From 6016e550a2a8fc46387b2725122ea852fc70c860 Mon Sep 17 00:00:00 2001
From: Kenneth Bingham <kenneth.bingham@netfoundry.io>
Date: Thu, 13 Jun 2024 09:38:15 -0400
Subject: [PATCH] call downstream workflows with version tag

---
 .github/workflows/main.yml    | 65 ++++++-----------------------------
 .github/workflows/release.yml | 40 ++++++++++++++++++++-
 RELEASING.md                  |  6 ++--
 3 files changed, 53 insertions(+), 58 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 03bb303e4..0eb0e6af4 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -461,21 +461,8 @@ jobs:
                 -path "./release/*/linux/ziti" \
             | xargs -0 chmod -c +x
 
-      - name: Publish GitHub Release
-        # forks need to run this step with their own GPG key because ziti-ci creates the GH release 
-        if: env.ziti_ci_gpg_key_id != null && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release-v'))
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          ziti_ci_gpg_key: ${{ secrets.ZITI_CI_GPG_KEY }}
-          ziti_ci_gpg_key_id: ${{ secrets.ZITI_CI_GPG_KEY_ID }}
-        shell: bash
-        run: |
-          $(go env GOPATH)/bin/ziti-ci configure-git
-          $(go env GOPATH)/bin/ziti-ci tag -v -f version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION}
-          $(go env GOPATH)/bin/ziti-ci publish-to-github --prerelease --archive-base ""
-
       # only ziti-ci computed version for release branches and {version}-{run_id} for non-release branches
-      - name: Compute the Ziti Version String used for Linux Packages and Container Image Tags
+      - name: Get next version for downstream release candidates
         id: get_version
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -493,27 +480,17 @@ jobs:
           echo "DEBUG: GITHUB_REPOSITORY=${GITHUB_REPOSITORY} GITHUB_REF=${GITHUB_REF} GITHUB_RUN_ID=${GITHUB_RUN_ID}"
           (set -x; git remote -v show;)
 
-          if [[ "${GITHUB_REF}" =~ ^refs/heads/(release-v|main$) ]]; then
-            # Set current tag as semver for release branches
-            ZITI_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-current-version)"
-
-            validateSemver "${ZITI_VERSION}"
+          # compute next patch level for non-release branches
+          ZITI_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-next-version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION})"
 
-            # drop the leading 'v', if any
-            ZITI_VERSION=${ZITI_VERSION#v}
-          else
-            # compute next patch level for non-release branches
-            ZITI_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-next-version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION})"
-
-            validateSemver "${ZITI_VERSION}"
+          validateSemver "${ZITI_VERSION}"
 
-            # drop the leading 'v', if any, and append run id
-            ZITI_VERSION=${ZITI_VERSION#v}-${GITHUB_RUN_ID}
-          fi
+          # drop the leading 'v', if any, and append run id
+          ZITI_VERSION=${ZITI_VERSION#v}-${GITHUB_RUN_ID}
 
           echo ZITI_VERSION="${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT
 
-  call-publish-prerelease-docker-images:
+  call-publish-docker-images:
     # - !cancelled() allows evaluating further conditional expressions even if
     #   needed jobs were skipped
     if: ${{
@@ -521,31 +498,13 @@ jobs:
       && needs.publish.result == 'success'
       && github.ref == 'refs/heads/release-next'
       }}
-    name: Publish Pre-Release Docker Images
+    name: Publish Release Next Docker Images
     needs: publish
     uses: ./.github/workflows/publish-docker-images.yml
     secrets: inherit
     with:
       ziti-tag: release-next
 
