{ failure() }} - # run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" - # - name: Create Issue - # if: ${{ failure() }} - # uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd - # with: - # labels: failed-release - # title: Publishing v${{ steps.extract-version.outputs.VERSION }} to Maven Central failed - # body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + run: npx -p publib@latest publib-maven + - name: Extract Version + id: extract-version + if: ${{ failure() }} + run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" + - name: Create Issue + if: ${{ failure() }} + uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd + with: + labels: failed-release + title: Publishing v${{ steps.extract-version.outputs.VERSION }} to Maven Central failed + body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} release_pypi: name: Publish to PyPI needs: release @@ -154,19 +152,18 @@ jobs: env: TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }} TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} - # run: npx -p publib@latest publib-pypi - run: ls -l dist/python - # - name: Extract Version - # id: extract-version - # if: ${{ failure() }} - # run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" - # - name: Create Issue - # if: ${{ failure() }} - # uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd - # with: - # labels: failed-release - # title: Publishing v${{ steps.extract-version.outputs.VERSION }} to PyPI failed - # body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + run: npx -p publib@latest publib-pypi + - name: Extract Version + id: extract-version + if: ${{ failure() }} + run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" + - name: Create Issue + if: ${{ failure() }} + uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd + with: + labels: failed-release + title: Publishing v${{ steps.extract-version.outputs.VERSION }} to PyPI failed + body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} release_nuget: name: Publish to NuGet Gallery needs: release @@ -189,33 +186,32 @@ jobs: - name: Extract Version id: extract-version run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" - # - name: Log in to MongoDB Docker registry - # uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 - # with: - # registry: ${{ secrets.ARTIFACTORY_REGISTRY }} - # username: ${{ secrets.ARTIFACTORY_USER }} - # password: ${{ secrets.ARTIFACTORY_PASSWORD }} - # - name: Sign NuGet package - # run: | - # docker run \ - # -e GRS_CONFIG_USER1_USERNAME="${{ secrets.ARTIFACTORY_SIGN_USER }}" \ - # -e GRS_CONFIG_USER1_PASSWORD="${{ secrets.ARTIFACTORY_SIGN_PASSWORD }}" \ - # --rm -v "$(pwd)":"$(pwd)" -w "$(pwd)" \ - # "${{ secrets.ARTIFACTORY_REGISTRY }}/${{ secrets.ARTIFACTORY_SIGN_TOOL }}" \ - # /bin/bash -c "jsign --tsaurl http://timestamp.digicert.com -a ${{ secrets.AUTHENTICODE_KEY_NAME }} \ - # ./dist/dotnet/MongoDB.AWSCDKResourcesMongoDBAtlas.${{ steps.extract-version.outputs.VERSION }}.nupkg" + - name: Log in to MongoDB Docker registry + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 + with: + registry: ${{ secrets.ARTIFACTORY_REGISTRY }} + username: ${{ secrets.ARTIFACTORY_USER }} + password: ${{ secrets.ARTIFACTORY_PASSWORD }} + - name: Sign NuGet package + run: | + docker run \ + -e GRS_CONFIG_USER1_USERNAME="${{ secrets.ARTIFACTORY_SIGN_USER }}" \ + -e GRS_CONFIG_USER1_PASSWORD="${{ secrets.ARTIFACTORY_SIGN_PASSWORD }}" \ + --rm -v "$(pwd)":"$(pwd)" -w "$(pwd)" \ + "${{ secrets.ARTIFACTORY_REGISTRY }}/${{ secrets.ARTIFACTORY_SIGN_TOOL }}" \ + /bin/bash -c "jsign --tsaurl http://timestamp.digicert.com -a ${{ secrets.AUTHENTICODE_KEY_NAME }} \ + ./dist/dotnet/MongoDB.AWSCDKResourcesMongoDBAtlas.