Skip to content

Commit

Permalink
test: Signing
Browse files Browse the repository at this point in the history
  • Loading branch information
techman83 committed Jul 5, 2024
1 parent c24fa56 commit 6dc9f81
Showing 1 changed file with 165 additions and 164 deletions.
329 changes: 165 additions & 164 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ on:
release:
types:
- created
push:

env:
AWS_S3_BUCKET: ksp-ckan
Expand Down Expand Up @@ -34,167 +35,167 @@ jobs:
artifact-configuration-slug: release
wait-for-completion: true

upload-nuget:
runs-on: ubuntu-latest
needs:
- test-release
- smoke-inflator
steps:
- name: Download out artifact
uses: actions/download-artifact@v4
with:
name: Release-out-unsigned
path: _build/out/
- name: Publish ckan.dll to NuGet
env:
NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
if: env.NUGET_API_KEY
run: |
curl -o nuget.exe -L 'https://dist.nuget.org/win-x86-commandline/v5.6.0/nuget.exe'
mono nuget.exe push _build/out/CKAN/Release/bin/*.nupkg ${{ secrets.NUGET_API_KEY }} -Source https://api.nuget.org/v3/index.json -SkipDuplicate
build-dmg:
runs-on: ubuntu-latest
needs:
- test-release
- smoke-inflator
steps:
- uses: actions/checkout@v4
- name: Install OSX build dependencies
run: sudo apt-get install -y libplist-utils xorriso
- name: Download repack artifact
uses: actions/download-artifact@v4
with:
name: Release-repack-unsigned
path: _build/repack/
- name: Build dmg
run: ./build osx --configuration=Release --exclusive
- name: Upload OSX release asset
run: gh release upload ${{ github.event.release.tag_name }} _build/osx/CKAN.dmg
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

build-deb:
runs-on: ubuntu-latest
needs:
- test-release
- smoke-inflator
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- uses: actions/checkout@v4
- name: Download repack artifact
uses: actions/download-artifact@v4
with:
name: Release-repack-unsigned
path: _build/repack/
- name: Set deb version
run: |
VERSION=$(echo "${{ github.event.release.tag_name }}" | tr -d "v")
echo "DEB_VERSION=${VERSION}.$(date +'%g%j')" >> $GITHUB_ENV
- name: Build deb
env:
CODENAME: stable
run: ./build deb --configuration=Release --exclusive
- name: Import GPG key
env:
DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }}
run: |
echo "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
if: ${{ env.DEBIAN_PRIVATE_KEY }}
- name: Sign deb release
env:
CODENAME: stable
DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }}
run: ./build deb-sign --configuration=Release --exclusive
if: ${{ env.DEBIAN_PRIVATE_KEY }}
- name: Push deb to S3
run: aws s3 sync _build/deb/apt-repo-root s3://${AWS_S3_BUCKET}/deb --follow-symlinks
- name: Push stable APT repo to S3
run: aws s3 sync _build/deb/apt-repo-dist s3://${AWS_S3_BUCKET}/deb/dists/stable --follow-symlinks
- name: Upload deb release asset
run: gh release upload ${{ github.event.release.tag_name }} _build/deb/ckan_${DEB_VERSION}_all.deb
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

build-rpm:
runs-on: ubuntu-latest
needs:
- test-release
- smoke-inflator
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- uses: actions/checkout@v4
- name: Install rpm build dependencies
run: sudo apt-get install -y createrepo-c
- name: Download repack artifact
uses: actions/download-artifact@v4
with:
name: Release-repack-unsigned
path: _build/repack/
- name: Set rpm version
run: |
VERSION=$(echo "${{ github.event.release.tag_name }}" | tr -d v)
echo "RPM_VERSION=${VERSION}.$(date +'%g%j')" >> $GITHUB_ENV
- name: Build rpm
run: ./build rpm --configuration=Release --exclusive
- name: Import GPG key
env:
DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }}
run: |
echo "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
- name: Build stable RPM repo
env:
CODENAME: stable
DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }}
run: ./build rpm-repo --configuration=Release --exclusive
if: ${{ env.DEBIAN_PRIVATE_KEY }}
- name: Push stable RPM repo to S3
run: aws s3 sync _build/rpm/repo s3://${AWS_S3_BUCKET}/rpm/stable --follow-symlinks
- name: Upload RPM release asset
run: gh release upload ${{ github.event.release.tag_name }} _build/rpm/RPMS/noarch/ckan-${RPM_VERSION}-1.noarch.rpm
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

upload-binaries:
runs-on: ubuntu-latest
needs:
- test-release
- smoke-inflator
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Download repack artifact
uses: actions/download-artifact@v4
with:
name: Release-repack-unsigned
path: _build/repack/
- name: Upload ckan.exe and AutoUpdater.exe release assets
run: gh release upload ${{ github.event.release.tag_name }} _build/repack/Release/ckan.exe _build/repack/Release/AutoUpdater.exe

