From 9a20fdecaaa524595bdd53f149914696db0100e2 Mon Sep 17 00:00:00 2001 From: Leon Wright Date: Sun, 18 Aug 2024 14:38:21 +0800 Subject: [PATCH] test: signpath release --- .github/workflows/release.yml | 329 +++++++++++++++++----------------- 1 file changed, 165 insertions(+), 164 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d1b05529c..e9d333745 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,6 +4,7 @@ on: release: types: - created + push: env: AWS_S3_BUCKET: ksp-ckan @@ -34,167 +35,167 @@ jobs: artifact-configuration-slug: release wait-for-completion: true - upload-nuget: - runs-on: ubuntu-latest - needs: - - test-release - - smoke-inflator - steps: - - name: Download out artifact - uses: actions/download-artifact@v4 - with: - name: Release-out-unsigned - path: _build/out/ - - name: Publish ckan.dll to NuGet - env: - NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }} - if: env.NUGET_API_KEY - run: | - curl -o nuget.exe -L 'https://dist.nuget.org/win-x86-commandline/v5.6.0/nuget.exe' - mono nuget.exe push _build/out/CKAN/Release/bin/*.nupkg ${{ secrets.NUGET_API_KEY }} -Source https://api.nuget.org/v3/index.json -SkipDuplicate - - build-dmg: - runs-on: ubuntu-latest - needs: - - test-release - - smoke-inflator - steps: - - uses: actions/checkout@v4 - - name: Install OSX build dependencies - run: sudo apt-get install -y libplist-utils xorriso - - name: Download repack artifact - uses: actions/download-artifact@v4 - with: - name: Release-repack-unsigned - path: _build/repack/ - - name: Build dmg - run: ./build osx --configuration=Release --exclusive - - name: Upload OSX release asset - run: gh release upload ${{ github.event.release.tag_name }} _build/osx/CKAN.dmg - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - build-deb: - runs-on: ubuntu-latest - needs: - - test-release - - smoke-inflator - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-1 - - uses: actions/checkout@v4 - - name: Download repack artifact - uses: actions/download-artifact@v4 - with: - name: Release-repack-unsigned - path: _build/repack/ - - name: Set deb version - run: | - VERSION=$(echo "${{ github.event.release.tag_name }}" | tr -d "v") - echo "DEB_VERSION=${VERSION}.$(date +'%g%j')" >> $GITHUB_ENV - - name: Build deb - env: - CODENAME: stable - run: ./build deb --configuration=Release --exclusive - - name: Import GPG key - env: - DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} - run: | - echo "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import - gpg --list-secret-keys --keyid-format LONG - if: ${{ env.DEBIAN_PRIVATE_KEY }} - - name: Sign deb release - env: - CODENAME: stable - DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} - run: ./build deb-sign --configuration=Release --exclusive - if: ${{ env.DEBIAN_PRIVATE_KEY }} - - name: Push deb to S3 - run: aws s3 sync _build/deb/apt-repo-root s3://${AWS_S3_BUCKET}/deb --follow-symlinks - - name: Push stable APT repo to S3 - run: aws s3 sync _build/deb/apt-repo-dist s3://${AWS_S3_BUCKET}/deb/dists/stable --follow-symlinks - - name: Upload deb release asset - run: gh release upload ${{ github.event.release.tag_name }} _build/deb/ckan_${DEB_VERSION}_all.deb - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - build-rpm: - runs-on: ubuntu-latest - needs: - - test-release - - smoke-inflator - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-1 - - uses: actions/checkout@v4 - - name: Install rpm build dependencies - run: sudo apt-get install -y createrepo-c - - name: Download repack artifact - uses: actions/download-artifact@v4 - with: - name: Release-repack-unsigned - path: _build/repack/ - - name: Set rpm version - run: | - VERSION=$(echo "${{ github.event.release.tag_name }}" | tr -d v) - echo "RPM_VERSION=${VERSION}.$(date +'%g%j')" >> $GITHUB_ENV - - name: Build rpm - run: ./build rpm --configuration=Release --exclusive - - name: Import GPG key - env: - DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} - run: | - echo "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import - gpg --list-secret-keys --keyid-format LONG - - name: Build stable RPM repo - env: - CODENAME: stable - DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} - run: ./build rpm-repo --configuration=Release --exclusive - if: ${{ env.DEBIAN_PRIVATE_KEY }} - - name: Push stable RPM repo to S3 - run: aws s3 sync _build/rpm/repo s3://${AWS_S3_BUCKET}/rpm/stable --follow-symlinks - - name: Upload RPM release asset - run: gh release upload ${{ github.event.release.tag_name }} _build/rpm/RPMS/noarch/ckan-${RPM_VERSION}-1.noarch.rpm - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - upload-binaries: - runs-on: ubuntu-latest - needs: - - test-release - - smoke-inflator - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - steps: - - name: Download repack artifact - uses: actions/download-artifact@v4 - with: - name: Release-repack-unsigned - path: _build/repack/ - - name: Upload ckan.exe and AutoUpdater.exe release assets - run: gh release upload ${{ github.event.release.tag_name }} _build/repack/Release/ckan.exe _build/repack/Release/AutoUpdater.exe - - notify-discord: - needs: - - test-release - - smoke-inflator - - build-dmg - - build-deb - - build-rpm - - upload-binaries - - upload-nuget - if: always() - uses: ./.github/workflows/notify.yml - with: - name: ${{ github.workflow }} - success: ${{ !contains(needs.