-
Notifications
You must be signed in to change notification settings - Fork 57
308 lines (270 loc) · 9.25 KB
/
build.yml
File metadata and controls
308 lines (270 loc) · 9.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
name: Build and Test
on:
pull_request:
paths-ignore:
- '**.md'
push:
branches:
- master
- release/**
paths-ignore:
- '**.md'
env:
# Variables defined in the repository
SENTRY_ORG: ${{ vars.SENTRY_ORG }}
# For master, we have an environment variable that selects the action-release project
# instead of action-release-prs
# For other branches: https://sentry-ecosystem.sentry.io/releases/?project=4505075304693760
# For master branch: https://sentry-ecosystem.sentry.io/releases/?project=6576594
SENTRY_PROJECT: ${{ vars.SENTRY_PROJECT }}
jobs:
prepare-docker:
name: Prepare docker tag
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
docker_tag: ${{ steps.docker_tag.outputs.docker_tag }}
steps:
- name: Checkout repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Get docker tag
id: docker_tag
run: |
if [[ "${{ github.ref }}" == "refs/heads/master" ]]; then
echo "docker_tag=master" >> $GITHUB_OUTPUT
yarn set-docker-tag master
else
TAG=$(yq '... | select(has("uses") and .uses | test("docker://ghcr.io/getsentry/action-release-image:.*")) | .uses' action.yml | awk -F':' '{print $3}')
echo "docker_tag=$TAG" >> $GITHUB_OUTPUT
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
if [[ "$TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: docker_tag $TAG matching format MAJOR.MINOR.PATCH is not allowed inside pull requests."
echo "Please rename the docker tag in action.yml and try again."
exit 1
fi
fi
fi
- name: Get auth token
id: token
uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1.11.0
if: github.ref == 'refs/heads/master'
with:
app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }}
private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }}
- name: Commit changes
uses: getsentry/action-github-commit@31f6706ca1a7b9ad6d22c1b07bf3a92eabb05632 # v2.0.0
if: github.ref == 'refs/heads/master'
with:
github-token: ${{ steps.token.outputs.token }}
message: 'chore: Set docker tag for master [skip ci]'
docker-build:
name: Build & publish Docker images
needs: prepare-docker
runs-on: ubuntu-latest
permissions:
packages: write
strategy:
matrix:
target:
- name: builder
image: action-release-builder-image
- name: app
image: action-release-image
steps:
- name: Checkout repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
- name: Set up QEMU
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
- name: Login to GitHub Container Registry
uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# BUILDKIT_INLINE_CACHE creates the image in such a way that you can
# then use --cache-from (think of a remote cache)
# This feature is allowed thanks to using the buildx plugin
#
# There's a COPY command in the builder stage that can easily invalidate the cache
# If you notice, please add more exceptions to .dockerignore since we loose the value
# of using --cache-from on the app stage
- name: Build and push
uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
with:
platforms: linux/amd64,linux/arm64
push: true
tags: ghcr.io/${{ github.repository_owner }}/${{ matrix.target.image }}:${{ needs.prepare-docker.outputs.docker_tag }}
cache-from: ghcr.io/${{ github.repository_owner }}/${{ matrix.target.image }}:master
target: ${{ matrix.target.name }}
build-args: BUILDKIT_INLINE_CACHE=1
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Install
run: yarn install
- name: Check format
run: yarn format-check
- name: Lint
run: yarn lint
- name: Build
run: yarn build
#############
# E2E Tests
#############
test-create-staging-release-per-push:
needs: docker-build
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
runs-on: ${{ matrix.os }}
permissions:
contents: read
name: Test current action
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
- name: Create a staging release
uses: ./
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_LOG_LEVEL: debug
with:
ignore_missing: true
test-runs-on-container:
needs: docker-build
runs-on: ubuntu-latest
permissions:
contents: read
container:
image: node:20.19.2
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
- name: Create a staging release
uses: ./
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_LOG_LEVEL: debug
with:
ignore_missing: true
test-mock-release:
needs: docker-build
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
runs-on: ${{ matrix.os }}
name: Mock a release
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
- name: Mock creating a Sentry release
uses: ./
env:
MOCK: true
with:
environment: production
test-mock-release-working-directory:
needs: docker-build
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
runs-on: ${{ matrix.os }}
name: Mock a release in a different working directory
permissions:
contents: read
steps:
- name: Checkout directory we'll be running from
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
path: main/
- name: Checkout directory we'll be testing
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
path: test/
- name: Mock creating a Sentry release in a different directory
uses: ./main
env:
MOCK: true
with:
environment: production
working_directory: ./test
test-node-version-preserved:
needs: docker-build
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
node-version: ['20.x', '22.x', '24.x']
runs-on: ${{ matrix.os }}
name: Test Node version preserved on ${{ matrix.os }} with Node ${{ matrix.node-version }}
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: ${{ matrix.node-version }}
- name: Print Node Version (Before)
id: node_before
shell: bash
run: |
VERSION=$(node --version)
echo "Node version before: $VERSION"
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
- name: Mock creating a Sentry release
uses: ./
env:
MOCK: true
with:
environment: production
- name: Print Node Version (After)
shell: bash
run: |
VERSION_AFTER=$(node --version)
echo "Node version after: $VERSION_AFTER"
echo "Expected: ${{ steps.node_before.outputs.VERSION }}"
if [ "$VERSION_AFTER" != "${{ steps.node_before.outputs.VERSION }}" ]; then
echo "ERROR: Node version changed from ${{ steps.node_before.outputs.VERSION }} to $VERSION_AFTER"
exit 1
fi
echo "SUCCESS: Node version preserved"
test-manual-commit-range:
needs: docker-build
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
runs-on: ${{ matrix.os }}
name: Test manual commit range
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
- name: Create a release with manual commit range
uses: ./
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_LOG_LEVEL: debug
MOCK: true
with:
environment: production
set_commits: manual
repo: getsentry/action-release
commit: ${{ github.sha }}
previous_commit: ${{ github.sha }}