diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index af963c7ba..f28fd5b3e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -75,537 +75,27 @@ jobs: fi echo "GO_VERSION=${GO_VERSION}" echo "go_version=${GO_VERSION}" >> $GITHUB_OUTPUT - - # Secrets are unavailable when building from project forks, so this - # will fail for external PRs, even if we wanted to do it. And we don't. - # We are only going to sign packages that are built from the default branch - # or a version tag, or manually triggered dev builds, so we have enough - # assurance that package signing works, but don't sign every PR build. - - name: Determine whether to sign the Windows artifacts - id: determine_windows_signing - env: - SIGN_FILES: ${{ github.ref_name == github.event.repository.default_branch || startsWith(github.ref, 'refs/tags/v') || github.event_name == 'workflow_dispatch' }} - run: | - set -x # Show exactly what commands are executed - if [[ "${SIGN_FILES}" == "true" ]]; then - echo "Windows artifacts will be signed" - sign_windows_artifacts="true" - else - echo "Windows artifacts will not be signed" - sign_windows_artifacts="false" - fi - echo "sign_windows_artifacts=${sign_windows_artifacts}" >> ${GITHUB_OUTPUT} - - build: - runs-on: ubuntu-latest - needs: [configure] - env: - VERSION: ${{ needs.configure.outputs.k6_version }} - steps: - - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - persist-credentials: false - - name: Install Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6 - with: - go-version: ${{ needs.configure.outputs.go_version }} - check-latest: true - cache: false # against cache-poisoning - - name: Install nfpm (dep and rpm package builder) - run: | - go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.16.0 - - name: Install goversioninfo (.syso file creator) - run: | - go install github.com/josephspurrier/goversioninfo/cmd/goversioninfo@v1.4.0 - - name: Generate Windows binary metadata (.syso files) - run: | - IFS=. read -a version_parts <<< "${VERSION#v}" - IFS=- read -a version_patch <<< "${version_parts[2]}" - - # Need a blank versioninfo.json for the CLI overrides to work. - echo '{}' > versioninfo.json - set -x - goversioninfo -64 \ - -platform-specific=true \ - -charset="1200" \ - -company="Raintank Inc. d.b.a. Grafana Labs" \ - -copyright="© Raintank Inc. d.b.a. Grafana Labs. Licensed under AGPL." \ - -description="A modern load testing tool, using Go and JavaScript" \ - -icon=packaging/k6.ico \ - -internal-name="k6" \ - -original-name="k6.exe" \ - -product-name="k6" \ - -translation="0x0409" \ - -ver-major="${version_parts[0]}" \ - -ver-minor="${version_parts[1]}" \ - -ver-patch="${version_patch[0]}" \ - -special-build=$(IFS='-'; echo "${version_patch[*]:1}";) \ - -product-version="${VERSION#v}" - - set +x - ls -lah | grep -i syso - - - name: Build - run: | - go version - ./build-release.sh "dist" "${VERSION}" - - name: Upload artifacts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 - with: - name: binaries - path: dist/ - retention-days: 7 - - build-docker: - permissions: - contents: read - packages: write - id-token: write - runs-on: ubuntu-latest - needs: [configure] - env: - VERSION: ${{ needs.configure.outputs.k6_version }} - steps: - - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - persist-credentials: false - - name: Build - run: | - docker buildx create \ - --name multibuilder \ - --platform linux/amd64,linux/arm64 \ - --bootstrap --use - docker buildx build \ - --target release \ - --platform linux/amd64,linux/arm64 \ - -t $DOCKER_IMAGE_ID . - - name: Check - run: | - docker buildx build --load -t $DOCKER_IMAGE_ID . - # Assert that simple cases works for the new built image - docker run $DOCKER_IMAGE_ID version - docker run $DOCKER_IMAGE_ID --help - docker run $DOCKER_IMAGE_ID help - docker run $DOCKER_IMAGE_ID run --help - docker run $DOCKER_IMAGE_ID inspect --help - docker run $DOCKER_IMAGE_ID status --help - docker run $DOCKER_IMAGE_ID stats --help - docker run $DOCKER_IMAGE_ID scale --help - docker run $DOCKER_IMAGE_ID pause --help - docker run $DOCKER_IMAGE_ID resume --help - - name: Login to DockerHub - if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v') }} - uses: grafana/shared-workflows/actions/dockerhub-login@c6d954f7cd9c0022018982e01268de6cb75b913c # dockerhub-login/v1.0.2 - - name: Login to GitHub Container Registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 - env: - GITHUB_ACTOR: ${{ github.actor }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - registry: ghcr.io - username: ${{ env.GITHUB_ACTOR }} - password: ${{ env.GITHUB_TOKEN }} - if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v') }} - - name: Publish k6:master images - if: ${{ github.ref == 'refs/heads/master' }} - run: | - echo "Publish $GHCR_IMAGE_ID:master* images" - docker buildx build --push \ - --target release \ - --platform linux/amd64,linux/arm64 \ - -t $DOCKER_IMAGE_ID:master \ - -t ghcr.io/$GHCR_IMAGE_ID:master . - docker buildx build --push \ - --target with-browser \ - --platform linux/amd64,linux/arm64 \ - -t $DOCKER_IMAGE_ID:master-with-browser \ - -t ghcr.io/$GHCR_IMAGE_ID:master-with-browser . - - name: Publish tagged version images - if: ${{ startsWith(github.ref, 'refs/tags/v') }} - run: | - VERSION="${VERSION#v}" - echo "Publish $GHCR_IMAGE_ID:$VERSION images" - docker buildx build --push \ - --target release \ - --platform linux/amd64,linux/arm64 \ - -t $DOCKER_IMAGE_ID:$VERSION \ - -t ghcr.io/$GHCR_IMAGE_ID:$VERSION . - docker buildx build --push \ - --target with-browser \ - --platform linux/amd64,linux/arm64 \ - -t $DOCKER_IMAGE_ID:$VERSION-with-browser \ - -t ghcr.io/$GHCR_IMAGE_ID:$VERSION-with-browser . - # We also want to tag the latest stable version as latest - echo "Publish $GHCR_IMAGE_ID:latest" - docker buildx build --push \ - --target release \ - --platform linux/amd64,linux/arm64 \ - -t $DOCKER_IMAGE_ID:latest \ - -t ghcr.io/$GHCR_IMAGE_ID:latest . - docker buildx build --push \ - --target with-browser \ - --platform linux/amd64,linux/arm64 \ - -t $DOCKER_IMAGE_ID:latest-with-browser \ - -t ghcr.io/$GHCR_IMAGE_ID:latest-with-browser . - - # Forks, PRs etc. won't actually sign the binary, but the workflow will run most of the same steps as - # GitHub Actions workflows don't support conditional `needs` so we have to run the signing step unconditionally. - sign-binaries: - permissions: - contents: read - actions: read - id-token: write # Required for Vault - - env: - VERSION: ${{ needs.configure.outputs.k6_version }} - - environment: - name: azure-trusted-signing - - runs-on: windows-latest - defaults: - run: - shell: pwsh - needs: [configure, build] - outputs: - binary_artifact_name: ${{ steps.assign-artifact-names.outputs.binary-artifact-name }} - windows_binary_artifact_name: ${{ steps.assign-artifact-names.outputs.windows-binary-artifact-name }} - steps: - - name: Download binaries - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 - with: - name: binaries - path: dist - - - name: Unzip Windows binary - run: | - Expand-Archive -Path ".\dist\k6-${env:VERSION}-windows-amd64.zip" -DestinationPath .\packaging\ - - - name: Upload artifact for Windows installer build - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 - with: - name: windows-binary - path: 'packaging/k6-${{ env.VERSION }}-windows-amd64/k6.exe' - retention-days: 7 - if-no-files-found: error - - - name: Get secrets for Azure Trusted Signing - uses: grafana/shared-workflows/actions/get-vault-secrets@a37de51f3d713a30a9e4b21bcdfbd38170020593 # get-vault-secrets/v1.3.0 - id: get-signing-secrets - if: needs.configure.outputs.sign_windows_artifacts == 'true' - with: - export_env: false - repo_secrets: | - client-id=azure-trusted-signing:client-id - subscription-id=azure-trusted-signing:subscription-id - tenant-id=azure-trusted-signing:tenant-id - - - name: Sign Windows binary - uses: grafana/shared-workflows/actions/azure-trusted-signing@e86cdb1c0a8cf5df57d3078f285261f7c9577174 # azure-trusted-signing/v1.0.0 - id: sign-artifacts - if: needs.configure.outputs.sign_windows_artifacts == 'true' - with: - application-description: 