From b3b92faf454b0d3afdde0a44b658d7658cc13689 Mon Sep 17 00:00:00 2001 From: Thomas Eizinger Date: Wed, 15 Oct 2025 00:23:23 +1100 Subject: [PATCH] ci: merge publish workflows (#10568) All of these jobs should run every time we publish a release. It makes sense to merge them into one workflow. --------- Signed-off-by: Thomas Eizinger Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../{publish.yml => publish-release.yml} | 56 ++++++++++++++++++- .github/workflows/publish-to-winget.yml | 37 ------------ .github/workflows/sentry.yml | 39 ------------- 3 files changed, 55 insertions(+), 77 deletions(-) rename .github/workflows/{publish.yml => publish-release.yml} (70%) delete mode 100644 .github/workflows/publish-to-winget.yml delete mode 100644 .github/workflows/sentry.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish-release.yml similarity index 70% rename from .github/workflows/publish.yml rename to .github/workflows/publish-release.yml index f20022c91..99b7a2af7 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish-release.yml @@ -1,4 +1,4 @@ -name: Publish +name: Publish release run-name: Triggered by ${{ github.actor }} on: workflow_dispatch: @@ -79,6 +79,32 @@ jobs: -t ghcr.io/firezone/${{ steps.set-variables.outputs.artifact }}:latest \ $SOURCE_TAG + publish-clients-to-winget: + name: Publish ${{ matrix.identifier }} to winget + runs-on: windows-latest + strategy: + matrix: + include: + - identifier: Firezone.Client.GUI + tag_prefix: gui-client + - identifier: Firezone.Client.Headless + tag_prefix: headless-client + steps: + - id: get-version + run: | + version=${{ inputs.release_name || github.event.release.name }} + version=${version#${{ matrix.tag_prefix }}-} + echo "version=$version" >> "$GITHUB_OUTPUT" + shell: bash + - uses: vedantmgoyal9/winget-releaser@19e706d4c9121098010096f9c495a70a7518b30f # main + if: ${{ startsWith((inputs.release_name || github.event.release.name), matrix.tag_prefix) }} + with: + identifier: ${{ matrix.identifier }} + version: ${{ steps.get-version.outputs.version }} + token: ${{ secrets.WINGET_TOKEN }} + release-notes-url: https://firezone.dev/changelog + release-tag: ${{ inputs.release_name || github.event.release.tag_name || github.ref_name }} + create-publish-pr: runs-on: ubuntu-latest strategy: @@ -126,3 +152,31 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.RELEASE_PR_BOT_GITHUB_TOKEN }} RELEASE_PR_BOT_GPG_KEY: "${{ secrets.RELEASE_PR_BOT_GPG_KEY }}" + + create-sentry-release: + name: create_${{ matrix.component }}_sentry_release + runs-on: ubuntu-24.04 + strategy: + matrix: + # TODO: This hack is needed because the macOS client isn't tagged as `apple-client`. + include: + - component: gateway + projects: gateway + - component: gui-client + projects: gui-client + - component: headless-client + projects: headless-client + - component: macos-client + projects: apple-client + - component: android-client + projects: android-client + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + fetch-depth: 0 + - uses: ./.github/actions/create-sentry-release + if: ${{ startsWith(github.event.release.name, matrix.component) }} + with: + component: ${{ matrix.component }} + projects: ${{ matrix.projects }} + sentry_token: ${{ secrets.SENTRY_AUTH_TOKEN }} diff --git a/.github/workflows/publish-to-winget.yml b/.github/workflows/publish-to-winget.yml deleted file mode 100644 index f24bc9079..000000000 --- a/.github/workflows/publish-to-winget.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: Publish to WinGet -on: - workflow_dispatch: - inputs: - release_name: - description: "Release name to publish" - required: true - release: - types: - - published - -jobs: - publish_clients: - name: Publish ${{ matrix.identifier }} to winget - runs-on: windows-latest - strategy: - matrix: - include: - - identifier: Firezone.Client.GUI - tag_prefix: gui-client - - identifier: Firezone.Client.Headless - tag_prefix: headless-client - steps: - - id: get-version - run: | - version=${{ inputs.release_name || github.event.release.name }} - version=${version#${{ matrix.tag_prefix }}-} - echo "version=$version" >> "$GITHUB_OUTPUT" - shell: bash - - uses: vedantmgoyal9/winget-releaser@19e706d4c9121098010096f9c495a70a7518b30f # main - if: ${{ startsWith((inputs.release_name || github.event.release.name), matrix.tag_prefix) }} - with: - identifier: ${{ matrix.identifier }} - version: ${{ steps.get-version.outputs.version }} - token: ${{ secrets.WINGET_TOKEN }} - release-notes-url: https://firezone.dev/changelog - release-tag: ${{ inputs.release_name || github.event.release.tag_name || github.ref_name }} diff --git a/.github/workflows/sentry.yml b/.github/workflows/sentry.yml deleted file mode 100644 index fab34a116..000000000 --- a/.github/workflows/sentry.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: Create Sentry releases -run-name: Triggered by ${{ github.actor }} -on: - release: - types: - - published - -concurrency: - group: "publish-production-${{ github.event_name }}-${{ github.workflow }}-${{ github.ref }}" - cancel-in-progress: false - -jobs: - create_sentry_release: - name: create_${{ matrix.component }}_sentry_release - runs-on: ubuntu-24.04 - strategy: - matrix: - # TODO: This hack is needed because the macOS client isn't tagged as `apple-client`. - include: - - component: gateway - projects: gateway - - component: gui-client - projects: gui-client - - component: headless-client - projects: headless-client - - component: macos-client - projects: apple-client - - component: android-client - projects: android-client - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - fetch-depth: 0 - - uses: ./.github/actions/create-sentry-release - if: ${{ startsWith(github.event.release.name, matrix.component) }} - with: - component: ${{ matrix.component }} - projects: ${{ matrix.projects }} - sentry_token: ${{ secrets.SENTRY_AUTH_TOKEN }}