GH Actions: Add action to upload release to SVN repo#27591
Conversation
|
Size Change: +34.2 kB (+3%) Total Size: 1.28 MB
ℹ️ View Unchanged
|
youknowriad
left a comment
There was a problem hiding this comment.
I like this approach, moving bits by bits to a CI script starting from the end :)
Do you know if we can test the new validation API Github released in this action?
| unzip gutenberg.zip -d trunk | ||
| rm gutenberg.zip | ||
|
|
||
| - name: Replace the stable tag placeholder with the existing stable tag on the SVN repository |
There was a problem hiding this comment.
Not sure I understand why this step is needed? Do we do that in the release script as well? I mean we're supposed to update the stable tag after the svn tag is created, right?
There was a problem hiding this comment.
Not sure I understand why this step is needed? Do we do that in the release script as well? I mean we're supposed to update the stable tag after the svn tag is created, right?
Yeah, I carried this one over from the release script, and it didn't seem to make too much sense to me either 😬
Happy to remove it 👍
There was a problem hiding this comment.
Well if it's in the release script, maybe @jorgefilipecosta know why it's needed.
There was a problem hiding this comment.
The readme.txt of the plugin is maintained on the Github repository. But it does not refer a stable tag, it contains "Stable tag: V.V.V" as the stable tag.
When we commit something to trunk we first need to put the previous stable tag on the placeholder. Then when tagging the release we update the stable tag again.
There was a problem hiding this comment.
Okay, I think I understand now. I'll rephrase, to highlight what I think is crucial here:
- We update trunk to match the build we've just produced.
- We tag that snapshot of trunk with the current version.
- We set the stable version in
readme.txtto point to that tag.
Steps 1. and 3. update trunk/. However, we cannot update the stable version to the new one in step 1, as the tag doesn't exist yet. Obviously, we also cannot leave it at V.V.V, so instead, we set it to the previous version.
There was a problem hiding this comment.
This has a bit of a weird side effect however: A tag's readme.txt has the previous version set as its Stable version. See e.g. 9.5.2's readme.txt: https://plugins.trac.wordpress.org/browser/gutenberg/tags/9.5.2/readme.txt#L6 ("Stable tag: 9.5.1")
Or 9.3.0's: https://plugins.trac.wordpress.org/browser/gutenberg/tags/9.3.0/readme.txt#L6 ("Stable tag: 9.2.2")
There was a problem hiding this comment.
In a follow-up, I think this could be addressed by:
- Creating the new tag first.
- I still have to brush up my svn-fu, but I think this could be done by copying the previous tag to the new one (all remotely?), then checking out the new one locally, and overriding it with the new Gutenberg plugin contents (including the new version). (This assumes that unlike git, svn tags are more like branches, and can be "pushed" to after creating.)
- Copying/merging/... that new tag to
trunk/.
e92b926 to
a48e379
Compare
Happy to hear! 🎉
You mean this thing you mentioned the other day? I'd be happy to give that a try, but haven't really found any public-facing documentation on that yet. Do you have any pointers? |
youknowriad
left a comment
There was a problem hiding this comment.
Should we go ahead and remove this part from the release command?
|
The manual approval thing doesn't seem to be released yet. We'll have to circle back later for that. |
Will do! 👍 |
Done per the last two commits. To get this ready for prime time, we need to:
@youknowriad Want me to proceed with # 1.? (Once I do this, it'll be harder to give this a 'dry-run' test.) Item # 2. apparently requires either the owner of the |
|
I can do 2, I'm wondering who's credentials we should put there or if we should created a dedicated wp.org account for that. Thoughts cc @mcsf |
Dedicated seems to make sense to me 🤔 |
This makes more sense to me, but have we consulted #meta? Maybe @ocean90? |
cfa120d to
0564cc0
Compare
|
I've now removed the |
youknowriad
left a comment
There was a problem hiding this comment.
YOLO, I'm doing the next stable release on Wednesday, I guess if something wrong happens, it's on me :P
|
Thanks @youknowriad! I just noticed I apparently need to reference the environment in the job: https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#jobsjob_idenvironment Will push a commit! |
|
The environment name I've used is |
|
Thanks! Set the environment per 0259ab6. |
|
What could go wrong 🤷♂️ :) |
|
I'll give this a quick test using my fork and an svn test repo (set up via https://riouxsvn.com/, as suggested by @jorgefilipecosta in Slack). |
This has worked well in my testing: https://github.com/ockham/gutenberg/runs/1645617284?check_suite_focus=true. I even recreated the
The plugin was successfully uploaded to my test repo (both trunk and new tag), and the version in |
The idea here is to couple the upload of the Gutenberg plugin to the WP.org plugin repo tightly to when a new release is published to GitHub, rather than running it from the local system of whoever's in charge of releasing that version. Moving parts of the release workflow from locally running scripts to GH actions should overall make the process more easily reproducible, and should free up time and resources required for the release process. The relevant job needs to be [approved](https://docs.github.com/en/free-pro-team@latest/actions/managing-workflow-runs/reviewing-deployments#approving-or-rejecting-a-job) by a qualified reviewer (i.e. a member of the `gutenberg-core` team). This is to ensure that plugin releases cannot be published by anyone who has commit access to the GitHub repo.
Description
Follows
bin/plugin/commands/release.js.The idea here is to couple the upload of the Gutenberg plugin to the WP.org plugin repo tightly to when a new release is published to GitHub, rather than running it from the local system of whoever's in charge of releasing that version.
Moving parts of the release workflow from locally running scripts to GH actions should overall make the process more easily reproducible, and should free up time and resources required for the release process.
The parts that would normally actually upload to the SVN repo are still commented out, since they need credentials -- I put a few
echos instead. These credentials will need to be set as secrets in GitHub's settings.If we want to merge this PR, we'll need to remove the parts from the local release script that are in charge of uploading to svn, so that we won't upload twice (once from the script, once from the GH action).
How has this been tested?
See here for an example run: https://github.com/ockham/gutenberg/runs/1643670225?check_suite_focus=true
Or use the following instructions to test for yourself:
git remote add ockham git@github.com:ockham/gutenberg.gitif your GH username isockham🙂 ).masterbranch (you can reset later):gutenberg.zipas an asset (e.g. downloaded from the WP.org SVN plugin repo). For the release name, use a version number like1.2.3(with no leadingv).git tag v9.9.0-rc.1andgit push --tags ockham)(I've used my Gutenberg fork as an example, you can see the relevant action and release drafts from previous runs there.)
Screenshot
Types of changes
Build automation
Future ideas
Combine with #27488 for an even more automated release workflow
This PR covers the parts that happen after a GH release (with the plugin zipball attached as an asset) is released. I have a companion PR that covers the parts before: #27488 kicks in when a version tag is pushed to the repo. It builds the plugin zipball, creates a draft release, and attaches the plugin zipball as an asset. Merging both PRs could minimize the part of the release workflow that's done on a local machine to updating the changelog, and tagging.
Publish as reusable GH action
If this proves useful, it might make sense to publish it as a more generic GH action that looks for a zip asset attached to a release, and uploads it to the WP.org plugin repo. A similar action exists, but it has an important difference to this:
It uploads a snapshot of the files in the repo that correspond to a tag, rather than the files found in a zipball. Files can be excluded from upload via
.gitignoreand a.distignore. I'm not sure this sort of customizability is sufficient for GB, where we're more selective in picking our files. Generally, I think it's more versatile to use a zipball as the "input" for an action like this.Furthermore, it's Docker-based, which I don't think is strictly necessary.