Skip to content

Publish release

Publish release #575

name: Publish release
on:
workflow_dispatch:
inputs:
isPreRelease:
description: 'Tag created is a pre-release tag'
required: true
default: 'false'
preReleaseSuffix:
description: 'The text that will be suffixed to the Git tag. e.g., rc1'
required: false
default: ''
permissions:
id-token: write
contents: write
jobs:
publish-release:
name: Publish Release
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17.0.7'
- name: Set version env variable
id: version-set
run: |
SHORT_VERSION=$((grep -w 'version' | cut -d= -f2 | cut -d- -f1) < gradle.properties)
DIST_VERSION=$((grep -w 'version' | cut -d= -f2) < gradle.properties | rev | cut --complement -d- -f1 | rev)
LANG_VERSION=$((grep -w "ballerinaLangVersion" | cut -d= -f2 | cut -d- -f1 | xargs) < gradle.properties)
CODE_NAME=$((grep -w 'codeName' | cut -d= -f2) < gradle.properties)
RELEASE_VERSION=$DIST_VERSION
TAGGED_VERSION=$RELEASE_VERSION
LONG_VERSION=$DIST_VERSION-$CODE_NAME
if [ -n "${{ github.event.inputs.preReleaseSuffix }}" ]; then
TAGGED_VERSION=$RELEASE_VERSION-${{ github.event.inputs.preReleaseSuffix }}
fi
echo VERSION=$RELEASE_VERSION >> $GITHUB_ENV
echo GIT_TAG=$TAGGED_VERSION >> $GITHUB_ENV
echo "::set-output name=version::$RELEASE_VERSION"
echo "::set-output name=sversion::$SHORT_VERSION"
echo "::set-output name=taggedVersion::$TAGGED_VERSION"
echo "::set-output name=longVersion::$LONG_VERSION"
echo "::set-output name=langVersion::$LANG_VERSION"
- name: Pre release depenency version update
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
run: |
echo "Version: ${VERSION}"
echo "Tagged Version: ${GIT_TAG}"
git config user.name ${{ secrets.BALLERINA_BOT_USERNAME }}
git config user.email ${{ secrets.BALLERINA_BOT_EMAIL }}
git checkout -b release-${GIT_TAG}
- name: Generate UUID
run: |
UUID=$(uuidgen)
perl -pi -e "s/^\s*installerVersion=.*/installerVersion=$UUID/" gradle.properties
git config user.name ${{ secrets.BALLERINA_BOT_USERNAME }}
git config user.email ${{ secrets.BALLERINA_BOT_EMAIL }}
git add gradle.properties
git commit -m "Update UUID for installer"
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Publish artifact
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
packageUser: ${{ secrets.BALLERINA_BOT_USERNAME }}
packagePAT: ${{ secrets.BALLERINA_BOT_TOKEN }}
devCentralToken: ${{ secrets.BALLERINA_CENTRAL_DEV_ACCESS_TOKEN }}
prodCentralToken: ${{ secrets.BALLERINA_CENTRAL_ACCESS_TOKEN }}
githubAccessToken: ${{ secrets.GITHUB_TOKEN }}
ballerinaBotWorkflow: $ {{ secrets.BALLERINA_BOT_WORKFLOW }}
run: |
./gradlew build -Pversion=${VERSION}
./gradlew release -Prelease.useAutomaticVersion=true -x test
- name: Checkout docker repo
uses: actions/checkout@v3
with:
repository: ballerina-platform/module-ballerina-docker
path: module-ballerina-docker
- name: Copy zip artifact
run: cp ballerina/build/distributions/ballerina-22*.zip module-ballerina-docker/base/docker/
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_HUB_USER }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Build the docker image
id: docker_build
uses: docker/build-push-action@v2
with:
context: module-ballerina-docker/base/docker/
load: true
push: false
tags: ballerina/ballerina:release-test
build-args: |
BALLERINA_DIST=ballerina-${{ steps.version-set.outputs.sversion }}.zip
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'ballerina/ballerina:release-test'
skip-dirs: 'ballerina/runtime/examples'
format: 'table'
exit-code: '1'
timeout: "10m0s"
- name: cosign-installer
uses: sigstore/[email protected]
- name: Set up Node.js
uses: actions/setup-node@v2
with:
node-version: '14'
- name: Install GitHub CLI
run: |
npm install -g github-cli
gh --version
- name: Get Markdown file
id: file-url
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh repo view ballerina-platform/ballerina-dev-website --json url --jq '.clone_url'
gh api repos/ballerina-platform/ballerina-dev-website/contents/downloads/verify-ballerina-artifacts.md -H 'Accept: application/vnd.github.v3.raw' > release_notes.md
sed -i '1,10d' release_notes.md
- name: Retrieve Branch
id: retrieve-branch
run: |
branchName=$(echo ${{ github.ref }} | cut -d'/' -f3)
echo "::set-output name=branchName::$branchName"
- name: Update Markdown file
run: |
if ${{ github.event.inputs.isPreRelease }} == 'true'; then
echo "" > release_notes.md;
else sed -i 's/{{ version }}/${{ steps.version-set.outputs.taggedVersion }}/g' release_notes.md; sed -i 's/{{ branch }}/${{ steps.retrieve-branch.outputs.branchName }}/g' release_notes.md; fi
- name: Read release notes from file
id: release_notes
uses: actions/github-script@v4
with:
github-token: ${{ secrets.BALLERINA_BOT_TOKEN }}
script: |
const fs = require('fs');
const releaseNotes = fs.readFileSync('release_notes.md', 'utf8');
