GHA: Automate release

Automatically create release from tag, and build artifacts. Release notes are pulled from RELEASE_NOTES.

Signed-off-by: Ashley Cui <acui@redhat.com>

.github/workflows/release.yml

@@ -0,0 +1,143 @@
+name: Release
+on:
+  push:
+    tags:
+      - '*'
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Release version to build and upload (e.g. "v9.8.7")'
+        required: true
+      buildonly:
+        description: 'Build only: Do not create release'
+        default: "true"  # 'choice' type requires string value
+        type: choice
+        options:
+          - "true"  # Must be quoted string, boolean value not supported.
+          - "false"
+
+jobs:
+  check:
+    name: Check
+    runs-on: ubuntu-latest
+    steps:
+    - name: Determine Version
+      id: getversion
+      run: |
+        if [[ -z "${{ inputs.version }}" ]]
+        then
+              VERSION=${{ github.ref_name }}
+        else
+              VERSION=${{ inputs.version }}
+        fi
+        if ! grep -Eq 'v[0-9]+(\.[0-9]+(\.[0-9]+(-.+)?)?)?$' <<<"$VERSION"
+          then
+            echo "Unable to parse release version '$VERSION' from github event JSON, or workflow 'version' input."
+            exit 1
+          fi
+
+        echo "version=$VERSION" >> $GITHUB_OUTPUT
+        echo "::notice::Building $VERSION"
+    - name: Determine release
+      id: buildonly
+      run: |
+        # The 'tag' trigger will not have a 'buildonly' input set. Handle
+        # this case in a readable/maintainable way.
+        if [[ -z "${{ inputs.buildonly }}" ]]
+        then
+          BUILDONLY=false
+        else
+          BUILDONLY=${{ inputs.buildonly }}
+        fi
+        echo "buildonly=$BUILDONLY" >> $GITHUB_OUTPUT
+        echo "::notice::This will be build-only: $BUILDONLY"
+    outputs:
+      version: ${{ steps.getversion.outputs.version }}
+      buildonly: ${{ steps.buildonly.outputs.buildonly }}
+
+  build-artifacts:
+    name: Build Artifacts
+    runs-on: ubuntu-latest
+    needs: check
+    steps:
+    - name: Checkout Version
+      uses: actions/checkout@v4
+      with:
+        ref: ${{needs.check.outputs.version}}
+    - name: Update Rust
+      run: |
+        rustup update stable
+        rustc --version
+        cargo --version
+    - name: Install Protoc
+      run: |
+        sudo apt-get update
+        sudo apt-get -y install protobuf-compiler libprotobuf-dev
+    - name: Build Artifacts
+      run: |
+          make vendor-tarball
+    - name: Upload to Actions as artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: release-artifacts
+        path: vendor-tarball
+
+  release:
+    name: Create Release
+    runs-on: ubuntu-latest
+    if: needs.check.outputs.buildonly == 'false'
+    needs: [check, build-artifacts]
+    permissions:
+      contents: write
+    env:
+      VERSION: ${{needs.check.outputs.version}}
+    steps:
+    - name: Checkout Version
+      uses: actions/checkout@v4
+      with:
+        ref: ${{needs.check.outputs.version}}
+    - name: Get release notes
+      run: |
+        ver="${VERSION%-rc*}"
+        releasenotes="$VERSION-release-notes.md"
+        awk -v ver=$ver '/^## / { if (p) { exit }; if ($2 == ver) { p=1; next } } p' RELEASE_NOTES.md > $releasenotes
+        if [[ -z $(grep '[^[:space:]]' $releasenotes) ]]; then
+          if [[ $VERSION != *-rc* ]]; then
+              echo "::notice:: Release does not have release notes"
+              exit 1
+          else
+          echo "This is a release candidate of netavark $ver." > $releasenotes
+          fi
+        fi
+    - name: Display release notes
+      run: cat $VERSION-release-notes.md
+    - name: Download all artifacts
+      uses: actions/download-artifact@v4
+    - name: Create release
+      env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        title=$VERSION
+        if [[ $VERSION == *-rc* ]]; then
+          RC="--prerelease"
+          title="${title/rc/"RC"}"
+        else
+          # check if this version should not be marked latest
+          prevrelease=$(curl --retry 3 --silent -m 10 --connect-timeout 5 "https://api.github.com/repos/${{ github.repository }}/releases/latest")
+          prevvers=$(echo "$prevrelease" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' | sed -e "s/^v//")
+          vers=${VERSION#"v"}
+          echo "${prevvers},${vers}"
+          # sort -V -C returns 0 if args are ascending version order
+          if !(echo "${prevvers},${vers}" | tr ',' '\n' | sort -V -C)
+          then
+            LATEST="--latest=false"
+          fi
+        fi
+
+        gh release create $VERSION \
+            -t $title \
+            --notes-file $VERSION-release-notes.md \
+            --verify-tag \
+            $RC \
+            $LATEST \
+            release-artifacts/*

.gitignore

@@ -5,6 +5,7 @@ targets/
 netavark.1
 netavark-firewalld.7
 vendor/
+vendor-tarball/
 .idea/*
 contrib/systemd/*/*.service
 .vscode*

Makefile

@@ -77,6 +77,7 @@ crate-publish:
 .PHONY: clean
 clean:
 	rm -rf bin
+	rm -rf vendor-tarball
 	if [ "$(CARGO_TARGET_DIR)" = "targets" ]; then rm -rf targets; fi
 	$(MAKE) -C docs clean
 
@@ -142,8 +143,10 @@ validate: $(CARGO_TARGET_DIR)
 vendor-tarball: build install.cargo-vendor-filterer
 	VERSION=$(shell bin/netavark --version | cut -f2 -d" ") && \
 	$(CARGO) vendor-filterer --format=tar.gz --prefix vendor/ && \
-	mv vendor.tar.gz netavark-v$$VERSION-vendor.tar.gz && \
-	gzip -c bin/netavark > netavark.gz && \
+	mkdir -p vendor-tarball && \
+	mv vendor.tar.gz vendor-tarball/netavark-v$$VERSION-vendor.tar.gz && \
+	gzip -c bin/netavark > vendor-tarball/netavark.gz && \
+	cd vendor-tarball && \
 	sha256sum netavark.gz netavark-v$$VERSION-vendor.tar.gz > sha256sum
 
 .PHONY: install.cargo-vendor-filterer