*.result, 'failure') }} - secrets: inherit +# upload-nuget: +# runs-on: ubuntu-latest +# needs: +# - test-release +# - smoke-inflator +# steps: +# - name: Download out artifact +# uses: actions/download-artifact@v4 +# with: +# name: Release-out-unsigned +# path: _build/out/ +# - name: Publish ckan.dll to NuGet +# env: +# NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }} +# if: env.NUGET_API_KEY +# run: | +# curl -o nuget.exe -L 'https://dist.nuget.org/win-x86-commandline/v5.6.0/nuget.exe' +# mono nuget.exe push _build/out/CKAN/Release/bin/*.nupkg ${{ secrets.NUGET_API_KEY }} -Source https://api.nuget.org/v3/index.json -SkipDuplicate +# +# build-dmg: +# runs-on: ubuntu-latest +# needs: +# - test-release +# - smoke-inflator +# steps: +# - uses: actions/checkout@v4 +# - name: Install OSX build dependencies +# run: sudo apt-get install -y libplist-utils xorriso +# - name: Download repack artifact +# uses: actions/download-artifact@v4 +# with: +# name: Release-repack-unsigned +# path: _build/repack/ +# - name: Build dmg +# run: ./build osx --configuration=Release --exclusive +# - name: Upload OSX release asset +# run: gh release upload ${{ github.event.release.tag_name }} _build/osx/CKAN.dmg +# env: +# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +# +# build-deb: +# runs-on: ubuntu-latest +# needs: +# - test-release +# - smoke-inflator +# steps: +# - name: Configure AWS Credentials +# uses: aws-actions/configure-aws-credentials@v4 +# with: +# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} +# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} +# aws-region: us-east-1 +# - uses: actions/checkout@v4 +# - name: Download repack artifact +# uses: actions/download-artifact@v4 +# with: +# name: Release-repack-unsigned +# path: _build/repack/ +# - name: Set deb version +# run: | +# VERSION=$(echo "${{ github.event.release.tag_name }}" | tr -d "v") +# echo "DEB_VERSION=${VERSION}.$(date +'%g%j')" >> $GITHUB_ENV +# - name: Build deb +# env: +# CODENAME: stable +# run: ./build deb --configuration=Release --exclusive +# - name: Import GPG key +# env: +# DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} +# run: | +# echo "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import +# gpg --list-secret-keys --keyid-format LONG +# if: ${{ env.DEBIAN_PRIVATE_KEY }} +# - name: Sign deb release +# env: +# CODENAME: stable +# DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} +# run: ./build deb-sign --configuration=Release --exclusive +# if: ${{ env.DEBIAN_PRIVATE_KEY }} +# - name: Push deb to S3 +# run: aws s3 sync _build/deb/apt-repo-root s3://${AWS_S3_BUCKET}/deb --follow-symlinks +# - name: Push stable APT repo to S3 +# run: aws s3 sync _build/deb/apt-repo-dist s3://${AWS_S3_BUCKET}/deb/dists/stable --follow-symlinks +# - name: Upload deb release asset +# run: gh release upload ${{ github.event.release.tag_name }} _build/deb/ckan_${DEB_VERSION}_all.deb +# env: +# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +# +# build-rpm: +# runs-on: ubuntu-latest +# needs: +# - test-release +# - smoke-inflator +# steps: +# - name: Configure AWS Credentials +# uses: aws-actions/configure-aws-credentials@v4 +# with: +# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} +# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} +# aws-region: us-east-1 +# - uses: actions/checkout@v4 +# - name: Install rpm build dependencies +# run: sudo apt-get install -y createrepo-c +# - name: Download repack artifact +# uses: actions/download-artifact@v4 +# with: +# name: Release-repack-unsigned +# path: _build/repack/ +# - name: Set rpm version +# run: | +# VERSION=$(echo "${{ github.event.release.tag_name }}" | tr -d v) +# echo "RPM_VERSION=${VERSION}.$(date +'%g%j')" >> $GITHUB_ENV +# - name: Build rpm +# run: ./build rpm --configuration=Release --exclusive +# - name: Import GPG key +# env: +# DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} +# run: | +# echo "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import +# gpg --list-secret-keys --keyid-format LONG +# - name: Build stable RPM repo +# env: +# CODENAME: stable +# DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} +# run: ./build rpm-repo --configuration=Release --exclusive +# if: ${{ env.DEBIAN_PRIVATE_KEY }} +# - name: Push stable RPM repo to S3 +# run: aws s3 sync _build/rpm/repo s3://${AWS_S3_BUCKET}/rpm/stable --follow-symlinks +# - name: Upload RPM release asset +# run: gh release upload ${{ github.event.release.tag_name }} _build/rpm/RPMS/noarch/ckan-${RPM_VERSION}-1.noarch.rpm +# env: +# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +# +# upload-binaries: +# runs-on: ubuntu-latest +# needs: +# - test-release +# - smoke-inflator +# env: +# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +# steps: +# - name: Download repack artifact +# uses: actions/download-artifact@v4 +# with: +# name: Release-repack-unsigned +# path: _build/repack/ +# - name: Upload ckan.exe and AutoUpdater.exe release assets +# run: gh release upload ${{ github.event.release.tag_name }} _build/repack/Release/ckan.exe _build/repack/Release/AutoUpdater.exe +# +# notify-discord: +# needs: +# - test-release +# - smoke-inflator +# - build-dmg +# - build-deb +# - build-rpm +# - upload-binaries +# - upload-nuget +# if: always() +# uses: ./.github/workflows/notify.yml +# with: +# name: ${{ github.workflow }} +# success: ${{ !contains(needs.*.result, 'failure') }} +# secrets: inherit