Use the Publish to BCR reusable GitHub workflow #1731
Conversation
Updates `.github/workflows/release.yml` and adds `publish-to-bcr.yml` for publishing to the Bazel Central Registry. Part of bazel-contrib#1482 (originally broken out from bazel-contrib#1722). `release.yml` now uses the `release_ruleset` workflow from `bazel-contrib/.github`, which does everything `release.yml` did previously and adds SLSA provenance attestations. `release.yml` then invokes the new `publish-to-bcr.yml` workflow after publishing a successful release to GitHub. Requires that the `BCR_PUBLISH_TOKEN` GitHub secret and the `registry_fork` specified in `.github/workflows/publish-to-bcr.yml` are in place. See `.bcr/README.md` for all the details and references. --- This will enable automated publishing to https://registry.bazel.build/.
|
@simuons @liucijus I believe if you're OK with the transfer to the bazel-contrib org, per #1616, then we can apply this change first before merging (@meteorcloudy please check me on this): diff --git i/.github/workflows/publish-to-bcr.yml w/.github/workflows/publish-to-bcr.yml
index 8f51b975..b5ebd076 100644
--- i/.github/workflows/publish-to-bcr.yml
+++ w/.github/workflows/publish-to-bcr.yml
@@ -28,7 +28,7 @@ jobs:
with:
tag_name: ${{ inputs.tag_name }}
# bazelbuild/bazel-central-registry fork used to open a pull request.
- registry_fork: simuons/bazel-central-registry
+ registry_fork: bazel-contrib/bazel-central-registry
permissions:
attestations: write
contents: writeAlso, it's essential that #1730 lands before we actually publish to the BCR. |
.github/workflows/publish-to-bcr.yml
Outdated
|
|
||
| jobs: | ||
| publish-to-bcr: | ||
| uses: bazel-contrib/publish-to-bcr/.github/workflows/[email protected] |
There was a problem hiding this comment.
@kormide Thanks, done in 7f2594d.
BTW, I see release_ruleset.yaml is at v7.2.2. Is it worth updating to that, too? At a first quick glance, it doesn't look like the API has changed.
There was a problem hiding this comment.
Probably not load bearing for your case, but it does have some fixes so worth upgrading.
There was a problem hiding this comment.
Thanks, also done in b27b6b5.
Suggested by @kormide in bazel-contrib#1731.
Recommended by @kormide based on my question in bazel-contrib#1731.
@meteorcloudy confirmed the transfer of the repo to the bazel-contrib org in bazel-contrib#1616. Transfering ownership before publishing the release will streamline publishing to the Bazel Central Registry by avoiding the need for a personal bazel-central-registry fork.
|
@simuons @liucijus I set the That just leaves creating the |
|
BTW, I just noticed another a bunch of similar errors in the CI build to the one I noted in 900847b earlier today: WARNING: Download from
https://github.com/bufbuild/buf/releases/download/v1.27.0/protoc-gen-buf-lint-Windows-x86_64.exe
failed: class java.io.IOException GET returned 618 jwt:jwt-not-providedInteresting that it looks like some invented a HTTP 618 error code somewhere. |
Suggested by @kormide in bazelbuild#1731.
Recommended by @kormide based on my question in bazel-contrib#1731.
|
I think the github infra is a bit unstable recently, I'm also seeing similar issue in bazel builds. |
Description
Updates
.github/workflows/release.ymland addspublish-to-bcr.ymlfor publishing to the Bazel Central Registry. Part of #1482 (originally broken out from #1722).release.ymlnow uses therelease_rulesetworkflow frombazel-contrib/.github, which does everythingrelease.ymldid previously and adds SLSA provenance attestations.release.ymlthen invokes the newpublish-to-bcr.ymlworkflow after publishing a successful release to GitHub.Requires that the
BCR_PUBLISH_TOKENGitHub secret and theregistry_forkspecified in.github/workflows/publish-to-bcr.ymlare in place.See
.bcr/README.mdfor all the details and references.Motivation
This will enable automated publishing to https://registry.bazel.build/.