core.setOutput('notes', releaseNotes);
- name: Create release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
tag_name: "v${{ steps.version-set.outputs.taggedVersion }}"
release_name: ${{ steps.version-set.outputs.taggedVersion }}
body: ${{ steps.release_notes.outputs.notes }}
draft: false
prerelease: ${{ github.event.inputs.isPreRelease }}
- name: Create linux-deb Installer
id: run_installers_deb
run: |
cd installers/linux-deb
./build-ballerina-linux-deb-x64.sh -v ${{ steps.version-set.outputs.longVersion }} -p ./../../ballerina/build/distributions
echo "Created linux-deb successfully"
- name: Sign the linux-deb installer
run: |
cosign sign-blob installers/linux-deb/target/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sig --yes
- name: Verify the linux-deb installer
run: |
cosign verify-blob installers/linux-deb/target/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
- name: Create linux-rpm Installer
id: run_installers_rpm
run: |
cd installers/linux-rpm
./build-ballerina-linux-rpm-x64.sh -v ${{ steps.version-set.outputs.longVersion }} -p ./../../ballerina/build/distributions
echo "Created linux-rpm successfully"
- name: Sign the linux-rpm installer
run: |
cosign sign-blob installers/linux-rpm/rpmbuild/RPMS/x86_64/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sig --yes
- name: Verify the linux-rpm installer
run: |
cosign verify-blob installers/linux-rpm/rpmbuild/RPMS/x86_64/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
- name: Generate Hashes
run: |
openssl dgst -sha256 -out ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sha256 installers/linux-deb/target/ballerina-*-linux-x64.deb
openssl dgst -sha256 -out ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sha256 installers/linux-rpm/rpmbuild/RPMS/x86_64/ballerina-*-linux-x64.rpm
openssl dgst -sha256 -out ballerina-${{ steps.version-set.outputs.longVersion }}.zip.sha256 ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}.zip
openssl dgst -sha256 -out ballerina-${{ steps.version-set.outputs.sversion }}.zip.sha256 ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.sversion }}.zip
- name: Sign the zip artifacts
run: |
cosign sign-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}.zip --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}.sig --yes
cosign sign-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.sversion }}.zip --output-certificate ballerina-${{ steps.version-set.outputs.sversion }}.pem --output-signature ballerina-${{ steps.version-set.outputs.sversion }}.sig --yes
cosign sign-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos.zip --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-macos.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-macos.sig --yes
cosign sign-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.zip --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.sig --yes
cosign sign-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-windows.zip --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-windows.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-windows.sig --yes
- name: Verify the zip artifacts
run: |
cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.sversion }}.zip --certificate ballerina-${{ steps.version-set.outputs.sversion }}.pem --signature ballerina-${{ steps.version-set.outputs.sversion }}.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-macos.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-macos.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-windows.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-windows.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-windows.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
- name: Upload zip artifacts
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}.zip
asset_path: ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}.zip
asset_content_type: application/octet-stream
- name: Upload zip artifact's Certificate
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}.pem
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}.pem
asset_content_type: application/octet-stream
- name: Upload zip artifact's Signature
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}.sig
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}.sig
asset_content_type: application/octet-stream
- name: Upload zip without tool artifacts
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.sversion }}.zip
asset_path: ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.sversion }}.zip
asset_content_type: application/octet-stream
- name: Upload zip without tool artifact's Certificate
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.sversion }}.pem
asset_path: ./ballerina-${{ steps.version-set.outputs.sversion }}.pem
asset_content_type: application/octet-stream
- name: Upload zip without tool artifact's Signature