-  call-publish-release-docker-images:
-    # - !cancelled() allows evaluating further conditional expressions even if
-    #   needed jobs were skipped
-    if: ${{
-      !cancelled()
-      && needs.publish.result == 'success'
-      && (
-      github.ref == 'refs/heads/main'
-      || startsWith(github.ref, 'refs/heads/release-v')
-      )
-      }}
-    name: Publish Release Docker Images
-    needs: publish
-    uses: ./.github/workflows/publish-docker-images.yml
-    secrets: inherit
-    with:
-      ziti-tag: ${{ needs.publish.outputs.ZITI_VERSION }}
-
   # call on release-next and release branches to publish linux packages to
   # "testing" and "release" package repos in Artifactory
   call-publish-linux-packages:
@@ -554,13 +513,9 @@ jobs:
     if: ${{
       !cancelled()
       && needs.publish.result == 'success'
-      && (
-      github.ref == 'refs/heads/main'
-      || startsWith(github.ref, 'refs/heads/release-v')
-      || github.ref == 'refs/heads/release-next'
-      )
+      && github.ref == 'refs/heads/release-next'
       }}
-    name: Publish Linux Packages
+    name: Publish Release Next Linux Packages
     needs: publish
     uses: ./.github/workflows/publish-linux-packages.yml
     secrets: inherit
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index fe6766d28..6d1663604 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -147,8 +147,13 @@ jobs:
 
   publish:
     name: Publish Binaries
-    runs-on: ubuntu-20.04
+    if: ${{
+      !cancelled()
+      && (needs.mac-os-build.result == 'success' || needs.mac-os-build.result == 'skipped')
+      && (needs.windows-build.result == 'success' || needs.windows-build.result == 'skipped')
+      }}
     needs: [ tests, linux-build, mac-os-build, windows-build ]
+    runs-on: ubuntu-20.04
     outputs:
       ZITI_VERSION: ${{ steps.get_version.outputs.ZITI_VERSION }}
     steps:
@@ -217,3 +222,36 @@ jobs:
         run: |
           $(go env GOPATH)/bin/ziti-ci configure-git
           $(go env GOPATH)/bin/ziti-ci publish-to-github -t --prerelease --archive-base ""
+
+      # only ziti-ci computed version for release branches and {version}-{run_id} for non-release branches
+      - name: Compute the Ziti Version String used for Linux Packages and Container Image Tags
+        id: get_version
+        shell: bash
+        run: |
+          # drop the leading 'v', if any
+          ZITI_VERSION=${GITHUB_REF_NAME#v}
+          echo ZITI_VERSION="${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT
+
+  call-publish-docker-images:
+    # - !cancelled() allows evaluating further conditional expressions even if
+    #   needed jobs were skipped
+    if: ${{ !cancelled() && needs.publish.result == 'success' }}
+    name: Publish Release Docker Images
+    needs: publish
+    uses: ./.github/workflows/publish-docker-images.yml
+    secrets: inherit
+    with:
+      ziti-tag: ${{ needs.publish.outputs.ZITI_VERSION }}
+
+  # call on release-next and release branches to publish linux packages to
+  # "testing" and "release" package repos in Artifactory
+  call-publish-linux-packages:
+    # - !cancelled() allows evaluating further conditional expressions even if
+    #   needed jobs were skipped
+    if: ${{ !cancelled() && needs.publish.result == 'success' }}
+    name: Publish Linux Packages
+    needs: publish
+    uses: ./.github/workflows/publish-linux-packages.yml
+    secrets: inherit
+    with:
+      ziti-version: ${{ needs.publish.outputs.ZITI_VERSION }}
diff --git a/RELEASING.md b/RELEASING.md
index 171d90bc4..991284dd5 100644
--- a/RELEASING.md
+++ b/RELEASING.md
@@ -63,8 +63,10 @@ Perform these steps in PR branches based on release-next (trunk).
 
 Perform these steps in the release-next (trunk) branch which is based on main to release Ziti.
 
-1. Create a PR to merge release-next to main. Release happens by merging from the release-next branch to main.
-2. Ensure PR checks succeed.
+1. Create a PR to merge release-next to main.
+1. Ensure PR checks succeed.
+1. PreRelease happens by pushing a tag like v* on the HEAD of main.
+1. After burn-in, mark the release as "latest" in GitHub to promote downstreams.
 
 ## Downstreams