Skip to content

Commit

Permalink
ci(github): connect release reorder
Browse files Browse the repository at this point in the history
  • Loading branch information
karliatto committed May 23, 2024
1 parent d5ba438 commit ac1c82b
Show file tree
Hide file tree
Showing 13 changed files with 402 additions and 172 deletions.
34 changes: 34 additions & 0 deletions .github/actions/check-connect-version-match/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: "Check Connect Version Match with Branch"
description: "Check if the version in package.json matches the version in the branch name"
inputs:
branch_ref:
description: "The full ref of the branch"
required: true
type: string
extracted_version:
description: "The version extracted from the package.json or other source"
required: true
type: string

runs:
using: "composite"
steps:
- name: Extract branch version
id: extract-branch-version
run: |
BRANCH_REF="${{ inputs.branch_ref }}"
BRANCH_VERSION="${BRANCH_REF#refs/heads/release/connect/}"
echo "branch_version=$BRANCH_VERSION" >> $GITHUB_OUTPUT
- name: Check if version in package.json matches the one in branch name
run: |
BRANCH_VERSION="${{ steps.extract-branch-version.outputs.branch_version }}"
EXTRACTED_VERSION="${{ inputs.extracted_version }}"
echo "Branch Version: $BRANCH_VERSION"
echo "Extracted Version: $EXTRACTED_VERSION"
if [[ "$BRANCH_VERSION" != "$EXTRACTED_VERSION" ]]; then
echo "The extracted version ($EXTRACTED_VERSION) does not match the version in the branch name ($BRANCH_VERSION)"
exit 1 # Fail the job if versions don't match
else
echo "Version check passed: $BRANCH_VERSION matches $EXTRACTED_VERSION"
fi
36 changes: 0 additions & 36 deletions .github/workflows/legacy-connect-release-init.yml

This file was deleted.

37 changes: 37 additions & 0 deletions .github/workflows/release-connect-bump-versions.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: "[Release] connect bump versions"

on:
workflow_dispatch:
inputs:
semver:
type: choice
description: semver
options:
- patch
- minor
- prerelease

concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true

jobs:
bump-versions:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true

- name: Setup node
uses: actions/setup-node@v4
with:
node-version-file: ".nvmrc"

- name: Install dependencies
run: yarn install

- name: Check dependencies to update
run: |
yarn tsx ./ci/scripts/connect-bump-versions.ts ${{ github.event.inputs.semver }}
92 changes: 92 additions & 0 deletions .github/workflows/release-connect-init.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
name: "[Release] connect NPM and v9"

permissions:
id-token: write # for fetching the OIDC token
contents: read # for actions/checkout

on:
workflow_dispatch:
inputs:
commit_sha:
description: "The commit SHA to checkout"
required: true
type: string
deploymentType:
description: "Select the deployment type. (example: canary, stable)"
required: true
type: choice
options:
- canary
- stable

jobs:
# Version should have been bumped by now thanks to ./ci/scripts/connect-release-init-npm.js
extract-version:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.set-version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# Number of commits to fetch. 0 indicates all history for all branches and tags.
fetch-depth: 0
# Checkout the specified commit
ref: ${{ github.event.inputs.commit_sha }}

- name: Setup node
uses: actions/setup-node@v4
with:
node-version-file: ".nvmrc"

- name: Extract connect version
id: set-version
run: echo "version=$(node ./ci/scripts/get-connect-version.js)" >> $GITHUB_OUTPUT

create-push-release-branch:
needs: [extract-version]
name: "Create release branch for version ${{ needs.extract-version.outputs.version }}"
runs-on: ubuntu-latest
outputs:
branch_name: ${{ steps.push-branch.outputs.branch_name }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
# Ensure the full commit history is available is required to get specific `ref`.
fetch-depth: 0
# Checkout the specified commit
ref: ${{ github.event.inputs.commit_sha }}

- name: Create and push new branch
env:
BRANCH_NAME: "release/connect/${{ needs.extract-version.outputs.version }}"
run: |
echo ${{ env.BRANCH_NAME }}
git checkout -b ${{ env.BRANCH_NAME }}
git push origin ${{ env.BRANCH_NAME }}
echo "branch_name=${{ env.BRANCH_NAME }}" >> $GITHUB_OUTPUT
trigger-v9-staging-release:
runs-on: ubuntu-latest
steps:
- run: gh workflow run .github/workflows/release-connect-v9-staging.yml --ref $BRANCH_NAME
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BRANCH_NAME: ${{ needs.create-push-release-branch.outputs.branch_name }}

trigger-v9-production-release:
runs-on: ubuntu-latest
steps:
- run: gh workflow run .github/workflows/release-connect-v9-production.yml --ref ${{ env.BRANCH_NAME }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BRANCH_NAME: ${{ needs.create-push-release-branch.outputs.branch_name }}

trigger-npm-release:
runs-on: ubuntu-latest
steps:
- run: gh workflow run .github/workflows/release-connect-npm-init.yml --ref ${{ env.BRANCH_NAME }} --field deploymentType=${{ github.event.inputs.deploymentType }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BRANCH_NAME: ${{ needs.create-push-release-branch.outputs.branch_name }}
67 changes: 51 additions & 16 deletions .github/workflows/release-connect-npm-init.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,28 +3,57 @@ name: "[Release] connect npm init"
on:
workflow_dispatch:
inputs:
semver:
deploymentType:
description: "Select the deployment type. (example: canary, stable)"
required: true
type: choice
description: semver
options:
- patch
- minor
- prerelease
- canary
- stable

concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true

jobs:
pre-release:
if: github.repository == 'trezor/trezor-suite'
extract-version-from-package-json:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.set-version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Setup node
uses: actions/setup-node@v4
with:
node-version-file: ".nvmrc"