'Grafana k6' - artifact-to-sign: 'windows-binary' - azure-client-id: ${{ fromJSON(steps.get-signing-secrets.outputs.secrets).client-id }} - azure-subscription-id: ${{ fromJSON(steps.get-signing-secrets.outputs.secrets).subscription-id }} - azure-tenant-id: ${{ fromJSON(steps.get-signing-secrets.outputs.secrets).tenant-id }} - signed-artifact-name: 'windows-binary-signed' - - - name: Download signed Windows binary - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 - if: needs.configure.outputs.sign_windows_artifacts == 'true' - with: - name: ${{ steps.sign-artifacts.outputs.artifact-name }} - path: 'packaging/k6-${{ env.VERSION }}-windows-amd64' - - # Re-zip the signed Windows binary to replace the original unsigned version - - name: Zip signed Windows binary - if: needs.configure.outputs.sign_windows_artifacts == 'true' - run: | - Compress-Archive -Path ".\packaging\*" -DestinationPath ".\dist\k6-${env:VERSION}-windows-amd64.zip" -Force - - - name: Upload signed artifacts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 - if: needs.configure.outputs.sign_windows_artifacts == 'true' - with: - name: binaries-signed - path: dist/ - retention-days: 7 - if-no-files-found: error - - - name: Assign artifact name for Windows binary for installer build - id: assign-artifact-names - env: - BINARY_ARTIFACT_NAME: ${{ needs.configure.outputs.sign_windows_artifacts == 'true' && 'binaries-signed' || 'binaries' }} - WINDOWS_BINARY_ARTIFACT_NAME: ${{ needs.configure.outputs.sign_windows_artifacts == 'true' && steps.sign-artifacts.outputs.artifact-name || 'windows-binary' }} - run: | - echo "binary-artifact-name=${env:BINARY_ARTIFACT_NAME}" >> ${env:GITHUB_OUTPUT} - echo "windows-binary-artifact-name=${env:WINDOWS_BINARY_ARTIFACT_NAME}" >> ${env:GITHUB_OUTPUT} - - package: - permissions: - contents: read - actions: read - - runs-on: windows-latest - defaults: - run: - shell: pwsh - needs: [configure, build, sign-binaries] - env: - VERSION: ${{ needs.configure.outputs.k6_version }} - steps: - - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - persist-credentials: false - - name: Install pandoc - uses: crazy-max/ghaction-chocolatey@2526f467ccbd337d307fe179959cabbeca0bc8c0 # v3.4.0 - with: - args: install -y pandoc - - name: Install wix tools - run: | - curl -Lso wix311-binaries.zip https://github.com/wixtoolset/wix3/releases/download/wix3112rtm/wix311-binaries.zip - Expand-Archive -Path .\wix311-binaries.zip -DestinationPath .\wix311\ - echo "$pwd\wix311" | Out-File -FilePath $env:GITHUB_PATH -Append - - name: Download Windows binary - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 - with: - name: ${{ needs.sign-binaries.outputs.windows_binary_artifact_name }} - path: packaging - - - name: Create the MSI package - run: | - $env:VERSION = $env:VERSION -replace 'v(\d+\.\d+\.\d+).*','$1' - pandoc -s -f markdown -t rtf -o packaging\LICENSE.rtf LICENSE.md - cd .\packaging - candle.exe -arch x64 "-dVERSION=${env:VERSION}" k6.wxs - light.exe -ext WixUIExtension k6.wixobj - - - name: Rename MSI package - # To keep it consistent with the other artifacts - run: move "packaging\k6.msi" "packaging\k6-${env:VERSION}-windows-amd64.msi" - - - name: Upload Windows installer - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5 - with: - name: binaries-windows - path: | - packaging/k6-*.msi - retention-days: 7 - if-no-files-found: error - - # Forks, PRs etc. won't actually sign the installer, but the workflow will run most of the same steps as - # GitHub Actions workflows don't support conditional `needs` so we have to run the signing step unconditionally. - sign-packages: - permissions: - actions: read - contents: read - id-token: write # Required for Vault - - environment: - name: azure-trusted-signing - - outputs: - artifact_name: ${{ steps.assign-artifact-name.outputs.artifact-name }} - - runs-on: windows-latest - defaults: - run: - shell: pwsh - needs: [configure, package] - steps: - - name: Download Windows artifacts - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 - if: needs.configure.outputs.sign_windows_artifacts == 'true' - with: - name: binaries-windows - path: packaging - - - name: Get secrets for Azure Trusted Signing - uses: grafana/shared-workflows/actions/get-vault-secrets@a37de51f3d713a30a9e4b21bcdfbd38170020593 # get-vault-secrets/v1.3.0 - id: get-signing-secrets - if: needs.configure.outputs.sign_windows_artifacts == 'true' - with: - export_env: false - repo_secrets: | - client-id=azure-trusted-signing:client-id - subscription-id=azure-trusted-signing:subscription-id - tenant-id=azure-trusted-signing:tenant-id - - - name: Sign Windows installer - uses: grafana/shared-workflows/actions/azure-trusted-signing@e86cdb1c0a8cf5df57d3078f285261f7c9577174 # azure-trusted-signing/v1.0.0 - id: sign-artifacts - if: needs.configure.outputs.sign_windows_artifacts == 'true' - with: - application-description: 'Grafana k6' - artifact-to-sign: 'binaries-windows' - azure-client-id: ${{ fromJSON(steps.get-signing-secrets.outputs.secrets).client-id }} - azure-subscription-id: ${{ fromJSON(steps.get-signing-secrets.outputs.secrets).subscription-id }} - azure-tenant-id: ${{ fromJSON(steps.get-signing-secrets.outputs.secrets).tenant-id }} - signed-artifact-name: 'binaries-windows-signed' - - - name: Assign artifact name for Windows installer - id: assign-artifact-name + - name: Print version and exit env: - ARTIFACT_NAME: ${{ needs.configure.outputs.sign_windows_artifacts == 'true' && steps.sign-artifacts.outputs.artifact-name || 'binaries-windows' }} - run: | - echo "artifact-name=${env:ARTIFACT_NAME}" >> ${env:GITHUB_OUTPUT} - - publish-github: - runs-on: ubuntu-latest - needs: [configure, sign-binaries, sign-packages] - if: ${{ startsWith(github.ref, 'refs/tags/v') && github.event_name != 'workflow_dispatch' }} - env: - VERSION: ${{ needs.configure.outputs.k6_version }} - permissions: - actions: read - contents: write - steps: - - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - persist-credentials: false - - name: Download binaries - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 - with: - name: ${{ needs.sign-binaries.outputs.binary_artifact_name }} - path: dist - - name: Download Windows binaries - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 - with: - name: ${{ needs.sign-packages.outputs.artifact_name }} - path: dist - - name: Generate checksum file - run: cd dist && sha256sum * > "k6-${VERSION}-checksums.txt" - - name: Anchore SBOM Action - continue-on-error: true - uses: anchore/sbom-action@8e94d75ddd33f69f691467e42275782e4bfefe84 # v0.20.9 - with: - artifact-name: k6-${{ env.VERSION }}-spdx.json - upload-release-assets: false - output-file: dist/k6-${{ env.VERSION }}-spdx.json - - name: Create release - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - set -x - assets=() - for asset in ./dist/*; do - assets+=("$asset") - done - gh release create "$VERSION" "${assets[@]}" --target "$GITHUB_SHA" -F "./release notes/${VERSION}.md" - - submit-winget-manifest: - needs: [configure, publish-github] - runs-on: windows-2025 - permissions: - contents: read - id-token: write - steps: - - - name: Install WingetCreate - shell: pwsh - run: | - Import-Module Appx -UseWindowsPowerShell - $appxBundleFile = Join-Path ${env:RUNNER_TEMP} "wingetcreate.msixbundle" - Invoke-WebRequest https://aka.ms/wingetcreate/latest/msixbundle -OutFile $appxBundleFile - Add-AppxPackage $appxBundleFile - - - name: Get WinGet token - uses: grafana/shared-workflows/actions/get-vault-secrets@a37de51f3d713a30a9e4b21bcdfbd38170020593 # get-vault-secrets/v1.3.0 - id: get-token - with: - export_env: false - common_secrets: | - token=winget-packages:token - - - name: Submit WinGet Manifest - env: - PACKAGE_ID: GrafanaLabs.k6 - PACKAGE_VERSION: ${{ needs.configure.outputs.k6_version }} - WINGET_CREATE_GITHUB_TOKEN: ${{ fromJSON(steps.get-token.outputs.secrets).token }} - shell: pwsh - run: | - wingetcreate token --store - wingetcreate update ${env:PACKAGE_ID} ` - --urls "${env:GITHUB_SERVER_URL}/${env:GITHUB_REPOSITORY}/releases/download/${env:PACKAGE_VERSION}/k6-${env:PACKAGE_VERSION}-windows-amd64.msi" ` - --version ${env:PACKAGE_VERSION}.TrimStart("v") ` - --submit - - publish-packages: - runs-on: ubuntu-latest - needs: [configure, sign-binaries, sign-packages] - if: ${{ startsWith(github.ref, 'refs/tags/v') && github.event_name != 'workflow_dispatch' }} - env: - VERSION: ${{ needs.configure.outputs.k6_version }} - permissions: - actions: read - contents: read - packages: write - id-token: write # Required for Vault - steps: - - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - persist-credentials: false - - name: Download binaries - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 - with: - name: ${{ needs.sign-binaries.outputs.binary_artifact_name }} - path: dist - - name: Download Windows binaries - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6 - with: - name: ${{ needs.sign-packages.outputs.artifact_name }} - path: dist - - name: Rename binaries - # To be consistent with the filenames used in dl.k6.io - run: | - mv "dist/k6-$VERSION-windows-amd64.msi" "dist/k6-$VERSION-amd64.msi" - mv "dist/k6-$VERSION-linux-amd64.rpm" "dist/k6-$VERSION-amd64.rpm" - mv "dist/k6-$VERSION-linux-amd64.deb" "dist/k6-$VERSION-amd64.deb" - - uses: grafana/shared-workflows/actions/get-vault-secrets@a37de51f3d713a30a9e4b21bcdfbd38170020593 # get-vault-secrets/v1.3.0 - with: - repo_secrets: | - IAM_ROLE_ARN=deploy:packager-iam-role - AWS_CF_DISTRIBUTION=cloudfront:AWS_CF_DISTRIBUTION - PGP_SIGN_KEY_PASSPHRASE=pgp:PGP_SIGN_KEY_PASSPHRASE - PGP_SIGN_KEY=pgp:PGP_SIGN_KEY - S3_BUCKET=s3:AWS_S3_BUCKET - - uses: grafana/shared-workflows/actions/aws-auth@85022085ed5314601c05d10e846de56bdd71e369 # aws-auth/v1.0.3 - with: - aws-region: "us-east-2" - role-arn: ${{ env.IAM_ROLE_ARN }} - set-creds-in-environment: true - - name: Setup docker compose environment - run: | - cat > packaging/.env < packaging/sign-key.gpg - - name: Login to GitHub Container Registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 - env: - GITHUB_ACTOR: ${{ github.actor }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - registry: ghcr.io - username: ${{ env.GITHUB_ACTOR }} - password: ${{ env.GITHUB_TOKEN }} - - name: Publish packages - run: | - cd packaging - docker compose pull packager - docker compose run --rm packager + VERSION: ${{ steps.get_k6_version.outputs.k6_version }} + GO_VERSION: ${{ steps.get_go_version.outputs.go_version }} + GITHUB_REF: ${{ github.ref }} + EVENT_NAME: ${{ github.event_name }} + run: | + echo "=========================================" + echo "🔍 TESTING MODE - Build workflow disabled" + echo "=========================================" + echo "" + echo "📦 Version from tag: ${VERSION}" + echo "🔧 Go version: ${GO_VERSION}" + echo "📝 GitHub ref: ${GITHUB_REF}" + echo "🎯 Event: ${EVENT_NAME}" + echo "" + echo "=========================================" + echo "✅ Version detection successful!" + echo "🚫 Actual build/release disabled for testing" + echo "=========================================" + exit 0 + + # TEMPORARY: All jobs below removed for testing + # Restore them when ready to do actual releases diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 000000000..231dc2adb --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,77 @@ +name: Release +on: + workflow_dispatch: + inputs: + version: + description: 'Version to release (e.g., v1.4.1)' + required: true + type: string + +permissions: + contents: write + +jobs: + create-release-tag: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + with: + fetch-depth: 0 + persist-credentials: true + + - name: Validate version format + env: + VERSION: ${{ github.event.inputs.version }} + run: | + if [[ ! "${VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-.*)?