waza/.github/workflows/release.yml at main · microsoft/waza · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
# Unified release workflow for Waza CLI + azd extension
#
# Two independent flows:
#   Flow 1: Standalone CLI — parallel matrix build → GitHub Release
#   Flow 2: azd Extension — sync versions → build → pack → release → publish → PR back
#
# Triggers:
#   - Tag push matching v*.*.*
#
# See docs/RELEASE.md for usage details.

name: Release

on:
  push:
    tags:
      - 'v*.*.*'

permissions:
  contents: write
  pull-requests: write
  statuses: write

jobs:
  # ──────────────────────────────────────────────
  # Shared: Extract and validate the release version
  # ──────────────────────────────────────────────
  setup-version:
    name: Setup Version
    runs-on: ubuntu-latest
    outputs:
      version: ${{ steps.version.outputs.version }}
      tag: ${{ steps.version.outputs.tag }}
    steps:
      - name: Determine Version
        id: version
        run: |
          VERSION="${GITHUB_REF_NAME#v}"

          # Validate semver format (major.minor.patch with optional pre-release)
          if ! echo "$VERSION" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?(\+[a-zA-Z0-9.]+)?$'; then
            echo "::error::Invalid semver: $VERSION"
            exit 1
          fi

          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
          echo "tag=$GITHUB_REF_NAME" >> "$GITHUB_OUTPUT"
          echo "Releasing version: $VERSION (tag: $GITHUB_REF_NAME)"

  # ════════════════════════════════════════════════
  # FLOW 1: Standalone CLI Release
  # Parallel matrix build, then collect and create GitHub Release
  # ════════════════════════════════════════════════

  build-cli:
    name: CLI ${{ matrix.os }}/${{ matrix.arch }}
    needs: setup-version
    runs-on: ubuntu-latest
    strategy:
      matrix:
        include:
          - os: linux
            arch: amd64
          - os: linux
            arch: arm64
          - os: darwin
            arch: amd64
          - os: darwin
            arch: arm64
          - os: windows
            arch: amd64
          - os: windows
            arch: arm64
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4
        with:
          lfs: true

      - name: Setup Go Environment
        uses: actions/setup-go@v5
        with:
          go-version: '1.26'
          cache-dependency-path: go.sum

      - name: Setup Node.js (for web UI build)
        if: hashFiles('web/package.json') != ''
        uses: actions/setup-node@v4
        with:
          node-version: '22'

      - name: Build Web UI
        if: hashFiles('web/package.json') != ''
        working-directory: web
        run: npm ci && npm run build

      - name: Build Binary
        env:
          GOOS: ${{ matrix.os }}
          GOARCH: ${{ matrix.arch }}
          CGO_ENABLED: '0'
        run: |
          VERSION="${{ needs.setup-version.outputs.version }}"
          BINARY_NAME="waza-${{ matrix.os }}-${{ matrix.arch }}"
          if [ "${{ matrix.os }}" = "windows" ]; then
            BINARY_NAME="${BINARY_NAME}.exe"
          fi

          go build \
            -ldflags "-X main.version=${VERSION}" \
            -o "${BINARY_NAME}" \
            ./cmd/waza

          echo "Built ${BINARY_NAME}"

      - name: Upload Binary Artifact
        uses: actions/upload-artifact@v4
        with:
          name: cli-waza-${{ matrix.os }}-${{ matrix.arch }}
          path: waza-${{ matrix.os }}-${{ matrix.arch }}*
          if-no-files-found: error

  release-cli:
    name: Release CLI
    needs: [setup-version, build-cli]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Download CLI Artifacts
        uses: actions/download-artifact@v4
        with:
          pattern: cli-*
          path: artifacts
          merge-multiple: true

      - name: Generate SHA256 Checksums
        working-directory: artifacts
        run: |
          sha256sum * > checksums.txt
          echo "Generated checksums:"
          cat checksums.txt

      - name: Create GitHub Release
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          TAG="${{ needs.setup-version.outputs.tag }}"
          gh release create "$TAG" \
            --repo "${{ github.repository }}" \
            --title "Waza $TAG" \
            --generate-notes \
            artifacts/*

