Automate Github releases with Drone.
Last update: Dec 24, 2021
If you have a project on github that has releases for code or binaries for example it might be a good idea to automate it. Not only this saved a lot of clicks and time, but also it makes releases predictable and therefore less prone to errors in the process.
For this article I will take my own project as the example here, but of course this can be applied to any project, written in whatever language and/or framework.
Also I will base this guide on Drone. But I’m sure there is the same workflow for jenkins/circle/whatever CI/CD system you are using.
This means I’m assuming you have a repository already running with Drone.
The first thing we will need is an access token for the Github API.
You can get them here https://github.com/settings/tokens. I called my Drone
and you need to check the permissions for the repos as follows.
Copy the token and save it somewhere safe. You will see it only once.
We will add this token to our Drone repository settings. For that navigate to your drone instance and open the settings for the repository in question.
I’ve called my secret github
and I have not allowed it in PRs. Otherwise a PR made by some random user could trigger a release. We don’t want that.
Now it’s time to edit our drone file and make everything automatic. The flow at the end will be as follows.
- Code, commit and develop
- When you are ready for the next release we create a tag
- Once a tag is created and pushed drone will automatically build and release that code attached to the tag.
Simple right? Lets see how!
# .drone.yml
---
kind: pipeline
name: default
steps:
- name: build
image: node
pull: always
commands:
- yarn
- yarn run bin
when:
event: tag
- name: publish
image: plugins/github-release
pull: always
settings:
api_key:
from_secret: github
files: bin/*
checksum:
- sha512
note: CHANGELOG.md
when:
event: tag
---
kind: signature
hmac: 3b1f235f6a6f0ee1aa3f572d0833c4f0eec931dbe0378f31b9efa336a7462912
...
Lets understand what is happening here:
First I’m building my project. In this case this is a standalone typescript executable build by pkg. The build binaries will be emitted into the ./bin
folder. But it really does not matter. Could be anything.
Secondly we tell the Github release plugin what files we want to include in the release. In my case this was everything inside the bin
folder. This can also be an array.
files:
- dist/*
- bin/binary.exe
The api_key
includes the token, which we load from a secret so that we don’t simply put in the .drone.yml
file, which could be a huge security issue!
The checksum
setting is also amazing because as the name suggests the plugin automatically generates checksums for all the files. That is amazingly practical and there is no reason not to do that. You can choose a few hash functions but I would suggest simply going with sha512
.
So how do a trigger a release now?
Simple! First tag your code with the following command
git tag 1.2.3
Now push the tag and drone will be on its way
git push --tags
Thats it! Hope it made your release journey easier 🙂