Release (branch: 3007.x; version: 3007.6) #41

Workflow file for this run

.github/workflows/release.yml at 124b126

	name: Release
	run-name: "Release (branch: ${{ github.ref_name }}; version: ${{ inputs.salt-version }})"

	on:
	workflow_dispatch:
	inputs:
	salt-version:
	type: string
	required: true
	description: >
	The Salt version to get from staging to publish the release.
	(DO NOT prefix the version with a v, ie, 3006.0 NOT v3006.0).
	skip-salt-pkg-download-test-suite:
	type: boolean
	default: false
	description: Skip running the Salt packages download test suite.

	env:
	COLUMNS: 190
	CACHE_SEED: SEED-1 # Bump the number to invalidate all caches
	RELENV_DATA: "${{ github.workspace }}/.relenv"
	PIP_DISABLE_PIP_VERSION_CHECK: "1"
	RAISE_DEPRECATIONS_RUNTIME_ERRORS: "1"

	permissions:
	contents: write # To be able to publish the release
	pull-requests: write

	concurrency:
	group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.repository }}
	cancel-in-progress: false

	jobs:

	check-requirements:
	name: Check Requirements
	runs-on: ubuntu-22.04
	environment: release-check
	steps:
	- name: Check For Admin Permission
	uses: actions-cool/check-user-permission@v2
	with:
	require: admin
	username: ${{ github.triggering_actor }}

	prepare-workflow:
	name: Prepare Workflow Run
	runs-on:
	- ubuntu-24.04
	env:
	USE_S3_CACHE: 'false'
	environment: release
	needs:
	- check-requirements
	outputs:
	salt-version: ${{ steps.setup-salt-version.outputs.salt-version }}
	cache-seed: ${{ steps.set-cache-seed.outputs.cache-seed }}
	latest-release: ${{ steps.get-salt-releases.outputs.latest-release }}
	releases: ${{ steps.get-salt-releases.outputs.releases }}
	nox-archive-hash: ${{ steps.nox-archive-hash.outputs.nox-archive-hash }}
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0 # Full clone to also get the tags to get the right salt version

	- name: Set up Python 3.11
	uses: actions/setup-python@v5
	with:
	python-version: "3.11"

	- name: Setup Python Tools Scripts
	uses: ./.github/actions/setup-python-tools-scripts
	with:
	cache-prefix: ${{ env.CACHE_SEED }}

	- name: Pretty Print The GH Actions Event
	run:
	tools ci print-gh-event

	- name: Setup Salt Version
	id: setup-salt-version
	uses: ./.github/actions/setup-salt-version
	with:
	salt-version: "${{ inputs.salt-version }}"
	validate-version: true

	- name: Get Salt Releases
	id: get-salt-releases
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	tools ci get-releases

	- name: Set Cache Seed Output
	id: set-cache-seed
	run: \|
	tools ci define-cache-seed ${{ env.CACHE_SEED }}

	- name: Get Hash For Nox Tarball Cache
	id: nox-archive-hash
	run: \|
	echo "nox-archive-hash=${{ hashFiles('requirements/*/.txt', 'cicd/golden-images.json', 'noxfile.py', 'pkg/common/env-cleanup-rules.yml', '.github/workflows/build-deps-ci-action.yml') }}" \| tee -a "$GITHUB_OUTPUT"

	release:
	name: Release v${{ needs.prepare-workflow.outputs.salt-version }}
	if: ${{ always() && ! failure() && ! cancelled() }}
	runs-on: ubuntu-24.04
	env:
	USE_S3_CACHE: 'false'
	needs:
	- prepare-workflow
	environment: release
	steps:
	- name: Clone The Salt Repository
	uses: actions/checkout@v4
	with:
	ssh-key: ${{ secrets.GHA_SSH_KEY }}

	- name: Set up Python 3.11
	uses: actions/setup-python@v5
	with:
	python-version: "3.11"

	- name: Setup Python Tools Scripts
	uses: ./.github/actions/setup-python-tools-scripts
	with:
	cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}

	- name: Configure Git
	shell: bash
	run: \|
	git config --global --add safe.directory "$(pwd)"
	git config --global user.name "Salt Project Packaging"
	git config --global user.email [email protected]
	git config --global user.signingkey 64CBBC8173D76B3F
	git config --global commit.gpgsign true

	- name: Setup GnuPG
	env:
	SIGNING_GPG_KEY: ${{ secrets.SIGNING_GPG_KEY }}
	SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
	run: \|
	sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg
	GNUPGHOME="$(mktemp -d -p /run/gpg)"
	export GNUPGHOME
	echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV"
	cat <<EOF > "${GNUPGHOME}/gpg.conf"
	batch
	no-tty
	pinentry-mode loopback
	passphrase-file ${GNUPGHOME}/passphrase
	EOF
	echo "${SIGNING_PASSPHRASE}" > "${GNUPGHOME}/passphrase"
	echo "${SIGNING_GPG_KEY}" \| gpg --import -

