mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-20 01:07:18 +03:00
9e1e42d27c
This should hopefully get CI working again. There are two changes in here: 1. We can no longer change our patched Bazel. I didn’t switch away from the current patched version for now (we upload it to gcp bucket so it still works fine even if we cannot build it) but if we upgrade, we need to go to an unpatched version for now. 2. We need to get `az` from dev-env. I tested the self service compat job stuff and it works fine with this but there is a chance other parts don’t. changelog_begin changelog_end
242 lines
8.5 KiB
YAML
242 lines
8.5 KiB
YAML
# Copyright (c) 2022 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
# Azure Pipelines file, see https://aka.ms/yaml
|
|
|
|
# Enable builds on all branches
|
|
trigger:
|
|
# Build every commit as our release process relies on
|
|
# the release process being built alone.
|
|
batch: false
|
|
branches:
|
|
include:
|
|
- main
|
|
- release/*
|
|
|
|
# Enable PR triggers that target the main branch
|
|
pr: none
|
|
|
|
jobs:
|
|
- template: ci/build.yml
|
|
- template: ci/check-for-release-job.yml
|
|
|
|
- job: release
|
|
dependsOn: [ "check_for_release", "Linux", "macOS", "Windows" ]
|
|
condition: and(succeeded(),
|
|
eq(dependencies.check_for_release.outputs['out.is_release'], 'true'),
|
|
eq(dependencies.check_for_release.outputs['out.split_release_process'], 'false'),
|
|
eq(variables['Build.SourceBranchName'], 'main'))
|
|
pool:
|
|
name: 'ubuntu_20_04'
|
|
demands: assignment -equals default
|
|
variables:
|
|
release_sha: $[ dependencies.check_for_release.outputs['out.release_sha'] ]
|
|
release_tag: $[ dependencies.check_for_release.outputs['out.release_tag'] ]
|
|
trigger_sha: $[ dependencies.check_for_release.outputs['out.trigger_sha'] ]
|
|
steps:
|
|
- template: ci/report-start.yml
|
|
- checkout: self
|
|
persistCredentials: true
|
|
- bash: |
|
|
set -euo pipefail
|
|
git checkout $(release_sha)
|
|
name: checkout_release
|
|
- template: ci/bash-lib.yml
|
|
parameters:
|
|
var_name: bash-lib
|
|
- bash: |
|
|
set -euo pipefail
|
|
source $(bash-lib)
|
|
if git tag v$(release_tag) $(release_sha); then
|
|
git push origin v$(release_tag)
|
|
mkdir $(Build.StagingDirectory)/release-artifacts
|
|
else
|
|
setvar skip-github TRUE
|
|
fi
|
|
- task: DownloadPipelineArtifact@0
|
|
inputs:
|
|
artifactName: linux-release
|
|
targetPath: $(Build.StagingDirectory)/release-artifacts
|
|
condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE')))
|
|
- task: DownloadPipelineArtifact@0
|
|
inputs:
|
|
artifactName: macos-release
|
|
targetPath: $(Build.StagingDirectory)/release-artifacts
|
|
condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE')))
|
|
- task: DownloadPipelineArtifact@0
|
|
inputs:
|
|
artifactName: windows-release
|
|
targetPath: $(Build.StagingDirectory)/release-artifacts
|
|
condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE')))
|
|
- bash: |
|
|
set -euo pipefail
|
|
# Note: this gets dev-env from the release commit, not the trigger commit
|
|
eval "$(./dev-env/bin/dade-assist)"
|
|
KEY_FILE=$(mktemp)
|
|
GPG_DIR=$(mktemp -d)
|
|
cleanup() {
|
|
rm -rf $KEY_FILE $GPG_DIR
|
|
}
|
|
trap cleanup EXIT
|
|
echo "$GPG_KEY" | base64 -d > $KEY_FILE
|
|
gpg --homedir $GPG_DIR --no-tty --quiet --import $KEY_FILE
|
|
cd $(Build.StagingDirectory)/release-artifacts/github
|
|
sha256sum $(find . -type f | sort) > sha256sums
|
|
# Note: relies on our release artifacts not having spaces in their
|
|
# names. Creates a ${f}.asc with the signature for each $f.
|
|
for f in *; do
|
|
gpg --homedir $GPG_DIR -ab $f
|
|
done
|
|
cd ../artifactory
|
|
for f in *; do
|
|
gpg --homedir $GPG_DIR -ab $f
|
|
done
|
|
env:
|
|
GPG_KEY: $(gpg-code-signing)
|
|
- task: GitHubRelease@0
|
|
inputs:
|
|
gitHubConnection: 'garyverhaegen-da'
|
|
repositoryName: '$(Build.Repository.Name)'
|
|
action: 'create'
|
|
target: '$(release_sha)'
|
|
tagSource: 'manual'
|
|
tag: 'v$(release_tag)'
|
|
assets: $(Build.StagingDirectory)/release-artifacts/github/*
|
|
assetUploadMode: 'replace'
|
|
title: '$(release_tag)'
|
|
addChangeLog: false
|
|
isPrerelease: true
|
|
releaseNotesSource: 'input'
|
|
releaseNotes: "This is a pre-release. Use at your own risk."
