-
-
Notifications
You must be signed in to change notification settings - Fork 736
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ICU-22606 Create full release from CI - workflow files
The Ubuntu and Fedora files are very similar. But I am not sure (yet) what is the best way to share. The files uploaded to the GitHub Release use the exact same names as before. The .jar files are binary identical to the ones that go to Maven (checked). The Fedora Docker image should be built and uploaded from a dev machine. There is a workflow (from GitHub) doing that, but has a warning that: > This workflow uses actions that are not certified by GitHub. > They are provided by a third-party and are governed by > separate terms of service, privacy policy, and support documentation.
- Loading branch information
Showing
6 changed files
with
313 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
FROM fedora:latest | ||
|
||
RUN dnf install -y gcc-c++ zip unzip git-core git-lfs doxygen | ||
RUN git lfs install --skip-repo \ | ||
&& ln -s /usr/bin/python3 /usr/bin/python | ||
|
||
WORKDIR /root | ||
|
||
ENTRYPOINT [ "/bin/bash" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
## How to create a Fedora docker image | ||
|
||
Run | ||
``` | ||
docker login ghcr.io | ||
``` | ||
|
||
When prompted use these: | ||
|
||
* **User:** the github user | ||
* **Password:** the github key | ||
|
||
Update the timestamp (`20240929`) with the current date, ISO style: | ||
``` | ||
docker build --tag ghcr.io/unicode-org/fedora-docker-gcr:20240929 -f Dockerfile_fedora . | ||
docker push ghcr.io/unicode-org/fedora-docker-gcr:20240929 | ||
``` | ||
|
||
See: | ||
https://docs.github.com/en/actions/use-cases-and-examples/publishing-packages/publishing-docker-images | ||
|
||
Also: | ||
https://stackoverflow.com/questions/64033686/how-can-i-use-private-docker-image-in-github-actions | ||
|
||
To consider: generate and publish the docker image from a GitHub action. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
name: Release - Create checksums and GPG sign | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
gitReleaseTag: | ||
description: 'Release tag to upload to. Must start with "release-"' | ||
type: string | ||
|
||
env: | ||
RELEASE_FOLDER: '${{ github.workspace }}/releaseDist' | ||
|
||
jobs: | ||
sign_and_checksums: | ||
if: ${{ inputs.gitReleaseTag && startsWith(inputs.gitReleaseTag, 'release-') }} | ||
runs-on: ubuntu-latest | ||
environment: release-env | ||
|
||
permissions: | ||
contents: write # So that we can upload to release | ||
|
||
steps: | ||
|
||
- name: Checkout and setup | ||
uses: actions/checkout@v4 | ||
with: | ||
lfs: true | ||
|
||
- name: Set up JDK | ||
uses: actions/setup-java@v4 | ||
with: | ||
java-version: '11' | ||
distribution: 'temurin' | ||
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | ||
gpg-passphrase: MAVEN_GPG_PASSPHRASE | ||
|
||
- name: Get all release files | ||
run: | | ||
mkdir -p ${RELEASE_FOLDER} | ||
pushd ${RELEASE_FOLDER} | ||
gh release download ${{ inputs.gitReleaseTag }} -p "*.zip" -p "*.tgz" -p "*.jar" --repo=${{ github.repository }} | ||
popd | ||
env: | ||
GH_TOKEN: ${{ github.token }} | ||
|
||
- name: Checksums and sign | ||
run: | | ||
source icu4j/releases_tools/shared.sh | ||
# Convert 76.1 to 76_1 | ||
underscore_version=$(echo $artifact_version | sed 's/\./_/g') | ||
pushd ${RELEASE_FOLDER} | ||
sha512sum -b icu4c* > SHASUM512.txt | ||
md5sum -b *.jar > icu4j-${artifact_version}.md5 | ||
md5sum -b icu4c-*-data-bin-*.zip > icu4c-${underscore_version}-binary.md5 | ||
md5sum -b icu4c-*-src.* > icu4c-${underscore_version}-sources.md5 | ||
find . -type f -name 'icu4c*' -exec gpg --no-tty --batch --pinentry-mode loopback --passphrase=$MAVEN_GPG_PASSPHRASE -a --output {}.asc --detach-sig {} \; | ||
gpg --no-tty --batch --pinentry-mode loopback --passphrase=$MAVEN_GPG_PASSPHRASE -a --output SHASUM512.txt.asc --detach-sig SHASUM512.txt | ||
popd | ||
env: | ||
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | ||
|
||
- name: Upload to release | ||
run: | | ||
gh release upload ${{ inputs.gitReleaseTag }} LICENSE --clobber --repo=${{ github.repository }} | ||
gh release upload ${{ inputs.gitReleaseTag }} ${RELEASE_FOLDER}/*.md5 --clobber --repo=${{ github.repository }} | ||
gh release upload ${{ inputs.gitReleaseTag }} ${RELEASE_FOLDER}/*.asc --clobber --repo=${{ github.repository }} | ||
gh release upload ${{ inputs.gitReleaseTag }} ${RELEASE_FOLDER}/SHASUM512.txt --clobber --repo=${{ github.repository }} | ||
env: | ||
GH_TOKEN: ${{ github.token }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
