test: Signing #38
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create Release Assets | |
on: | |
release: | |
types: | |
- created | |
push: | |
env: | |
AWS_S3_BUCKET: ksp-ckan | |
jobs: | |
test-release: | |
uses: ./.github/workflows/test.yml | |
smoke-inflator: | |
uses: ./.github/workflows/smoke.yml | |
sign-release: | |
runs-on: ubuntu-latest | |
needs: | |
- test-release | |
- smoke-inflator | |
outputs: | |
artifact-url: ${{steps.sign.outputs.signing-request-id }} | |
steps: | |
- uses: signpath/[email protected] | |
id: sign | |
with: | |
api-token: ${{ secrets.SIGNPATH_API_TOKEN }} | |
organization-id: 0cd9fc3f-b78d-4214-b152-b2e93c952e14 | |
project-slug: CKAN | |
signing-policy-slug: test-signing | |
github-artifact-id: ${{ needs.smoke-release.outputs.repack-artifact-id }} | |
artifact-configuration-slug: release | |
wait-for-completion: true | |
# upload-nuget: | |
# runs-on: ubuntu-latest | |
# needs: | |
# - test-release | |
# - smoke-inflator | |
# steps: | |
# - name: Download out artifact | |
# uses: actions/download-artifact@v4 | |
# with: | |
# name: Release-out-unsigned | |
# path: _build/out/ | |
# - name: Publish ckan.dll to NuGet | |
# env: | |
# NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }} | |
# if: env.NUGET_API_KEY | |
# run: | | |
# curl -o nuget.exe -L 'https://dist.nuget.org/win-x86-commandline/v5.6.0/nuget.exe' | |
# mono nuget.exe push _build/out/CKAN/Release/bin/*.nupkg ${{ secrets.NUGET_API_KEY }} -Source https://api.nuget.org/v3/index.json -SkipDuplicate | |
# | |
# build-dmg: | |
# runs-on: ubuntu-latest | |
# needs: | |
# - test-release | |
# - smoke-inflator | |
# steps: | |
# - uses: actions/checkout@v4 | |
# - name: Install OSX build dependencies | |
# run: sudo apt-get install -y libplist-utils xorriso | |
# - name: Download repack artifact | |
# uses: actions/download-artifact@v4 | |
# with: | |
# name: Release-repack-unsigned | |
# path: _build/repack/ | |
# - name: Build dmg | |
# run: ./build osx --configuration=Release --exclusive | |
# - name: Upload OSX release asset | |
# run: gh release upload ${{ github.event.release.tag_name }} _build/osx/CKAN.dmg | |
# env: | |
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# | |
# build-deb: | |
# runs-on: ubuntu-latest | |
# needs: | |
# - test-release | |
# - smoke-inflator | |
# steps: | |
# - name: Configure AWS Credentials | |
# uses: aws-actions/configure-aws-credentials@v4 | |
# with: | |
# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
# aws-region: us-east-1 | |
# - uses: actions/checkout@v4 | |
# - name: Download repack artifact | |
# uses: actions/download-artifact@v4 | |
# with: | |
# name: Release-repack-unsigned | |
# path: _build/repack/ | |
# - name: Set deb version | |
# run: | | |
# VERSION=$(echo "${{ github.event.release.tag_name }}" | tr -d "v") | |
# echo "DEB_VERSION=${VERSION}.$(date +'%g%j')" >> $GITHUB_ENV | |
# - name: Build deb | |
# env: | |
# CODENAME: stable | |
# run: ./build deb --configuration=Release --exclusive | |
# - name: Import GPG key | |
# env: | |
# DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} | |
# run: | | |
# echo "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import | |
# gpg --list-secret-keys --keyid-format LONG | |
# if: ${{ env.DEBIAN_PRIVATE_KEY }} | |
# - name: Sign deb release | |
# env: | |
# CODENAME: stable | |
# DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} | |
# run: ./build deb-sign --configuration=Release --exclusive | |
# if: ${{ env.DEBIAN_PRIVATE_KEY }} | |
# - name: Push deb to S3 | |
# run: aws s3 sync _build/deb/apt-repo-root s3://${AWS_S3_BUCKET}/deb --follow-symlinks | |
# - name: Push stable APT repo to S3 | |
# run: aws s3 sync _build/deb/apt-repo-dist s3://${AWS_S3_BUCKET}/deb/dists/stable --follow-symlinks | |
# - name: Upload deb release asset | |
# run: gh release upload ${{ github.event.release.tag_name }} _build/deb/ckan_${DEB_VERSION}_all.deb | |
# env: | |
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# | |
# build-rpm: | |
# runs-on: ubuntu-latest | |
# needs: | |
# - test-release | |
# - smoke-inflator | |
# steps: | |
# - name: Configure AWS Credentials | |
# uses: aws-actions/configure-aws-credentials@v4 | |
# with: | |
# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
# aws-region: us-east-1 | |
# - uses: actions/checkout@v4 | |
# - name: Install rpm build dependencies | |
# run: sudo apt-get install -y createrepo-c | |
# - name: Download repack artifact | |
# uses: actions/download-artifact@v4 | |
# with: | |
# name: Release-repack-unsigned | |
# path: _build/repack/ | |
# - name: Set rpm version | |
# run: | | |
# VERSION=$(echo "${{ github.event.release.tag_name }}" | tr -d v) | |
# echo "RPM_VERSION=${VERSION}.$(date +'%g%j')" >> $GITHUB_ENV | |
# - name: Build rpm | |
# run: ./build rpm --configuration=Release --exclusive | |
# - name: Import GPG key | |
# env: | |
# DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} | |
# run: | | |
# echo "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import | |
# gpg --list-secret-keys --keyid-format LONG | |
# - name: Build stable RPM repo | |
# env: | |
# CODENAME: stable | |
# DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} | |
# run: ./build rpm-repo --configuration=Release --exclusive | |
# if: ${{ env.DEBIAN_PRIVATE_KEY }} | |
# - name: Push stable RPM repo to S3 | |
# run: aws s3 sync _build/rpm/repo s3://${AWS_S3_BUCKET}/rpm/stable --follow-symlinks | |
# - name: Upload RPM release asset | |
# run: gh release upload ${{ github.event.release.tag_name }} _build/rpm/RPMS/noarch/ckan-${RPM_VERSION}-1.noarch.rpm | |
# env: | |
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# | |
# upload-binaries: | |
# runs-on: ubuntu-latest | |
# needs: | |
# - test-release | |
# - smoke-inflator | |
# env: | |
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# steps: | |
# - name: Download repack artifact | |
# uses: actions/download-artifact@v4 | |
# with: | |
# name: Release-repack-unsigned | |
# path: _build/repack/ | |
# - name: Upload ckan.exe and AutoUpdater.exe release assets | |
# run: gh release upload ${{ github.event.release.tag_name }} _build/repack/Release/ckan.exe _build/repack/Release/AutoUpdater.exe | |
# | |
# notify-discord: | |
# needs: | |
# - test-release | |
# - smoke-inflator | |
# - build-dmg | |
# - build-deb | |
# - build-rpm | |
# - upload-binaries | |
# - upload-nuget | |
# if: always() | |
# uses: ./.github/workflows/notify.yml | |
# with: | |
# name: ${{ github.workflow }} | |
# success: ${{ !contains(needs.*.result, 'failure') }} | |
# secrets: inherit |