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.sversion }}.sig
asset_path: ./ballerina-${{ steps.version-set.outputs.sversion }}.sig
asset_content_type: application/octet-stream
- name: Upload Linux deb Installer
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb
asset_path: installers/linux-deb/target/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb
asset_content_type: application/octet-stream
- name: Upload Linux deb Installer's Certificate
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.pem
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.pem
asset_content_type: application/octet-stream
- name: Upload Linux deb Installer's Signature
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sig
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sig
asset_content_type: application/octet-stream
- name: Upload Linux rpm Installer
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm
asset_path: installers/linux-rpm/rpmbuild/RPMS/x86_64/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm
asset_content_type: application/octet-stream
- name: Upload Linux rpm Installer's Certificate
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.pem
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.pem
asset_content_type: application/octet-stream
- name: Upload Linux rpm Installer's Signature
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sig
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sig
asset_content_type: application/octet-stream
- name: Upload MacOS zip artifacts
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos.zip
asset_path: ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos.zip
asset_content_type: application/octet-stream
- name: Upload MacOS zip artifact's Certificate
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos.pem
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-macos.pem
asset_content_type: application/octet-stream
- name: Upload MacOS zip artifact's Signature
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos.sig
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-macos.sig
asset_content_type: application/octet-stream
- name: Upload MacOS-ARM zip artifacts
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.zip
asset_path: ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.zip
asset_content_type: application/octet-stream
- name: Upload MacOS-ARM zip artifact's Certificate
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.pem
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.pem
asset_content_type: application/octet-stream
- name: Upload MacOS-ARM zip artifact's Signature
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.sig
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.sig
asset_content_type: application/octet-stream
- name: Upload Windows zip artifacts
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-windows.zip
asset_path: ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-windows.zip
asset_content_type: application/octet-stream
- name: Upload Windows zip artifact's Certificate
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-windows.pem
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-windows.pem
asset_content_type: application/octet-stream
- name: Upload Windows zip artifact's Signature
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-windows.sig
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-windows.sig
asset_content_type: application/octet-stream
- name: Upload Linux deb Hashes
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sha256
asset_path: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sha256
asset_content_type: application/octet-stream
- name: Upload Linux rpm Hashes
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sha256
asset_path: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sha256
asset_content_type: application/octet-stream
- name: Upload Ballerina zip Hashes
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}.zip.sha256
asset_path: ballerina-${{ steps.version-set.outputs.longVersion }}.zip.sha256
asset_content_type: application/octet-stream
- name: Upload ballerina Short Name zip Hashes
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_name: ballerina-${{ steps.version-set.outputs.sversion }}.zip.sha256
asset_path: ballerina-${{ steps.version-set.outputs.sversion }}.zip.sha256
asset_content_type: application/octet-stream
- name: Install Ballerina DEB
run: sudo dpkg -i installers/linux-deb/target/ballerina-*-linux-x64.deb
- name: Update Installer Test Configs
run: |
DISPLAY_TEXT=${{ steps.version-set.outputs.langVersion }}
SWAN_LAKE_LATEST_VERSION="swan-lake-"+$DISPLAY_TEXT
perl -pi -e "s/^\s*swan-lake-latest-version-display-text=.*/swan-lake-latest-version-display-text=$DISPLAY_TEXT/" ballerina-test-automation/gradle.properties
