Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ICU-22606 Create an (almost) full release from CI #3222

Merged
merged 5 commits into from
Sep 30, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions .github/Dockerfile_fedora
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
FROM fedora:latest

RUN dnf install -y gcc-c++ zip unzip git-core git-lfs doxygen
RUN git lfs install --skip-repo \
&& ln -s /usr/bin/python3 /usr/bin/python

WORKDIR /root

ENTRYPOINT [ "/bin/bash" ]
25 changes: 25 additions & 0 deletions .github/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
## How to create a Fedora docker image

Run
```
docker login ghcr.io
```

When prompted use these:

* **User:** the github user
* **Password:** the github key
echeran marked this conversation as resolved.
Show resolved Hide resolved

Update the timestamp (`20240929`) with the current date, ISO style:
```
docker build --tag ghcr.io/unicode-org/fedora-docker-gcr:20240929 -f Dockerfile_fedora .
docker push ghcr.io/unicode-org/fedora-docker-gcr:20240929
```

See:
https://docs.github.com/en/actions/use-cases-and-examples/publishing-packages/publishing-docker-images

Also:
https://stackoverflow.com/questions/64033686/how-can-i-use-private-docker-image-in-github-actions

To consider: generate and publish the docker image from a GitHub action.
69 changes: 69 additions & 0 deletions .github/workflows/release-check-sign.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
name: Release - Create checksums and GPG sign

on:
workflow_dispatch:
inputs:
gitReleaseTag:
description: 'Release tag to upload to. Must start with "release-"'
type: string

env:
RELEASE_FOLDER: '${{ github.workspace }}/releaseDist'

jobs:
sign_and_checksums:
if: ${{ inputs.gitReleaseTag && startsWith(inputs.gitReleaseTag, 'release-') }}
runs-on: ubuntu-latest
environment: release-env

permissions:
contents: write # So that we can upload to release

steps:

- name: Checkout and setup
uses: actions/checkout@v4
with:
lfs: true

- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '11'
distribution: 'temurin'
gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
gpg-passphrase: MAVEN_GPG_PASSPHRASE

- name: Get all release files
run: |
mkdir -p ${RELEASE_FOLDER}
pushd ${RELEASE_FOLDER}
gh release download ${{ inputs.gitReleaseTag }} -p "*.zip" -p "*.tgz" -p "*.jar" --repo=${{ github.repository }}
popd
env:
GH_TOKEN: ${{ github.token }}

- name: Checksums and sign
run: |
source icu4j/releases_tools/shared.sh
# Convert 76.1 to 76_1
underscore_version=$(echo $artifact_version | sed 's/\./_/g')
pushd ${RELEASE_FOLDER}
sha512sum -b icu4c* > SHASUM512.txt
md5sum -b *.jar > icu4j-${artifact_version}.md5
md5sum -b icu4c-*-data-bin-*.zip > icu4c-${underscore_version}-binary.md5
md5sum -b icu4c-*-src.* > icu4c-${underscore_version}-sources.md5
find . -type f -name 'icu4c*' -exec gpg --no-tty --batch --pinentry-mode loopback --passphrase=$MAVEN_GPG_PASSPHRASE -a --output {}.asc --detach-sig {} \;
gpg --no-tty --batch --pinentry-mode loopback --passphrase=$MAVEN_GPG_PASSPHRASE -a --output SHASUM512.txt.asc --detach-sig SHASUM512.txt
popd
env:
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}

- name: Upload to release
run: |
gh release upload ${{ inputs.gitReleaseTag }} LICENSE --clobber --repo=${{ github.repository }}
gh release upload ${{ inputs.gitReleaseTag }} ${RELEASE_FOLDER}/*.md5 --clobber --repo=${{ github.repository }}
gh release upload ${{ inputs.gitReleaseTag }} ${RELEASE_FOLDER}/*.asc --clobber --repo=${{ github.repository }}
gh release upload ${{ inputs.gitReleaseTag }} ${RELEASE_FOLDER}/SHASUM512.txt --clobber --repo=${{ github.repository }}
env:
GH_TOKEN: ${{ github.token }}
89 changes: 89 additions & 0 deletions .github/workflows/release-icu4c-fedora.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
name: Release - ICU4C artifacts on Fedora

on:
workflow_dispatch:
inputs:
runTests:
description: 'Run the tests.'
type: boolean
default: true
gitReleaseTag:
description: 'Release tag to upload to. Must start with "release-"'
type: string

env:
RELEASE_FOLDER: '${{ github.workspace }}/releaseDist'

jobs:
build:
runs-on: ubuntu-latest
environment: release-env

container:
image: ghcr.io/${{ github.repository_owner }}/fedora-docker-gcr:latest
credentials:
username: ${{ secrets.DOCKER_CONTAINER_USER_NAME }}
password: ${{ secrets.DOCKER_CONTAINER_REGISTRY_TOKEN }}

permissions:
contents: write # So that we can upload to release

steps:

