release automation (#906)

When a release is tagged, automatically build the release package and
create a draft of the release. Since the build is automated we are also
performing provenance as per [SLSA3](https://slsa.dev/) and uploading
that as a release asset.

This also fixes a couple of recent issues:
* validation of the packaging itself was broken when we migrated from
cirrus ci to github actions.
 * clang32 for msys2 has been deprecated causing building to fail.

Authored-By: Brad House (@bradh352)
pull/915/head
Brad House 1 month ago committed by GitHub
parent 35c0cdcbe5
commit bbea2cd28e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
  1. 1
      .github/workflows/msys2.yml
  2. 81
      .github/workflows/package.yml
  3. 9
      ci/distcheck.sh

@ -25,7 +25,6 @@ jobs:
matrix:
include:
- { msystem: CLANG64, env: clang-x86_64, extra_packages: "mingw-w64-clang-x86_64-clang mingw-w64-clang-x86_64-clang-analyzer" }
- { msystem: CLANG32, env: clang-i686, extra_packages: "mingw-w64-clang-i686-clang mingw-w64-clang-i686-clang-analyzer" }
- { msystem: MINGW64, env: x86_64, extra_packages: "mingw-w64-x86_64-gcc" }
- { msystem: MINGW32, env: i686, extra_packages: "mingw-w64-i686-gcc" }
# No need to test UCRT64 since clang64 uses UCRT

@ -0,0 +1,81 @@
# Copyright (C) The c-ares project and its contributors
# SPDX-License-Identifier: MIT
name: Build Release Package
on:
push:
concurrency:
group: ${{ github.ref }}-build-release-package
cancel-in-progress: true
env:
TEST_FILTER: "--gtest_filter=-*LiveSearchTXT*:*LiveSearchANY*"
MAKE: make
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: write
discussions: write
outputs:
hashes: ${{ steps.hash.outputs.hashes }}
version: ${{ steps.version.outputs.version }}
name: "build"
steps:
- name: Install packages
uses: awalsh128/cache-apt-pkgs-action@latest
with:
packages: autoconf automake libtool g++ libgmock-dev pkg-config gdb
version: 1.0
- name: Checkout c-ares
uses: actions/checkout@v4
- name: Get Tag version
id: version
run: |
version=`echo ${GITHUB_REF} | grep '^refs/tags/v' | sed -e 's|^refs/tags/v\(.*\)|\1|'`
if [ "$version" = "" ] ; then
version="prerelease"
fi
echo "version=${version}" >> "$GITHUB_OUTPUT"
- name: "build c-ares tarball"
run: |
autoreconf -fi
./configure
make dist
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: "c-ares-src-tarball"
path: 'c-ares-*.tar.gz'
if-no-files-found: error
overwrite: true
retention-days: 7
- name: Upload Release
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
body_path: RELEASE-NOTES.md
draft: true
make_latest: true
name: ${{ steps.version.outputs.version }}
files: c-ares-${{ steps.version.outputs.version }}.tar.gz
fail_on_unmatched_files: true
discussion_category_name: "Announcements"
- name: Generate subject
id: hash
run: |
set -euo pipefail
echo "hashes=$(sha256sum c-ares-*.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT"
provenance:
needs: [build]
permissions:
actions: read # To read the workflow path.
id-token: write # To sign the provenance.
contents: write # To add assets to a release.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
with:
base64-subjects: "${{ needs.build.outputs.hashes }}"
upload-assets: ${{ startsWith(github.ref, 'refs/tags/') }}
provenance-name: "c-ares-${{ needs.build.outputs.version }}.intoto.jsonl"

@ -3,14 +3,9 @@
# SPDX-License-Identifier: MIT
set -e -x
OS=""
if [ "$TRAVIS_OS_NAME" != "" ]; then
OS="$TRAVIS_OS_NAME"
elif [ "$CIRRUS_OS" != "" ]; then
OS="$CIRRUS_OS"
fi
OS=`uname -s || true`
if [ "$OS" = "linux" ]; then
if [ "$OS" = "Linux" ]; then
# Make distribution tarball
autoreconf -fi
./configure

Loading…
Cancel
Save