Skip to content

chore(main): release 1.17.1 #37

chore(main): release 1.17.1

chore(main): release 1.17.1 #37

name: release:trdl-release
on:
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+*"
repository_dispatch:
types: ["release:trdl-release"]
workflow_dispatch:
jobs:
release:
name: Perform release using trdl server
runs-on: ubuntu-22.04
steps:
- name: Notify
uses: mattermost/action-mattermost-notify@master
with:
MATTERMOST_WEBHOOK_URL: ${{ secrets.LOOP_NOTIFICATION_WEBHOOK }}
MATTERMOST_CHANNEL: ${{ vars.LOOP_NOTIFICATION_CHANNEL }}
TEXT: |
${{ vars.LOOP_NOTIFICATION_GROUP }} [${{ github.workflow }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) nelm task sign pls
- name: Release with retry
uses: werf/trdl-vault-actions/release@main
with:
vault-addr: ${{ secrets.TRDL_VAULT_ADDR }}
project-name: nelm
git-tag: ${{ github.ref_name }}
vault-auth-method: approle
vault-role-id: ${{ secrets.TRDL_VAULT_ROLE_ID }}
vault-secret-id: ${{ secrets.TRDL_VAULT_SECRET_ID }}
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
fetch-tags: true
- name: Get version from CHANGELOG.md
id: get_version
run: |
VERSION=$(grep -m1 '^#\+ \[[0-9]\+\.[0-9]\+\.[0-9]\+\]' CHANGELOG.md | sed -E 's/^#+ \[([0-9]+\.[0-9]+\.[0-9]+)\].*/\1/')
echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Generate notes.md
id: notes
run: |
VERSION="${{ steps.get_version.outputs.version }}"
echo "## Changelog" > notes.md
awk -v version="$VERSION" '
$0 ~ "^#+ \\[" version "\\]" {capture=1; next}
capture && $0 ~ "^#+ \\[" && $0 !~ "^#+ \\[" version "\\]" {exit}
capture {print}
' CHANGELOG.md >> notes.md
cat <<EOF >> notes.md
## Install via trdl (with autoupdates, highly secure)
1. [Install trdl client binary](https://github.com/werf/trdl/releases/latest), preferably to \`~/bin\`.
2. Add Nelm TUF repository to trdl:
\`\`\`shell
trdl add nelm https://tuf.nelm.sh 1 2122fb476c48de4609fe6d3636759645996088ff6796857fc23ba4b8331a6e3a58fc40f1714c31bda64c709ef6f49bcc4691d091bad6cb1b9a631d8e06e1f308
\`\`\`
3. Make \`nelm\` binary available in the current shell:
\`\`\`shell
source "\$(trdl use nelm 1 stable)"
\`\`\`
## Install binaries directly (no autoupdates)
Download \`nelm\` binaries from here:
* [Linux amd64](https://tuf.nelm.sh/targets/releases/$VERSION/linux-amd64/bin/nelm) ([PGP signature](https://tuf.nelm.sh/targets/signatures/$VERSION/linux-amd64/bin/nelm.sig))
* [Linux arm64](https://tuf.nelm.sh/targets/releases/$VERSION/linux-arm64/bin/nelm) ([PGP signature](https://tuf.nelm.sh/targets/signatures/$VERSION/linux-arm64/bin/nelm.sig))
* [macOS amd64](https://tuf.nelm.sh/targets/releases/$VERSION/darwin-amd64/bin/nelm) ([PGP signature](https://tuf.nelm.sh/targets/signatures/$VERSION/darwin-amd64/bin/nelm.sig))
* [macOS arm64](https://tuf.nelm.sh/targets/releases/$VERSION/darwin-arm64/bin/nelm) ([PGP signature](https://tuf.nelm.sh/targets/signatures/$VERSION/darwin-arm64/bin/nelm.sig))
* [Windows amd64](https://tuf.nelm.sh/targets/releases/$VERSION/windows-amd64/bin/nelm.exe) ([PGP signature](https://tuf.nelm.sh/targets/signatures/$VERSION/windows-amd64/bin/nelm.exe.sig))
These binaries were signed with PGP and could be verified with the [Nelm PGP public key](https://raw.githubusercontent.com/werf/nelm/refs/heads/main/nelm.asc). For example, \`nelm\` binary can be downloaded and verified with \`gpg\` on Linux with these commands:
\`\`\`shell
curl -sSLO "https://tuf.nelm.sh/targets/releases/$VERSION/linux-amd64/bin/nelm" -O "https://tuf.nelm.sh/targets/signatures/$VERSION/linux-amd64/bin/nelm.sig"
curl -sSL https://raw.githubusercontent.com/werf/nelm/refs/heads/main/nelm.asc | gpg --import
gpg --verify nelm.sig nelm
\`\`\`
EOF
- name: Create release
env:
GH_TOKEN: ${{ secrets.RELEASE_PLEASE_TOKEN }}
run: |
gh release create "v${{ steps.get_version.outputs.version }}" \
--title "v${{ steps.get_version.outputs.version }}" \
--prerelease \
--notes-file notes.md
notify:
if: always()
needs: release
uses: werf/common-ci/.github/workflows/notification.yml@main
secrets:
loopNotificationGroup: ${{ vars.LOOP_NOTIFICATION_GROUP }}
webhook: ${{ secrets.LOOP_NOTIFICATION_WEBHOOK }}
notificationChannel: ${{ vars.LOOP_NOTIFICATION_CHANNEL }}