perl -pi -e "s/^\s*swan-lake-latest-version=.*/swan-lake-latest-version=$SWAN_LAKE_LATEST_VERSION/" ballerina-test-automation/gradle.properties
- name: Run Installer Tests
working-directory: ./ballerina-test-automation/installer-test
run: ./../gradlew build --stacktrace -scan --console=plain --no-daemon -DballerinaInstalled=true
env:
TEST_MODE_ACTIVE: true
- name: Post release PR
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
run: |
curl -fsSL https://github.com/github/hub/raw/master/script/get | bash -s 2.14.1
bin/hub pull-request -m "[Automated] Sync master after "$VERSION" release"
outputs:
project-version: ${{ steps.version-set.outputs.longVersion }}
upload-asset-url: ${{ steps.create_release.outputs.upload_url }}
release-version: ${{ steps.version-set.outputs.taggedVersion }}
lang-version: ${{ steps.version-set.outputs.langVersion }}
macos-installer-build:
name: MacOS Installer Build
needs: publish-release
runs-on: macos-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v2
- name: Set up JDK 17
uses: actions/setup-java@v2
with:
distribution: 'temurin'
java-version: '17.0.7'
- name: Download MacOS Intaller Zip
run: |
wget https://github.com/ballerina-platform/ballerina-distribution/releases/download/v${{ needs.publish-release.outputs.release-version }}/ballerina-${{ needs.publish-release.outputs.project-version }}-macos.zip
- name: cosign-installer
uses: sigstore/[email protected]
- name: Create macos-pkg Installer
id: run_installers_pkg
run: |
cd installers/mac
./build-ballerina-macos-x64.sh -v ${{ needs.publish-release.outputs.project-version }} -p ./../../
echo "Created macos-pkg successfully"
- name: Sign the MacOS installer
run: |
cosign sign-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg --output-certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.pem --output-signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sig --yes
- name: Verify the MacOS installer
run: |
cosign verify-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg --certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.pem --signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
- name: Generate Hashes
run: |
openssl dgst -sha256 -out ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sha256 installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg
- name: Upload MacOS pkg Hashes
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sha256
asset_path: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sha256
asset_content_type: application/octet-stream
- name: Upload MacOS pkg Installer
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg
asset_path: installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg
asset_content_type: application/octet-stream
- name: Upload MacOS installer's Certificate
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.pem
asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.pem
asset_content_type: application/octet-stream
- name: Upload MacOS installer's Signature
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sig
asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sig
asset_content_type: application/octet-stream
- name: Install Ballerina PKG
run: sudo installer -pkg installers/mac/target/pkg/ballerina-*-macos-x64.pkg -target /
- name: Update Installer Test Configs
run: |
DISPLAY_TEXT=${{ needs.publish-release.outputs.lang-version }}
SWAN_LAKE_LATEST_VERSION="swan-lake-"+$DISPLAY_TEXT
perl -pi -e "s/^\s*swan-lake-latest-version-display-text=.*/swan-lake-latest-version-display-text=$DISPLAY_TEXT/" ballerina-test-automation/gradle.properties
perl -pi -e "s/^\s*swan-lake-latest-version=.*/swan-lake-latest-version=$SWAN_LAKE_LATEST_VERSION/" ballerina-test-automation/gradle.properties
- name: Run Installer Tests
working-directory: ./ballerina-test-automation/installer-test
run: ./../gradlew build --stacktrace -scan --console=plain --no-daemon -DballerinaInstalled=true
env:
TEST_MODE_ACTIVE: true
- name: Download MacOS-ARM Intaller Zip
run: |
wget https://github.com/ballerina-platform/ballerina-distribution/releases/download/v${{ needs.publish-release.outputs.release-version }}/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm.zip
- name: Create macos-arm-pkg Installer
id: run_installers_arm_pkg
run: |
cd installers/mac
./build-ballerina-macos-x64.sh -v ${{ needs.publish-release.outputs.project-version }} -p ./../../ -a arm
echo "Created macos-arm-pkg successfully"
- name: Sign the MacOS-ARM installer
run: |
cosign sign-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg --output-certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.pem --output-signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sig --yes
- name: Verify the MacOS-ARM installer
run: |
