From 984415f6c718934ef2efa111673d9c3942bfaf91 Mon Sep 17 00:00:00 2001 From: Richie Foreman Date: Wed, 15 Oct 2025 09:48:03 -0400 Subject: [PATCH] feat(ci): Update release to use github env variables. (#11068) --- .github/actions/npm-auth-token/action.yml | 45 ++++ .github/actions/publish-release/action.yml | 231 +++++++++--------- .github/actions/setup-npmrc/action.yml | 22 ++ .github/actions/tag-npm-release/action.yml | 64 ++++- .github/actions/verify-release/action.yml | 23 +- .github/workflows/release-change-tags.yml | 24 +- .github/workflows/release-manual.yml | 31 ++- .github/workflows/release-nightly.yml | 18 +- .github/workflows/release-patch-3-release.yml | 15 ++ .github/workflows/release-promote.yml | 24 ++ .github/workflows/release-rollback.yml | 5 + .github/workflows/smoke-test.yml | 3 +- .github/workflows/verify-release.yml | 41 +++- 13 files changed, 394 insertions(+), 152 deletions(-) create mode 100644 .github/actions/npm-auth-token/action.yml create mode 100644 .github/actions/setup-npmrc/action.yml diff --git a/.github/actions/npm-auth-token/action.yml b/.github/actions/npm-auth-token/action.yml new file mode 100644 index 0000000000..94249d6c51 --- /dev/null +++ b/.github/actions/npm-auth-token/action.yml @@ -0,0 +1,45 @@ +name: 'NPM Auth Token' +description: 'Generates an NPM auth token for publishing a specific package' + +inputs: + package-name: + description: 'The name of the package to publish' + required: true + github-token: + description: 'the github token' + required: true + wombat-token-core: + description: 'The npm token for the cli-core package.' + required: true + wombat-token-cli: + description: 'The npm token for the cli package.' + required: true + wombat-token-a2a-server: + description: 'The npm token for the a2a package.' + required: true + +outputs: + auth-token: + description: 'The generated NPM auth token' + value: '${{ steps.npm_auth_token.outputs.auth-token }}' + +runs: + using: 'composite' + steps: + - name: 'Generate NPM Auth Token' + id: 'npm_auth_token' + shell: 'bash' + run: | + AUTH_TOKEN="${{ inputs.github-token }}" + PACKAGE_NAME="${{ inputs.package-name }}" + PRIVATE_REPO="@google-gemini/" + if [[ "$PACKAGE_NAME" == "$PRIVATE_REPO"* ]]; then + AUTH_TOKEN="${{ inputs.github-token }}" + elif [[ "$PACKAGE_NAME" == "@google/gemini-cli" ]]; then + AUTH_TOKEN="${{ inputs.wombat-token-cli }}" + elif [[ "$PACKAGE_NAME" == "@google/gemini-cli-core" ]]; then + AUTH_TOKEN="${{ inputs.wombat-token-core }}" + elif [[ "$PACKAGE_NAME" == "@google/gemini-cli-a2a-server" ]]; then + AUTH_TOKEN="${{ inputs.wombat-token-a2a-server }}" + fi + echo "auth-token=$AUTH_TOKEN" >> $GITHUB_OUTPUT diff --git a/.github/actions/publish-release/action.yml b/.github/actions/publish-release/action.yml index 220224b1ea..270f7f1b1c 100644 --- a/.github/actions/publish-release/action.yml +++ b/.github/actions/publish-release/action.yml @@ -9,13 +9,13 @@ inputs: description: 'The npm tag to publish with (e.g., latest, preview, nightly).' required: true wombat-token-core: - description: 'The npm token for the @google/gemini-cli-core package.' + description: 'The npm token for the cli-core package.' required: true wombat-token-cli: - description: 'The npm token for the @google/gemini-cli package.' + description: 'The npm token for the cli package.' required: true wombat-token-a2a-server: - description: 'The npm token for the @google/gemini-cli-a2a-server package.' + description: 'The npm token for the a2a package.' required: true github-token: description: 'The GitHub token for creating the release.' @@ -51,10 +51,24 @@ inputs: gemini_api_key: description: 'The API key for running integration tests.' required: true - registry: - description: 'The registry to publish to.' - required: false - default: 'npm-wombat' + npm-registry-publish-url: + description: 'npm registry publish url' + required: true + npm-registry-url: + description: 'npm registry url' + required: true + npm-registry-scope: + description: 'npm registry scope' + required: true + cli-package-name: + description: 'The name of the cli package.' + required: true + core-package-name: + description: 'The name of the core package.' + required: true + a2a-package-name: + description: 'The name of the a2a package.' + required: true runs: using: 'composite' steps: @@ -117,126 +131,125 @@ runs: run: | npm run bundle + # TODO: Refactor this github specific publishing script to be generalized based upon inputs. - name: '📦 Prepare for GitHub release' - if: "inputs.registry == 'github'" + if: "inputs.npm-registry-url == 'https://npm.pkg.github.com/'" working-directory: '${{ inputs.working-directory }}' shell: 'bash' run: | node ${{ github.workspace }}/scripts/prepare-github-release.js - name: 'Configure npm for publishing to npm' - if: "inputs.registry != 'github'" uses: 'actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020' with: node-version-file: '${{ inputs.working-directory }}/.nvmrc' - registry-url: 'https://wombat-dressing-room.appspot.com' - scope: '@google' + registry-url: '${{inputs.npm-registry-publish-url}}' + scope: '${{inputs.npm-registry-scope}}' - - name: 'Configure npm for publishing to GitHub' - if: "inputs.registry == 'github'" - uses: 'actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020' + - name: 'Get core Token' + uses: './.github/actions/npm-auth-token' + id: 'core-token' with: - node-version-file: '${{ inputs.working-directory }}/.nvmrc' - registry-url: 'https://npm.pkg.github.com' - scope: '@google-gemini' - - - name: '📦 Publish @google/gemini-cli-core to npm' - if: "inputs.registry != 'github'" - working-directory: '${{ inputs.working-directory }}' - env: - NODE_AUTH_TOKEN: '${{ inputs.wombat-token-core }}' - shell: 'bash' - run: | - if [ "${{ inputs.dry-run }}" == "true" ]; then - npm publish --dry-run --workspace="@google/gemini-cli-core" --no-tag - else - npm publish --workspace="@google/gemini-cli-core" --no-tag - fi - - - name: '📦 Publish @google-gemini/gemini-cli-core to GitHub' - if: "inputs.registry == 'github'" - working-directory: '${{ inputs.working-directory }}' - env: - NODE_AUTH_TOKEN: '${{ inputs.github-token }}' - shell: 'bash' - run: | - npm publish \ - --dry-run="${{ inputs.dry-run }}" \ - --workspace="@google-gemini/gemini-cli-core" \ - --no-tag - - - name: '🔗 Install latest core package' - working-directory: '${{ inputs.working-directory }}' - if: "${{ inputs.dry-run != 'true' && inputs.registry != 'github' }}" - shell: 'bash' - run: | - npm install "@google/gemini-cli-core@${{ inputs.release-version }}" \ - --workspace="@google/gemini-cli" \ - --workspace="@google/gemini-cli-a2a-server" \ - --save-exact - - - name: '📦 Publish @google/gemini-cli to npm' - if: "inputs.registry != 'github'" - working-directory: '${{ inputs.working-directory }}' - env: - NODE_AUTH_TOKEN: '${{ inputs.wombat-token-cli }}' - shell: 'bash' - run: | - if [ "${{ inputs.dry-run }}" == "true" ]; then - npm publish --dry-run --workspace="@google/gemini-cli" --no-tag - else - npm publish --workspace="@google/gemini-cli" --no-tag - fi - - - name: '📦 Publish @google-gemini/gemini-cli to GitHub' - if: "inputs.registry == 'github'" - working-directory: '${{ inputs.working-directory }}' - env: - NODE_AUTH_TOKEN: '${{ inputs.github-token }}' - shell: 'bash' - run: | - npm publish \ - --dry-run="${{ inputs.dry-run }}" \ - --workspace="@google-gemini/gemini-cli" \ - --no-tag - - - name: '📦 Publish @google/gemini-cli-a2a-server' - if: "inputs.registry != 'github'" - working-directory: '${{ inputs.working-directory }}' - env: - NODE_AUTH_TOKEN: '${{ inputs.wombat-token-a2a-server }}' - shell: 