| Paul Sokolovsky | 555aef5 | 2024-03-17 15:40:15 +0700 | [diff] [blame] | 1 | - job: |
| 2 | name: tf-a-lts-create-release |
| 3 | node: docker-amd64-tf-a-jammy |
| 4 | project-type: freestyle |
| 5 | concurrent: false |
| 6 | disabled: false |
| 7 | description: Create a new TF-A LTS release from a tip of an LTS branch. |
| 8 | properties: |
| 9 | - build-discarder: |
| 10 | days-to-keep: 365 |
| 11 | num-to-keep: 30 |
| 12 | - authorization: |
| 13 | !include: authorization.yaml.inc |
| 14 | parameters: |
| 15 | - string: |
| 16 | name: GERRIT_HOST |
| 17 | default: 'review.trustedfirmware.org' |
| 18 | - string: |
| 19 | name: GERRIT_PROJECT |
| Paul Sokolovsky | 69eda93 | 2024-03-19 17:55:32 +0700 | [diff] [blame] | 20 | default: 'TF-A/trusted-firmware-a' |
| Paul Sokolovsky | 555aef5 | 2024-03-17 15:40:15 +0700 | [diff] [blame] | 21 | description: | |
| 22 | TF-A Git project |
| 23 | - string: |
| 24 | name: GERRIT_BRANCH |
| 25 | default: 'lts-v2.10' |
| 26 | description: | |
| 27 | Git branch to release from (lts-v2.8, lts-v2.10, etc.) |
| 28 | - bool: |
| 29 | name: SANDBOX_RUN |
| 30 | default: true |
| 31 | description: | |
| Paul Sokolovsky | ec961f5 | 2024-03-17 23:21:44 +0700 | [diff] [blame] | 32 | Run sandbox simulation of a release. A tag will be created in |
| 33 | separate "sandbox" namespace, and further actions like docs |
| 34 | publishing or release email sending will be also sandboxed. |
| 35 | Uncheck this only after running a simulation and verifying that |
| 36 | everything is correct! |
| Paul Sokolovsky | 555aef5 | 2024-03-17 15:40:15 +0700 | [diff] [blame] | 37 | wrappers: |
| 38 | - credentials-binding: |
| 39 | - ssh-user-private-key: |
| 40 | credential-id: TFA_CI_BOT_USER_SSH_KEY |
| 41 | key-file-variable: CI_BOT_KEY |
| 42 | username-variable: CI_BOT_USERNAME |
| 43 | passphrase-variable: '' |
| 44 | - timestamps |
| 45 | builders: |
| 46 | - shell: | |
| 47 | #!/bin/bash |
| 48 | set -ex |
| 49 | env | grep GERRIT |
| 50 | echo SANDBOX_RUN=$SANDBOX_RUN |
| 51 | git clone https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git |
| 52 | git clone https://$GERRIT_HOST/$GERRIT_PROJECT |
| 53 | DIR=$(basename $GERRIT_PROJECT) |
| 54 | cd $DIR |
| 55 | git checkout $GERRIT_BRANCH |
| 56 | set +x |
| 57 | nvm install |
| 58 | set -x |
| 59 | npm install --no-save standard-version |
| 60 | #git tag |
| 61 | |
| 62 | echo "" >> readme.rst |
| 63 | git config user.email "ci@trustedfirmware.org" |
| 64 | git config user.name "Release CI" |
| 65 | # Install Change-Id hook |
| 66 | f="$(git rev-parse --git-dir)/hooks/commit-msg"; curl -o "$f" https://review.trustedfirmware.org/tools/hooks/commit-msg ; chmod +x "$f" |
| 67 | |
| 68 | if [ "$SANDBOX_RUN" == "true" ]; then |
