Skip to content

test: Signing

test: Signing #38

Workflow file for this run

name: Create Release Assets
on:
release:
types:
- created
push:
env:
AWS_S3_BUCKET: ksp-ckan
jobs:
test-release:
uses: ./.github/workflows/test.yml
smoke-inflator:
uses: ./.github/workflows/smoke.yml
sign-release:
runs-on: ubuntu-latest
needs:
- test-release
- smoke-inflator
outputs:
artifact-url: ${{steps.sign.outputs.signing-request-id }}
steps:
- uses: signpath/[email protected]
id: sign
with:
api-token: ${{ secrets.SIGNPATH_API_TOKEN }}
organization-id: 0cd9fc3f-b78d-4214-b152-b2e93c952e14
project-slug: CKAN
signing-policy-slug: test-signing
github-artifact-id: ${{ needs.smoke-release.outputs.repack-artifact-id }}
artifact-configuration-slug: release
wait-for-completion: true
# upload-nuget:
# runs-on: ubuntu-latest
# needs:
# - test-release
# - smoke-inflator
# steps:
# - name: Download out artifact
# uses: actions/download-artifact@v4
# with:
# name: Release-out-unsigned
# path: _build/out/
# - name: Publish ckan.dll to NuGet
# env:
# NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
# if: env.NUGET_API_KEY
# run: |
# curl -o nuget.exe -L 'https://dist.nuget.org/win-x86-commandline/v5.6.0/nuget.exe'
# mono nuget.exe push _build/out/CKAN/Release/bin/*.nupkg ${{ secrets.NUGET_API_KEY }} -Source https://api.nuget.org/v3/index.json -SkipDuplicate
#
# build-dmg:
# runs-on: ubuntu-latest
# needs:
# - test-release
# - smoke-inflator
# steps:
# - uses: actions/checkout@v4
# - name: Install OSX build dependencies
# run: sudo apt-get install -y libplist-utils xorriso
# - name: Download repack artifact
# uses: actions/download-artifact@v4
# with:
# name: Release-repack-unsigned
# path: _build/repack/
# - name: Build dmg
# run: ./build osx --configuration=Release --exclusive
# - name: Upload OSX release asset
# run: gh release upload ${{ github.event.release.tag_name }} _build/osx/CKAN.dmg
# env:
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
#
# build-deb:
# runs-on: ubuntu-latest
# needs:
# - test-release
# - smoke-inflator
# steps:
# - name: Configure AWS Credentials
# uses: aws-actions/configure-aws-credentials@v4
# with:
# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# aws-region: us-east-1
# - uses: actions/checkout@v4
# - name: Download repack artifact
# uses: actions/download-artifact@v4
# with:
# name: Release-repack-unsigned
# path: _build/repack/
# - name: Set deb version
# run: |
# VERSION=$(echo "${{ github.event.release.tag_name }}" | tr -d "v")
# echo "DEB_VERSION=${VERSION}.$(date +'%g%j')" >> $GITHUB_ENV
# - name: Build deb
# env:
# CODENAME: stable
# run: ./build deb --configuration=Release --exclusive
# - name: Import GPG key
# env:
# DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }}
# run: |
# echo "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import
# gpg --list-secret-keys --keyid-format LONG
# if: ${{ env.DEBIAN_PRIVATE_KEY }}
# - name: Sign deb release
# env:
# CODENAME: stable
# DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }}
# run: ./build deb-sign --configuration=Release --exclusive
# if: ${{ env.DEBIAN_PRIVATE_KEY }}
# - name: Push deb to S3
# run: aws s3 sync _build/deb/apt-repo-root s3://${AWS_S3_BUCKET}/deb --follow-symlinks
# - name: Push stable APT repo to S3
# run: aws s3 sync _build/deb/apt-repo-dist s3://${AWS_S3_BUCKET}/deb/dists/stable --follow-symlinks
# - name: Upload deb release asset
# run: gh release upload ${{ github.event.release.tag_name }} _build/deb/ckan_${DEB_VERSION}_all.deb
# env:
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
#
# build-rpm:
# runs-on: ubuntu-latest
# needs:
# - test-release
# - smoke-inflator
# steps:
# - name: Configure AWS Credentials
# uses: aws-actions/configure-aws-credentials@v4
# with:
# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# aws-region: us-east-1
# - uses: actions/checkout@v4
# - name: Install rpm build dependencies
# run: sudo apt-get install -y createrepo-c
# - name: Download repack artifact
# uses: actions/download-artifact@v4
# with:
# name: Release-repack-unsigned
# path: _build/repack/
# - name: Set rpm version
# run: |
# VERSION=$(echo "${{ github.event.release.tag_name }}" | tr -d v)
# echo "RPM_VERSION=${VERSION}.$(date +'%g%j')" >> $GITHUB_ENV
# - name: Build rpm
# run: ./build rpm --configuration=Release --exclusive
# - name: Import GPG key
# env:
# DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }}
# run: |
# echo "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import
# gpg --list-secret-keys --keyid-format LONG
# - name: Build stable RPM repo
# env:
# CODENAME: stable
# DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }}
# run: ./build rpm-repo --configuration=Release --exclusive
# if: ${{ env.DEBIAN_PRIVATE_KEY }}
# - name: Push stable RPM repo to S3
# run: aws s3 sync _build/rpm/repo s3://${AWS_S3_BUCKET}/rpm/stable --follow-symlinks
# - name: Upload RPM release asset
# run: gh release upload ${{ github.event.release.tag_name }} _build/rpm/RPMS/noarch/ckan-${RPM_VERSION}-1.noarch.rpm
# env:
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
#
# upload-binaries:
# runs-on: ubuntu-latest
# needs:
# - test-release
# - smoke-inflator
# env:
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# steps:
# - name: Download repack artifact
# uses: actions/download-artifact@v4
# with:
# name: Release-repack-unsigned
# path: _build/repack/
# - name: Upload ckan.exe and AutoUpdater.exe release assets
# run: gh release upload ${{ github.event.release.tag_name }} _build/repack/Release/ckan.exe _build/repack/Release/AutoUpdater.exe
#
# notify-discord:
# needs:
# - test-release
# - smoke-inflator
# - build-dmg
# - build-deb
# - build-rpm
# - upload-binaries
# - upload-nuget
# if: always()
# uses: ./.github/workflows/notify.yml
# with:
# name: ${{ github.workflow }}
# success: ${{ !contains(needs.*.result, 'failure') }}
# secrets: inherit