notify-discord:
needs:
- test-release
- smoke-inflator
- build-dmg
- build-deb
- build-rpm
- upload-binaries
- upload-nuget
if: always()
uses: ./.github/workflows/notify.yml
with:
name: ${{ github.workflow }}
success: ${{ !contains(needs.*.result, 'failure') }}
secrets: inherit
# upload-nuget:
# runs-on: ubuntu-latest
# needs:
# - test-release
# - smoke-inflator
# steps:
# - name: Download out artifact
# uses: actions/download-artifact@v4
# with:
# name: Release-out-unsigned
# path: _build/out/
# - name: Publish ckan.dll to NuGet
# env:
# NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
# if: env.NUGET_API_KEY
# run: |
# curl -o nuget.exe -L 'https://dist.nuget.org/win-x86-commandline/v5.6.0/nuget.exe'
# mono nuget.exe push _build/out/CKAN/Release/bin/*.nupkg ${{ secrets.NUGET_API_KEY }} -Source https://api.nuget.org/v3/index.json -SkipDuplicate
#
# build-dmg:
# runs-on: ubuntu-latest
# needs:
# - test-release
# - smoke-inflator
# steps:
# - uses: actions/checkout@v4
# - name: Install OSX build dependencies
# run: sudo apt-get install -y libplist-utils xorriso
# - name: Download repack artifact
# uses: actions/download-artifact@v4
# with:
# name: Release-repack-unsigned
# path: _build/repack/
# - name: Build dmg
# run: ./build osx --configuration=Release --exclusive
# - name: Upload OSX release asset
# run: gh release upload ${{ github.event.release.tag_name }} _build/osx/CKAN.dmg
# env:
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
#
# build-deb:
# runs-on: ubuntu-latest
# needs:
# - test-release
# - smoke-inflator
# steps:
# - name: Configure AWS Credentials
# uses: aws-actions/configure-aws-credentials@v4
# with:
# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# aws-region: us-east-1
# - uses: actions/checkout@v4
# - name: Download repack artifact
# uses: actions/download-artifact@v4
# with:
# name: Release-repack-unsigned
# path: _build/repack/
# - name: Set deb version
# run: |
# VERSION=$(echo "${{ github.event.release.tag_name }}" | tr -d "v")
# echo "DEB_VERSION=${VERSION}.$(date +'%g%j')" >> $GITHUB_ENV
# - name: Build deb
# env:
# CODENAME: stable
# run: ./build deb --configuration=Release --exclusive
# - name: Import GPG key
# env:
# DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }}
# run: |
# echo "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import
# gpg --list-secret-keys --keyid-format LONG
# if: ${{ env.DEBIAN_PRIVATE_KEY }}
# - name: Sign deb release
# env:
# CODENAME: stable
# DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }}
# run: ./build deb-sign --configuration=Release --exclusive
# if: ${{ env.DEBIAN_PRIVATE_KEY }}
# - name: Push deb to S3
# run: aws s3 sync _build/deb/apt-repo-root s3://${AWS_S3_BUCKET}/deb --follow-symlinks
# - name: Push stable APT repo to S3
# run: aws s3 sync _build/deb/apt-repo-dist s3://${AWS_S3_BUCKET}/deb/dists/stable --follow-symlinks
# - name: Upload deb release asset
# run: gh release upload ${{ github.event.release.tag_name }} _build/deb/ckan_${DEB_VERSION}_all.deb
# env:
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
#
# build-rpm:
# runs-on: ubuntu-latest
# needs:
# - test-release
# - smoke-inflator
# steps:
# - name: Configure AWS Credentials
# uses: aws-actions/configure-aws-credentials@v4
# with:
# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# aws-region: us-east-1
# - uses: actions/checkout@v4
# - name: Install rpm build dependencies
# run: sudo apt-get install -y createrepo-c
# - name: Download repack artifact
# uses: actions/download-artifact@v4
# with:
# name: Release-repack-unsigned
# path: _build/repack/
# - name: Set rpm version
# run: |
# VERSION=$(echo "${{ github.event.release.tag_name }}" | tr -d v)
# echo "RPM_VERSION=${VERSION}.$(date +'%g%j')" >> $GITHUB_ENV
# - name: Build rpm
# run: ./build rpm --configuration=Release --exclusive
# - name: Import GPG key
# env:
# DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }}
# run: |
# echo "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import
# gpg --list-secret-keys --keyid-format LONG
# - name: Build stable RPM repo
# env:
# CODENAME: stable
# DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }}
# run: ./build rpm-repo --configuration=Release --exclusive
# if: ${{ env.DEBIAN_PRIVATE_KEY }}
# - name: Push stable RPM repo to S3
# run: aws s3 sync _build/rpm/repo s3://${AWS_S3_BUCKET}/rpm/stable --follow-symlinks
# - name: Upload RPM release asset
# run: gh release upload ${{ github.event.release.tag_name }} _build/rpm/RPMS/noarch/ckan-${RPM_VERSION}-1.noarch.rpm
# env:
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
#
# upload-binaries:
# runs-on: ubuntu-latest
# needs:
# - test-release
# - smoke-inflator
# env:
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# steps:
# - name: Download repack artifact
# uses: actions/download-artifact@v4
# with:
# name: Release-repack-unsigned
# path: _build/repack/
# - name: Upload ckan.exe and AutoUpdater.exe release assets
# run: gh release upload ${{ github.event.release.tag_name }} _build/repack/Release/ckan.exe _build/repack/Release/AutoUpdater.exe
#
# notify-discord:
# needs:
# - test-release
# - smoke-inflator
# - build-dmg
# - build-deb
# - build-rpm
# - upload-binaries
# - upload-nuget
# if: always()
# uses: ./.github/workflows/notify.yml
# with:
# name: ${{ github.workflow }}
# success: ${{ !contains(needs.*.result, 'failure') }}
# secrets: inherit

0 comments on commit 6dc9f81

Please sign in to comment.