$ ]]; then + echo "ERROR: Version must follow semver format (e.g., v1.4.1 or v1.4.1-rc1)" + exit 1 + fi + echo "Version format is valid: ${VERSION}" + + - name: Validate version.go matches input + env: + INPUT_VERSION: ${{ github.event.inputs.version }} + run: | + CODE_VERSION=$(grep -oP 'const Version = "\K[^"]+' internal/build/version.go) + INPUT_VERSION="${INPUT_VERSION#v}" + + echo "Version in version.go: ${CODE_VERSION}" + echo "Version from input: ${INPUT_VERSION}" + + if [[ "${CODE_VERSION}" != "${INPUT_VERSION}" ]]; then + echo "" + echo "ERROR: Version mismatch!" + echo " version.go has: ${CODE_VERSION}" + echo " Input version: ${INPUT_VERSION}" + echo "" + echo "Please update internal/build/version.go to match ${INPUT_VERSION}" + exit 1 + fi + + echo "✓ Version check passed: ${CODE_VERSION}" + + - name: Check if tag already exists + env: + VERSION: ${{ github.event.inputs.version }} + run: | + if git rev-parse "${VERSION}" >/dev/null 2>&1; then + echo "ERROR: Tag ${VERSION} already exists" + exit 1 + fi + echo "✓ Tag ${VERSION} does not exist yet" + + - name: Create and push tag + env: + VERSION: ${{ github.event.inputs.version }} + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + git tag -a "${VERSION}" -m "Release ${VERSION}" + git push origin "${VERSION}" + + echo "✓ Tag ${VERSION} created and pushed successfully" + echo "The build workflow will now automatically start" + diff --git a/.github/workflows/wpt.yml b/.github/workflows/wpt.yml index b51128f3a..5bd1f4522 100644 --- a/.github/workflows/wpt.yml +++ b/.github/workflows/wpt.yml @@ -1,38 +1,77 @@ name: Web Platform Tests on: workflow_dispatch: - pull_request: - -defaults: - run: - shell: bash + inputs: + version: + description: 'Version to release (e.g., v1.4.1)' + required: true + type: string permissions: - contents: read + contents: write jobs: - test: + create-release-tag: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 with: - persist-credentials: false - - name: Install Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6 - with: - go-version: 1.25.x - check-latest: true - # TODO: combine WebPlatform tests checkout & patch into the single step - - name: Run Streams Tests + fetch-depth: 0 + persist-credentials: true + + - name: Validate version format + env: + VERSION: ${{ github.event.inputs.version }} + run: | + if [[ ! "${VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-.*)?$ ]]; then + echo "ERROR: Version must follow semver format (e.g., v1.4.1 or v1.4.1-rc1)" + exit 1 + fi + echo "Version format is valid: ${VERSION}" + + - name: Validate version.go matches input + env: + INPUT_VERSION: ${{ github.event.inputs.version }} + run: | + CODE_VERSION=$(grep -oP 'const Version = "\K[^"]+' internal/build/version.go) + INPUT_VERSION="${INPUT_VERSION#v}" + + echo "Version in version.go: ${CODE_VERSION}" + echo "Version from input: ${INPUT_VERSION}" + + if [[ "${CODE_VERSION}" != "${INPUT_VERSION}" ]]; then + echo "" + echo "ERROR: Version mismatch!" + echo " version.go has: ${CODE_VERSION}" + echo " Input version: ${INPUT_VERSION}" + echo "" + echo "Please update internal/build/version.go to match ${INPUT_VERSION}" + exit 1 + fi + + echo "✓ Version check passed: ${CODE_VERSION}" + + - name: Check if tag already exists + env: + VERSION: ${{ github.event.inputs.version }} run: | - set -x - cd internal/js/modules/k6/experimental/streams/tests - sh checkout.sh - go test -race ../... - - name: Run Webcrypto Tests + if git rev-parse "${VERSION}" >/dev/null 2>&1; then + echo "ERROR: Tag ${VERSION} already exists" + exit 1 + fi + echo "✓ Tag ${VERSION} does not exist yet" + + - name: Create and push tag + env: + VERSION: ${{ github.event.inputs.version }} run: | - set -x - cd internal/js/modules/k6/webcrypto/tests - sh checkout.sh - go test -race ./... + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + git tag -a "${VERSION}" -m "Release ${VERSION}" + git push origin "${VERSION}" + + echo "✓ Tag ${VERSION} created and pushed successfully" + echo "The build workflow will now automatically start" + diff --git a/internal/build/version.go b/internal/build/version.go index 0e2f6c009..3fddde871 100644 --- a/internal/build/version.go +++ b/internal/build/version.go @@ -3,4 +3,4 @@ package build // Version contains the current version of k6 // represented using Semantic Versioning expression. -const Version = "1.4.1" +const Version = "1.4.1-dev"