- name: Extract connect version
id: set-version
run: echo "version=$(node ./ci/scripts/get-connect-version.js)" >> $GITHUB_OUTPUT

check-version-match:
runs-on: ubuntu-latest
needs: [extract-version]
steps:
- uses: actions/checkout@v4

- name: Check connect version match
uses: ./.github/actions/check-connect-version-match
with:
# Number of commits to fetch. 0 indicates all history for all branches and tags.
fetch-depth: 0
branch_ref: "${{ github.ref }}"
extracted_version: "${{ needs.extract-version.outputs.version }}"

trigger-npm-release-connect-dependencies:
needs: [check-version-match]
if: startsWith(github.ref, 'refs/heads/release/connect/')
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# Running `build:libs` requires action to checkout with `submodules: true`.
submodules: true

- name: Setup node
Expand All @@ -36,15 +65,21 @@ jobs:
run: yarn install

- name: Build dependencies
# Running `build:libs` requires action to checkout with `submodules: true`.
run: yarn build:libs

- name: Run @trezor/connect create npm release branch
run: |
git config --global user.name "trezor-ci"
git config --global user.email "${{ secrets.TREZOR_BOT_EMAIL }}"
gh config set prompt disabled
gh api /user --jq .login
node ./ci/scripts/connect-release-init-npm.js ${{ github.event.inputs.semver }}
yarn tsx ./ci/scripts/connect-release-npm-init.ts ${{ github.event.inputs.deploymentType }} ${{ env.BRANCH_NAME }}
env:
BRANCH_NAME: release/connect/${{ needs.extract-version.outputs.version }}

trigger-npm-release-connect:
needs: [check-version-match, trigger-npm-release-connect-dependencies]
if: startsWith(github.ref, 'refs/heads/release/connect/')
runs-on: ubuntu-latest
steps:
- run: gh workflow run .github/workflows/release-connect-npm.yml --ref ${{ env.BRANCH_NAME }} --field packages=${{ env.PACKAGES}} --field deploymentType=${{ github.event.inputs.deploymentType }}
env:
GITHUB_TOKEN: ${{ secrets.TREZOR_BOT_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BRANCH_NAME: release/connect/${{ needs.extract-version.outputs.version }}
PACKAGES: ["connect", "connect-web", "connect-webextension"]
1 change: 1 addition & 0 deletions .github/workflows/release-connect-npm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ on:

jobs:
deploy-npm:
name: Deploy NPM ${{ inputs.deploymentType }}
environment: production-connect
runs-on: ubuntu-latest
strategy:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,21 @@ jobs:
id: set-version
run: echo "version=$(node ./ci/scripts/get-connect-version.js)" >> $GITHUB_OUTPUT

check-version-match:
runs-on: ubuntu-latest
needs: [extract-version]
steps:
- uses: actions/checkout@v4

- name: Check connect version match
uses: ./.github/actions/check-connect-version-match
with:
branch_ref: "${{ github.ref }}"
extracted_version: "${{ needs.extract-version.outputs.version }}"

# set the rollback
sync-rollback-connect-v9:
needs: [extract-version, check-version-match]
if: startsWith(github.ref, 'refs/heads/release/connect/')
environment: production-connect
name: "Backing up current production version ${{ needs.extract-version.outputs.version }} to rollback bucket"
Expand All @@ -48,14 +61,15 @@ jobs:
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::538326561891:role/gh_actions_trezor_suite_prod_deploy
role-to-assume: arn:aws:iam::538326561891:role/gh_actions_connect_prod_deploy
aws-region: eu-central-1

- name: Synching rollback bucket with current production
run: |
aws s3 sync "s3://connect.trezor.io/${{ env.LATEST_VERSION }}/" "s3://rollback-connect.trezor.io/${{ env.LATEST_VERSION }}/"
deploy-production-semantic-version:
needs: [extract-version, check-version-match]
if: startsWith(github.ref, 'refs/heads/release/connect/')
environment: production-connect
name: "Deploying to connect.trezor.io/9.x.x"
Expand All @@ -66,7 +80,7 @@ jobs:
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::538326561891:role/gh_actions_trezor_suite_prod_deploy
role-to-assume: arn:aws:iam::538326561891:role/gh_actions_connect_prod_deploy
aws-region: eu-central-1

- name: Synching production bucket with current staging
Expand All @@ -77,7 +91,7 @@ jobs:
# From staging move it to production
deploy-production-v9:
# We deploy to production only if rollback sync was successful.
needs: [sync-rollback-connect-v9]
needs: [extract-version, check-version-match, sync-rollback-connect-v9]
if: startsWith(github.ref, 'refs/heads/release/connect/') && github.event.inputs.deploymentType == 'stable'
environment: production-connect
name: "Deploying to connect.trezor.io/9/"
Expand Down
Loading

0 comments on commit ac1c82b

Please sign in to comment.