From 5fa803300fca33cba0f4e9c974e11311b514f220 Mon Sep 17 00:00:00 2001 From: Leo Fang Date: Fri, 24 Jan 2025 22:52:58 -0500 Subject: [PATCH] backport release workflow to v11 --- .github/workflows/release-upload.yml | 61 ++++++++++++++ .github/workflows/release.yml | 119 +++++++++++++++++++++++++++ 2 files changed, 180 insertions(+) create mode 100644 .github/workflows/release-upload.yml create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release-upload.yml b/.github/workflows/release-upload.yml new file mode 100644 index 0000000000..da7e1377a9 --- /dev/null +++ b/.github/workflows/release-upload.yml @@ -0,0 +1,61 @@ +name: "CI: Upload git archive" + +on: + workflow_call: + inputs: + git-tag: + type: string + required: true + +concurrency: + # Concurrency group that uses the workflow name and PR number if available + # or commit SHA as a fallback. If a new build is triggered under that + # concurrency group while a previous build is running it will be canceled. + # Repeated pushes to a PR will cancel all previous builds, while multiple + # merges to main will not cancel. + group: ${{ github.workflow }}-${{ github.ref_name || github.sha }} + cancel-in-progress: true + +permissions: + contents: write + +jobs: + # create source archive and upload it to the published release + # URL to the archive: https://github.com/NVIDIA//releases/download//-.tar.gz + upload: + if: ${{ !github.event.repository.fork }} + runs-on: ubuntu-latest + env: + ARCHIVE_NAME: ${{ github.event.repository.name }}-${{ inputs.git-tag }} + steps: + - name: Checkout Source + uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: ${{ inputs.git-tag }} + + - name: Create Release Directory + run: mkdir -p release + + - name: Archive Source + run: > + git archive + --format=tar.gz + --prefix="${{ env.ARCHIVE_NAME }}/" + --output="release/${{ env.ARCHIVE_NAME }}.tar.gz" + ${{ inputs.git-tag }} + + - name: Compute Checksum + run: > + sha256sum "release/${{ env.ARCHIVE_NAME }}.tar.gz" + | awk '{print $1}' + > "release/${{ env.ARCHIVE_NAME }}.tar.gz.sha256sum" + + - name: Upload Archive + env: + GH_TOKEN: ${{ github.token }} + run: > + gh release upload + --clobber "${{ inputs.git-tag }}" + --repo "${{ github.repository }}" + release/* diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000000..46a26d5f98 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,119 @@ +name: "CI: Release" + +description: Manually-triggered release workflow. Must have a release note in the draft state and the release commit tagged. + +on: + workflow_dispatch: + inputs: + component: + description: "Component to release" + required: true + type: choice + options: + - cuda-core + - cuda-bindings + - cuda-python + - all + git-tag: + description: "The release git tag" + required: true + type: string + run-id: + description: "The GHA run ID that generated validated artifacts" + required: true + type: string + build-ctk-ver: + type: string + required: true + wheel-dst: + description: "Which wheel index to publish to?" + required: true + type: choice + options: + - testpypi + - pypi + +defaults: + run: + shell: bash --noprofile --norc -xeuo pipefail {0} + +jobs: + check-tag: + runs-on: ubuntu-latest + steps: + - name: Check if draft exists for the tag + env: + GH_TOKEN: ${{ github.token }} + run: | + tags= + for i in $(gh release list -R ${{ github.repository }} --json tagName --jq '.[]| .tagName'); do + tags+=( $i ) + done + is_draft= + for i in $(gh release list -R ${{ github.repository }} --json isDraft --jq '.[]| .isDraft'); do + is_draft+=( $i ) + done + + found=0 + for idx in ${!tags[@]}; do + if [[ "${tags[$idx]}" == "${{ inputs.git-tag }}" ]]; then + echo "found ${{ inputs.git-tag }}" + found=1 + if [[ "${is_draft[$idx]}" != "true" ]]; then + echo "the release note is not in draft state" + exit 1 + fi + break + fi + done + if [[ "$found" == 0 ]]; then + echo "the release is not yet tagged" + exit 1 + fi + + upload-archive: + name: Upload source archive + permissions: + contents: write + needs: + - check-tag + secrets: inherit + uses: + ./.github/workflows/release-upload.yml + with: + git-tag: ${{ inputs.git-tag }} + + publish-wheels: + name: Publish wheels + runs-on: ubuntu-latest + needs: + - check-tag + environment: + name: ${{ inputs.wheel-dst }} + url: https://${{ (inputs.wheel-dst == 'testpypi' && 'test.') || '' }}pypi.org/p/${{ inputs.component }}/ + permissions: + id-token: write + steps: + - name: Download component wheels + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh run download ${{ inputs.run-id }} -p "${{ inputs.component }}*" -R ${{ github.repository }} + mkdir dist + for p in ${{ inputs.component }}* + do + mv ${p}/*.whl dist/ + done + rmdir ${{ inputs.component }}* + + - name: Publish package distributions to PyPI + if: ${{ inputs.wheel-dst == 'pypi' }} + uses: pypa/gh-action-pypi-publish@release/v1 + + - name: Publish package distributions to TestPyPI + if: ${{ inputs.wheel-dst == 'testpypi' }} + uses: pypa/gh-action-pypi-publish@release/v1 + with: + repository-url: https://test.pypi.org/legacy/ + + # TODO: add another job to make the release leave the draft state?