	- name: Download Release Patch
	env:
	GH_TOKEN: ${{ github.token }}
	run: \|
	mkdir -p artifacts/release
	gh release download \
	-D artifacts/release \
	-p 'salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch' \
	v${{ needs.prepare-workflow.outputs.salt-version }}

	- name: Apply The Release Patch
	run: \|
	git am --committer-date-is-author-date artifacts/release/salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch
	rm artifacts/release/salt-${{ needs.prepare-workflow.outputs.salt-version }}.patch

	- name: Tag The v${{ needs.prepare-workflow.outputs.salt-version }} Release
	run: \|
	git tag -m "Release v${{ needs.prepare-workflow.outputs.salt-version }}" -as v${{ needs.prepare-workflow.outputs.salt-version }}

	- name: Push tag
	run: \|
	git config user.name "GitHub Actions"
	git config user.email "[email protected]"
	git push origin v${{ inputs.salt-version }}
	git push

	publish-pypi:
	name: Publish to PyPi
	if: ${{ always() && ! failure() && ! cancelled() && github.event.repository.fork != true }}
	needs:
	- prepare-workflow
	- release
	environment: release
	runs-on: ubuntu-24.04
	env:
	USE_S3_CACHE: 'false'
	steps:
	- uses: actions/checkout@v4

	- name: Set up Python 3.11
	uses: actions/setup-python@v5
	with:
	python-version: "3.11"

	- name: Setup Python Tools Scripts
	uses: ./.github/actions/setup-python-tools-scripts
	with:
	cache-prefix: ${{ needs.prepare-workflow.outputs.cache-seed }}

	- name: Setup GnuPG
	run: \|
	sudo install -d -m 0700 -o "$(id -u)" -g "$(id -g)" /run/gpg
	GNUPGHOME="$(mktemp -d -p /run/gpg)"
	echo "GNUPGHOME=${GNUPGHOME}" >> "$GITHUB_ENV"
	cat <<EOF > "${GNUPGHOME}/gpg.conf"
	batch
	no-tty
	pinentry-mode loopback
	EOF

	- name: Download PyPi Artifacts
	env:
	GH_TOKEN: ${{ github.token }}
	run: \|
	mkdir -p artifacts/release
	gh release download \
	-D artifacts/release \
	-p 'salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz' \
	v${{ needs.prepare-workflow.outputs.salt-version }}

	- name: Publish to PyPi
	env:
	TWINE_PASSWORD: "${{ secrets.TWINE_PASSWORD }}"
	run: \|
	tools pkg pypi-upload artifacts/release/salt-${{ needs.prepare-workflow.outputs.salt-version }}.tar.gz

	publish-draft:
	name: Publish Relase v${{ needs.prepare-workflow.outputs.salt-version }}
	if: ${{ !cancelled() && always() }}
	runs-on: ubuntu-22.04
	needs:
	- check-requirements
	- prepare-workflow
	- release
	- publish-pypi
	steps:
	- uses: actions/checkout@v4
	- name: Publish Release v${{ needs.prepare-workflow.outputs.salt-version }}
	env:
	GH_TOKEN: ${{ github.token }}
	run: \|
	gh release edit v${{ inputs.salt-version }} --draft=false

	set-pipeline-exit-status:
	# This step is just so we can make github require this step, to pass checks
	# on a pull request instead of requiring all
	name: Set the ${{ github.workflow }} Pipeline Exit Status
	if: ${{ !cancelled() && always() }}
	runs-on: ubuntu-22.04
	needs:
	- check-requirements
	- prepare-workflow
	- release
	- publish-pypi
	- publish-draft
	steps:
	- name: Get workflow information
	id: get-workflow-info
	uses: im-open/workflow-conclusion@v2

	- run: \|
	# shellcheck disable=SC2129
	if [ "${{ steps.get-workflow-info.outputs.conclusion }}" != "success" ]; then
	echo 'To restore the release bucket run:' >> "${GITHUB_STEP_SUMMARY}"
	echo '```' >> "${GITHUB_STEP_SUMMARY}"
	echo 'tools pkg repo restore-previous-releases' >> "${GITHUB_STEP_SUMMARY}"
	echo '```' >> "${GITHUB_STEP_SUMMARY}"
	fi

	- name: Set Pipeline Exit Status
	shell: bash
	run: \|
	if [ "${{ steps.get-workflow-info.outputs.workflow_conclusion }}" != "success" ]; then
	exit 1
	else
	exit 0
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Release (branch: 3007.x; version: 3007.6) #41

Workflow file

Release (branch: 3007.x; version: 3007.6) #41

Uh oh!

Workflow file for this run