Automate Github releases with Drone.

Jan 29, 2020
Last update: Sep 22, 2020
~ 3 min

If you have a project on github that has releases for code or binaries for example it might be a good idea to automate it. Not only this saved a lot of clicks and time, but also it makes releases predictable and therefore less prone to errors in the process.

For this article I will take my own project as the example here, but of course this can be applied to any project, written in whatever language and/or framework.

Also I will base this guide on Drone. But I’m sure there is the same workflow for jenkins/circle/whatever CI/CD system you are using.
This means I’m assuming you have a repository already running with Drone.

Photo by Franck V. on Unsplash

The first thing we will need is an access token for the Github API.
You can get them here https://github.com/settings/tokens. I called my Drone and you need to check the permissions for the repos as follows.

How to create a new token in Github

Copy the token and save it somewhere safe. You will see it only once.

We will add this token to our Drone repository settings. For that navigate to your drone instance and open the settings for the repository in question.

Add the token to Drone secrets

I’ve called my secret github and I have not allowed it in PRs. Otherwise a PR made by some random user could trigger a release. We don’t want that.

Now it’s time to edit our drone file and make everything automatic. The flow at the end will be as follows.

  1. Code, commit and develop
  2. When you are ready for the next release we create a tag
  3. Once a tag is created and pushed drone will automatically build and release that code attached to the tag.

Simple right? Lets see how!

# .drone.yml
---
kind: pipeline
name: default

steps:
- name: build
  image: node
  pull: always
  commands:
    - yarn
    - yarn run bin
  when:
    event: tag

- name: publish
  image: plugins/github-release
  pull: always
  settings:
    api_key:
      from_secret: github
    files: bin/*
    checksum:
      - sha512
    note: CHANGELOG.md
  when:
    event: tag
---
kind: signature
hmac: 3b1f235f6a6f0ee1aa3f572d0833c4f0eec931dbe0378f31b9efa336a7462912

...

Lets understand what is happening here:

First I’m building my project. In this case this is a standalone typescript executable build by pkg. The build binaries will be emitted into the ./bin folder. But it really does not matter. Could be anything.

Secondly we tell the Github release plugin what files we want to include in the release. In my case this was everything inside the bin folder. This can also be an array.

files:
  - dist/*
  - bin/binary.exe

The api_key includes the token, which we load from a secret so that we don’t simply put in the .drone.yml file, which could be a huge security issue!

The checksum setting is also amazing because as the name suggests the plugin automatically generates checksums for all the files. That is amazingly practical and there is no reason not to do that. You can choose a few hash functions but I would suggest simply going with sha512.

So how do a trigger a release now?

Simple! First tag your code with the following command

git tag 1.2.3

Now push the tag and drone will be on its way

git push --tags

Thats it! Hope it made your release journey easier 🙂