-
Notifications
You must be signed in to change notification settings - Fork 0
79 lines (71 loc) · 3.07 KB
/
Copy pathrelease.yml
File metadata and controls
79 lines (71 loc) · 3.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
name: Release
# Cut a release by pushing an annotated tag that matches VERSION, e.g.:
# git tag -a v1.0.0 -m "RigForge v1.0.0" && git push origin v1.0.0
# This packages the deploy bundle, checksums it, pulls notes from CHANGELOG.md, and publishes a
# GitHub Release. See RELEASING.md.
on:
push:
tags:
- "v*"
permissions:
contents: write # create the GitHub Release + upload assets
jobs:
release:
name: Build & publish release
runs-on: ubuntu-24.04
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG: ${{ github.ref_name }}
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
# Releasing goes through `gh` with GH_TOKEN below, not `git push`, so the checkout never
# needs the token left in .git/config (zizmor: artipacked).
persist-credentials: false
- name: Verify the tag matches VERSION
run: |
set -euo pipefail
want="v$(tr -d '[:space:]' < VERSION)"
if [ "$TAG" != "$want" ]; then
echo "::error::Tag '$TAG' does not match VERSION ('$want'). Bump VERSION or retag."
exit 1
fi
- name: Build the deploy bundle (.zip + .tar.gz + checksums)
run: |
set -euo pipefail
stage="rigforge-$TAG"
mkdir -p "$stage"
# Runtime files a user needs to deploy a worker — no tests/, .github/, or dev cruft.
cp -a rigforge.sh util systemd config.minimal.json config.reference.json README.md docs images LICENSE VERSION "$stage/"
zip -rq "$stage.zip" "$stage"
tar -czf "$stage.tar.gz" "$stage"
sha256sum "$stage.zip" "$stage.tar.gz" > SHA256SUMS
echo "--- SHA256SUMS ---"; cat SHA256SUMS
- name: Extract release notes from CHANGELOG.md
run: |
set -euo pipefail
ver="${TAG#v}"
# Print the body of this version's "## [x.y.z]" section (up to the next "## " heading).
awk -v ver="$ver" '
index($0, "## [" ver "]") == 1 { grab = 1; next }
grab && /^## / { exit }
grab { print }
' CHANGELOG.md > RELEASE_NOTES.md
# Fall back to a generic note if that version has no changelog section yet.
if ! grep -q '[^[:space:]]' RELEASE_NOTES.md; then
printf 'RigForge %s\n' "$TAG" > RELEASE_NOTES.md
fi
echo "--- notes ---"; cat RELEASE_NOTES.md
- name: Publish the GitHub Release
run: |
set -euo pipefail
# Mark 0.x tags as pre-releases.
pre=""
case "${TAG#v}" in 0.*) pre="--prerelease" ;; esac
# Create the release as a DRAFT so a human reviews the generated notes + bundles and clicks
# "Publish" — a deliberate gate for a tool that installs a root miner. Drop --draft here to
# go back to publishing automatically on tag push.
gh release create "$TAG" $pre --draft \
--title "RigForge $TAG" \
--notes-file RELEASE_NOTES.md \
"rigforge-$TAG.zip" "rigforge-$TAG.tar.gz" SHA256SUMS