- name: Install gh (GitHub CLI)
run: |
# Don't install it in the docker image, get the latest (pros and cons)
dnf install -y gh

- name: Checkout and setup
uses: actions/checkout@v4
with:
lfs: true

- name: Config and build ICU4C proper
run: |
pushd icu4c/source
./runConfigureICU Linux/gcc
make -j8
popd

- name: Run tests
if: ${{ inputs.runTests }}
run: |
pushd icu4c/source
make check
popd

- name: Build release ICU4C
run: |
pushd icu4c/source
make DESTDIR=${RELEASE_FOLDER}/icu releaseDist
popd

- name: Collect artifacts in one folder
run: |
# Get the OS version in VERSION_ID
source /etc/os-release
# Get the ICU version in artifact_version
source icu4j/releases_tools/shared.sh
# Convert 76.1 to 76_1
underscore_version=$(echo $artifact_version | sed 's/\./_/g')
pushd ${RELEASE_FOLDER}
tar -czf icu4c-${underscore_version}-Fedora_Linux${VERSION_ID}-x64.tgz icu
rm -fr icu
popd

- name: Upload build results
uses: actions/[email protected]
with:
name: icu4c-fedora-binaries
path: ${{ env.RELEASE_FOLDER }}
retention-days: 3 # TBD if we want to keep them longer
overwrite: true

- name: Upload to release
if: ${{ inputs.gitReleaseTag && startsWith(inputs.gitReleaseTag, 'release-') }}
run: |
gh release upload ${{ inputs.gitReleaseTag }} ${RELEASE_FOLDER}/* --clobber --repo=${{ github.repository }}
env:
GH_TOKEN: ${{ github.token }}
85 changes: 85 additions & 0 deletions .github/workflows/release-icu4c-ubuntu.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
name: Release - ICU4C artifacts on Ubuntu

on:
workflow_dispatch:
inputs:
runTests:
description: 'Run the tests.'
type: boolean
default: true
gitReleaseTag:
description: 'Release tag to upload to. Must start with "release-"'
type: string

env:
RELEASE_FOLDER: '${{ github.workspace }}/releaseDist'

jobs:
build:
runs-on: ubuntu-latest
environment: release-env

permissions:
contents: write # So that we can upload to release

steps:

- name: Install doxygen
run: |
sudo apt-get -y install doxygen

- name: Checkout and setup
uses: actions/checkout@v4
with:
lfs: true

- name: Config and build ICU4C proper
run: |
pushd icu4c/source
./runConfigureICU Linux/gcc
make -j8
popd

- name: Run tests
if: ${{ inputs.runTests }}
run: |
pushd icu4c/source
make check
popd

- name: Build release ICU4C
run: |
pushd icu4c/source
make dist
make DESTDIR=${RELEASE_FOLDER}/icu releaseDist
popd

- name: Collect artifacts in one folder
run: |
# Get the OS version in VERSION_ID
source /etc/os-release
# Get the ICU version in artifact_version
source icu4j/releases_tools/shared.sh
# Convert 76.1 to 76_1
underscore_version=$(echo $artifact_version | sed 's/\./_/g')
pushd ${RELEASE_FOLDER}
tar -czf icu4c-${underscore_version}-Ubuntu${VERSION_ID}-x64.tgz icu
rm -fr icu
popd
mv icu4c/source/dist/icu4c-76_1-d* ${RELEASE_FOLDER}
mv icu4c/source/dist/icu4c-76_1-src.* ${RELEASE_FOLDER}

- name: Upload build results
uses: actions/[email protected]
with:
name: icu4c-ubuntu-binaries
path: ${{ env.RELEASE_FOLDER }}
retention-days: 3 # TBD if we want to keep them longer
overwrite: true

