ci: update release process with release-please

matter-labs · Jan 18, 2025 · 17b8157 · 17b8157
1 parent 3afd716
commit 17b8157
Show file tree

Hide file tree

Showing 7 changed files with 193 additions and 205 deletions.
diff --git a/.github/release-please/config.json b/.github/release-please/config.json
@@ -0,0 +1,19 @@
+{
+  "bump-minor-pre-major": true,
+  "bump-patch-for-minor-pre-major": true,
+  "release-type": "simple",
+  "include-component-in-tag": false,
+  "group-pull-request-title-pattern": "chore: release ${component} ${version}",
+  "draft": true,
+  "packages": {
+    ".": {
+      "component": "anvil-zksync",
+      "extra-files": [
+        {
+          "type": "generic",
+          "path": "Cargo.toml"
+        }
+      ]
+    }
+  }
+}
diff --git a/.github/release-please/manifest.json b/.github/release-please/manifest.json
@@ -0,0 +1,3 @@
+{
+  ".": "0.2.4"
+}
diff --git a/.github/workflows/build-push-docker.yml b/.github/workflows/build-push-docker.yml
@@ -1,56 +1,44 @@
 name: Build and push Docker image
+
 on:
+  workflow_call:
+    inputs:
+      tag:
+        type: string
+        description: 'The tag to use for the Docker image'
+        required: true
   push:
     branches:
       - main
-    tags:
-      - "*"
 
-env:
-  PLATFORMS: 'linux/amd64,linux/arm64'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
 
 jobs:
-  set-tags:
-    name: Set Docker Tags
-    runs-on: ubuntu-latest
-    outputs:
-      base_tag: ${{ steps.set_tag.outputs.base_tag }}
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set Git SHA
-        id: git_sha
-        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
-
-      - name: Determine Base Tag
-        id: set_tag
-        run: |
-          ts=$(date +%s%N | cut -b1-13)
-          if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
-            echo "base_tag=${{ steps.git_sha.outputs.sha_short }}-${ts}" >> $GITHUB_OUTPUT
-          elif [[ "${{ github.ref }}" == refs/tags/* ]]; then
-            echo "base_tag=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT
-          elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
-            echo "base_tag=none" >> $GITHUB_OUTPUT
-          else
-            echo "Unsupported event ${GITHUB_EVENT_NAME} or ref ${GITHUB_REF}. Only refs/heads/main, refs/tags/*, and pull_request are supported."
-            exit 1
-          fi
 
   build-push-image:
     name: Build and Push Docker Image
     runs-on: matterlabs-ci-runner-high-performance
-    needs: set-tags
+    env:
+      DOCKERHUB_IMAGE: us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/anvil-zksync
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.tag || '' }}
 
-      - name: Login to GAR
+      - name: Determine Base Tag
+        id: set_tag
+        shell: 'bash -ex {0}'
         run: |
-          gcloud auth configure-docker us-docker.pkg.dev -q
+          [ ! -z "${{ inputs.tag }}" ] && BASE_TAG="${{ inputs.tag }}" \
+            || BASE_TAG="$(git rev-parse --short HEAD)-$(date +%s%N | cut -b1-13)" 
+          echo "base_tag=${BASE_TAG}" >> "${GITHUB_OUTPUT}"
+
+      - name: Login to GAR
+        run: gcloud auth configure-docker us-docker.pkg.dev -q
 
       - name: Login to GHCR
         uses: docker/login-action@v3
@@ -63,19 +51,27 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: Build and push Docker image
-        id: docker_build
         uses: docker/build-push-action@v6
+        id: push
         with:
           context: .
-          push: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')) }}
-          platforms: ${{ env.PLATFORMS }}
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: 'linux/amd64,linux/arm64'
           cache-from: type=gha
           cache-to: type=gha,mode=max
           tags: |
-            ghcr.io/${{ github.repository_owner }}/anvil-zksync:${{ needs.set-tags.outputs.base_tag }}
-            us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/anvil-zksync:${{ needs.set-tags.outputs.base_tag }}
+            ghcr.io/${{ github.repository }}:${{ steps.set_tag.outputs.base_tag }}
+            ${{ env.DOCKERHUB_IMAGE }}:${{ steps.set_tag.outputs.base_tag }}
+
+      - name: Generate docker image attestation
+        if: ${{ inputs.tag != '' }}
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ghcr.io/${{ github.repository }}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
 
       - name: Print image digest to summary
         run: |
-          echo "Image tags: ghcr.io/${{ github.repository_owner }}/anvil-zksync:${{ needs.set-tags.outputs.base_tag }}" >> $GITHUB_STEP_SUMMARY
-          echo "Image tags: us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/anvil-zksync:${{ needs.set-tags.outputs.base_tag }}" >> $GITHUB_STEP_SUMMARY
+          echo "Image tags: ghcr.io/${{ github.repository }}:${{ steps.set_tag.outputs.base_tag }}" >> "${GITHUB_STEP_SUMMARY}"
+          echo "Image tags: ${{ env.DOCKERHUB_IMAGE }}:${{ steps.set_tag.outputs.base_tag }}" >> "${GITHUB_STEP_SUMMARY}"
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -0,0 +1,50 @@
+name: Release-please
+
+# Give permissions to the release-please bot to open and update PRs
+# and commit to PRs the repository to update Cargo.lock
+permissions:
+  contents: write
+  pull-requests: write
+  id-token: write
+  attestations: write
+
+# Run the workflow on push to the main branch and manually
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+
+  # Prepare the release PR with changelog updates and create github releases
+  # Do not publish to crates.io or upgrade dependencies
+  release-please:
+    uses: matter-labs/zksync-ci-common/.github/workflows/release-please.yaml@v1
+    secrets:
+      slack_webhook: ${{ secrets.SLACK_WEBHOOK }}
+      gh_token: ${{ secrets.GITHUB_TOKEN }}
+    with:
+      config: '.github/release-please/config.json'     # Specify the path to the configuration file
+      manifest: '.github/release-please/manifest.json' # Specify the path to the manifest file
+      update-cargo-lock: true                          # Update Cargo.lock file
+      publish-to-crates-io: false                      # Disable publishing to crates.io
+      upgrade-dependencies: false                      # Do not upgrade workspace dependencies
+
+  # Trigger workflow to publish binaries
+  release-binaries:
+    if: ${{ needs.release-please.outputs.releases_created == 'true' }}
+    needs: release-please
+    uses: ./.github/workflows/release.yml
+    with:
+      tag: ${{ needs.release-please.outputs.tag_name }}
+    secrets: inherit
+
+  # Trigger workflow to publish docker images
+  release-docker:
+    if: ${{ needs.release-please.outputs.releases_created == 'true' }}
+    needs: release-please
+    uses: ./.github/workflows/build-push-docker.yml
+    with:
+      tag: ${{ needs.release-please.outputs.tag_name }}
+    secrets: inherit