'bash' - # Tag staging for initial release - run: | - if [ "${{ inputs.dry-run }}" == "true" ]; then - npm publish --dry-run --workspace="@google/gemini-cli-a2a-server" --no-tag - else - npm publish --workspace="@google/gemini-cli-a2a-server" --no-tag - fi - - - name: '🔬 Verify NPM release by version' - uses: './.github/actions/verify-release' - if: "${{ inputs.dry-run != 'true' && inputs.force-skip-tests != 'true' && inputs.registry != 'github' }}" - with: - npm-package: '@google/gemini-cli@${{ inputs.release-version }}' - expected-version: '${{ inputs.release-version }}' - ref: '${{ steps.release_branch.outputs.BRANCH_NAME }}' - gemini_api_key: '${{ inputs.gemini_api_key }}' - - - name: '🏷️ Tag release' - uses: './.github/actions/tag-npm-release' - if: "${{ inputs.dry-run != 'true' && inputs.registry != 'github' }}" - with: - channel: '${{ inputs.npm-tag }}' - version: '${{ inputs.release-version }}' - dry-run: '${{ inputs.dry-run }}' + package-name: '${{ inputs.core-package-name }}' + github-token: '${{ inputs.github-token }}' wombat-token-core: '${{ inputs.wombat-token-core }}' wombat-token-cli: '${{ inputs.wombat-token-cli }}' wombat-token-a2a-server: '${{ inputs.wombat-token-a2a-server }}' + - name: '📦 Publish CORE to NPM' + working-directory: '${{ inputs.working-directory }}' + env: + NODE_AUTH_TOKEN: '${{ steps.core-token.outputs.auth-token }}' + shell: 'bash' + run: | + npm publish \ + --dry-run="${{ inputs.dry-run }}" \ + --workspace="${{ inputs.core-package-name }}" \ + --no-tag + + - name: '🔗 Install latest core package' + working-directory: '${{ inputs.working-directory }}' + if: "${{ inputs.dry-run != 'true' }}" + shell: 'bash' + run: | + npm install "${{ inputs.core-package-name }}@${{ inputs.release-version }}" \ + --workspace="${{ inputs.cli-package-name }}" \ + --workspace="${{ inputs.a2a-package-name }}" \ + --save-exact + + - name: 'Get CLI Token' + uses: './.github/actions/npm-auth-token' + id: 'cli-token' + with: + package-name: '${{ inputs.cli-package-name }}' + github-token: '${{ inputs.github-token }}' + wombat-token-core: '${{ inputs.wombat-token-core }}' + wombat-token-cli: '${{ inputs.wombat-token-cli }}' + wombat-token-a2a-server: '${{ inputs.wombat-token-a2a-server }}' + + - name: '📦 Publish CLI' + working-directory: '${{ inputs.working-directory }}' + env: + NODE_AUTH_TOKEN: '${{ steps.cli-token.outputs.auth-token }}' + shell: 'bash' + run: | + npm publish \ + --dry-run="${{ inputs.dry-run }}" \ + --workspace="${{ inputs.cli-package-name }}" \ + --no-tag + + - name: 'Get a2a-server Token' + uses: './.github/actions/npm-auth-token' + id: 'a2a-token' + with: + package-name: '${{ inputs.a2a-package-name }}' + github-token: '${{ inputs.github-token }}' + wombat-token-core: '${{ inputs.wombat-token-core }}' + wombat-token-cli: '${{ inputs.wombat-token-cli }}' + wombat-token-a2a-server: '${{ inputs.wombat-token-a2a-server }}' + + - name: '📦 Publish a2a' + working-directory: '${{ inputs.working-directory }}' + env: + NODE_AUTH_TOKEN: '${{ steps.a2a-token.outputs.auth-token }}' + shell: 'bash' + # Tag staging for initial release + run: | + npm publish \ + --dry-run="${{ inputs.dry-run }}" \ + --workspace="${{ inputs.a2a-package-name }}" \ + --no-TARGET_TAG + + - name: '🔬 Verify NPM release by version' + uses: './.github/actions/verify-release' + if: "${{ inputs.dry-run != 'true' && inputs.force-skip-tests != 'true' }}" + with: + npm-package: '${{ inputs.cli-package-name }}@${{ inputs.release-version }}' + expected-version: '${{ inputs.release-version }}' + ref: '${{ steps.release_branch.outputs.BRANCH_NAME }}' + gemini_api_key: '${{ inputs.gemini_api_key }}' + github-token: '${{ inputs.github-token }}' + npm-registry-url: '${{ inputs.npm-registry-url }}' + npm-registry-scope: '${{ inputs.npm-registry-scope }}' + + - name: '🏷️ Tag release' + uses: './.github/actions/tag-npm-release' + if: "${{ inputs.dry-run != 'true' }}" + with: + channel: '${{ inputs.npm-tag }}' + version: '${{ inputs.release-version }}' + dry-run: '${{ inputs.dry-run }}' + github-token: '${{ inputs.github-token }}' + wombat-token-core: '${{ inputs.wombat-token-core }}' + wombat-token-cli: '${{ inputs.wombat-token-cli }}' + wombat-token-a2a-server: '${{ inputs.wombat-token-a2a-server }}' + cli-package-name: '${{ inputs.cli-package-name }}' + core-package-name: '${{ inputs.core-package-name }}' + a2a-package-name: '${{ inputs.a2a-package-name }}' + - name: '🎉 Create GitHub Release' working-directory: '${{ inputs.working-directory }}' - if: "${{ inputs.dry-run != 'true' && inputs.skip-github-release != 'true' && inputs.npm-tag != 'dev' && inputs.registry != 'github' }}" + if: "${{ inputs.dry-run != 'true' && inputs.skip-github-release != 'true' && inputs.npm-tag != 'dev' && inputs.npm-registry-url != 'https://npm.pkg.github.com/' }}" env: GITHUB_TOKEN: '${{ inputs.github-token }}' shell: 'bash' diff --git a/.github/actions/setup-npmrc/action.yml b/.github/actions/setup-npmrc/action.yml new file mode 100644 index 0000000000..fba0c14712 --- /dev/null +++ b/.github/actions/setup-npmrc/action.yml @@ -0,0 +1,22 @@ +name: 'Setup NPMRC' +description: 'Sets up NPMRC with all the correct repos for readonly access.' + +inputs: + github-token: + description: 'the github token' + required: true + +outputs: + auth-token: + description: 'The generated NPM auth token' + value: '${{ steps.npm_auth_token.outputs.auth-token }}' + +runs: + using: 'composite' + steps: + - name: 'Configure .npmrc' + shell: 'bash' + run: |- + echo ""@google-gemini:registry=https://npm.pkg.github.com"" > ~/.npmrc + echo ""//npm.pkg.github.com/:_authToken=${{ inputs.github-token }}"" >> ~/.npmrc + echo ""@google:registry=https://wombat-dressing-room.appspot.com"" >> ~/.npmrc diff --git a/.github/actions/tag-npm-release/action.yml b/.github/actions/tag-npm-release/action.yml index 198442b74f..d5d70c311a 100644 --- a/.github/actions/tag-npm-release/action.yml +++ b/.github/actions/tag-npm-release/action.yml @@ -11,6 +11,9 @@ inputs: dry-run: description: 'Whether to run in dry-run mode.' required: true + github-token: + description: 'The GitHub token for creating the release.' + required: true wombat-token-core: description: 'The npm token for the wombat @google/gemini-cli-core' required: true @@ -20,6 +23,20 @@ inputs: wombat-token-a2a-server: description: 'The npm token for the @google/gemini-cli-a2a-server package.' required: true + cli-package-name: + description: 'The name of the cli package.' + required: true + core-package-name: + description: 'The name of the core package.' + required: true + a2a-package-name: + description: 'The name of the a2a package.' + required: true + ref: + description: 'The branch, tag, or SHA to release from.' + required: false + type: 'string' + default: 'main' runs: using: 'composite' @@ -30,30 +47,59 @@ runs: JSON_INPUTS: '${{ toJSON(inputs) }}' run: 'echo "$JSON_INPUTS"' + - name: 'Checkout' + uses: 'actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955' # ratchet:actions/checkout@v4 + with: + ref: '${{ github.event.inputs.ref }}' + fetch-depth: 0 + - name: 'Setup Node.js' uses: 'actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020' with: node-version-file: '.nvmrc' - registry-url: 'https://wombat-dressing-room.appspot.com' - scope: '@google' - - name: 'Change tag for @google/gemini-cli-core' + - name: 'configure .npmrc' + uses: './.github/actions/setup-npmrc' + with: + github-token: '${{ inputs.github-token }}' + + - name: 'Get core Token' + uses: './.github/actions/npm-auth-token' + id: 'core-token' + with: + package-name: '${{ inputs.core-package-name }}' + github-token: '${{ inputs.github-token }}' + wombat-token-core: '${{ inputs.wombat-token-core }}' + wombat-token-cli: '${{ inputs.wombat-token-cli }}' + wombat-token-a2a-server: '${{ inputs.wombat-token-a2a-server }}' + + - name: 'Change tag for CORE' if: |- ${{ inputs.dry-run != 'true' }} env: - NODE_AUTH_TOKEN: '${{ inputs.wombat-token-core }}' + NODE_AUTH_TOKEN: '${{ steps.core-token.outputs.auth-token }}' shell: 'bash' run: | - npm dist-tag add @google/gemini-cli-core@${{ inputs.version }} ${{ inputs.channel }} + npm dist-tag add ${{ inputs.core-package-name }}@${{ inputs.version }} ${{ inputs.channel }} - - name: 'Change tag for @google/gemini-cli' + - name: 'Get cli Token' + uses: './.github/actions/npm-auth-token' + id: 'cli-token' + with: + package-name: '${{ inputs.cli-package-name }}' + github-token: '${{ inputs.github-token }}' + wombat-token-core: '${{ inputs.wombat-token-core }}' + wombat-token-cli: '${{ inputs.wombat-token-cli }}' + wombat-token-a2a-server: '${{ inputs.wombat-token-a2a-server }}' + + - name: 'Change tag for CLI' if: |- ${{ inputs.dry-run != 'true' }} env: - NODE_AUTH_TOKEN: '${{ inputs.wombat-token-cli }}' + NODE_AUTH_TOKEN: '${{ steps.cli-token.outputs.auth-token }}' shell: 'bash' run: | - npm dist-tag add @google/gemini-cli@${{ inputs.version }} ${{ inputs.channel }} + npm dist-tag add ${{ inputs.cli-package-name }}@${{ inputs.version }} ${{ inputs.channel }} - name: 'Change tag for @google/gemini-cli-a2a-server' if: |- @@ -69,4 +115,4 @@ runs: ${{ inputs.dry-run == 'true' }} shell: 'bash' run: | - echo "Dry run: Would have added tag '${{ inputs.channel }}' to version '${{ inputs.version }}' for @google/gemini-cli, @google/gemini-cli-core, and @google/gemini-cli-a2a-server." + echo "Dry run: Would have added tag '${{ inputs.channel }}' to version '${{ inputs.version }}' for @google/gemini-cli and @google/gemini-cli-core." diff --git a/.github/actions/verify-release/action.yml b/.github/actions/verify-release/action.yml index d8269bba99..9104760811 100644 --- a/.github/actions/verify-release/action.yml +++ b/.github/actions/verify-release/action.yml @@ -6,12 +6,21 @@ inputs: description: 'NPM Package' required: true default: '@google/gemini-cli@latest' + npm-registry-url: + description: 'NPM Registry URL' + required: true + npm-registry-scope: + description: 'NPM Registry Scope' + required: true expected-version: description: 'Expected version' required: true gemini_api_key: description: 'The API key for running integration tests.' required: true + github-token: + description: 'The GitHub token for running integration tests.' + required: true ref: description: 'The branch, tag, or SHA to release from.' required: false @@ -34,6 +43,16 @@ runs: ref: '${{ github.event.inputs.ref }}' fetch-depth: 0 + - name: 'setup node' + uses: 'actions/setup-node@v4' + with: + node-version: '20' + + - name: 'configure .npmrc' + uses: './.github/actions/setup-npmrc' + with: + github-token: '${{ inputs.github-token }}' + - name: 'Clear npm cache' shell: 'bash' run: 'npm cache clean --force' @@ -44,7 +63,9 @@ runs: timeout_seconds: 900 retry_wait_seconds: 30 max_attempts: 10 - command: 'cd ./verify && pkg="${{ inputs.npm-package }}" && npm install --prefer-online --no-cache -g "$pkg"' + command: |- + cd ./verify + npm install --prefer-online --no-cache -g "${{ inputs.npm-package }}" - name: 'Smoke test - NPM Install' shell: 'bash' diff --git a/.github/workflows/release-change-tags.yml b/.github/workflows/release-change-tags.yml index 61131072c5..a6a8671905 100644 --- a/.github/workflows/release-change-tags.yml +++ b/.github/workflows/release-change-tags.yml @@ -12,23 +12,28 @@ on: required: true type: 'choice' options: + - 'dev' - 'latest' - 'preview' - 'nightly' - ref: - description: 'The branch, tag, or SHA to run from.' - required: false - type: 'string' - default: 'main' dry-run: description: 'Whether to run in dry-run mode.' required: false type: 'boolean' default: true + environment: + description: 'Environment' + required: false + type: 'choice' + options: + - 'prod' + - 'dev' + default: 'prod' jobs: change-tags: runs-on: 'ubuntu-latest' + environment: '${{ github.event.inputs.environment }}' permissions: packages: 'write' issues: 'write' @@ -36,15 +41,13 @@ jobs: - name: 'Checkout repository' uses: 'actions/checkout@v4' with: - ref: '${{ github.event.inputs.ref }}' + ref: '${{ github.ref }}' fetch-depth: 0 - name: 'Setup Node.js' uses: 'actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020' with: node-version-file: '.nvmrc' - registry-url: 'https://wombat-dressing-room.appspot.com' - scope: '@google' - name: 'Change tag' uses: './.github/actions/tag-npm-release' @@ -55,3 +58,8 @@ jobs: wombat-token-core: '${{ secrets.WOMBAT_TOKEN_CORE }}' wombat-token-cli: '${{ secrets.WOMBAT_TOKEN_CLI }}' wombat-token-a2a-server: '${{ secrets.WOMBAT_TOKEN_A2A_SERVER }}' + github-token: '${{ secrets.GITHUB_TOKEN }}' + cli-package-name: '${{ vars.CLI_PACKAGE_NAME }}' + core-package-name: '${{ vars.CORE_PACKAGE_NAME }}' + a2a-package-name: '${{ vars.A2A_PACKAGE_NAME }}' + ref: '${{ github.ref }}' diff --git a/.github/workflows/release-manual.yml b/.github/workflows/release-manual.yml index 310fdbdf61..7232bad274 100644 --- a/.github/workflows/release-manual.yml +++ b/.github/workflows/release-manual.yml @@ -11,19 +11,12 @@ on: description: 'The branch, tag, or SHA to release from.' required: true type: 'string' - registry: - description: 'The registry to publish to.' - required: true - type: 'choice' - options: - - 'npm-wombat' - - 'github' - default: 'npm-wombat' npm_channel: - description: 'The npm channel to publish to (only used when registry is npm-wombat)' + description: 'The npm channel to publish to' required: true type: 'choice' options: + - 'dev' - 'preview' - 'nightly' - 'latest' @@ -39,14 +32,23 @@ on: type: 'boolean' default: false skip_github_release: - description: 'Select to skip creating a GitHub release (only used when registry is npm-wombat)' + description: 'Select to skip creating a GitHub release (only used when environment is PROD)' required: false type: 'boolean' default: false + environment: + description: 'Environment' + required: false + type: 'choice' + options: + - 'prod' + - 'dev' + default: 'prod' jobs: release: - runs-on: 'ubuntu-latest' + runs-on: 'self-hosted' + environment: '${{ github.event.inputs.environment }}' permissions: contents: 'write' packages: 'write' @@ -111,7 +113,12 @@ jobs: skip-github-release: '${{ github.event.inputs.skip_github_release }}' working-directory: './release' gemini_api_key: '${{ secrets.GEMINI_API_KEY }}' - registry: '${{ github.event.inputs.registry }}' + npm-registry-publish-url: '${{ vars.NPM_REGISTRY_PUBLISH_URL }}' + npm-registry-url: '${{ vars.NPM_REGISTRY_URL }}' + npm-registry-scope: '${{ vars.NPM_REGISTRY_SCOPE }}' + cli-package-name: '${{ vars.CLI_PACKAGE_NAME }}' + core-package-name: '${{ vars.CORE_PACKAGE_NAME }}' + a2a-package-name: '${{ vars.A2A_PACKAGE_NAME }}' - name: 'Create Issue on Failure' if: '${{ failure() && github.event.inputs.dry_run == false }}' diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index 917e158538..9f3b2d0087 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -20,9 +20,18 @@ on: required: false type: 'string' default: 'main' + environment: + description: 'Environment' + required: false + type: 'choice' + options: + - 'prod' + - 'dev' + default: 'prod' jobs: release: + environment: '${{ github.event.inputs.environment }}' runs-on: 'ubuntu-latest' permissions: contents: 'write' @@ -120,8 +129,15 @@ jobs: skip-branch-cleanup: true force-skip-tests: "${{ github.event_name != 'schedule' && github.event.inputs.force_skip_tests == 'true' }}" gemini_api_key: '${{ secrets.GEMINI_API_KEY }}' + npm-registry-publish-url: '${{ vars.NPM_REGISTRY_PUBLISH_URL }}' + npm-registry-url: '${{ vars.NPM_REGISTRY_URL }}' + npm-registry-scope: '${{ vars.NPM_REGISTRY_SCOPE }}' + cli-package-name: '${{ vars.CLI_PACKAGE_NAME }}' + core-package-name: '${{ vars.CORE_PACKAGE_NAME }}' + a2a-package-name: '${{ vars.A2A_PACKAGE_NAME }}' - name: 'Create and Merge Pull Request' + if: "github.event.inputs.environment == 'prod'" uses: './.github/actions/create-pull-request' with: branch-name: 'release/${{ steps.nightly_version.outputs.RELEASE_TAG }}' @@ -132,7 +148,7 @@ jobs: working-directory: './release' - name: 'Create Issue on Failure' - if: "${{ failure() && (github.event_name == 'schedule' || github.event.inputs.dry_run != 'true') }}" + if: "${{ failure() && github.event.inputs.environment == 'prod' && (github.event_name == 'schedule' || github.event.inputs.dry_run != 'true') }}" env: GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' RELEASE_TAG: '${{ steps.nightly_version.outputs.RELEASE_TAG }}' diff --git a/.github/workflows/release-patch-3-release.yml b/.github/workflows/release-patch-3-release.yml index 2dca7be7db..0b98b0a59d 100644 --- a/.github/workflows/release-patch-3-release.yml +++ b/.github/workflows/release-patch-3-release.yml @@ -28,10 +28,19 @@ on: description: 'The original PR number to comment back on.' required: false type: 'string' + environment: + description: 'Environment' + required: false + type: 'choice' + options: + - 'prod' + ## - 'dev' # TODO(richieforeman) - support dev + default: 'prod' jobs: release: runs-on: 'ubuntu-latest' + environment: '${{ github.event.inputs.environment }}' permissions: contents: 'write' packages: 'write' @@ -165,6 +174,12 @@ jobs: previous-tag: '${{ steps.patch_version.outputs.PREVIOUS_TAG }}' working-directory: './release' gemini_api_key: '${{ secrets.GEMINI_API_KEY }}' + npm-registry-publish-url: '${{ vars.NPM_REGISTRY_PUBLISH_URL }}' + npm-registry-url: '${{ vars.NPM_REGISTRY_URL }}' + npm-registry-scope: '${{ vars.NPM_REGISTRY_SCOPE }}' + cli-package-name: '${{ vars.CLI_PACKAGE_NAME }}' + core-package-name: '${{ vars.CORE_PACKAGE_NAME }}' + a2a-package-name: '${{ vars.A2A_PACKAGE_NAME }}' - name: 'Create Issue on Failure' if: '${{ failure() && github.event.inputs.dry_run == false }}' diff --git a/.github/workflows/release-promote.yml b/.github/workflows/release-promote.yml index f2c578df27..7dc4534c6b 100644 --- a/.github/workflows/release-promote.yml +++ b/.github/workflows/release-promote.yml @@ -26,11 +26,21 @@ on: description: 'Manually override the preview version number.' required: false type: 'string' + environment: + description: 'Environment' + required: false + type: 'choice' + options: + - 'prod' + - 'dev' + default: 'prod' jobs: calculate-versions: name: 'Calculate Versions and Plan' runs-on: 'ubuntu-latest' + environment: '${{ github.event.inputs.environment }}' + outputs: STABLE_VERSION: '${{ steps.versions.outputs.STABLE_VERSION }}' STABLE_SHA: '${{ steps.versions.outputs.STABLE_SHA }}' @@ -169,6 +179,7 @@ jobs: name: 'Publish preview' needs: ['calculate-versions', 'test'] runs-on: 'ubuntu-latest' + environment: '${{ github.event.inputs.environment }}' permissions: contents: 'write' packages: 'write' @@ -211,6 +222,12 @@ jobs: working-directory: './release' gemini_api_key: '${{ secrets.GEMINI_API_KEY }}' force-skip-tests: '${{ github.event.inputs.force_skip_tests }}' + npm-registry-publish-url: '${{ vars.NPM_REGISTRY_PUBLISH_URL }}' + npm-registry-url: '${{ vars.NPM_REGISTRY_URL }}' + npm-registry-scope: '${{ vars.NPM_REGISTRY_SCOPE }}' + cli-package-name: '${{ vars.CLI_PACKAGE_NAME }}' + core-package-name: '${{ vars.CORE_PACKAGE_NAME }}' + a2a-package-name: '${{ vars.A2A_PACKAGE_NAME }}' - name: 'Create Issue on Failure' if: '${{ failure() && github.event.inputs.dry_run == false }}' @@ -228,6 +245,7 @@ jobs: name: 'Publish stable' needs: ['calculate-versions', 'test', 'publish-preview'] runs-on: 'ubuntu-latest' + environment: '${{ github.event.inputs.environment }}' permissions: contents: 'write' packages: 'write' @@ -270,6 +288,12 @@ jobs: working-directory: './release' gemini_api_key: '${{ secrets.GEMINI_API_KEY }}' force-skip-tests: '${{ github.event.inputs.force_skip_tests }}' + npm-registry-publish-url: '${{ vars.NPM_REGISTRY_PUBLISH_URL }}' + npm-registry-url: '${{ vars.NPM_REGISTRY_URL }}' + npm-registry-scope: '${{ vars.NPM_REGISTRY_SCOPE }}' + cli-package-name: '${{ vars.CLI_PACKAGE_NAME }}' + core-package-name: '${{ vars.CORE_PACKAGE_NAME }}' + a2a-package-name: '${{ vars.A2A_PACKAGE_NAME }}' - name: 'Create Issue on Failure' if: '${{ failure() && github.event.inputs.dry_run == false }}' diff --git a/.github/workflows/release-rollback.yml b/.github/workflows/release-rollback.yml index e2d3518180..c74a7c0a1c 100644 --- a/.github/workflows/release-rollback.yml +++ b/.github/workflows/release-rollback.yml @@ -34,6 +34,7 @@ on: jobs: change-tags: + environment: 'prod' ## TODO(richieforeman) Support Dev mode runs-on: 'ubuntu-latest' permissions: packages: 'write' @@ -77,6 +78,10 @@ jobs: wombat-token-core: '${{ secrets.WOMBAT_TOKEN_CORE }}' wombat-token-cli: '${{ secrets.WOMBAT_TOKEN_CLI }}' wombat-token-a2a-server: '${{ secrets.WOMBAT_TOKEN_A2A_SERVER }}' + github-token: '${{ secrets.GITHUB_TOKEN }}' + cli-package-name: '${{ vars.CLI_PACKAGE_NAME }}' + core-package-name: '${{ vars.CORE_PACKAGE_NAME }}' + a2a-package-name: '${{ vars.A2A_PACKAGE_NAME }}' - name: 'Deprecate Cli Npm Package' if: "${{ github.event.inputs.dry-run == 'false' }}" diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index 1e6fbea803..892aa9d642 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -22,7 +22,8 @@ jobs: smoke-test: runs-on: 'ubuntu-latest' permissions: - contents: 'read' + contents: 'write' + packages: 'write' issues: 'write' steps: - name: 'Checkout' diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml index ef3b70742c..b8676c8d33 100644 --- a/.github/workflows/verify-release.yml +++ b/.github/workflows/verify-release.yml @@ -7,26 +7,45 @@ on: description: 'The expected Gemini binary version that should be released (e.g., 0.5.0-preview-2).' required: true type: 'string' - npm-package: - description: 'NPM package to verify' + npm-tag: + description: 'NPM tag to verify' required: true - type: 'string' - default: '@google/gemini-cli@latest' - ref: - description: 'The branch, tag, or SHA to release from.' + type: 'choice' + options: + - 'dev' + - 'latest' + - 'preview' + - 'nightly' + default: 'latest' + environment: + description: 'Environment' required: false - type: 'string' - default: 'main' + type: 'choice' + options: + - 'prod' + - 'dev' + default: 'prod' jobs: - build: + verify-release: + environment: '${{ github.event.inputs.environment }}' runs-on: 'ubuntu-latest' + permissions: + contents: 'read' + packages: 'write' + issues: 'write' steps: + - name: '📝 Print vars' + shell: 'bash' + run: 'echo "${{ toJSON(vars) }}"' - uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8' - name: 'Verify release' uses: './.github/actions/verify-release' with: - npm-package: '${{github.event.inputs.npm-package}}' + npm-package: '${{vars.CLI_PACKAGE_NAME}}@${{github.event.inputs.npm-tag}}' expected-version: '${{github.event.inputs.version}}' - ref: '${{github.event.inputs.ref}}' + ref: '${{github.ref}}' gemini_api_key: '${{ secrets.GEMINI_API_KEY }}' + npm-registry-url: '${{ vars.NPM_REGISTRY_URL }}' + github-token: '${{ secrets.GITHUB_TOKEN }}' + npm-registry-scope: '${{ vars.NPM_REGISTRY_SCOPE }}'