- name: Upload to release
if: ${{ inputs.gitReleaseTag && startsWith(inputs.gitReleaseTag, 'release-') }}
run: |
gh release upload ${{ inputs.gitReleaseTag }} ${RELEASE_FOLDER}/* --clobber --repo=${{ github.repository }}
env:
GH_TOKEN: ${{ github.token }}
54 changes: 36 additions & 18 deletions .github/workflows/release-icu4j-maven.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# This workflow will build a package using Maven and then publish it to GitHub packages when a release is created
# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#apache-maven-with-a-settings-path

name: Publish to Nexus Sonatype OSS
name: Release - ICU4J publish to Maven Central

# For this to run you should define the follwing GitHub Secrets in the proper Environment.
# In Settings -- Environments -- release_env -- Environment secrets:
Expand All @@ -21,24 +21,29 @@ on:
# https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow
workflow_dispatch:
inputs:
gitTag:
# TODO: make this mandatory and validate that it is in a release* branch and looks like
# 'release-\d+.\d+ or something like that.
# For now we don't do it so that we can test.
description: 'Git tag at which to sync for deploy and release'
runTests:
description: 'Run the tests.'
type: boolean
default: true
deployToMaven:
description: 'Deploy to Maven Central (using Sonatype OSSRH)'
type: boolean
default: false
gitReleaseTag:
description: 'Release tag to upload to. Must start with "release-"'
type: string

env:
SHARED_MVN_ARGS: '--no-transfer-progress --show-version --batch-mode'
RELEASE_FOLDER: 'target/release_files'
RELEASE_FOLDER: '${{ github.workspace }}/releaseDist'

jobs:
publish:
runs-on: ubuntu-latest
environment: release-env

permissions:
contents: read
packages: write
contents: write # So that we can upload to release

steps:

Expand All @@ -59,8 +64,11 @@ jobs:
gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
settings-path: ${{ github.workspace }} # location for the settings.xml file

# TODO: enable tests? We don't want to release until we are 100% sure everything works.
- name: Build all of ICU
- name: Run tests
if: ${{ inputs.runTests }}
run: mvn install --file icu4j ${SHARED_MVN_ARGS} --errors --fail-at-end

- name: Build javadoc taglets
run: |
# Really important to do this first because we need `tools/build` for the javadoc applets
mvn install --file icu4j/tools/build \
Expand All @@ -69,8 +77,15 @@ jobs:

- name: Build and deploy to Maven Central
run: |
if [ "${{ inputs.deployToMaven }}" != "true" ]; then
echo Deploy to local folder
# Run the deploy, but do it to a local folder, not to Sonatype / Maven Central
export MAVEN_LOCAL='-DaltDeploymentRepository=tempid::file:./local-deploy-folder'
else
echo Deploy to Maven Central using Sonatype OSSRH
fi
mvn deploy --file icu4j \
${SHARED_MVN_ARGS} \
${SHARED_MVN_ARGS} ${MAVEN_LOCAL} \
--settings $GITHUB_WORKSPACE/settings.xml \
--errors --fail-at-end -DdeployAtEnd=true \
-DskipTests -DskipITs \
Expand All @@ -97,19 +112,22 @@ jobs:
${SHARED_MVN_ARGS} \
-DskipITs -DskipTests \
-P with_full_javadoc
# Archive the full doc in a jar. Should also be posted to the web as official doc.
jar -Mcf ${RELEASE_FOLDER}/icu4j-${ICU_VERSION}-fulljavadoc.jar \
-C target/site/apidocs/ .
# Create the file with MD5 checksums
pushd ${RELEASE_FOLDER}
md5sum *.jar > icu4j-${ICU_VERSION}.md5
popd # out of $RELEASE_FOLDER
popd # out of icu4j

# TODO: add them to the GitHub "Release" page automatically
- name: Upload build results
uses: actions/[email protected]
with:
path: ./icu4j/${{ env.RELEASE_FOLDER }}/*
name: icu4j-binaries
path: ${{ env.RELEASE_FOLDER }}
retention-days: 3 # TBD if we want to keep them longer
overwrite: true

- name: Upload to release
if: ${{ inputs.gitReleaseTag && startsWith(inputs.gitReleaseTag, 'release-') }}
run: |
gh release upload ${{ inputs.gitReleaseTag }} ${RELEASE_FOLDER}/* --clobber --repo=${{ github.repository }}
env:
GH_TOKEN: ${{ github.token }}