cosign verify-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg --certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.pem --signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
- name: Generate Hashes
run: |
openssl dgst -sha256 -out ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sha256 installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg
- name: Upload MacOS-ARM pkg Hashes
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sha256
asset_path: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sha256
asset_content_type: application/octet-stream
- name: Upload MacOS-ARM pkg Installer
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg
asset_path: installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg
asset_content_type: application/octet-stream
- name: Upload MacOS-ARM installer's Certificate
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.pem
asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.pem
asset_content_type: application/octet-stream
- name: Upload MacOS-ARM installer's Signature
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sig
asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sig
asset_content_type: application/octet-stream
windows-installer-build:
name: Windows Installer Build
needs: publish-release
runs-on: windows-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v2
- name: Set up JDK 17
uses: actions/setup-java@v2
with:
distribution: 'temurin'
java-version: '17.0.7'
- uses: actions/setup-dotnet@v1
with:
dotnet-version: '2.1.x'
- name: Install GUID Generator
run: dotnet tool install -g dotnet-guid --version 0.5.2
- name: Set up Wix toolkit
run: echo "${WIX}bin" >> $GITHUB_PATH
shell: bash
- name: Set cosign-installer
uses: sigstore/[email protected]
- name: Download Windows Installer Zip
run: |
echo default login ${{ secrets.BALLERINA_BOT_USERNAME }} password ${{ secrets.BALLERINA_BOT_TOKEN }} >> _netrc
curl --netrc-file _netrc -L -o ballerina-${{ needs.publish-release.outputs.project-version }}-windows.zip https://github.com/ballerina-platform/ballerina-distribution/releases/download/v${{ needs.publish-release.outputs.release-version }}/ballerina-${{ needs.publish-release.outputs.project-version }}-windows.zip
- name: Create windows-msi Installer
id: run_installers_msi
run: |
move installers\windows .\
ren windows w
cd w
.\build-ballerina-windows-x64.bat --version ${{ needs.publish-release.outputs.project-version }} --path .\..\
- name: Sign the Windows installer
run: |
cosign sign-blob w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi --output-certificate ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.pem --output-signature ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sig --yes
- name: Verify the Windows installer
run: |
cosign verify-blob w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi --certificate ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.pem --signature ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
- name: Generate Hashes
run: |
openssl dgst -sha256 -out ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sha256 w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi
- name: Upload Windows msi Hashes
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sha256
asset_path: ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sha256
asset_content_type: application/octet-stream
- name: Upload Windows msi Installer
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi
asset_path: w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi
asset_content_type: application/octet-stream
- name: Upload Windows installer's Certificate
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.pem
asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.pem
asset_content_type: application/octet-stream
- name: Upload Windows installer's Signature
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
with:
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sig
asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sig
asset_content_type: application/octet-stream
- name: Install Ballerina msi
run: msiexec /i w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi /quiet /qr
shell: cmd
- name: Update Installer Test Configs
run: |
set DISPLAY_TEXT=${{ needs.publish-release.outputs.lang-version }}
set SWAN_LAKE_LATEST_VERSION=swan-lake-%DISPLAY_TEXT%
perl -pi -e "s/^\s*swan-lake-latest-version-display-text=.*/swan-lake-latest-version-display-text=%DISPLAY_TEXT%/" ballerina-test-automation/gradle.properties
perl -pi -e "s/^\s*swan-lake-latest-version=.*/swan-lake-latest-version=%SWAN_LAKE_LATEST_VERSION%/" ballerina-test-automation/gradle.properties
shell: cmd
- name: Run Installer Tests
working-directory: .\ballerina-test-automation\installer-test
run: |
$env:Path += ";C:\Program Files\Ballerina\bin"
.\..\gradlew build --stacktrace -scan --console=plain --no-daemon -DballerinaInstalled=true