-
Notifications
You must be signed in to change notification settings - Fork 0
226 lines (210 loc) · 9.52 KB
/
Copy pathrelease-ruby.yml
File metadata and controls
226 lines (210 loc) · 9.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
#
# Releases bt-fake — a dummy Ruby gem used to validate Braintrust release
# workflow tooling end-to-end. This does NOT release the braintrust Ruby SDK.
#
# This workflow serves two purposes:
# 1. End-to-end testing of the composite actions in actions/release/
# 2. Reference implementation of the Ruby-specific release template
#
# Generic steps are provided by composite actions in actions/release/.
# Only the sections marked with inline comments need to change for other Ruby gems.
#
# ─────────────────────────────────────────────────────────────────────────────
# SETUP REQUIREMENTS
# ─────────────────────────────────────────────────────────────────────────────
#
# GitHub Environments (repo Settings → Environments):
# rubygems-publish
# - Required reviewers: sdk-eng team or named maintainers
# - Prevent self-review: enabled
# - Deployment branches: main only
# rubygems-publish-dry-run
# - Required reviewers: at least yourself (to test the approval gate)
# - Allow administrators to bypass: enabled (for testing flexibility)
# - Deployment branches: no restriction
#
# Repository Variables (Settings → Secrets and variables → Variables):
# SLACK_SDK_RELEASE_CHANNEL Slack channel ID for release notifications
#
# Repository Secrets (Settings → Secrets and variables → Secrets):
# SLACK_BOT_TOKEN Org-level secret — Brainbot Slack app token
# Must be invited to SLACK_SDK_RELEASE_CHANNEL
#
# RubyGems.org Trusted Publishing:
# Configure for your gem at rubygems.org → gem settings → Trusted Publishers
# Repository: braintrustdata/sdk-actions (or your SDK repo)
# Workflow: release-ruby.yml (or your workflow filename)
# Environment: rubygems-publish
#
# ─────────────────────────────────────────────────────────────────────────────
name: Release Ruby (bt-fake)
on:
workflow_dispatch:
inputs:
_instructions:
description: "⚠️ Before starting: Merge a version bump PR. Version is read from the SHA."
type: string
default: "I have merged a version bump PR"
required: false
sha:
description: "Commit SHA (of the version bump) to release"
required: true
type: string
prev_release:
description: "Anchor for release notes: a tag name or commit SHA. If SHA, notes will be empty."
type: string
required: false
# bt-fake: fixed SHA anchor prevents indefinite changelog accumulation.
# Update this when you want to reset the notes baseline.
default: '58a397193105516446c3042361913655bcece509'
dry_run:
description: "Dry run: Build without tagging or publishing"
type: boolean
default: false
jobs:
bump:
runs-on: ubuntu-24.04
timeout-minutes: 5
permissions: {}
outputs:
version: ${{ steps.bump.outputs.version }}
steps:
# bt-fake: generates a version from the run number — no version bump PR needed.
# Remove this job in real SDK workflows; version comes from the version bump PR.
- name: Probe Ruby environment
uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0
with:
ruby-version: '4.0'
- name: Probe Ruby environment
run: |
ruby --version
echo "Default openssl gem:"
ruby -e "puts Gem::Specification.find_by_name('openssl').version rescue 'not found'"
echo "All openssl gems:"
gem list openssl
- name: Bump version
id: bump
run: echo "version=0.0.${{ github.run_number }}" >> $GITHUB_OUTPUT
validate:
needs: bump
runs-on: ubuntu-24.04
timeout-minutes: 10
permissions:
contents: read
outputs:
release_tag: ${{ steps.validate-release.outputs.release_tag }}
prev_release: ${{ steps.validate-release.outputs.prev_release }}
branch: ${{ steps.validate-release.outputs.branch }}
on_release_branch: ${{ steps.validate-release.outputs.on_release_branch }}
commit_message: ${{ steps.validate-release.outputs.commit_message }}
steps:
# bt-fake: checkout required to resolve local ./actions/... references.
# Real SDK workflows use external braintrustdata/sdk-actions/...@sha references
# and do not need this step.
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Validate release
id: validate-release
uses: ./actions/release/ruby/validate
with:
# bt-fake: version passed directly from bump job — no version file needed.
# In a real Ruby project, replace `version` with:
# version_file: lib/your_gem/version.rb
# version_module: YourGem
version: ${{ needs.bump.outputs.version }}
sha: ${{ inputs.sha }}
dry_run: ${{ inputs.dry_run }}
working_directory: test/release/ruby
prepare:
needs: validate
runs-on: ubuntu-24.04
timeout-minutes: 5
permissions:
contents: write # required for releases/generate-notes API
outputs:
pr_list: ${{ steps.prepare.outputs.pr_list }}
notes: ${{ steps.prepare.outputs.notes }}
steps:
# bt-fake: checkout required because actions are referenced locally (./actions/...).
# Real SDK workflows reference actions externally (braintrustdata/sdk-actions/...@sha)
# and do not need this step.
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Prepare release
id: prepare
uses: ./actions/release/prepare
with:
release_tag: ${{ needs.validate.outputs.release_tag }}
sha: ${{ inputs.sha }}
prev_release: ${{ inputs.prev_release || needs.validate.outputs.prev_release }}
notify-pending:
needs: [validate, prepare]
runs-on: ubuntu-24.04
timeout-minutes: 5
permissions: {}
steps:
# bt-fake: checkout required for local action resolution (see prepare job comment)
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Notify release pending
uses: ./actions/release/notify-pending
with:
sha: ${{ inputs.sha }}
release_tag: ${{ needs.validate.outputs.release_tag }}
prev_release: ${{ needs.validate.outputs.prev_release }}
branch: ${{ needs.validate.outputs.branch }}
on_release_branch: ${{ needs.validate.outputs.on_release_branch }}
commit_message: ${{ needs.validate.outputs.commit_message }}
pr_list: ${{ needs.prepare.outputs.pr_list }}
notes: ${{ needs.prepare.outputs.notes }}
dry_run: ${{ inputs.dry_run }}
slack_token: ${{ secrets.SLACK_BOT_TOKEN }}
slack_channel: ${{ vars.SLACK_SDK_RELEASE_CHANNEL }}
emoji: ':ruby:'
publish:
needs: [bump, validate, prepare, notify-pending]
runs-on: ubuntu-24.04
timeout-minutes: 15
environment: ${{ inputs.dry_run && 'rubygems-publish-dry-run' || 'rubygems-publish' }}
permissions:
contents: write
id-token: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.sha }}
fetch-depth: 0
# bt-fake: update both version.rb and Gemfile.lock to the run-number version.
# The publish job checks out fresh so both files still reflect the placeholder.
# Real SDK workflows omit this — both files are committed together in the bump PR.
- name: Apply version to version.rb and Gemfile.lock
run: |
VERSION="${{ needs.bump.outputs.version }}"
sed -i "s|VERSION = \".*\"|VERSION = \"$VERSION\"|" \
test/release/ruby/lib/bt_fake/version.rb
sed -i "s|bt-fake ([0-9]*\.[0-9]*\.[0-9]*)|bt-fake ($VERSION)|" \
test/release/ruby/Gemfile.lock
# Update working-directory to your gem's root
- name: Publish gem
uses: ./actions/release/ruby/publish
with:
working-directory: test/release/ruby
dry_run: ${{ inputs.dry_run }}
# bt-fake: GitHub release creation disabled to avoid tag/release pollution
# from repeated test runs. In real SDK workflows, uncomment this step.
# - name: Create GitHub release
# uses: ./actions/release/create-github-release
# with:
# release_tag: ${{ needs.validate.outputs.release_tag }}
# sha: ${{ inputs.sha }}
# notes: ${{ needs.prepare.outputs.notes }}
# dry_run: ${{ inputs.dry_run }}
- name: Notify release complete
uses: ./actions/release/notify-published
with:
release_tag: ${{ needs.validate.outputs.release_tag }}
prev_release: ${{ needs.validate.outputs.prev_release }}
branch: ${{ needs.validate.outputs.branch }}
on_release_branch: ${{ needs.validate.outputs.on_release_branch }}
pr_list: ${{ needs.prepare.outputs.pr_list }}
dry_run: ${{ inputs.dry_run }}
slack_token: ${{ secrets.SLACK_BOT_TOKEN }}
slack_channel: ${{ vars.SLACK_SDK_RELEASE_CHANNEL }}
emoji: ':white_check_mark:'