TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / ci / tf-a-job-configs.git / 83248cf075df6961a75df12482912d7948df465a / . / tf-a-lts-create-release.yaml
blob: b5ecdb31d413bfa4e3760be3477d13c0e27c4fb0 [file] [log] [blame]
Paul Sokolovsky555aef52024-03-17 15:40:15 +0700[diff] [blame]1- job:
2 name: tf-a-lts-create-release
3 node: docker-amd64-tf-a-jammy
4 project-type: freestyle
5 concurrent: false
6 disabled: false
7 description: Create a new TF-A LTS release from a tip of an LTS branch.
8 properties:
Chris Kay675db4f2025-06-24 14:14:34 +0100[diff] [blame]9 - build-discarder:
10 days-to-keep: 365
11 num-to-keep: 30
Paul Sokolovsky555aef52024-03-17 15:40:15 +0700[diff] [blame]12 parameters:
Chris Kay675db4f2025-06-24 14:14:34 +0100[diff] [blame]13 - string:
14 name: GERRIT_HOST
15 default: review.trustedfirmware.org
16 - string:
17 name: GERRIT_PROJECT
18 default: TF-A/trusted-firmware-a
19 description: |
20 TF-A Git project
21 - string:
22 name: GERRIT_BRANCH
23 default: lts-v2.10
24 description: |
25 Git branch to release from (lts-v2.8, lts-v2.10, etc.)
26 - bool:
27 name: SANDBOX_RUN
28 default: true
29 description: |
30 Run sandbox simulation of a release. A tag will be created in
31 separate "sandbox" namespace, and further actions like docs
32 publishing or release email sending will be also sandboxed.
33 Uncheck this only after running a simulation and verifying that
34 everything is correct!
Paul Sokolovsky555aef52024-03-17 15:40:15 +0700[diff] [blame]35 wrappers:
Chris Kay675db4f2025-06-24 14:14:34 +0100[diff] [blame]36 - credentials-binding:
Paul Sokolovsky555aef52024-03-17 15:40:15 +0700[diff] [blame]37 - ssh-user-private-key:
38 credential-id: TFA_CI_BOT_USER_SSH_KEY
39 key-file-variable: CI_BOT_KEY
40 username-variable: CI_BOT_USERNAME
Chris Kay675db4f2025-06-24 14:14:34 +0100[diff] [blame]41 passphrase-variable: ""
42 - timestamps
Paul Sokolovsky555aef52024-03-17 15:40:15 +0700[diff] [blame]43 builders:
Chris Kay675db4f2025-06-24 14:14:34 +0100[diff] [blame]44 - shell: |
45 #!/bin/bash
46 set -ex
47 env | grep GERRIT
48 echo SANDBOX_RUN=$SANDBOX_RUN
49 git clone https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git
50 git clone https://$GERRIT_HOST/$GERRIT_PROJECT
51 DIR=$(basename $GERRIT_PROJECT)
52 cd $DIR
53 git checkout $GERRIT_BRANCH
54 set +x
55 nvm install
56 set -x
57 npm install --no-save standard-version
58 #git tag
Paul Sokolovsky555aef52024-03-17 15:40:15 +0700[diff] [blame]59
Chris Kay675db4f2025-06-24 14:14:34 +0100[diff] [blame]60 echo "" >> readme.rst
61 git config user.email "ci@trustedfirmware.org"
62 git config user.name "Release CI"
63 # Install Change-Id hook
64 f="$(git rev-parse --git-dir)/hooks/commit-msg"; curl -o "$f" https://review.trustedfirmware.org/tools/hooks/commit-msg ; chmod +x "$f"
