-
Notifications
You must be signed in to change notification settings - Fork 4
233 lines (191 loc) · 7.99 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
name: Release - Build & Package, Target Prod Install, NPM Publish (manual)
on:
workflow_dispatch:
inputs:
releasing:
required: true
description: 'Version being released exactly as in package.json (11.2.1-prerelease.0)'
jobs:
is-publishable:
name: Check if package published
runs-on: ubuntu-latest
steps:
- name: Checkout ${{ github.ref }}
uses: actions/checkout@v2
- name: Setup Node 14
uses: actions/setup-node@v2
with:
node-version: '14.x'
- name: Check is pablishable version
run: .github/scripts/is-publishable.sh ${{ github.event.inputs.releasing }}
load-build-group:
# both build-group-unpublish and build-group-publish "needs" this job
name: Load Build Group Config JSON
runs-on: ubuntu-latest
needs: is-publishable
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Checkout ${{ github.ref }}
uses: actions/checkout@v2
- name: Checksum Liboboe
run: .github/scripts/liboboe-checksum.sh "liboboe-1.0-x86_64.so.0.0.0 liboboe-1.0-alpine-x86_64.so.0.0.0 liboboe-1.0-lambda-x86_64.so.0.0.0"
# build with the lowest versions of the OSes supported so the glibc/musl versions # are the oldest/most compatible.
# note: some of those images are no longer supported officially (https://hub.docker.com/_/node)
- name: Load build group data
id: set-matrix
run: .github/scripts/matrix-from-json.sh .github/config/build-group.json
# if this workflow fails and aborts before the NPM package is published it leaves artifacts in the S3 bucket.
# step above confirmed version was never published.
# step below removes any artifacts (if exist) from bucket to allow publishing in the publish step to run.
build-group-unpublish:
name: Build Group Unpublish
runs-on: ubuntu-latest
needs: load-build-group
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.load-build-group.outputs.matrix) }}
container:
image: ${{ matrix.image }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.PROD_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}
steps:
# See comment at bottom of file.
- name: Change Owner of Container Working Directory
run: chown root:root .
- name: Checkout ${{ github.ref }}
uses: actions/checkout@v2
- name: Show Environment Info
run: |
printenv
node --version
npm --version
cat /etc/os-release
# must install dependencies before using node-pre-gyp
# rather not call npm install as doing so may fallback-to-build if package has yet to be published.
# use npm workaround specifying a package name to bypass install script in package.json
- name: NPM Install dependencies
run: npm install linux-os-info --unsafe-perm
- name: Clear Production for version
run: npx node-pre-gyp unpublish --s3_host=production
build-group-publish:
name: Build Group Publish
runs-on: ubuntu-latest
needs: [load-build-group, build-group-unpublish]
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.load-build-group.outputs.matrix) }}
container:
image: ${{ matrix.image }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.PROD_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}
steps:
# See comment at bottom of file.
- name: Change Owner of Container Working Directory
run: chown root:root .
- name: Checkout ${{ github.ref }}
uses: actions/checkout@v2
- name: Show Environment Info
run: |
printenv
node --version
npm --version
cat /etc/os-release
# must install specific dependencies before a build
# can't call npm install. doing so may fallback-to-build if package has yet to be published (double build)
# use npm workaround specifying a package name to bypass install script in package.json
- name: NPM Install dependencies
run: npm install linux-os-info --unsafe-perm
# must setup libobo before build
# node-pre-gyp rebuild runs "clean" and "build" at once.
# it is mapped to `node-gyp rebuild` which internally means "clean + configure + build" and triggers a full recompile
- name: Build
run: |
node setup-liboboe.js
npx node-pre-gyp rebuild
# artifacts are at:build/stage/nodejs/bindings/
- name: Package
run: npx node-pre-gyp package # requires clean rebuild
# *** IMPORTANT:
# always include --s3_host flag regardless of node-pre-gyp defaults.
# workflows designed to ensure that the staging bucket already has similarly versioned package
- name: Publish Package to Production
run: npx node-pre-gyp publish --s3_host=production
load-target-group:
name: Load Target Group Config JSON
runs-on: ubuntu-latest
needs: build-group-publish
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Checkout ${{ github.ref }}
uses: actions/checkout@v2
- name: Load target group data
id: set-matrix
run: .github/scripts/matrix-from-json.sh .github/config/target-group.json
target-group-install:
name: Target Group Install
runs-on: ubuntu-latest
needs: load-target-group
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.load-target-group.outputs.matrix) }}
container:
image: ${{ matrix.image }}
steps:
# See comment at bottom of file.
- name: Change Owner of Container Working Directory
run: chown root:root .
- name: Checkout ${{ github.ref }}
uses: actions/checkout@v2
- name: Show Environment Info
run: |
printenv
node --version
npm --version
cat /etc/os-release
- name: NPM Install Production
run: npm install --unsafe-perm --s3_host=production
- name: Check Artifacts
run: ls ./dist/napi-v*/apm_bindings.node && ls ./dist/napi-v*/ao_metrics.node
npm-publish:
name: NPM Publish
runs-on: ubuntu-latest
needs: target-group-install
steps:
- name: Checkout ${{ github.ref }}
uses: actions/checkout@v2
- name: Show Environment Info
run: |
printenv
node --version
npm --version
cat /etc/os-release
- name: Setup Node 14
uses: actions/setup-node@v2
with:
node-version: '14.x'
registry-url: 'https://registry.npmjs.org' # Setup .npmrc file to publish to npm
# *** IMPORTANT:
# by default any package published to npm registry is tagged with 'latest'. to set other pass --tag.
# any pre-release package (has - in version), regardless of name defined with version preid, will be npm tagged with 'prerelease'.
# when package is scoped to organization (e.g. @appoptics/apm-binding) set --access public to avoid 402 Payment Required
- name: NPM Publish (prerelease)
run: npm publish --tag prerelease --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
if: ${{ contains(github.event.inputs.releasing, '-') }}
- name: NPM Publish (latest)
run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
if: ${{ !contains(github.event.inputs.releasing, '-') }}
# Why Change Owner of Container Working Directory?
# the working directory is created by the runner and mounted to the container.
# container user is root and the runner is not a user in the container.
# this is a github actions design flaw.
# when npm 7 is run as root, scripts are always run with the effective uid and gid of the working directory owner.
# node 16 can't install under default setup.
# specifying workdir for container and path for checkout does not work due to bug.