From 6cea750239bf57c81fad6d563cadc27a30a6cc98 Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Tue, 1 Oct 2024 16:37:31 -0700 Subject: [PATCH 01/21] ci: Add GPG signing to pre-release workflow --- .github/workflows/create-prerelease.yml | 85 +++++++++++++++++++------ 1 file changed, 65 insertions(+), 20 deletions(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index 6a63a57..7a55640 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -17,9 +17,6 @@ on: type: boolean - # push: - # branches: - # - "update-go" jobs: build-and-release: runs-on: macos-13 @@ -137,35 +134,83 @@ jobs: export asvec_installsigner="${xasvec_installsigner}" export asvec_teamid="${xasvec_teamid}" export PATH=$PATH:/usr/local/bin:/usr/local/go/bin && cd ~/work/asvec/asvec && make macos-build-all && make macos-notarize-all + - name: Store Artifact in Env Var + run: | + ARTIFACTS="asvec-linux-amd64-${VER}.deb asvec-linux-amd64-${RPM_VER}.rpm asvec-linux-amd64-${VER}.zip asvec-linux-arm64-${VER}.deb asvec-linux-arm64-${RPM_VER}.rpm asvec-linux-arm64-${VER}.zip asvec-macos-${VER}.pkg asvec-macos-amd64-${VER}.zip asvec-macos-arm64-${VER}.zip asvec-windows-amd64-${VER}.zip asvec-windows-arm64-${VER}.zip" + echo "ARTIFACTS=${ARTIFACTS}" >> $GITHUB_ENV + echo VER=$(cat ../../VERSION.md) >> $GITHUB_ENV + echo RPM_VER=$(echo ${VER} | sed 's/-/_/g') >> $GITHUB_ENV + + RPM_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.rpm$' | tr '\n' ' ') + echo "RPM_ARTIFACTS=${RPM_ARTIFACTS}" >> $GITHUB_ENV + + DEB_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.deb$' | tr '\n' ' ') + echo "DEB_ARTIFACTS=${DEB_ARTIFACTS}" >> $GITHUB_ENV + + ZIP_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.zip$' | tr '\n' ' ') + echo "ZIP_ARTIFACTS=${ZIP_ARTIFACTS}" >> $GITHUB_ENV + + PKG_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.pkg$' | tr '\n' ' ') + echo "PKG_ARTIFACTS=${PKG_ARTIFACTS}" >> $GITHUB_ENV + + SHA256_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.sha256"; done | tr '\n' ' ') + echo "SHA256_FILES=${SHA256_FILES}" >> $GITHUB_ENV + + ASC_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.asc"; done | tr '\n' ' ') + echo "ASC_FILES=${ASC_FILES}" >> $GITHUB_ENV + - name: Create Checksums + run: | + cd ~/work/asvec/asvec/bin/packages + for pkg in ${ARTIFACTS}; do + shasum -a 256 $pkg > ${pkg}.sha256 + done + - name: Install GPG + run: sudo apt-get update && sudo apt-get install ca-certificates && sudo apt-get install gnupg -y + - name: setup GPG + uses: aerospike/shared-workflows/devops/setup-gpg@pvinh-gpg-sign-example + with: + gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} + gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }} + gpg-key-pass: ${{ secrets.GPG_PASS }} + gpg-key-name: "aerospike-inc" + - name: GPG Sign All Files + env: + GPG_TTY: no-tty + GPG_PASSPHRASE: ${{ secrets.GPG_PASS }} + run: | + rpm --addsign ${RPM_ARTIFACTS} + rpm --checksig ${RPM_ARTIFACTS} + + depkg-sig --sign builder ${DEB_ARTIFACTS} + depkg-sig --verify ${DEB_ARTIFACTS} + + for file in ${ZIP_ARTIFACTS} ${PKG_ARTIFACTS}; do + gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}" + gpg --verify "${file}.asc" "${file}" + done - name: "Create a new pre-release" env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | set -e cd ~/work/asvec/asvec/bin/packages - VER=$(cat ../../VERSION.md) - RPM_VER=$(echo ${VER} | sed 's/-/_/g') TAG=${VER} FULLCOMMIT=$(git rev-parse HEAD) - gh release create -R github.com/aerospike/asvec --notes-file ../../RELEASE.md --prerelease --target ${FULLCOMMIT} --title "Asvec - ${TAG}" ${TAG} asvec-linux-amd64-${VER}.deb asvec-linux-amd64-${RPM_VER}.rpm asvec-linux-amd64-${VER}.zip asvec-linux-arm64-${VER}.deb asvec-linux-arm64-${RPM_VER}.rpm asvec-linux-arm64-${VER}.zip asvec-macos-${VER}.pkg asvec-macos-amd64-${VER}.zip asvec-macos-arm64-${VER}.zip asvec-windows-amd64-${VER}.zip asvec-windows-arm64-${VER}.zip + gh release create -R github.com/aerospike/asvec --notes-file ../../RELEASE.md --prerelease --target ${FULLCOMMIT} --title "Asvec - ${TAG}" ${TAG} ${ARTIFACTS} ${SHA256_FILES} ${ASC_FILES} - name: "Delete previous pre-release" env: TAG: ${{ inputs.version }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} DELPREV: ${{ inputs.deletePrevBuild }} - run: | - if [ "${DELPREV}" = "true" ] - then - set -e - gh release list -R github.com/aerospike/asvec -L 100 |grep Pre-release |awk -F'\t' '{print $3}' |while read line - do - if [ "$line" != "${TAG}" ] - then - if [[ $line =~ ^${TAG}- ]] - then - echo "Removing $line" - gh release delete $line -R github.com/aerospike/asvec --yes --cleanup-tag + run: | + if [ "${DELPREV}" = "true" ]; then + set -e + gh release list -R github.com/aerospike/asvec -L 100 | grep Pre-release | awk -F'\t' '{print $3}' | while read -r line; do + if [ "$line" != "${TAG}" ]; then + if [[ "$line" == "${TAG}-SNAPSHOT-"* ]]; then + echo "Removing $line" + gh release delete "$line" -R github.com/aerospike/asvec --yes --cleanup-tag fi fi - done - fi \ No newline at end of file + done + fi From a082870bb551b89ab01fadd5c064c7b319271536 Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Tue, 1 Oct 2024 16:39:15 -0700 Subject: [PATCH 02/21] fix formatting --- .github/workflows/create-prerelease.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index 7a55640..550d212 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -202,15 +202,15 @@ jobs: TAG: ${{ inputs.version }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} DELPREV: ${{ inputs.deletePrevBuild }} - run: | - if [ "${DELPREV}" = "true" ]; then - set -e - gh release list -R github.com/aerospike/asvec -L 100 | grep Pre-release | awk -F'\t' '{print $3}' | while read -r line; do - if [ "$line" != "${TAG}" ]; then - if [[ "$line" == "${TAG}-SNAPSHOT-"* ]]; then - echo "Removing $line" - gh release delete "$line" -R github.com/aerospike/asvec --yes --cleanup-tag - fi + run: | + if [ "${DELPREV}" = "true" ]; then + set -e + gh release list -R github.com/aerospike/asvec -L 100 | grep Pre-release | awk -F'\t' '{print $3}' | while read -r line; do + if [ "$line" != "${TAG}" ]; then + if [[ "$line" == "${TAG}-SNAPSHOT-"* ]]; then + echo "Removing $line" + gh release delete "$line" -R github.com/aerospike/asvec --yes --cleanup-tag fi - done fi + done + fi From 73bbdf2ea39ae2fe1ee4f4f1c9d96b380448cda3 Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Tue, 1 Oct 2024 16:46:15 -0700 Subject: [PATCH 03/21] again --- .github/workflows/create-prerelease.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index 550d212..a9c5676 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -136,10 +136,10 @@ jobs: export PATH=$PATH:/usr/local/bin:/usr/local/go/bin && cd ~/work/asvec/asvec && make macos-build-all && make macos-notarize-all - name: Store Artifact in Env Var run: | - ARTIFACTS="asvec-linux-amd64-${VER}.deb asvec-linux-amd64-${RPM_VER}.rpm asvec-linux-amd64-${VER}.zip asvec-linux-arm64-${VER}.deb asvec-linux-arm64-${RPM_VER}.rpm asvec-linux-arm64-${VER}.zip asvec-macos-${VER}.pkg asvec-macos-amd64-${VER}.zip asvec-macos-arm64-${VER}.zip asvec-windows-amd64-${VER}.zip asvec-windows-arm64-${VER}.zip" - echo "ARTIFACTS=${ARTIFACTS}" >> $GITHUB_ENV echo VER=$(cat ../../VERSION.md) >> $GITHUB_ENV echo RPM_VER=$(echo ${VER} | sed 's/-/_/g') >> $GITHUB_ENV + ARTIFACTS="asvec-linux-amd64-${VER}.deb asvec-linux-amd64-${RPM_VER}.rpm asvec-linux-amd64-${VER}.zip asvec-linux-arm64-${VER}.deb asvec-linux-arm64-${RPM_VER}.rpm asvec-linux-arm64-${VER}.zip asvec-macos-${VER}.pkg asvec-macos-amd64-${VER}.zip asvec-macos-arm64-${VER}.zip asvec-windows-amd64-${VER}.zip asvec-windows-arm64-${VER}.zip" + echo "ARTIFACTS=${ARTIFACTS}" >> $GITHUB_ENV RPM_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.rpm$' | tr '\n' ' ') echo "RPM_ARTIFACTS=${RPM_ARTIFACTS}" >> $GITHUB_ENV @@ -178,6 +178,8 @@ jobs: GPG_TTY: no-tty GPG_PASSPHRASE: ${{ secrets.GPG_PASS }} run: | + cd ~/work/asvec/asvec/bin/packages + rpm --addsign ${RPM_ARTIFACTS} rpm --checksig ${RPM_ARTIFACTS} From 7ab80a63dd7558626dba47068d87b37ce9a53cf3 Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Tue, 1 Oct 2024 16:54:15 -0700 Subject: [PATCH 04/21] fix --- .github/workflows/create-prerelease.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index a9c5676..30f88ed 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -136,8 +136,12 @@ jobs: export PATH=$PATH:/usr/local/bin:/usr/local/go/bin && cd ~/work/asvec/asvec && make macos-build-all && make macos-notarize-all - name: Store Artifact in Env Var run: | - echo VER=$(cat ../../VERSION.md) >> $GITHUB_ENV - echo RPM_VER=$(echo ${VER} | sed 's/-/_/g') >> $GITHUB_ENV + VER=$(cat ../../VERSION.md) + echo VER=${VER} >> $GITHUB_ENV + + RPM_VER=$(echo ${VER} | sed 's/-/_/g') + echo RPM_VER=${RPM_VER} >> $GITHUB_ENV + ARTIFACTS="asvec-linux-amd64-${VER}.deb asvec-linux-amd64-${RPM_VER}.rpm asvec-linux-amd64-${VER}.zip asvec-linux-arm64-${VER}.deb asvec-linux-arm64-${RPM_VER}.rpm asvec-linux-arm64-${VER}.zip asvec-macos-${VER}.pkg asvec-macos-amd64-${VER}.zip asvec-macos-arm64-${VER}.zip asvec-windows-amd64-${VER}.zip asvec-windows-arm64-${VER}.zip" echo "ARTIFACTS=${ARTIFACTS}" >> $GITHUB_ENV From a5f992c6a134fc1182ab4b9ffe8e1faa00dc0629 Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Tue, 1 Oct 2024 17:02:21 -0700 Subject: [PATCH 05/21] again --- .github/workflows/create-prerelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index 30f88ed..263b36d 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -136,7 +136,7 @@ jobs: export PATH=$PATH:/usr/local/bin:/usr/local/go/bin && cd ~/work/asvec/asvec && make macos-build-all && make macos-notarize-all - name: Store Artifact in Env Var run: | - VER=$(cat ../../VERSION.md) + VER=$(cat VERSION.md) echo VER=${VER} >> $GITHUB_ENV RPM_VER=$(echo ${VER} | sed 's/-/_/g') From 320a86e585881dbc9c78150d3ef7d6c62d6e7af0 Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Tue, 1 Oct 2024 17:14:11 -0700 Subject: [PATCH 06/21] again --- .github/workflows/create-prerelease.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index 263b36d..e924e34 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -169,7 +169,8 @@ jobs: shasum -a 256 $pkg > ${pkg}.sha256 done - name: Install GPG - run: sudo apt-get update && sudo apt-get install ca-certificates && sudo apt-get install gnupg -y + run: | + apt update && apt install ca-certificates && apt install gnupg -y - name: setup GPG uses: aerospike/shared-workflows/devops/setup-gpg@pvinh-gpg-sign-example with: From 28633f2df49d3478124495966c61f7540c4c05eb Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Tue, 1 Oct 2024 17:31:23 -0700 Subject: [PATCH 07/21] again --- .github/workflows/create-prerelease.yml | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index e924e34..bb3f56f 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -37,6 +37,16 @@ jobs: /usr/local/bin/brew install python-tk@3.11 || echo "I1.5" for i in dpkg zip make wget jq rpm python3.11; do command -v $i || exit 1; done echo "Dependencies checked" + - name: setup GPG + uses: aerospike/shared-workflows/devops/setup-gpg@pvinh-gpg-sign-example + with: + gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} + gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }} + gpg-key-pass: ${{ secrets.GPG_PASS }} + gpg-key-name: "aerospike-inc" + - name: Install GPG + run: | + apt update && apt install ca-certificates && apt install gnupg -y - name: Get go version from go.mod run: | echo "GO_VERSION=$(grep '^go ' go.mod | cut -d " " -f 2)" >> $GITHUB_ENV @@ -168,16 +178,7 @@ jobs: for pkg in ${ARTIFACTS}; do shasum -a 256 $pkg > ${pkg}.sha256 done - - name: Install GPG - run: | - apt update && apt install ca-certificates && apt install gnupg -y - - name: setup GPG - uses: aerospike/shared-workflows/devops/setup-gpg@pvinh-gpg-sign-example - with: - gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} - gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }} - gpg-key-pass: ${{ secrets.GPG_PASS }} - gpg-key-name: "aerospike-inc" + - name: GPG Sign All Files env: GPG_TTY: no-tty From 3c274f07c5f4c2d0516c5d96a8ee1d64d85ad03f Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Wed, 2 Oct 2024 10:36:24 -0700 Subject: [PATCH 08/21] again --- .github/workflows/create-prerelease.yml | 184 +++++++++++++++--------- 1 file changed, 114 insertions(+), 70 deletions(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index bb3f56f..441beb7 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -18,7 +18,11 @@ on: jobs: - build-and-release: + build: + outputs: + version: ${{ steps.save-version.outputs.version }} + rpm-version: ${{ steps.save-version.outputs.rpm-version }} + artifacts: ${{ steps.save-version.outputs.artifacts }} runs-on: macos-13 steps: - name: "Git checkout" @@ -37,16 +41,7 @@ jobs: /usr/local/bin/brew install python-tk@3.11 || echo "I1.5" for i in dpkg zip make wget jq rpm python3.11; do command -v $i || exit 1; done echo "Dependencies checked" - - name: setup GPG - uses: aerospike/shared-workflows/devops/setup-gpg@pvinh-gpg-sign-example - with: - gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} - gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }} - gpg-key-pass: ${{ secrets.GPG_PASS }} - gpg-key-name: "aerospike-inc" - - name: Install GPG - run: | - apt update && apt install ca-certificates && apt install gnupg -y + - name: Get go version from go.mod run: | echo "GO_VERSION=$(grep '^go ' go.mod | cut -d " " -f 2)" >> $GITHUB_ENV @@ -144,81 +139,130 @@ jobs: export asvec_installsigner="${xasvec_installsigner}" export asvec_teamid="${xasvec_teamid}" export PATH=$PATH:/usr/local/bin:/usr/local/go/bin && cd ~/work/asvec/asvec && make macos-build-all && make macos-notarize-all - - name: Store Artifact in Env Var + - name: Save Version + id: save-version run: | VER=$(cat VERSION.md) - echo VER=${VER} >> $GITHUB_ENV + echo version=${VER} >> $GITHUB_OUTPUT RPM_VER=$(echo ${VER} | sed 's/-/_/g') - echo RPM_VER=${RPM_VER} >> $GITHUB_ENV + echo rpm-verion=${RPM_VER} >> $GITHUB_OUTPUT ARTIFACTS="asvec-linux-amd64-${VER}.deb asvec-linux-amd64-${RPM_VER}.rpm asvec-linux-amd64-${VER}.zip asvec-linux-arm64-${VER}.deb asvec-linux-arm64-${RPM_VER}.rpm asvec-linux-arm64-${VER}.zip asvec-macos-${VER}.pkg asvec-macos-amd64-${VER}.zip asvec-macos-arm64-${VER}.zip asvec-windows-amd64-${VER}.zip asvec-windows-arm64-${VER}.zip" - echo "ARTIFACTS=${ARTIFACTS}" >> $GITHUB_ENV + echo "artifacts=${ARTIFACTS}" >> $GITHUB_OUTPUT - RPM_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.rpm$' | tr '\n' ' ') - echo "RPM_ARTIFACTS=${RPM_ARTIFACTS}" >> $GITHUB_ENV + - name: "Upload Artifacts" + uses: actions/upload-artifact@v4 + with: + name: asvec-artifacts + path: ~/work/asvec/asvec/bin/packages/asvec-* - DEB_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.deb$' | tr '\n' ' ') - echo "DEB_ARTIFACTS=${DEB_ARTIFACTS}" >> $GITHUB_ENV + - ZIP_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.zip$' | tr '\n' ' ') - echo "ZIP_ARTIFACTS=${ZIP_ARTIFACTS}" >> $GITHUB_ENV + sign: + needs: build + runs-on: ubuntu-latest + steps: + - name: "Download Artifacts" + uses: actions/download-artifact@v4 + with: + name: asvec-artifacts + - name: setup GPG + uses: aerospike/shared-workflows/devops/setup-gpg@pvinh-gpg-sign-example + with: + gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} + gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }} + gpg-key-pass: ${{ secrets.GPG_PASS }} + gpg-key-name: "aerospike-inc" + - name: Install GPG + run: | + apt update && apt install ca-certificates && apt install gnupg -y + - name: Store Artifact in Env Var + run: | + # VER=$(cat VERSION.md) + # echo VER=${VER} >> $GITHUB_ENV - PKG_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.pkg$' | tr '\n' ' ') - echo "PKG_ARTIFACTS=${PKG_ARTIFACTS}" >> $GITHUB_ENV + # RPM_VER=$(echo ${VER} | sed 's/-/_/g') + # echo RPM_VER=${RPM_VER} >> $GITHUB_ENV - SHA256_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.sha256"; done | tr '\n' ' ') - echo "SHA256_FILES=${SHA256_FILES}" >> $GITHUB_ENV + # ARTIFACTS="asvec-linux-amd64-${VER}.deb asvec-linux-amd64-${RPM_VER}.rpm asvec-linux-amd64-${VER}.zip asvec-linux-arm64-${VER}.deb asvec-linux-arm64-${RPM_VER}.rpm asvec-linux-arm64-${VER}.zip asvec-macos-${VER}.pkg asvec-macos-amd64-${VER}.zip asvec-macos-arm64-${VER}.zip asvec-windows-amd64-${VER}.zip asvec-windows-arm64-${VER}.zip" + # echo "ARTIFACTS=${ARTIFACTS}" >> $GITHUB_ENV - ASC_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.asc"; done | tr '\n' ' ') - echo "ASC_FILES=${ASC_FILES}" >> $GITHUB_ENV - - name: Create Checksums - run: | - cd ~/work/asvec/asvec/bin/packages - for pkg in ${ARTIFACTS}; do - shasum -a 256 $pkg > ${pkg}.sha256 - done + RPM_ARTIFACTS=$(echo "${{needs.build.outputs.artifacts}}" | tr ' ' '\n' | grep '\.rpm$' | tr '\n' ' ') + echo "RPM_ARTIFACTS=${RPM_ARTIFACTS}" >> $GITHUB_ENV - - name: GPG Sign All Files - env: - GPG_TTY: no-tty - GPG_PASSPHRASE: ${{ secrets.GPG_PASS }} - run: | - cd ~/work/asvec/asvec/bin/packages + DEB_ARTIFACTS=$(echo "${{needs.build.outputs.artifacts}}" | tr ' ' '\n' | grep '\.deb$' | tr '\n' ' ') + echo "DEB_ARTIFACTS=${DEB_ARTIFACTS}" >> $GITHUB_ENV - rpm --addsign ${RPM_ARTIFACTS} - rpm --checksig ${RPM_ARTIFACTS} + ZIP_ARTIFACTS=$(echo "${{needs.build.outputs.artifacts}}" | tr ' ' '\n' | grep '\.zip$' | tr '\n' ' ') + echo "ZIP_ARTIFACTS=${ZIP_ARTIFACTS}" >> $GITHUB_ENV - depkg-sig --sign builder ${DEB_ARTIFACTS} - depkg-sig --verify ${DEB_ARTIFACTS} + PKG_ARTIFACTS=$(echo "${{needs.build.outputs.artifacts}}" | tr ' ' '\n' | grep '\.pkg$' | tr '\n' ' ') + echo "PKG_ARTIFACTS=${PKG_ARTIFACTS}" >> $GITHUB_ENV - for file in ${ZIP_ARTIFACTS} ${PKG_ARTIFACTS}; do - gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}" - gpg --verify "${file}.asc" "${file}" - done - - name: "Create a new pre-release" - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | + SHA256_FILES=$(for pkg in ${{needs.build.outputs.artifacts}}; do echo "${pkg}.sha256"; done | tr '\n' ' ') + echo "SHA256_FILES=${SHA256_FILES}" >> $GITHUB_ENV + + ASC_FILES=$(for pkg in ${{needs.build.outputs.artifacts}}; do echo "${pkg}.asc"; done | tr '\n' ' ') + echo "ASC_FILES=${ASC_FILES}" >> $GITHUB_ENV + - name: Create Checksums + run: | + cd ~/work/asvec/asvec/bin/packages + for pkg in ${{needs.build.outputs.artifacts}}; do + shasum -a 256 $pkg > ${pkg}.sha256 + done + + - name: GPG Sign All Files + env: + GPG_TTY: no-tty + GPG_PASSPHRASE: ${{ secrets.GPG_PASS }} + run: | + cd ~/work/asvec/asvec/bin/packages + + rpm --addsign ${RPM_ARTIFACTS} + rpm --checksig ${RPM_ARTIFACTS} + + depkg-sig --sign builder ${DEB_ARTIFACTS} + depkg-sig --verify ${DEB_ARTIFACTS} + + for file in ${ZIP_ARTIFACTS} ${PKG_ARTIFACTS}; do + gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}" + gpg --verify "${file}.asc" "${file}" + done + + release: + needs: + - sign + - build + runs-on: ubuntu-latest + steps: + - name: "Download Artifacts" + uses: actions/download-artifact@v4 + with: + name: asvec-artifacts + - name: "Create a new pre-release" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + set -e + cd ~/work/asvec/asvec/bin/packages + TAG=${{needs.build.outputs.version}} + FULLCOMMIT=$(git rev-parse HEAD) + gh release create -R github.com/aerospike/asvec --prerelease --target ${FULLCOMMIT} --title "Asvec - ${TAG}" ${TAG} ${ARTIFACTS} ${SHA256_FILES} ${ASC_FILES} + - name: "Delete previous pre-release" + env: + TAG: ${{ inputs.version }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + DELPREV: ${{ inputs.deletePrevBuild }} + run: | + if [ "${DELPREV}" = "true" ]; then set -e - cd ~/work/asvec/asvec/bin/packages - TAG=${VER} - FULLCOMMIT=$(git rev-parse HEAD) - gh release create -R github.com/aerospike/asvec --notes-file ../../RELEASE.md --prerelease --target ${FULLCOMMIT} --title "Asvec - ${TAG}" ${TAG} ${ARTIFACTS} ${SHA256_FILES} ${ASC_FILES} - - name: "Delete previous pre-release" - env: - TAG: ${{ inputs.version }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - DELPREV: ${{ inputs.deletePrevBuild }} - run: | - if [ "${DELPREV}" = "true" ]; then - set -e - gh release list -R github.com/aerospike/asvec -L 100 | grep Pre-release | awk -F'\t' '{print $3}' | while read -r line; do - if [ "$line" != "${TAG}" ]; then - if [[ "$line" == "${TAG}-SNAPSHOT-"* ]]; then - echo "Removing $line" - gh release delete "$line" -R github.com/aerospike/asvec --yes --cleanup-tag - fi + gh release list -R github.com/aerospike/asvec -L 100 | grep Pre-release | awk -F'\t' '{print $3}' | while read -r line; do + if [ "$line" != "${TAG}" ]; then + if [[ "$line" == "${TAG}-SNAPSHOT-"* ]]; then + echo "Removing $line" + gh release delete "$line" -R github.com/aerospike/asvec --yes --cleanup-tag fi - done fi + done + fi From ac5052377d4fbb49dfa387f6a225b9d89b96c591 Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Wed, 2 Oct 2024 11:21:31 -0700 Subject: [PATCH 09/21] again --- .github/workflows/create-prerelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index 441beb7..811b9de 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -168,7 +168,7 @@ jobs: with: name: asvec-artifacts - name: setup GPG - uses: aerospike/shared-workflows/devops/setup-gpg@pvinh-gpg-sign-example + uses: aerospike/shared-workflows/devops/setup-gpg@main with: gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }} From a10aadc86f8a5119cea042456bac8cd1fd5bbbae Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Wed, 2 Oct 2024 11:31:31 -0700 Subject: [PATCH 10/21] remove step --- .github/workflows/create-prerelease.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index 811b9de..941f457 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -174,9 +174,6 @@ jobs: gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }} gpg-key-pass: ${{ secrets.GPG_PASS }} gpg-key-name: "aerospike-inc" - - name: Install GPG - run: | - apt update && apt install ca-certificates && apt install gnupg -y - name: Store Artifact in Env Var run: | # VER=$(cat VERSION.md) From 8a59d25926d7235eda9c47d423bb35a4514865d1 Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Wed, 2 Oct 2024 11:43:31 -0700 Subject: [PATCH 11/21] again --- .github/workflows/create-prerelease.