  # ════════════════════════════════════════════════
  # FLOW 2: azd Extension Release
  # Single job: sync versions → build → pack → release → publish → PR back
  # ════════════════════════════════════════════════

  release-extension:
    name: Release Extension
    needs: setup-version
    runs-on: ubuntu-latest
    env:
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      VERSION: ${{ needs.setup-version.outputs.version }}
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          lfs: true

      - name: Setup Go Environment
        uses: actions/setup-go@v5
        with:
          go-version: '1.26'
          cache-dependency-path: go.sum

      - name: Setup Node.js (for web UI build)
        if: hashFiles('web/package.json') != ''
        uses: actions/setup-node@v4
        with:
          node-version: '22'

      - name: Build Web UI
        if: hashFiles('web/package.json') != ''
        working-directory: web
        run: npm ci && npm run build

      - name: Install Azure Developer CLI
        uses: Azure/setup-azd@v2

      - name: Enable azd Extensions
        run: azd config set alpha.extensions on

      - name: Install azd Extensions Developer Kit
        run: azd extension install microsoft.azd.extensions --source azd

      # ── Sync version files FIRST so all azd commands see the correct version ──
      - name: Sync Version Files
        run: |
          echo "$VERSION" > version.txt
          sed -i "s/^version: .*/version: $VERSION/" extension.yaml
          echo "Synced version.txt and extension.yaml to $VERSION"

      # ── Build & pack ──
      - name: Build Extension
        run: azd x build --all --skip-install

      - name: Pack Extension
        run: azd x pack -o ./artifacts

      # ── Release & publish ──
      - name: Release Extension
        run: |
          azd x release \
            --repo ${{ github.repository }} \
            --version "$VERSION" \
            --title "Waza azd Extension v${VERSION}" \
            --notes-file "./CHANGELOG.md" \
            --artifacts "./artifacts/*.zip,./artifacts/*.tar.gz" \
            --confirm

      - name: Publish Extension
        run: |
          azd x publish \
            --repo ${{ github.repository }} \
            --version "$VERSION" \
            --artifacts "./artifacts/*.zip,./artifacts/*.tar.gz" \
            --registry ./registry.json

      # ── Commit version + registry changes back via PR ──
      # Enterprise policy blocks GITHUB_TOKEN from creating PRs.
      # Push the branch and create the PR. Auto-merge if permitted,
      # otherwise leave the PR open for a maintainer to merge.
      - name: Create Release PR
        run: |
          BRANCH="release/v${VERSION}"

          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"

          # Delete existing remote branch if it exists (handle retries)
          git push origin --delete "$BRANCH" 2>/dev/null || true

          git checkout -b "$BRANCH"
          git add registry.json version.txt extension.yaml
          git commit -m "chore: Update registry and sync versions for v${VERSION}"
          git push origin "$BRANCH"

          # Try to create PR — if enterprise blocks GITHUB_TOKEN PR creation,
          # log the branch URL and succeed so the release doesn't fail.
          PR_URL=$(gh pr create \
            --title "chore: Release v${VERSION} — registry and version sync" \
            --body "## Release v${VERSION}

          Automated update from the [Release](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) workflow.

          ### Changes
          - Updated \`registry.json\` with artifacts for extension version **${VERSION}**
          - Synced \`version.txt\` and \`extension.yaml\` to **${VERSION}**

          > **Note:** Merge this PR to complete the release." \
            --base main \
            --head "$BRANCH" 2>&1) || true

          if echo "$PR_URL" | grep -q "github.com"; then
            echo "✅ Created PR: $PR_URL"

            # Try to report statuses and auto-merge (best-effort)
            PR_SHA=$(git rev-parse HEAD)
            for CONTEXT in "ubuntu-latest" "Lint"; do
              gh api "repos/${{ github.repository }}/statuses/${PR_SHA}" \
                -f state=success \
                -f context="$CONTEXT" \
                -f description="Skipped — automated release PR (run ${{ github.run_id }})" 2>/dev/null || true
            done

            gh pr merge "$PR_URL" --squash --delete-branch 2>/dev/null && echo "✅ Auto-merged" || \
              echo "⚠️ Auto-merge not available — PR is open for manual merge"
          else
            echo "⚠️ Could not create PR (enterprise restriction). Branch pushed: release/v${VERSION}"
            echo "   Create PR manually: https://github.com/${{ github.repository }}/compare/main...release/v${VERSION}"
          fi