daml/azure-pipelines.yml
2024-01-16 15:29:05 +01:00

166 lines
6.3 KiB
YAML

# Copyright (c) 2024 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
# Azure Pipelines file, see https://aka.ms/yaml
# Enable builds on all branches
trigger:
# Build every commit as our release process relies on
# the release process being built alone.
batch: false
branches:
include:
- main
- main-2.x
# Enable PR triggers that target the main branch
pr: none
jobs:
- template: ci/build.yml
parameters:
test_mode: main
- template: ci/check-for-release-job.yml
- job: release
dependsOn: [ "check_for_release", "Linux", "macOS", "Windows" ]
condition: and(succeeded(),
eq(dependencies.check_for_release.outputs['out.is_release'], 'true'),
eq(dependencies.check_for_release.outputs['out.split_release_process'], 'false'),
eq(variables['Build.SourceBranchName'], 'main'))
pool:
name: 'ubuntu_20_04'
demands: assignment -equals default
variables:
release_sha: $[ dependencies.check_for_release.outputs['out.release_sha'] ]
release_tag: $[ dependencies.check_for_release.outputs['out.release_tag'] ]
trigger_sha: $[ dependencies.check_for_release.outputs['out.trigger_sha'] ]
steps:
- template: ci/report-start.yml
- checkout: self
persistCredentials: true
- bash: |
set -euo pipefail
git checkout $(release_sha)
name: checkout_release
- template: ci/bash-lib.yml
parameters:
var_name: bash-lib
- bash: |
set -euo pipefail
source $(bash-lib)
if git tag v$(release_tag) $(release_sha); then
git push origin v$(release_tag)
mkdir $(Build.StagingDirectory)/release-artifacts
else
setvar skip-github TRUE
fi
- task: DownloadPipelineArtifact@0
inputs:
artifactName: linux-release
targetPath: $(Build.StagingDirectory)/release-artifacts
condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE')))
- task: DownloadPipelineArtifact@0
inputs:
artifactName: macos-release
targetPath: $(Build.StagingDirectory)/release-artifacts
condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE')))
- task: DownloadPipelineArtifact@0
inputs:
artifactName: windows-release
targetPath: $(Build.StagingDirectory)/release-artifacts
condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE')))
- bash: |
set -euo pipefail
# Note: this gets dev-env from the release commit, not the trigger commit
eval "$(./dev-env/bin/dade-assist)"
KEY_FILE=$(mktemp)
GPG_DIR=$(mktemp -d)
cleanup() {
rm -rf $KEY_FILE $GPG_DIR
}
trap cleanup EXIT
echo "$GPG_KEY" | base64 -d > $KEY_FILE
gpg --homedir $GPG_DIR --no-tty --quiet --import $KEY_FILE
cd $(Build.StagingDirectory)/release-artifacts/github
sha256sum $(find . -type f | sort) > sha256sums
# Note: relies on our release artifacts not having spaces in their
# names. Creates a ${f}.asc with the signature for each $f.
for f in *; do
gpg --homedir $GPG_DIR -ab $f
done
cd ../artifactory
for f in *; do
gpg --homedir $GPG_DIR -ab $f
done
env:
GPG_KEY: $(gpg-code-signing)
- task: GitHubRelease@0
inputs:
gitHubConnection: 'garyverhaegen-da'
repositoryName: '$(Build.Repository.Name)'
action: 'create'
target: '$(release_sha)'
tagSource: 'manual'
tag: 'v$(release_tag)'
assets: $(Build.StagingDirectory)/release-artifacts/github/*
assetUploadMode: 'replace'
title: '$(release_tag)'
addChangeLog: false
isPrerelease: true
releaseNotesSource: 'input'
releaseNotes: "This is a pre-release. Use at your own risk."
condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE')))
- bash: |
set -euo pipefail
# Note: this gets dev-env from the release commit, not the trigger commit
eval "$(./dev-env/bin/dade-assist)"
./ci/publish-artifactory.sh $(Build.StagingDirectory) $(release_tag)
env:
AUTH: $(ARTIFACTORY_USERNAME):$(ARTIFACTORY_PASSWORD)
condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE')))
- bash: |
set -euo pipefail
# Note: this gets dev-env from the release commit, not the trigger commit
eval "$(./dev-env/bin/dade-assist)"
source $(bash-lib)
cd $(Build.StagingDirectory)/release-artifacts/github
for f in *; do
gcs "$GCRED" cp "$f" "gs://daml-data/releases/$(release_tag)/github/$f"
done
cd $(Build.StagingDirectory)/release-artifacts/artifactory
for f in *; do
gcs "$GCRED" cp "$f" "gs://daml-data/releases/$(release_tag)/artifactory/$f"
done
name: backup_to_gcs
env:
GCRED: $(GOOGLE_APPLICATION_CREDENTIALS_CONTENT)
condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE')))
- bash: |
set -euo pipefail
source $(bash-lib)
# Note: this gets dev-env from the release commit, not the trigger commit
eval "$(./dev-env/bin/dade-assist)"
msg=$(git log -n1 --format=%b HEAD | head -1)
# Keep this line in sync with RELEASE_PR_NOTIF in ci/cron/wednesday.yml
if [ "$msg" = "This PR has been created by a script, which is not very smart" ]; then
pr_handler="<@$(next_in_rotation_slack)>"
else
pr_handler=""
fi
curl -XPOST \
-i \
-H 'Content-Type: application/json' \
--data "{\"text\":\"${pr_handler} Release \`$(release_tag)\` is ready for testing. See <https://github.com/digital-asset/daml/blob/main/release/RELEASE.md|release instructions>. (<https://dev.azure.com/digitalasset/daml/_build/results?buildId=$(Build.BuildId)|build>, <https://github.com/digital-asset/daml/commit/$(trigger_sha)|trigger commit>, <https://github.com/digital-asset/daml/commit/$(release_sha)|target commit>)\"}" \
$(Slack.team-daml)
- template: ci/tell-slack-failed.yml
parameters:
trigger_sha: '$(trigger_sha)'
- template: ci/report-end.yml
- template: ci/split-release-job.yml
- template: ci/refresh-get-daml-com.yml