@sgiehl opened this Pull Request on May 19th 2021 Member

This PR aims to set up a automatic build process.

What this action does:

This action always needs to be triggered manually in the actions tab. This is possible with two purposes:

New release in the current major version

When a new release has to be done this action simply needs to be triggered manually, without setting a version.
The action will then:

  • Check if the user who triggered the action is in the team matomo-org/release-team (needs to be created)
    --> If this is not the case the action will abort with an error
  • The version contained in the file core/Version.php will be extracted and used
    --> If a tag with the determined version already exists the action will abort with an error
  • A new tag for that version will be created
  • The default branch of matomo-org/matomo-package will be checked out and scripts/build-package.sh will be executed
    --> This will create piwik and matomo release archives in zip and tar.gz as well as signature files ending on .asc and upload them to the matomo server
  • In addition to this a new release will be created in the repository and the matomo release archives and signatures will be attached. Depending on the version this will be automatically marked as pre-release or not. The release message for each release type can be adjusted if needed. The result can be seen in my fork: Pre-Release | Normal release

Release in LTS version (or re-release of a broken one)

When releasing a LTS version we can't simply trigger the action. Instead we need to create the tag manually first. After this has been done, the actions needs to be triggered while providing the tagged version number in the according input:
image

The action will then:

  • Check if the user who triggered the action is in the team matomo-org/release-team (needs to be created)
    --> If this is not the case the action will abort with an error
  • The action now checks if a tag for the given version exists
    --> If no tag exists the action will abort with an error
  • The default branch of matomo-org/matomo-package will be checked out and scripts/build-package.sh will be executed
    --> This will create piwik and matomo release archives in zip and tar.gz as well as signature files ending on .asc and upload them to the matomo server
  • As above a new release in the repo will be created for the tag

Additionally the action could also be used to re-release a "broken" release. Even though this should be an uncommon use case, it's possible to simply trigger the action with a version number that already exists. For pre-releases the script should simply run through and recreate the archives. They should then be replaced on the server and in the repo release. For stable releases this currently won't work as the build script aborts if the version is already available on our build server

Requirements:

The team matomo-org/release-team needs to be created and filled with the persons who should be able to trigger this action. This can also be a private group, so no one can directly see who actually has the permission

The action requires the following repository tokens to be set up:

secret name secret value description
GITTOKEN A GitHub API token that is used to check if the current actor is within the release group (e.g. the token's users must be in this group if it's not public)
GPG_CERTIFICATE ASCII armored or Base64 encoded GPG certificate that is used to create the signatures for the archives
GPG_CERTIFICATE_PASS Passphrase of the GPG key
SSH_KEY SSH private key that will be used to connect to the Matomo server (the key shouldn't be password protected)

Testing / Feedback

If someone wants to test the process feel free to get in touch on slack. It's set up on my fork and uses a slightly adjusted build script that uploads the releases to another account. Can give you access...


fixes https://github.com/matomo-org/matomo-package/issues/119

@mattab commented on May 19th 2021 Member

Great to see this progress!

Btw another important step to complete at the end will be to update the instructions at: https://matomo.org/blog/2014/11/verify-signatures-piwik-packages/

@flamisz commented on May 30th 2021 Contributor

Is it ready to review? I see the needs review label but it's still in draft.

@sgiehl commented on May 31st 2021 Member

@flamisz That's because it requires some setup before it could be merged. It's also only a suggestion from my side how the process could work. So it has the needs review and rfc label actually to get some feedback.

@github-actions[bot] commented on June 8th 2021 Contributor

This issue is in "needs review" but there has been no activity for 7 days. ping @tsteur @sgiehl @diosmosis @flamisz

Powered by GitHub Issue Mirror