name: Release - ICU4C artifacts on Fedora | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
runTests: | ||
description: 'Run the tests.' | ||
type: boolean | ||
default: true | ||
gitReleaseTag: | ||
description: 'Release tag to upload to. Must start with "release-"' | ||
type: string | ||
|
||
env: | ||
RELEASE_FOLDER: '${{ github.workspace }}/releaseDist' | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
environment: release-env | ||
|
||
container: | ||
image: ghcr.io/${{ github.repository_owner }}/fedora-docker-gcr:latest | ||
credentials: | ||
username: ${{ secrets.DOCKER_CONTAINER_USER_NAME }} | ||
password: ${{ secrets.DOCKER_CONTAINER_REGISTRY_TOKEN }} | ||
|
||
permissions: | ||
contents: write # So that we can upload to release | ||
|
||
steps: | ||
|
||
- name: Install gh (GitHub CLI) | ||
run: | | ||
# Don't install it in the docker image, get the latest (pros and cons) | ||
dnf install -y gh | ||
- name: Checkout and setup | ||
uses: actions/checkout@v4 | ||
with: | ||
lfs: true | ||
|
||
- name: Config and build ICU4C proper | ||
run: | | ||
pushd icu4c/source | ||
./runConfigureICU Linux/gcc | ||
make -j8 | ||
popd | ||
- name: Run tests | ||
if: ${{ inputs.runTests }} | ||
run: | | ||
pushd icu4c/source | ||
make check | ||
popd | ||
- name: Build release ICU4C | ||
run: | | ||
pushd icu4c/source | ||
make DESTDIR=${RELEASE_FOLDER}/icu releaseDist | ||
popd | ||
- name: Collect artifacts in one folder | ||
run: | | ||
# Get the OS version in VERSION_ID | ||
source /etc/os-release | ||
# Get the ICU version in artifact_version | ||
source icu4j/releases_tools/shared.sh | ||
# Convert 76.1 to 76_1 | ||
underscore_version=$(echo $artifact_version | sed 's/\./_/g') | ||
pushd ${RELEASE_FOLDER} | ||
tar -czf icu4c-${underscore_version}-Fedora_Linux${VERSION_ID}-x64.tgz icu | ||
rm -fr icu | ||
popd | ||
- name: Upload build results | ||
uses: actions/upload-artifact@v4.3.6 | ||
with: | ||
name: icu4c-fedora-binaries | ||
path: ${{ env.RELEASE_FOLDER }} | ||
retention-days: 3 # TBD if we want to keep them longer | ||
overwrite: true | ||
|
||
- name: Upload to release | ||
if: ${{ inputs.gitReleaseTag && startsWith(inputs.gitReleaseTag, 'release-') }} | ||
run: | | ||
gh release upload ${{ inputs.gitReleaseTag }} ${RELEASE_FOLDER}/* --clobber --repo=${{ github.repository }} | ||
env: | ||
GH_TOKEN: ${{ github.token }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
name: Release - ICU4C artifacts on Ubuntu | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
runTests: | ||
description: 'Run the tests.' | ||
type: boolean | ||
default: true | ||
gitReleaseTag: | ||
description: 'Release tag to upload to. Must start with "release-"' | ||
type: string | ||
|
||
env: | ||
RELEASE_FOLDER: '${{ github.workspace }}/releaseDist' | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
environment: release-env | ||
|
||
permissions: | ||
contents: write # So that we can upload to release | ||
|
||
steps: | ||
|
||
- name: Install doxygen | ||
run: | | ||
sudo apt-get -y install doxygen | ||
- name: Checkout and setup | ||
uses: actions/checkout@v4 | ||
with: | ||
lfs: true | ||
|
||
- name: Config and build ICU4C proper | ||
run: | | ||
pushd icu4c/source | ||
./runConfigureICU Linux/gcc | ||
make -j8 | ||
popd | ||
- name: Run tests | ||
if: ${{ inputs.runTests }} | ||
run: | | ||
pushd icu4c/source | ||
make check | ||
popd | ||
- name: Build release ICU4C | ||
run: | | ||
pushd icu4c/source | ||
make dist | ||
make DESTDIR=${RELEASE_FOLDER}/icu releaseDist | ||
popd | ||
- name: Collect artifacts in one folder | ||
run: | | ||
# Get the OS version in VERSION_ID | ||
source /etc/os-release | ||
# Get the ICU version in artifact_version | ||
source icu4j/releases_tools/shared.sh | ||
# Convert 76.1 to 76_1 | ||
underscore_version=$(echo $artifact_version | sed 's/\./_/g') | ||
pushd ${RELEASE_FOLDER} | ||
tar -czf icu4c-${underscore_version}-Ubuntu${VERSION_ID}-x64.tgz icu | ||
rm -fr icu | ||
popd | ||
mv icu4c/source/dist/icu4c-76_1-d* ${RELEASE_FOLDER} | ||
mv icu4c/source/dist/icu4c-76_1-src.* ${RELEASE_FOLDER} | ||
- name: Upload build results | ||
uses: actions/upload-artifact@v4.3.6 | ||
with: | ||
name: icu4c-ubuntu-binaries | ||
path: ${{ env.RELEASE_FOLDER }} | ||
retention-days: 3 # TBD if we want to keep them longer | ||
overwrite: true | ||
|
||
- name: Upload to release | ||
if: ${{ inputs.gitReleaseTag && startsWith(inputs.gitReleaseTag, 'release-') }} | ||
run: | | ||
gh release upload ${{ inputs.gitReleaseTag }} ${RELEASE_FOLDER}/* --clobber --repo=${{ github.repository }} | ||
env: | ||
GH_TOKEN: ${{ github.token }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters