Skip to content

release

release #1245

Workflow file for this run

# `name` value will appear "as is" in the badge.
# See https://docs.github.com/en/actions/configuring-and-managing-workflows/configuring-a-workflow#adding-a-workflow-status-badge-to-your-repository
# yamllint --format github .github/workflows/release.yaml
---
name: "release"
on:
workflow_dispatch:
inputs:
version:
description: Version of the release. Ex v1.18.3 or v1.18.3_debug
required: true
defaults:
run: # use bash for all operating systems unless overridden
shell: bash
jobs:
archive:
name: "Archive Envoy® Release"
runs-on: ubuntu-20.04 # Hard-coding an LTS means maintenance, but only once each 2 years!
steps:
- name: "Checkout"
uses: actions/checkout@v3
- name: "Install car and netlify-cli"
run: |
car_version=1.0.1
car_url=https://github.com/tetratelabs/car/releases/download/v${car_version}/car_${car_version}_linux_amd64.tar.gz
curl -sSL ${car_url} | tar -C /usr/local/bin -xzf -
npm install --save-dev netlify-cli
- name: "Archive Envoy Release"
run: ./bin/archive_release_version.sh envoyproxy/envoy "${{ github.event.inputs.version }}"
- name: "Upload GitHub Release"
uses: ncipollo/release-action@v1
with: # TODO: This would be easier to troubleshoot if used `gh` commands like func-e does.
artifacts: "${{ github.event.inputs.version }}/*"
allowUpdates: true
generateReleaseNotes: false
omitBody: true
tag: ${{ github.event.inputs.version }}
token: ${{ secrets.GITHUB_TOKEN }}
- name: "Trigger Netlify deploy" # The above upload won't create a GHA trigger, so we make one directly
run: ./node_modules/.bin/netlify deploy --message="deploy ${TAG}" --trigger --auth=${NETLIFY_AUTH_TOKEN} --site=${NETLIFY_SITE_ID}
env: # https://github.com/tetratelabs/archive-envoy/settings/secrets
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} # https://app.netlify.com/user/applications/personal
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} # .netlify/state.json/siteId
# Failures here happen after release, meaning they don't block a release. This is ok as we may be releasing Linux
# prior to OS/x being available, or releasing a debug version which is only available on Linux. The failures here are
# only to help us later identify issues, should some user concerns come up.
test:
name: "Test Envoy® Archive (${{ matrix.os }})"
needs: archive
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false # don't fail fast as sometimes failures are operating system specific
matrix:
# Non-deprecated from https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners
# Note: We don't test arm64 on release as it is unlikely to fail and too much effort.
#
# Operating systems in this matrix can run recent versions of Envoy. This needs maintenance
# as Envoy requires newer versions of libc. The point of these tests are only to ensure the tarball wasn't corrupted
# or built for the wrong platform.
include:
# - os: ubuntu-18.04 # Envoy 1.23.x is the last Envoy version that runs on ubuntu-18.04.
- os: ubuntu-20.04 # Envoy 1.24.x requires minimally ubuntu-20.04.
- os: ubuntu-22.04
- os: macos-12
- os: windows-2019
- os: windows-2022
steps:
- name: "Extract `envoy` binary from GitHub release assets"
run: | # https://docs.github.com/en/actions/learn-github-actions/environment-variables
os=$(echo ${RUNNER_OS} | tr '[:upper:]' '[:lower:]' | sed 's/macos/darwin/g' )
gh release -R ${GITHUB_REPOSITORY} download "${{ github.event.inputs.version }}" -p "*-${os}-amd64.tar.xz"
tar --strip-components=2 -xpJf *.tar.xz && rm *.tar.xz
env: # authenticate release downloads in case it is a draft (not public)
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: ./envoy --version