|
|
condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE')))
|
|
- bash: |
|
|
set -euo pipefail
|
|
# Note: this gets dev-env from the release commit, not the trigger commit
|
|
eval "$(./dev-env/bin/dade-assist)"
|
|
./ci/publish-artifactory.sh $(Build.StagingDirectory) $(release_tag)
|
|
env:
|
|
AUTH: $(ARTIFACTORY_USERNAME):$(ARTIFACTORY_PASSWORD)
|
|
condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE')))
|
|
- bash: |
|
|
set -euo pipefail
|
|
|
|
# Note: this gets dev-env from the release commit, not the trigger commit
|
|
eval "$(./dev-env/bin/dade-assist)"
|
|
source $(bash-lib)
|
|
|
|
cd $(Build.StagingDirectory)/release-artifacts/github
|
|
for f in *; do
|
|
gcs "$GCRED" cp "$f" "gs://daml-data/releases/$(release_tag)/github/$f"
|
|
done
|
|
|
|
cd $(Build.StagingDirectory)/release-artifacts/artifactory
|
|
for f in *; do
|
|
gcs "$GCRED" cp "$f" "gs://daml-data/releases/$(release_tag)/artifactory/$f"
|
|
done
|
|
name: backup_to_gcs
|
|
env:
|
|
GCRED: $(GOOGLE_APPLICATION_CREDENTIALS_CONTENT)
|
|
condition: and(succeeded(), not(eq(variables['skip-github'], 'TRUE')))
|
|
- bash: |
|
|
set -euo pipefail
|
|
source $(bash-lib)
|
|
# Note: this gets dev-env from the release commit, not the trigger commit
|
|
eval "$(./dev-env/bin/dade-assist)"
|
|
msg=$(git log -n1 --format=%b HEAD | head -1)
|
|
# Keep this line in sync with RELEASE_PR_NOTIF in ci/cron/wednesday.yml
|
|
if [ "$msg" = "This PR has been created by a script, which is not very smart" ]; then
|
|
pr_handler="<@$(next_in_rotation_slack)>"
|
|
else
|
|
pr_handler=""
|
|
fi
|
|
curl -XPOST \
|
|
-i \
|
|
-H 'Content-Type: application/json' \
|
|
--data "{\"text\":\"${pr_handler} Release \`$(release_tag)\` is ready for testing. See <https://github.com/digital-asset/daml/blob/main/release/RELEASE.md|release instructions>. (<https://dev.azure.com/digitalasset/daml/_build/results?buildId=$(Build.BuildId)|build>, <https://github.com/digital-asset/daml/commit/$(trigger_sha)|trigger commit>, <https://github.com/digital-asset/daml/commit/$(release_sha)|target commit>)\"}" \
|
|
$(Slack.team-daml)
|
|
- template: ci/tell-slack-failed.yml
|
|
parameters:
|
|
trigger_sha: '$(trigger_sha)'
|
|
- template: ci/report-end.yml
|
|
|
|
- template: ci/split-release-job.yml
|
|
|
|
- job: compat_versions_pr
|
|
dependsOn:
|
|
- git_sha
|
|
- release
|
|
- check_for_release
|
|
pool:
|
|
name: ubuntu_20_04
|
|
demands: assignment -equals default
|
|
variables:
|
|
release_tag: $[ dependencies.check_for_release.outputs['out.release_tag'] ]
|
|
branch_sha: $[ dependencies.git_sha.outputs['out.branch'] ]
|
|
steps:
|
|
- checkout: self
|
|
persistCredentials: true
|
|
- bash: ci/dev-env-install.sh
|
|
- template: ci/bash-lib.yml
|
|
parameters:
|
|
var_name: bash_lib
|
|
- bash: |
|
|
set -euo pipefail
|
|
eval "$(./dev-env/bin/dade-assist)"
|
|
|
|
## refresh tags, in case someone deleted one
|
|
git fetch --prune --prune-tags
|
|
|
|
source $(bash_lib)
|
|
|
|
DELAY=1
|
|
while ! curl --fail -I https://repo1.maven.org/maven2/com/daml/ledger-api-test-tool/$(release_tag)/ledger-api-test-tool-$(release_tag).jar; do
|
|
sleep $DELAY
|
|
DELAY=$(( DELAY * 2 ))
|
|
if (( $DELAY > 2000 )); then
|
|
echo "Too many attempts waiting for Maven."
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
cp .bazelrc compatibility/
|
|
compatibility/update-versions.sh
|
|
git add compatibility/versions.bzl compatibility/maven_install.json
|
|
|
|
|
|
if ! git diff --cached --quiet; then
|
|
BRANCH=update-compat-versions-for-$(release_tag)-$(Build.BuildId)
|
|
TITLE="update compat versions for $(release_tag)"
|
|
open_pr "$BRANCH" "$TITLE"
|
|
setvar "branch" "$BRANCH"
|
|
else
|
|
echo "No changes"
|
|
setvar "branch" ""
|
|
fi
|
|
|
|
|
|
name: out
|
|
|
|
- template: ci/tell-slack-failed.yml
|
|
parameters:
|
|
trigger_sha: '$(trigger_sha)'
|
|
|
|
- job: compat_versions_pr_trigger_daily
|
|
dependsOn: compat_versions_pr
|
|
pool:
|
|
name: 'ubuntu_20_04'
|
|
demands: assignment -equals default
|
|
variables:
|
|
branch: $[ dependencies.compat_versions_pr.outputs['out.branch'] ]
|
|
steps:
|
|
- checkout: none
|
|
- template: ci/bash-lib.yml
|
|
parameters:
|
|
var_name: bash-lib
|
|
- bash: |
|
|
set -euo pipefail
|
|
eval "$(./dev-env/bin/dade-assist)"
|
|
source $(bash-lib)
|
|
trigger_azure $(System.AccessToken) PRs --branch $(branch)
|
|
trigger_azure $(System.AccessToken) digital-asset.daml-daily-compat --branch $(branch)
|
|
condition: and(succeeded(), not(eq(variables['branch'], '')))
|