${{ steps.extract-version.outputs.VERSION }}.nupkg" - name: Release env: NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }} - # run: npx -p publib@latest publib-nuget - run: ls -l dist/dotnet - # - name: Create Issue - # if: ${{ failure() }} - # uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd - # with: - # labels: failed-release - # title: Publishing v${{ steps.extract-version.outputs.VERSION }} to NuGet Gallery failed - # body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + run: npx -p publib@latest publib-nuget + - name: Create Issue + if: ${{ failure() }} + uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd + with: + labels: failed-release + title: Publishing v${{ steps.extract-version.outputs.VERSION }} to NuGet Gallery failed + body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} release_golang: name: Publish to GitHub Go Module Repository needs: release @@ -240,54 +236,53 @@ jobs: GITHUB_TOKEN: ${{ secrets.GO_GITHUB_TOKEN }} GIT_USER_NAME: ${{ secrets.GO_GIT_USER_NAME }} GIT_USER_EMAIL: ${{ secrets.GO_GIT_USER_EMAIL }} - # run: npx -p publib@latest publib-golang - run: ls -l dist/go - # - name: Extract Version - # id: extract-version - # if: ${{ failure() }} - # run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" - # - name: Create Issue - # if: ${{ failure() }} - # uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd - # with: - # labels: failed-release - # title: Publishing v${{ steps.extract-version.outputs.VERSION }} to GitHub Go Module Repository failed - # body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} - # release_github: - # name: Publish to GitHub Releases - # needs: [release, release_npm, release_maven, release_pypi, release_nuget, release_golang] - # runs-on: ubuntu-latest - # permissions: - # contents: write - # issues: write - # steps: - # - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e - # with: - # node-version: 18.x - # - name: Download build artifacts - # uses: actions/download-artifact@533298bc57c27f112a2c04a74a04a4d43e2866fd - # with: - # name: build-artifact - # path: dist - # - name: Restore build artifact permissions - # run: cd dist && setfacl --restore=permissions-backup.acl - # continue-on-error: true - # - name: Release - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # GITHUB_REPOSITORY: ${{ github.repository }} - # GITHUB_REF: ${{ github.ref }} - # run: errout=$(mktemp); gh release create "$(cat dist/releasetag.txt)" -R "${GITHUB_REPOSITORY}" -F dist/changelog.md -t "$(cat dist/releasetag.txt)" --target "${GITHUB_REF}" 2> "$errout" && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" "$errout"; then cat "$errout"; exit $exitcode; fi - # - name: Extract Version - # id: extract-version - # if: ${{ failure() }} - # run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" - # - name: Create Issue - # if: ${{ failure() }} - # uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # with: - # labels: failed-release - # title: Publishing v${{ steps.extract-version.outputs.VERSION }} to GitHub Releases failed - # body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + run: npx -p publib@latest publib-golang + - name: Extract Version + id: extract-version + if: ${{ failure() }} + run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" + - name: Create Issue + if: ${{ failure() }} + uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd + with: + labels: failed-release + title: Publishing v${{ steps.extract-version.outputs.VERSION }} to GitHub Go Module Repository failed + body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + release_github: + name: Publish to GitHub Releases + needs: [release, release_npm, release_maven, release_pypi, release_nuget, release_golang] + runs-on: ubuntu-latest + permissions: + contents: write + issues: write + steps: + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e + with: + node-version: 18.x + - name: Download build artifacts + uses: actions/download-artifact@533298bc57c27f112a2c04a74a04a4d43e2866fd + with: + name: build-artifact + path: dist + - name: Restore build artifact permissions + run: cd dist && setfacl --restore=permissions-backup.acl + continue-on-error: true + - name: Release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_REPOSITORY: ${{ github.repository }} + GITHUB_REF: ${{ github.ref }} + run: errout=$(mktemp); gh