@sgiehl opened this Pull Request on May 19th 2021 Member

This PR aims to set up a automatic build process.

What this action does:

This action always needs to be triggered manually in the actions tab. This is possible with two purposes:

New release in the current major version

When a new release has to be done this action simply needs to be triggered manually, without setting a version.
The action will then:

  • Check if the user who triggered the action is in the team matomo-org/release-team (needs to be created)
    --> If this is not the case the action will abort with an error
  • The version contained in the file core/Version.php will be extracted and used
    --> If a tag with the determined version already exists the action will abort with an error
  • A new tag for that version will be created
  • The default branch of matomo-org/matomo-package will be checked out and scripts/build-package.sh will be executed
    --> This will create piwik and matomo release archives in zip and tar.gz as well as signature files ending on .asc and upload them to the matomo server
  • In addition to this a new release will be created in the repository and the matomo release archives and signatures will be attached. Depending on the version this will be automatically marked as pre-release or not. The release message for each release type can be adjusted if needed. The result can be seen in my fork: Pre-Release | Normal release

Release in LTS version (or re-release of a broken one)

When releasing a LTS version we can't simply trigger the action. Instead we need to create the tag manually first. After this has been done, the actions needs to be triggered while providing the tagged version number in the according input:
image

The action will then:

  • Check if the user who triggered the action is in the team matomo-org/release-team (needs to be created)
    --> If this is not the case the action will abort with an error
  • The action now checks if a tag for the given version exists
    --> If no tag exists the action will abort with an error
  • The default branch of matomo-org/matomo-package will be checked out and scripts/build-package.sh will be executed
    --> This will create piwik and matomo release archives in zip and tar.gz as well as signature files ending on .asc and upload them to the matomo server
  • As above a new release in the repo will be created for the tag

Additionally the action could also be used to re-release a "broken" release. Even though this should be an uncommon use case, it's possible to simply trigger the action with a version number that already exists. For pre-releases the script should simply run through and recreate the archives. They should then be replaced on the server and in the repo release. For stable releases this currently won't work as the build script aborts if the version is already available on our build server

Requirements:

The team matomo-org/release-team needs to be created and filled with the persons who should be able to trigger this action. This can also be a private group, so no one can directly see who actually has the permission

The action requires the following repository tokens to be set up:

secret name secret value description
GITTOKEN A GitHub API token that is used to check if the current actor is within the release group (e.g. the token's users must be in this group if it's not public)
GPG_CERTIFICATE ASCII armored or Base64 encoded GPG certificate that is used to create the signatures for the archives
GPG_CERTIFICATE_PASS Passphrase of the GPG key
SSH_KEY SSH private key that will be used to connect to the Matomo server (the key shouldn't be password protected)

Testing / Feedback

If someone wants to test the process feel free to get in touch on slack. It's set up on my fork and uses a slightly adjusted build script that uploads the releases to another account. Can give you access...


fixes https://github.com/matomo-org/matomo-package/issues/119

@mattab commented on May 19th 2021 Member

Great to see this progress!

Btw another important step to complete at the end will be to update the instructions at: https://matomo.org/blog/2014/11/verify-signatures-piwik-packages/

@flamisz commented on May 30th 2021 Contributor

Is it ready to review? I see the needs review label but it's still in draft.

@sgiehl commented on May 31st 2021 Member

@flamisz That's because it requires some setup before it could be merged. It's also only a suggestion from my side how the process could work. So it has the needs review and rfc label actually to get some feedback.

@sgiehl commented on June 25th 2021 Member

@mattab @tsteur would be awesome if you can find some time to look into this, so we maybe could set up the automatic release soon.

@mattab commented on June 25th 2021 Member

From my end it looks fantastic @sgiehl - great work! Will save us all time and make our release process faster :rocket:

@tsteur commented on July 20th 2021 Member

@sgiehl what's the status here? can we configure (probably requires @mattab for some keys) and merge and test it?

@sgiehl commented on July 20th 2021 Member

@tsteur Not sure if someone wants to do a code review. Otherwise we can configure it

@tsteur commented on July 20th 2021 Member

👍 wasn't sure as it was set to draft. Generally had a look over it and looked ok-ish but don't know the details. I guess we'd mostly want to test it to ensure it works. Maybe in beginning we wouldn't test it with ssh piwik-builds but some other account.

@github-actions[bot] commented on August 2nd 2021 Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@mattab commented on August 2nd 2021 Member

it would be great to work on this soon, as it will help us to introduce another release manager, so we can release more often and regularly.

@github-actions[bot] commented on August 12th 2021 Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions[bot] commented on August 20th 2021 Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@mattab commented on August 22nd 2021 Member

@sgiehl What are the remaining steps to finish this project? hoping to introduce another release manager, so we can release more often and regularly :rocket:

@sgiehl commented on August 23rd 2021 Member

@mattab I need to find some time looking into or replacing the usage of the external actions we would currently use. Afterwards we need to configure the secrets in GitHub as defined in the PR description create the new GitHub group for release managers and merge this PR.
We could maybe first test it with a SSH key that actually uploads the packages somewhere else.

@github-actions[bot] commented on August 31st 2021 Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions[bot] commented on September 8th 2021 Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@github-actions[bot] commented on September 16th 2021 Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @matomo-org/core-reviewers

@mattab commented on September 22nd 2021 Member

@sgiehl Just curious (it's not urgent), when do you think you could work on this project (in how many weeks)? (after your current priorities of Hits + ongoing PRs reviews)

Powered by GitHub Issue Mirror