Paul Sokolovsky555aef52024-03-17 15:40:15 +0700[diff] [blame]65
Chris Kay675db4f2025-06-24 14:14:34 +0100[diff] [blame]66 if [ "$SANDBOX_RUN" == "true" ]; then
67 git commit -a -s -m "fix(readme): dummy commit for sandbox release"
68 fi
Paul Sokolovsky555aef52024-03-17 15:40:15 +0700[diff] [blame]69
Chris Kay675db4f2025-06-24 14:14:34 +0100[diff] [blame]70 python3 $WORKSPACE/tf-a-ci-scripts/lts/lts-mangle-change-log.py remove-prefix docs/change-log.md >docs/change-log.md.tmp
71 mv docs/change-log.md.tmp docs/change-log.md
72 npm run release -- --release-as patch --tag-prefix lts-v
73 python3 $WORKSPACE/tf-a-ci-scripts/lts/lts-mangle-change-log.py add-prefix docs/change-log.md >docs/change-log.md.tmp
74 mv docs/change-log.md.tmp docs/change-log.md
Paul Sokolovsky555aef52024-03-17 15:40:15 +0700[diff] [blame]75
Chris Kay675db4f2025-06-24 14:14:34 +0100[diff] [blame]76 RELEASE=$(grep release docs/conf.py | sed -r -e 's/release = "(.*)"/\1/')
Paul Sokolovsky555aef52024-03-17 15:40:15 +0700[diff] [blame]77
Chris Kay675db4f2025-06-24 14:14:34 +0100[diff] [blame]78 git diff
79 git commit -a -s -m "docs(changelog): changelog for lts-v${RELEASE} release"
80 if [ "$SANDBOX_RUN" == "true" ]; then
81 TAG="sandbox/lts-v${RELEASE}-$(date +%Y%m%dT%H%M)"
82 else
83 TAG="lts-v${RELEASE}"
84 fi
85 git tag $TAG
Paul Sokolovsky555aef52024-03-17 15:40:15 +0700[diff] [blame]86
Chris Kay675db4f2025-06-24 14:14:34 +0100[diff] [blame]87 mkdir -p ~/.ssh/
88 ssh-keyscan -p 29418 $GERRIT_HOST >> ~/.ssh/known_hosts
89 export GIT_SSH_COMMAND="ssh -i $CI_BOT_KEY -o 'PubkeyAcceptedKeyTypes +ssh-rsa'"
Paul Sokolovsky555aef52024-03-17 15:40:15 +0700[diff] [blame]90
Chris Kay675db4f2025-06-24 14:14:34 +0100[diff] [blame]91 #git push ssh://$CI_BOT_USERNAME@$GERRIT_HOST:29418/$GERRIT_PROJECT HEAD:refs/for/$GERRIT_BRANCH
Paul Sokolovsky555aef52024-03-17 15:40:15 +0700[diff] [blame]92
Chris Kay675db4f2025-06-24 14:14:34 +0100[diff] [blame]93 if [ "$SANDBOX_RUN" == "false" ]; then
94 # Push to the LTS branch
95 git push ssh://$CI_BOT_USERNAME@$GERRIT_HOST:29418/$GERRIT_PROJECT
96 else
97 # If it's sandbox run, we still need to push commit to some branch,
98 # because otherwise the tag won't be visible in Gerrit (due to ACL
99 # model Gerrit uses: it resolve tag to a branch it belongs to, then
100 # checks ACLs on branch to see if a user has access to it; no branch
101 # == problems).
102 git push ssh://${CI_BOT_USERNAME}@${GERRIT_HOST}:29418/${GERRIT_PROJECT} HEAD:refs/heads/${TAG}-br
103 fi
104 # Push tag
105 git push ssh://$CI_BOT_USERNAME@$GERRIT_HOST:29418/$GERRIT_PROJECT $TAG
Paul Sokolovsky555aef52024-03-17 15:40:15 +0700[diff] [blame]106
Chris Kay675db4f2025-06-24 14:14:34 +0100[diff] [blame]107 echo Release tag is created. Further processing happens in the job ${JENKINS_PUBLIC_URL}job/tf-a-lts-release-tagged