# Copyright (c) 2024 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved. # SPDX-License-Identifier: Apache-2.0 # Azure Pipelines file, see https://aka.ms/yaml # Enable builds on all branches trigger: # Build every commit as our release process relies on # the release process being built alone. batch: false branches: include: - main - main-2.x # Enable PR triggers that target the main branch pr: none jobs: - template: ci/build.yml parameters: test_mode: main - template: ci/check-for-release-job.yml - job: release dependsOn: [ "check_for_release", "Linux", "macOS", "Windows" ] condition: and(succeeded(), eq(dependencies.check_for_release.outputs['out.is_release'], 'true'), eq(dependencies.check_for_release.outputs['out.split_release_process'], 'false'), eq(variables['Build.SourceBranchName'], 'main')) pool: name: 'ubuntu_20_04' demands: assignment -equals default variables: release_sha: $[ dependencies.check_for_release.outputs['out.release_sha'] ] release_tag: $[ dependencies.check_for_release.outputs['out.release_tag'] ] trigger_sha: $[ dependencies.check_for_release.outputs['out.trigger_sha'] ] steps: - template: ci/report-start.yml - checkout: self persistCredentials: true - bash: | set -euo pipefail git checkout $(release_sha) name: checkout_release - template: ci/bash-lib.yml parameters: var_name: bash-lib - bash: | set -euo pipefail source $(bash-lib) if git tag v$(release_tag) $(release_sha); then git push origin v$(release_tag) mkdir $(Build.StagingDirectory)/release-artifacts else setvar skip-github TRUE fi - task: DownloadPipelineArtifact@0 inputs: artifactName: linux-release targetPath: $(Build.StagingDirectory)/release-artifacts condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE'))) - task: DownloadPipelineArtifact@0 inputs: artifactName: macos-release targetPath: $(Build.StagingDirectory)/release-artifacts condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE'))) - task: DownloadPipelineArtifact@0 inputs: artifactName: windows-release targetPath: $(Build.StagingDirectory)/release-artifacts condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE'))) - bash: | set -euo pipefail if [ -d sdk ]; then cd sdk fi # Note: this gets dev-env from the release commit, not the trigger commit eval "$(./dev-env/bin/dade-assist)" KEY_FILE=$(mktemp) GPG_DIR=$(mktemp -d) cleanup() { rm -rf $KEY_FILE $GPG_DIR } trap cleanup EXIT echo "$GPG_KEY" | base64 -d > $KEY_FILE gpg --homedir $GPG_DIR --no-tty --quiet --import $KEY_FILE cd $(Build.StagingDirectory)/release-artifacts/github sha256sum $(find . -type f | sort) > sha256sums # Note: relies on our release artifacts not having spaces in their # names. Creates a ${f}.asc with the signature for each $f. for f in *; do gpg --homedir $GPG_DIR -ab $f done cd ../artifactory for f in *; do gpg --homedir $GPG_DIR -ab $f done env: GPG_KEY: $(gpg-code-signing) - task: GitHubRelease@0 inputs: # I have no idea how dependent this is on the existence of my GitHub # account or if this is just the name of the connection in Azure # Pipelines. This is already mentioned in my transtiion document. gitHubConnection: 'garyverhaegen-da' repositoryName: '$(Build.Repository.Name)' action: 'create' target: '$(release_sha)' tagSource: 'manual' tag: 'v$(release_tag)' assets: $(Build.StagingDirectory)/release-artifacts/github/* assetUploadMode: 'replace' title: '$(release_tag)' addChangeLog: false isPrerelease: true releaseNotesSource: 'input' releaseNotes: "This is a pre-release. Use at your own risk." condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE'))) - bash: | set -euo pipefail if [ -d sdk ]; then cd sdk fi # Note: this gets dev-env from the release commit, not the trigger commit eval "$(./dev-env/bin/dade-assist)" ./ci/publish-artifactory.sh $(Build.StagingDirectory) $(release_tag) env: AUTH: $(ARTIFACTORY_USERNAME):$(ARTIFACTORY_PASSWORD) condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE'))) - bash: | set -euo pipefail if [ -d sdk ]; then cd sdk fi # Note: this gets dev-env from the release commit, not the trigger commit eval "$(./dev-env/bin/dade-assist)" source $(bash-lib) cd $(Build.StagingDirectory)/release-artifacts/github for f in *; do gcs "$GCRED" cp "$f" "gs://daml-data/releases/$(release_tag)/github/$f" done cd $(Build.StagingDirectory)/release-artifacts/artifactory for f in *; do gcs "$GCRED" cp "$f" "gs://daml-data/releases/$(release_tag)/artifactory/$f" done name: backup_to_gcs env: GCRED: $(GOOGLE_APPLICATION_CREDENTIALS_CONTENT) condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE'))) - bash: | set -euo pipefail source $(bash-lib) if [ -d sdk ]; then cd sdk fi # Note: this gets dev-env from the release commit, not the trigger commit eval "$(./dev-env/bin/dade-assist)" msg=$(git log -n1 --format=%b HEAD | head -1) # Keep this line in sync with RELEASE_PR_NOTIF in ci/cron/wednesday.yml if [ "$msg" = "This PR has been created by a script, which is not very smart" ]; then pr_handler="<@$(next_in_rotation_slack)>" else pr_handler="" fi curl -XPOST \ -i \ -H 'Content-Type: application/json' \ --data "{\"text\":\"${pr_handler} Release \`$(release_tag)\` is ready for testing. See . (, , )\"}" \ $(Slack.team-daml) - template: ci/tell-slack-failed.yml parameters: trigger_sha: '$(trigger_sha)' - template: ci/report-end.yml - template: ci/split-release-job.yml - template: ci/refresh-get-daml-com.yml