release create "$(cat dist/releasetag.txt)" -R "${GITHUB_REPOSITORY}" -F dist/changelog.md -t "$(cat dist/releasetag.txt)" --target "${GITHUB_REF}" 2> "$errout" && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" "$errout"; then cat "$errout"; exit $exitcode; fi + - name: Extract Version + id: extract-version + if: ${{ failure() }} + run: echo "VERSION=$(cat dist/version.txt)" >> "${GITHUB_OUTPUT}" + - name: Create Issue + if: ${{ failure() }} + uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + labels: failed-release + title: Publishing v${{ steps.extract-version.outputs.VERSION }} to GitHub Releases failed + body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} From d6c497e84678688210d5d34a0cae979c45d57b6a Mon Sep 17 00:00:00 2001 From: Espen Albert Date: Fri, 2 May 2025 15:20:46 +0100 Subject: [PATCH 06/11] refactor: Adds back language setup in case it is used by the publib --- .github/workflows/release.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b24be163..34966184 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -99,6 +99,10 @@ jobs: contents: read issues: write steps: + - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b + with: + distribution: temurin + java-version: 11.x - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e with: node-version: 18.x @@ -140,6 +144,9 @@ jobs: - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e with: node-version: 18.x + - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 + with: + python-version: 3.x - name: Download build artifacts uses: actions/download-artifact@533298bc57c27f112a2c04a74a04a4d43e2866fd with: @@ -175,6 +182,9 @@ jobs: - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e with: node-version: 18.x + - uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 + with: + dotnet-version: 9.0.x - name: Download build artifacts uses: actions/download-artifact@533298bc57c27f112a2c04a74a04a4d43e2866fd with: @@ -223,6 +233,9 @@ jobs: - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e with: node-version: 18.x + - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b + with: + go-version: ^1.16.0 - name: Download build artifacts uses: actions/download-artifact@533298bc57c27f112a2c04a74a04a4d43e2866fd with: From edb38f218a6fc10c6ddc90c4d9c03e392cb062bb Mon Sep 17 00:00:00 2001 From: Espen Albert Date: Tue, 20 May 2025 18:52:24 +0100 Subject: [PATCH 07/11] docs: Update releasing instructions to include manual steps and language release links --- RELEASING.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/RELEASING.md b/RELEASING.md index 570a26cf..31740d71 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -3,19 +3,26 @@ ## Stable release -Stable releases are managed by the [Release GitHub Action](https://github.com/mongodb/awscdk-resources-mongodbatlas/actions/workflows/release.yml). You can release a new CDK version by manually trigger the action. +Stable releases are managed by the [Release GitHub Action](https://github.com/mongodb/awscdk-resources-mongodbatlas/actions/workflows/release.yml). You can release a new CDK version by manually trigger the action ([REMEMBER Manual Steps Below](#manual-steps)). ![Screenshot 2023-04-20 at 10 35 11](https://user-images.githubusercontent.com/5663078/233325734-0f469045-f91b-436c-8dd5-19d1e8f24c57.png) +### Manual Steps After the action finishes successfully you have to manually release the Go package: - Go to the [Go repo](https://github.com/mongodb/awscdk-resources-mongodbatlas-go) and check that the latest commit happened now with the same release as in this repo, e.g. `chore(release): v3.0.0`. - Go to the [Go Repo release page](https://github.com/mongodb/awscdk-resources-mongodbatlas-go/releases). - Select the latest release that has to be the same as the one in this repo, e.g. `awscdkresourcemongodbatlas/v3.0.0`, name will be like `v3.0.0`, click "Generate release notes" and make sure "Set as latest release" is checked. +Also, to ensure no silent errors, look for the specific `vX.Y.Z` language releases: +- [Javascript](https://www.npmjs.com/package/awscdk-resources-mongodbatlas?activeTab=versions) +- [Java](https://central.sonatype.com/artifact/org.mongodb/awscdk-resources-mongodbatlas/versions) +- [Python](https://pypi.org/project/awscdk-resources-mongodbatlas/#history) +- [Golang](https://github.com/mongodb/awscdk-resources-mongodbatlas-go/releases) +- [Nuget](https://www.nuget.org/packages/MongoDB.AWSCDKResourcesMongoDBAtlas#versions-body-tab) + ## Versioning The release version is determinated based on the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/#summary) in that release. - ## Release troubleshooting If the Release Gitub Action fails, it can happen that the new version is published only to some repositories, but the failing ones are still in the current version. From ef906836588470e6ecb6027f896b3049a936fb36 Mon Sep 17 00:00:00 2001 From: Espen Albert Date: Tue, 20 May 2025 18:53:04 +0100 Subject: [PATCH 08/11] docs: Update workflow name to emphasize manual steps required --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 34966184..45f46f91 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,4 @@ -name: Release +name: Release (Remember manual steps) on: workflow_dispatch jobs: release: From b91c5b8f918e7f90cc5dae3dfcb03d57596e3a0f Mon Sep 17 00:00:00 2001 From: Espen Albert Date: Wed, 21 May 2025 08:51:46 +0100 Subject: [PATCH 09/11] commit suggestions --- RELEASING.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/RELEASING.md b/RELEASING.md index 31740d71..bf97c0eb 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -3,7 +3,7 @@ ## Stable release -Stable releases are managed by the [Release GitHub Action](https://github.com/mongodb/awscdk-resources-mongodbatlas/actions/workflows/release.yml). You can release a new CDK version by manually trigger the action ([REMEMBER Manual Steps Below](#manual-steps)). +Stable releases are managed by the [Release GitHub Action](https://github.com/mongodb/awscdk-resources-mongodbatlas/actions/workflows/release.yml). You can release a new CDK version by manually triggering the action ([*MAKE SURE TO FOLLOW MANUAL STEPS BELOW*](#manual-steps)). ![Screenshot 2023-04-20 at 10 35 11](https://user-images.githubusercontent.com/5663078/233325734-0f469045-f91b-436c-8dd5-19d1e8f24c57.png) @@ -17,7 +17,7 @@ Also, to ensure no silent errors, look for the specific `vX.Y.Z` language releas - [Javascript](https://www.npmjs.com/package/awscdk-resources-mongodbatlas?activeTab=versions) - [Java](https://central.sonatype.com/artifact/org.mongodb/awscdk-resources-mongodbatlas/versions) - [Python](https://pypi.org/project/awscdk-resources-mongodbatlas/#history) -- [Golang](https://github.com/mongodb/awscdk-resources-mongodbatlas-go/releases) +- [Golang (after the manual release above)](https://github.com/mongodb/awscdk-resources-mongodbatlas-go/releases) - [Nuget](https://www.nuget.org/packages/MongoDB.AWSCDKResourcesMongoDBAtlas#versions-body-tab) ## Versioning From a60d77875a6767b6d250c4ebaee9ac294dc8d943 Mon Sep 17 00:00:00 2001 From: Espen Albert Date: Wed, 21 May 2025 08:53:11 +0100 Subject: [PATCH 10/11] pr suggestions 2 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 45f46f91..dc4bc51d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,4 @@ -name: Release (Remember manual steps) +name: Release (Requires manual steps to take) on: workflow_dispatch jobs: release: From 147f0d3368edd9dd1f2ecefa9754dcfa26f2bc13 Mon Sep 17 00:00:00 2001 From: Espen Albert Date: Wed, 21 May 2025 09:47:27 +0100 Subject: [PATCH 11/11] doc: document the unset CI --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index dc4bc51d..dd580eee 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -44,7 +44,7 @@ jobs: run: yarn install --check-files --frozen-lockfile - name: release run: | - unset CI + unset CI # enable full package-all https://github.com/mongodb/awscdk-resources-mongodbatlas/blob/main/.projen/tasks.json#L157-L170 npx projen release - name: Backup artifact permissions run: cd dist && getfacl -R . > permissions-backup.acl