Skip to content

Commit

Permalink
again
Browse files Browse the repository at this point in the history
  • Loading branch information
Jesse Schmidt committed Oct 2, 2024
1 parent 28633f2 commit 3c274f0
Showing 1 changed file with 114 additions and 70 deletions.
184 changes: 114 additions & 70 deletions .github/workflows/create-prerelease.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,11 @@ on:


jobs:
build-and-release:
build:
outputs:
version: ${{ steps.save-version.outputs.version }}
rpm-version: ${{ steps.save-version.outputs.rpm-version }}
artifacts: ${{ steps.save-version.outputs.artifacts }}
runs-on: macos-13
steps:
- name: "Git checkout"
Expand All @@ -37,16 +41,7 @@ jobs:
/usr/local/bin/brew install python-tk@3.11 || echo "I1.5"
for i in dpkg zip make wget jq rpm python3.11; do command -v $i || exit 1; done
echo "Dependencies checked"
- name: setup GPG
uses: aerospike/shared-workflows/devops/setup-gpg@pvinh-gpg-sign-example
with:
gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }}
gpg-key-pass: ${{ secrets.GPG_PASS }}
gpg-key-name: "aerospike-inc"
- name: Install GPG
run: |
apt update && apt install ca-certificates && apt install gnupg -y
- name: Get go version from go.mod
run: |
echo "GO_VERSION=$(grep '^go ' go.mod | cut -d " " -f 2)" >> $GITHUB_ENV
Expand Down Expand Up @@ -144,81 +139,130 @@ jobs:
export asvec_installsigner="${xasvec_installsigner}"
export asvec_teamid="${xasvec_teamid}"
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin && cd ~/work/asvec/asvec && make macos-build-all && make macos-notarize-all
- name: Store Artifact in Env Var
- name: Save Version
id: save-version
run: |
VER=$(cat VERSION.md)
echo VER=${VER} >> $GITHUB_ENV
echo version=${VER} >> $GITHUB_OUTPUT
RPM_VER=$(echo ${VER} | sed 's/-/_/g')
echo RPM_VER=${RPM_VER} >> $GITHUB_ENV
echo rpm-verion=${RPM_VER} >> $GITHUB_OUTPUT
ARTIFACTS="asvec-linux-amd64-${VER}.deb asvec-linux-amd64-${RPM_VER}.rpm asvec-linux-amd64-${VER}.zip asvec-linux-arm64-${VER}.deb asvec-linux-arm64-${RPM_VER}.rpm asvec-linux-arm64-${VER}.zip asvec-macos-${VER}.pkg asvec-macos-amd64-${VER}.zip asvec-macos-arm64-${VER}.zip asvec-windows-amd64-${VER}.zip asvec-windows-arm64-${VER}.zip"
echo "ARTIFACTS=${ARTIFACTS}" >> $GITHUB_ENV
echo "artifacts=${ARTIFACTS}" >> $GITHUB_OUTPUT
RPM_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.rpm$' | tr '\n' ' ')
echo "RPM_ARTIFACTS=${RPM_ARTIFACTS}" >> $GITHUB_ENV
- name: "Upload Artifacts"
uses: actions/upload-artifact@v4
with:
name: asvec-artifacts
path: ~/work/asvec/asvec/bin/packages/asvec-*

DEB_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.deb$' | tr '\n' ' ')
echo "DEB_ARTIFACTS=${DEB_ARTIFACTS}" >> $GITHUB_ENV


