diff --git a/.github/workflows/release-10_branchoff-stable.yml b/.github/workflows/release-10_branchoff-stable.yml index 945a734394a8c..135b9c9908b53 100644 --- a/.github/workflows/release-10_branchoff-stable.yml +++ b/.github/workflows/release-10_branchoff-stable.yml @@ -140,11 +140,4 @@ jobs: uses: ./.github/workflows/release-11_rc-automation.yml with: version: polkadot-${{ needs.validate-inputs.outputs.stable_version }} - secrets: - PGP_KMS_SIGN_COMMITS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }} - PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - RELEASE_AUTOMATION_APP_PRIVATE_KEY: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }} - RELEASENOTES_MATRIX_V2_ACCESS_TOKEN: ${{ secrets.RELEASENOTES_MATRIX_V2_ACCESS_TOKEN }} + secrets: inherit diff --git a/.github/workflows/release-11_rc-automation.yml b/.github/workflows/release-11_rc-automation.yml index 6c393482a7728..470f20bc6a19b 100644 --- a/.github/workflows/release-11_rc-automation.yml +++ b/.github/workflows/release-11_rc-automation.yml @@ -9,21 +9,6 @@ on: version: description: Current release/rc version in format polkadot-stableYYMM type: string - secrets: - PGP_KMS_SIGN_COMMITS_KEY: - required: true - PGP_KMS_HASH: - required: true - AWS_ACCESS_KEY_ID: - required: true - AWS_SECRET_ACCESS_KEY: - required: true - AWS_DEFAULT_REGION: - required: true - RELEASE_AUTOMATION_APP_PRIVATE_KEY: - required: true - RELEASENOTES_MATRIX_V2_ACCESS_TOKEN: - required: true jobs: tag_rc: diff --git a/.github/workflows/release-60_create-old-release-tag.yml b/.github/workflows/release-60_create-old-release-tag.yml new file mode 100644 index 0000000000000..a39e36502419f --- /dev/null +++ b/.github/workflows/release-60_create-old-release-tag.yml @@ -0,0 +1,63 @@ +name: Release - Create polkadot-vX.YY.Z tag +# This workflow creates a final release tag in the old format (e.g. polkadot-v1.20.0) for a published release. + +on: + release: + types: published + +jobs: + create-old-release-tag: + runs-on: parity-default + environment: release + env: + PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }} + PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + + steps: + - name: Install pgpkkms + run: | + # Install pgpkms that is used to sign commits + pip install git+https://github.com/paritytech-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151 + + - name: Generate content write token for the release automation + id: generate_write_token + uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + with: + app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }} + private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }} + owner: paritytech + + - name: Checkout + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + ref: ${{ github.event.release.tag_name }} + token: ${{ steps.generate_write_token.outputs.token }} + + - name: Import gpg keys + run: | + . ./.github/scripts/common/lib.sh + + import_gpg_keys + + - name: Config git + run: | + git config --global commit.gpgsign true + git config --global gpg.program /home/runner/.local/bin/pgpkms-git + git config --global user.name "ParityReleases" + git config --global user.email "release-team@parity.io" + git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51" + + - name: Create old release tag + env: + GH_TOKEN: ${{ steps.generate_write_token.outputs.token }} + run: | + . ./.github/scripts/common/lib.sh + + version=$(get_polkadot_node_version_from_code) + echo "Extracted node version: $version" + + git tag -s "polkadot-v${version}" -m "Old release tag polkadot-v${version}" + git push origin "polkadot-v${version}"