-
Notifications
You must be signed in to change notification settings - Fork 12
227 lines (196 loc) · 7.99 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
name: CI Release
on:
push:
branches:
- main
tags:
- "v*.*.*"
pull_request:
jobs:
test:
name: Test
if: startsWith(github.ref, 'refs/tags/')
strategy:
matrix:
os: [ubuntu-18.04, macOS-latest, windows-2019]
runs-on: ${{ matrix.os }}
steps:
- name: Remove MSys64 MingW64 Binaries
if: runner.os == 'Windows'
# remove this because there is a bad libclang.dll that confuses bindgen
run: Remove-Item -LiteralPath "C:\msys64\mingw64\bin" -Force -Recurse
- name: Install Dependencies
if: runner.os == 'Windows'
run: choco install llvm -y
- name: Git Checkout
uses: actions/checkout@v2
- name: Rust Toolchain
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- name: Cargo Build
uses: actions-rs/cargo@v1
with:
command: build
args: --verbose
- name: Cargo Test
uses: actions-rs/cargo@v1
with:
command: test
args: --verbose
release:
name: Release
needs: [test]
if: startsWith(github.ref, 'refs/tags/')
strategy:
matrix:
include:
- os: ubuntu-18.04
variant: linux
bin: qldb
- os: windows-2019
variant: windows
bin: qldb.exe
- os: macos-latest
variant: mac
bin: qldb
runs-on: ${{ matrix.os }}
steps:
- uses: aws-actions/configure-aws-credentials@v1
with:
role-skip-session-tagging: true
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-external-id: ${{ secrets.AWS_ROLE_EXTERNAL_ID }}
role-duration-seconds: 1800
- name: Remove MSys64 MingW64 Binaries
if: runner.os == 'Windows'
# remove this because there is a bad libclang.dll that confuses bindgen
run: Remove-Item -LiteralPath "C:\msys64\mingw64\bin" -Force -Recurse
- name: Install Dependencies
if: runner.os == 'Windows'
run: choco install llvm -y
- name: Install stable toolchain
uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: stable
override: true
- name: Install ubuntu tools
if: matrix.os == 'ubuntu-18.04'
run: |
sudo apt-get install -y musl-tools pkg-config libssl-dev
- name: Checkout
uses: actions/checkout@v2
- name: Package
shell: bash
if: matrix.os == 'ubuntu-18.04' || matrix.os == 'macos-latest'
run: |
name=qldb
tag=$(git describe --tags --abbrev=0)
release_name="$name-$tag-${{ matrix.variant }}"
release_tar="${release_name}.tar.gz"
mkdir "$release_name"
cargo fetch && cargo build --release
if [ "${{ matrix.os }}" != "windows-2019" ]; then
strip "target/${{ matrix.target }}/release/${{ matrix.bin }}"
fi
cp "target/release/${{ matrix.bin }}" "$release_name/"
cp README.md LICENSE CHANGELOG.md "$release_name/"
tar czvf "$release_tar" "$release_name"
rm -r "$release_name"
echo -n "$(shasum -ba 256 "${release_tar}" | cut -d " " -f 1)" > "${release_tar}.sha256"
git tag -l -n --format="%(contents:subject)" $(git describe --tags --abbrev=0) > TAG-COMMENT.txt
- name: MSI
shell: powershell
if: matrix.os == 'windows-2019'
run: |
$name='qldb'
$tag=git describe --tags --abbrev=0
$release_name="$name-$tag"
cargo fetch
cargo build --release
cd target/release
# Push unsigned EXE to S3
$put_object_response=( aws s3api put-object --bucket ${{ secrets.AWS_UNSIGNED_BUCKET }} --key ${{ secrets.AWS_KEY_EXE }} --body ${{ matrix.bin }} --acl bucket-owner-full-control ) | ConvertFrom-Json
$version_id = $put_object_response.VersionId
$job_id = ""
$num_of_retries_to_get_job_id = 3
# Attempt to get Job ID from bucket tagging, will retry up to 3 times before exiting with a failure code.
# Will sleep for 5 seconds between retries.
for (($i = 0); $i -lt $num_of_retries_to_get_job_id; $i++)
{
$get_object_tagging_response=( aws s3api get-object-tagging --bucket ${{ secrets.AWS_UNSIGNED_BUCKET }} --key ${{ secrets.AWS_KEY_EXE }} --version-id $version_id ) | ConvertFrom-Json
$id = $get_object_tagging_response.TagSet[0].Value
if ($id)
{
$job_id = $id
break
}
Start-Sleep -s 5
}
if ($job_id -eq "")
{
echo "Exiting because unable to retrieve job ID"
exit 1
}
# Poll signed S3 bucket to see if the signed artifact is there
aws s3api wait object-exists --bucket ${{ secrets.AWS_SIGNED_BUCKET }} --key ${{ secrets.AWS_KEY_EXE }}-$job_id
# Get signed EXE from S3
aws s3api get-object --bucket ${{ secrets.AWS_SIGNED_BUCKET }} --key ${{ secrets.AWS_KEY_EXE }}-$job_id ${{ matrix.bin }}
cd ../../
# Install cargo-wix to compile main.wxs
cargo install cargo-wix
# Read the shell version from the cargo.toml file
$version = Get-Content .\Cargo.toml | Select-String -Pattern '^version\s*=\s*\"\d*\.\d*\.\d*'
# Convert $version to semantic version (removing characters at the end)
$semantic = 'semantic' + $version.Matches[0].Value + '"'
# Write the semantic version in the wix variable file
$content = '<?xml version="1.0" encoding="utf-8"?><Include><?define ' + $semantic + ' ?></Include>'
Set-Content -Path ./wixvariables.wxi $content
# Create MSI based on target/wix/main.wxs
cargo wix --nocapture
cd target/wix
mv amazon_qldb_shell*.msi ../../$release_name.msi
cd ../../
$complete_file_name = $release_name + ".msi"
# Push unsigned MSI to S3
$put_object_response=( aws s3api put-object --bucket ${{ secrets.AWS_UNSIGNED_BUCKET }} --key ${{ secrets.AWS_KEY }} --body $complete_file_name --acl bucket-owner-full-control ) | ConvertFrom-Json
$version_id = $put_object_response.VersionId
$job_id = ""
$num_of_retries_to_get_job_id = 3
# Attempt to get Job ID from bucket tagging, will retry up to 3 times before exiting with a failure code.
# Will sleep for 5 seconds between retries.
for (($i = 0); $i -lt $num_of_retries_to_get_job_id; $i++)
{
$get_object_tagging_response=( aws s3api get-object-tagging --bucket ${{ secrets.AWS_UNSIGNED_BUCKET }} --key ${{ secrets.AWS_KEY }} --version-id $version_id ) | ConvertFrom-Json
$id = $get_object_tagging_response.TagSet[0].Value
if ($id)
{
$job_id = $id
break
}
Start-Sleep -s 5
}
if ($job_id -eq "")
{
echo "Exiting because unable to retrieve job ID"
exit 1
}
# Poll signed S3 bucket to see if the signed artifact is there
aws s3api wait object-exists --bucket ${{ secrets.AWS_SIGNED_BUCKET }} --key ${{ secrets.AWS_KEY }}-$job_id
# Get signed MSI from S3
aws s3api get-object --bucket ${{ secrets.AWS_SIGNED_BUCKET }} --key ${{ secrets.AWS_KEY }}-$job_id $complete_file_name
- name: Publish
uses: softprops/action-gh-release@v1
with:
draft: true
prerelease: true
files: "qldb*"
body_path: TAG-COMMENT.txt
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}