| Paul Sokolovsky | 7979b44 | 2024-03-18 21:29:18 +0700 | [diff] [blame] | 69 | git commit -a -s -m "fix(readme): dummy commit for sandbox release" |
| Paul Sokolovsky | 555aef5 | 2024-03-17 15:40:15 +0700 | [diff] [blame] | 70 | fi |
| 71 | |
| 72 | python3 $WORKSPACE/tf-a-ci-scripts/lts/lts-mangle-change-log.py remove-prefix docs/change-log.md >docs/change-log.md.tmp |
| 73 | mv docs/change-log.md.tmp docs/change-log.md |
| 74 | npm run release -- --release-as patch --tag-prefix lts-v |
| 75 | python3 $WORKSPACE/tf-a-ci-scripts/lts/lts-mangle-change-log.py add-prefix docs/change-log.md >docs/change-log.md.tmp |
| 76 | mv docs/change-log.md.tmp docs/change-log.md |
| 77 | |
| 78 | RELEASE=$(grep release docs/conf.py | sed -r -e 's/release = "(.*)"/\1/') |
| 79 | |
| 80 | git diff |
| Paul Sokolovsky | 7979b44 | 2024-03-18 21:29:18 +0700 | [diff] [blame] | 81 | git commit -a -s -m "docs(changelog): changelog for lts-v${RELEASE} release" |
| Paul Sokolovsky | 555aef5 | 2024-03-17 15:40:15 +0700 | [diff] [blame] | 82 | if [ "$SANDBOX_RUN" == "true" ]; then |
| 83 | TAG="sandbox/lts-v${RELEASE}-$(date +%Y%m%dT%H%M)" |
| 84 | else |
| 85 | TAG="lts-v${RELEASE}" |
| 86 | fi |
| 87 | git tag $TAG |
| 88 | |
| 89 | mkdir -p ~/.ssh/ |
| 90 | ssh-keyscan -p 29418 $GERRIT_HOST >> ~/.ssh/known_hosts |
| 91 | export GIT_SSH_COMMAND="ssh -i $CI_BOT_KEY -o 'PubkeyAcceptedKeyTypes +ssh-rsa'" |
| 92 | |
| 93 | #git push ssh://$CI_BOT_USERNAME@$GERRIT_HOST:29418/$GERRIT_PROJECT HEAD:refs/for/$GERRIT_BRANCH |
| 94 | |
| Paul Sokolovsky | 555aef5 | 2024-03-17 15:40:15 +0700 | [diff] [blame] | 95 | if [ "$SANDBOX_RUN" == "false" ]; then |
| Paul Sokolovsky | b6d0853 | 2024-03-19 19:01:46 +0700 | [diff] [blame] | 96 | # Push to the LTS branch |
| Paul Sokolovsky | 555aef5 | 2024-03-17 15:40:15 +0700 | [diff] [blame] | 97 | git push ssh://$CI_BOT_USERNAME@$GERRIT_HOST:29418/$GERRIT_PROJECT |
| Paul Sokolovsky | b6d0853 | 2024-03-19 19:01:46 +0700 | [diff] [blame] | 98 | else |
| 99 | # If it's sandbox run, we still need to push commit to some branch, |
| 100 | # because otherwise the tag won't be visible in Gerrit (due to ACL |
| 101 | # model Gerrit uses: it resolve tag to a branch it belongs to, then |
| 102 | # checks ACLs on branch to see if a user has access to it; no branch |
| 103 | # == problems). |
| 104 | git push ssh://${CI_BOT_USERNAME}@${GERRIT_HOST}:29418/${GERRIT_PROJECT} HEAD:refs/heads/${TAG}-br |
| Paul Sokolovsky | 555aef5 | 2024-03-17 15:40:15 +0700 | [diff] [blame] | 105 | fi |
| 106 | # Push tag |
| 107 | git push ssh://$CI_BOT_USERNAME@$GERRIT_HOST:29418/$GERRIT_PROJECT $TAG |
| 108 | |
| 109 | echo Release tag is created. Further processing happens in the job ${JENKINS_URL}job/tf-a-lts-release-tagged |