[8.0] Use plain proxy for pilot bundle #9509
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deployment | |
on: | |
push: | |
pull_request: | |
workflow_dispatch: | |
inputs: | |
check-ci: | |
description: "Require the CI to have passed for this commit" | |
required: true | |
default: "yes" | |
version: | |
description: "Override the release version number (e.g. 8.0.0a5)" | |
jobs: | |
deploy-pypi: | |
name: PyPI deployment | |
runs-on: "ubuntu-latest" | |
if: github.event_name != 'push' || github.repository == 'DIRACGrid/DIRAC' | |
permissions: | |
id-token: write | |
attestations: write | |
contents: write | |
defaults: | |
run: | |
shell: bash -l {0} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.PAT || github.token }} | |
- run: | | |
git fetch --prune --unshallow | |
git config --global user.email "[email protected]" | |
git config --global user.name "DIRACGrid CI" | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- name: Installing dependencies | |
run: | | |
python -m pip install \ | |
build \ | |
python-dateutil \ | |
pytz \ | |
readme_renderer \ | |
requests \ | |
setuptools_scm | |
- name: Validate README for PyPI | |
run: | | |
python -m readme_renderer README.rst -o /tmp/README.html | |
- name: Prepare release notes | |
run: | | |
set -xeuo pipefail | |
IFS=$'\n\t' | |
PREV_VERSION=$(git describe --tags --abbrev=0 --match '*[0-9].[0-9]*' --exclude 'v[0-9]r*' --exclude 'v[0-9][0-9]r*') | |
REFERENCE_BRANCH=${GITHUB_REF#refs/heads/} | |
echo "Making release notes for ${REFERENCE_BRANCH} since ${PREV_VERSION}" | |
./docs/diracdoctools/scripts/dirac-docs-get-release-notes.py \ | |
--token "${{ secrets.GITHUB_TOKEN }}" \ | |
--sinceTag "${PREV_VERSION}" \ | |
--branches "${REFERENCE_BRANCH}" \ | |
--repo "${{ github.repository }}" \ | |
> release.notes.new | |
cat release.notes.new | |
- name: Create tag if required | |
id: check-tag | |
run: | | |
set -xeuo pipefail | |
IFS=$'\n\t' | |
# Only do a real release for workflow_dispatch events from DIRACGrid/DIRAC for integration for Python 3 compatible branches | |
if [[ "${{ github.repository }}" == "DIRACGrid/DIRAC" ]]; then | |
if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
if [[ "${{ github.event.ref }}" =~ ^refs/heads/(integration|rel-v([8-9]|[1-9][0-9]+)r[0-9]+)$ ]]; then | |
echo "Will create a real release" | |
export NEW_VERSION="v${{ github.event.inputs.version }}" | |
if [[ "${NEW_VERSION}" == "v" ]]; then | |
# If version wasn't given as an input to the workflow, use setuptools_scm to guess while removing "dev" portion of the version number | |
NEW_VERSION=v$(python -m setuptools_scm | sed 's@Guessed Version @@g' | sed -E 's@(\.dev|\+g).+@@g') | |
export NEW_VERSION | |
fi | |
echo "Release will be named $NEW_VERSION" | |
# Validate the version | |
# Ensure the version doesn't look like a PEP-440 "dev release" (which might happen if the automatic version bump has issues) | |
python -c $'from packaging.version import Version; v = Version('"'$NEW_VERSION'"$')\nif v.is_devrelease:\n raise ValueError(v)' | |
if [[ "${{ github.event.ref }}" =~ ^refs/heads/integration$ ]]; then | |
# If we're releasing from integration it must be a pre-release | |
python -c $'from packaging.version import Version; v = Version('"'$NEW_VERSION'"$')\nif not v.is_prerelease:\n raise ValueError("integration should only be used for pre-releases")' | |
elif [[ "${{ github.event.ref }}" != "$(python -c $'from packaging.version import Version; v = Version('"'$NEW_VERSION'"$')\nprint(f"refs/heads/rel-v{v.major}r{v.minor}")')" ]]; then | |
# If we're not releasing from integration the version should match the rel-vXrY branch name | |
echo "$NEW_VERSION is an invalid version for ${{ github.event.ref }}" | |
exit 2 | |
fi | |
# Commit the release notes | |
mv release.notes release.notes.old | |
{ | |
echo -e "[${NEW_VERSION}]" && \ | |
tail -n +2 release.notes.new | perl -0777pe 's/\n+$/\n\n/' && \ | |
cat release.notes.old; | |
} > release.notes | |
git add release.notes | |
git commit -m "docs: Add release notes for $NEW_VERSION" | |
git show | |
# Create the tag | |
git tag "$NEW_VERSION" | |
echo "create-release=true" >> $GITHUB_OUTPUT | |
echo "new-version=$NEW_VERSION" >> $GITHUB_OUTPUT | |
fi | |
fi | |
fi | |
- name: Build distributions | |
run: | | |
python -m build | |
- name: Make release on GitHub | |
if: steps.check-tag.outputs.create-release == 'true' | |
run: | | |
set -e | |
export NEW_VERSION=${{ steps.check-tag.outputs.new-version }} | |
echo "Pushing tagged release notes to ${GITHUB_REF#refs/heads/}" | |
git push "origin" "${GITHUB_REF#refs/heads/}" | |
echo "Making GitHub release for ${NEW_VERSION}" | |
.github/workflows/make_release.py \ | |
--repo="${{ github.repository }}" \ | |
--token="${{ secrets.GITHUB_TOKEN }}" \ | |
--version="${NEW_VERSION}" \ | |
--rev="$(git rev-parse HEAD)" \ | |
--release-notes-fn="release.notes.new" | |
- name: Publish package on PyPI | |
if: steps.check-tag.outputs.create-release == 'true' | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
user: __token__ | |
password: ${{ secrets.PYPI_API_TOKEN }} | |
deploy_CVMFS: | |
runs-on: "ubuntu-latest" | |
if: github.event_name == 'workflow_dispatch' | |
needs: deploy-pypi | |
steps: | |
- uses: conda-incubator/setup-miniconda@v3 | |
with: | |
channels: conda-forge,defaults | |
channel-priority: true | |
- name: Deploy on CVMFS | |
env: | |
CVMFS_PROXY_BASE64: ${{ secrets.CVMFS_PROXY_BASE64 }} | |
run: | | |
source /usr/share/miniconda3/etc/profile.d/conda.sh | |
conda create -n CVMFS_deploy ca-policy-lcg openssl=3.0.0 gct | |
conda activate CVMFS_deploy | |
echo "$CVMFS_PROXY_BASE64" | base64 --decode > cvmfs.proxy | |
chmod 600 cvmfs.proxy | |
export X509_USER_PROXY=cvmfs.proxy | |
export PATH=/usr/share/miniconda3/bin:/opt/conda/bin/:/opt/conda/condabin:$PATH | |
mkdir -p ~/.ssh/ && touch ~/.ssh/known_hosts | |
ssh-keyscan cvmfs-upload01.gridpp.rl.ac.uk >> ~/.ssh/known_hosts | |
gsissh -p 1975 -t cvmfs-upload01.gridpp.rl.ac.uk /home/diracsgm/admin/sync_packages.sh |