ZIP_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.zip$' | tr '\n' ' ')
echo "ZIP_ARTIFACTS=${ZIP_ARTIFACTS}" >> $GITHUB_ENV
sign:
needs: build
runs-on: ubuntu-latest
steps:
- name: "Download Artifacts"
uses: actions/download-artifact@v4
with:
name: asvec-artifacts
- name: setup GPG
uses: aerospike/shared-workflows/devops/setup-gpg@pvinh-gpg-sign-example
with:
gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }}
gpg-key-pass: ${{ secrets.GPG_PASS }}
gpg-key-name: "aerospike-inc"
- name: Install GPG
run: |
apt update && apt install ca-certificates && apt install gnupg -y
- name: Store Artifact in Env Var
run: |
# VER=$(cat VERSION.md)
# echo VER=${VER} >> $GITHUB_ENV
PKG_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.pkg$' | tr '\n' ' ')
echo "PKG_ARTIFACTS=${PKG_ARTIFACTS}" >> $GITHUB_ENV
# RPM_VER=$(echo ${VER} | sed 's/-/_/g')
# echo RPM_VER=${RPM_VER} >> $GITHUB_ENV
SHA256_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.sha256"; done | tr '\n' ' ')
echo "SHA256_FILES=${SHA256_FILES}" >> $GITHUB_ENV
# ARTIFACTS="asvec-linux-amd64-${VER}.deb asvec-linux-amd64-${RPM_VER}.rpm asvec-linux-amd64-${VER}.zip asvec-linux-arm64-${VER}.deb asvec-linux-arm64-${RPM_VER}.rpm asvec-linux-arm64-${VER}.zip asvec-macos-${VER}.pkg asvec-macos-amd64-${VER}.zip asvec-macos-arm64-${VER}.zip asvec-windows-amd64-${VER}.zip asvec-windows-arm64-${VER}.zip"
# echo "ARTIFACTS=${ARTIFACTS}" >> $GITHUB_ENV
ASC_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.asc"; done | tr '\n' ' ')
echo "ASC_FILES=${ASC_FILES}" >> $GITHUB_ENV
- name: Create Checksums
run: |
cd ~/work/asvec/asvec/bin/packages
for pkg in ${ARTIFACTS}; do
shasum -a 256 $pkg > ${pkg}.sha256
done
RPM_ARTIFACTS=$(echo "${{needs.build.outputs.artifacts}}" | tr ' ' '\n' | grep '\.rpm$' | tr '\n' ' ')
echo "RPM_ARTIFACTS=${RPM_ARTIFACTS}" >> $GITHUB_ENV
- name: GPG Sign All Files
env:
GPG_TTY: no-tty
GPG_PASSPHRASE: ${{ secrets.GPG_PASS }}
run: |
cd ~/work/asvec/asvec/bin/packages
DEB_ARTIFACTS=$(echo "${{needs.build.outputs.artifacts}}" | tr ' ' '\n' | grep '\.deb$' | tr '\n' ' ')
echo "DEB_ARTIFACTS=${DEB_ARTIFACTS}" >> $GITHUB_ENV
rpm --addsign ${RPM_ARTIFACTS}
rpm --checksig ${RPM_ARTIFACTS}
ZIP_ARTIFACTS=$(echo "${{needs.build.outputs.artifacts}}" | tr ' ' '\n' | grep '\.zip$' | tr '\n' ' ')
echo "ZIP_ARTIFACTS=${ZIP_ARTIFACTS}" >> $GITHUB_ENV
depkg-sig --sign builder ${DEB_ARTIFACTS}
depkg-sig --verify ${DEB_ARTIFACTS}
PKG_ARTIFACTS=$(echo "${{needs.build.outputs.artifacts}}" | tr ' ' '\n' | grep '\.pkg$' | tr '\n' ' ')
echo "PKG_ARTIFACTS=${PKG_ARTIFACTS}" >> $GITHUB_ENV
for file in ${ZIP_ARTIFACTS} ${PKG_ARTIFACTS}; do
gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}"
gpg --verify "${file}.asc" "${file}"
done
- name: "Create a new pre-release"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
SHA256_FILES=$(for pkg in ${{needs.build.outputs.artifacts}}; do echo "${pkg}.sha256"; done | tr '\n' ' ')
echo "SHA256_FILES=${SHA256_FILES}" >> $GITHUB_ENV
ASC_FILES=$(for pkg in ${{needs.build.outputs.artifacts}}; do echo "${pkg}.asc"; done | tr '\n' ' ')
echo "ASC_FILES=${ASC_FILES}" >> $GITHUB_ENV
- name: Create Checksums
run: |
cd ~/work/asvec/asvec/bin/packages
for pkg in ${{needs.build.outputs.artifacts}}; do
shasum -a 256 $pkg > ${pkg}.sha256
done
- name: GPG Sign All Files
env:
GPG_TTY: no-tty
GPG_PASSPHRASE: ${{ secrets.GPG_PASS }}
run: |
cd ~/work/asvec/asvec/bin/packages
rpm --addsign ${RPM_ARTIFACTS}
rpm --checksig ${RPM_ARTIFACTS}
depkg-sig --sign builder ${DEB_ARTIFACTS}
depkg-sig --verify ${DEB_ARTIFACTS}
for file in ${ZIP_ARTIFACTS} ${PKG_ARTIFACTS}; do
gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}"
gpg --verify "${file}.asc" "${file}"
done
release:
needs:
- sign
- build
runs-on: ubuntu-latest
steps:
- name: "Download Artifacts"
uses: actions/download-artifact@v4
with:
name: asvec-artifacts
- name: "Create a new pre-release"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -e
cd ~/work/asvec/asvec/bin/packages
TAG=${{needs.build.outputs.version}}
FULLCOMMIT=$(git rev-parse HEAD)
gh release create -R github.com/aerospike/asvec --prerelease --target ${FULLCOMMIT} --title "Asvec - ${TAG}" ${TAG} ${ARTIFACTS} ${SHA256_FILES} ${ASC_FILES}
- name: "Delete previous pre-release"
env:
TAG: ${{ inputs.version }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DELPREV: ${{ inputs.deletePrevBuild }}
run: |
if [ "${DELPREV}" = "true" ]; then
set -e
cd ~/work/asvec/asvec/bin/packages
TAG=${VER}
FULLCOMMIT=$(git rev-parse HEAD)
gh release create -R github.com/aerospike/asvec --notes-file ../../RELEASE.md --prerelease --target ${FULLCOMMIT} --title "Asvec - ${TAG}" ${TAG} ${ARTIFACTS} ${SHA256_FILES} ${ASC_FILES}
- name: "Delete previous pre-release"
env:
TAG: ${{ inputs.version }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DELPREV: ${{ inputs.deletePrevBuild }}
run: |
if [ "${DELPREV}" = "true" ]; then
set -e
gh release list -R github.com/aerospike/asvec -L 100 | grep Pre-release | awk -F'\t' '{print $3}' | while read -r line; do
if [ "$line" != "${TAG}" ]; then
if [[ "$line" == "${TAG}-SNAPSHOT-"* ]]; then
echo "Removing $line"
gh release delete "$line" -R github.com/aerospike/asvec --yes --cleanup-tag
fi
gh release list -R github.com/aerospike/asvec -L 100 | grep Pre-release | awk -F'\t' '{print $3}' | while read -r line; do
if [ "$line" != "${TAG}" ]; then
if [[ "$line" == "${TAG}-SNAPSHOT-"* ]]; then
echo "Removing $line"
gh release delete "$line" -R github.com/aerospike/asvec --yes --cleanup-tag
fi
done
fi
done
fi

0 comments on commit 3c274f0

Please sign in to comment.