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index 941f457..4ee4695 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -204,7 +204,7 @@ jobs: echo "ASC_FILES=${ASC_FILES}" >> $GITHUB_ENV - name: Create Checksums run: | - cd ~/work/asvec/asvec/bin/packages + # cd ~/work/asvec/asvec/bin/packages for pkg in ${{needs.build.outputs.artifacts}}; do shasum -a 256 $pkg > ${pkg}.sha256 done @@ -214,7 +214,7 @@ jobs: GPG_TTY: no-tty GPG_PASSPHRASE: ${{ secrets.GPG_PASS }} run: | - cd ~/work/asvec/asvec/bin/packages + # cd ~/work/asvec/asvec/bin/packages rpm --addsign ${RPM_ARTIFACTS} rpm --checksig ${RPM_ARTIFACTS} @@ -242,7 +242,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | set -e - cd ~/work/asvec/asvec/bin/packages + # cd ~/work/asvec/asvec/bin/packages TAG=${{needs.build.outputs.version}} FULLCOMMIT=$(git rev-parse HEAD) gh release create -R github.com/aerospike/asvec --prerelease --target ${FULLCOMMIT} --title "Asvec - ${TAG}" ${TAG} ${ARTIFACTS} ${SHA256_FILES} ${ASC_FILES} From 385f83218032b04d1ae37df47b9b2148241fedaa Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Wed, 2 Oct 2024 11:51:58 -0700 Subject: [PATCH 12/21] again --- .github/workflows/create-prerelease.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index 4ee4695..cde097b 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -219,8 +219,8 @@ jobs: rpm --addsign ${RPM_ARTIFACTS} rpm --checksig ${RPM_ARTIFACTS} - depkg-sig --sign builder ${DEB_ARTIFACTS} - depkg-sig --verify ${DEB_ARTIFACTS} + dpkg-sig --sign builder ${DEB_ARTIFACTS} + dpkg-sig --verify ${DEB_ARTIFACTS} for file in ${ZIP_ARTIFACTS} ${PKG_ARTIFACTS}; do gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}" From 1e1e715b6352d928fd63300be40734556d8470d7 Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Wed, 2 Oct 2024 12:07:48 -0700 Subject: [PATCH 13/21] checkout during release --- .github/workflows/create-prerelease.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index cde097b..14aabfa 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -163,6 +163,10 @@ jobs: needs: build runs-on: ubuntu-latest steps: + - name: "Git checkout" + uses: actions/checkout@v3 + with: + fetch-depth: 0 - name: "Download Artifacts" uses: actions/download-artifact@v4 with: From eec5f92882b2b7136a6122d99320db4c8f7ec600 Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Wed, 2 Oct 2024 12:08:23 -0700 Subject: [PATCH 14/21] fix --- .github/workflows/create-prerelease.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index 14aabfa..6623fda 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -164,9 +164,9 @@ jobs: runs-on: ubuntu-latest steps: - name: "Git checkout" - uses: actions/checkout@v3 - with: - fetch-depth: 0 + uses: actions/checkout@v3 + with: + fetch-depth: 0 - name: "Download Artifacts" uses: actions/download-artifact@v4 with: From 8566382f56c8f5b224c0a263625986d9627b83fb Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Wed, 2 Oct 2024 12:31:11 -0700 Subject: [PATCH 15/21] again --- .github/workflows/create-prerelease.yml | 70 +++++++++++++------------ 1 file changed, 36 insertions(+), 34 deletions(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index 6623fda..f17b2a4 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -23,6 +23,12 @@ jobs: version: ${{ steps.save-version.outputs.version }} rpm-version: ${{ steps.save-version.outputs.rpm-version }} artifacts: ${{ steps.save-version.outputs.artifacts }} + rpm-artifacts: ${{ steps.save-version.outputs.rpm-artifacts }} + deb-artifacts: ${{ steps.save-version.outputs.deb-artifacts }} + zip-artifacts: ${{ steps.save-version.outputs.zip-artifacts }} + pkg-artifacts: ${{ steps.save-version.outputs.pkg-artifacts }} + sha-artifacts: ${{ steps.save-version.outputs.sha-artifacts }} + asc-artifacts: ${{ steps.save-version.outputs.asc-artifacts }} runs-on: macos-13 steps: - name: "Git checkout" @@ -151,6 +157,24 @@ jobs: ARTIFACTS="asvec-linux-amd64-${VER}.deb asvec-linux-amd64-${RPM_VER}.rpm asvec-linux-amd64-${VER}.zip asvec-linux-arm64-${VER}.deb asvec-linux-arm64-${RPM_VER}.rpm asvec-linux-arm64-${VER}.zip asvec-macos-${VER}.pkg asvec-macos-amd64-${VER}.zip asvec-macos-arm64-${VER}.zip asvec-windows-amd64-${VER}.zip asvec-windows-arm64-${VER}.zip" echo "artifacts=${ARTIFACTS}" >> $GITHUB_OUTPUT + RPM_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.rpm$' | tr '\n' ' ') + echo "rpm-artifacts=${RPM_ARTIFACTS}" >> $GITHUB_OUTPUT + + DEB_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.deb$' | tr '\n' ' ') + echo "deb-artifacts=${DEB_ARTIFACTS}" >> $GITHUB_OUTPUT + + ZIP_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.zip$' | tr '\n' ' ') + echo "zip-artifacts=${ZIP_ARTIFACTS}" >> $GITHUB_OUTPUT + + PKG_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.pkg$' | tr '\n' ' ') + echo "pkg-artifacts=${PKG_ARTIFACTS}" >> $GITHUB_OUTPUT + + SHA256_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.sha256"; done | tr '\n' ' ') + echo "sha-artifacts=${SHA256_FILES}" >> $GITHUB_OUTPUT + + ASC_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.asc"; done | tr '\n' ' ') + echo "asc-artifacts=${ASC_FILES}" >> $GITHUB_OUTPUT + - name: "Upload Artifacts" uses: actions/upload-artifact@v4 with: @@ -178,34 +202,6 @@ jobs: gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }} gpg-key-pass: ${{ secrets.GPG_PASS }} gpg-key-name: "aerospike-inc" - - name: Store Artifact in Env Var - run: | - # VER=$(cat VERSION.md) - # echo VER=${VER} >> $GITHUB_ENV - - # RPM_VER=$(echo ${VER} | sed 's/-/_/g') - # echo RPM_VER=${RPM_VER} >> $GITHUB_ENV - - # ARTIFACTS="asvec-linux-amd64-${VER}.deb asvec-linux-amd64-${RPM_VER}.rpm asvec-linux-amd64-${VER}.zip asvec-linux-arm64-${VER}.deb asvec-linux-arm64-${RPM_VER}.rpm asvec-linux-arm64-${VER}.zip asvec-macos-${VER}.pkg asvec-macos-amd64-${VER}.zip asvec-macos-arm64-${VER}.zip asvec-windows-amd64-${VER}.zip asvec-windows-arm64-${VER}.zip" - # echo "ARTIFACTS=${ARTIFACTS}" >> $GITHUB_ENV - - RPM_ARTIFACTS=$(echo "${{needs.build.outputs.artifacts}}" | tr ' ' '\n' | grep '\.rpm$' | tr '\n' ' ') - echo "RPM_ARTIFACTS=${RPM_ARTIFACTS}" >> $GITHUB_ENV - - DEB_ARTIFACTS=$(echo "${{needs.build.outputs.artifacts}}" | tr ' ' '\n' | grep '\.deb$' | tr '\n' ' ') - echo "DEB_ARTIFACTS=${DEB_ARTIFACTS}" >> $GITHUB_ENV - - ZIP_ARTIFACTS=$(echo "${{needs.build.outputs.artifacts}}" | tr ' ' '\n' | grep '\.zip$' | tr '\n' ' ') - echo "ZIP_ARTIFACTS=${ZIP_ARTIFACTS}" >> $GITHUB_ENV - - PKG_ARTIFACTS=$(echo "${{needs.build.outputs.artifacts}}" | tr ' ' '\n' | grep '\.pkg$' | tr '\n' ' ') - echo "PKG_ARTIFACTS=${PKG_ARTIFACTS}" >> $GITHUB_ENV - - SHA256_FILES=$(for pkg in ${{needs.build.outputs.artifacts}}; do echo "${pkg}.sha256"; done | tr '\n' ' ') - echo "SHA256_FILES=${SHA256_FILES}" >> $GITHUB_ENV - - ASC_FILES=$(for pkg in ${{needs.build.outputs.artifacts}}; do echo "${pkg}.asc"; done | tr '\n' ' ') - echo "ASC_FILES=${ASC_FILES}" >> $GITHUB_ENV - name: Create Checksums run: | # cd ~/work/asvec/asvec/bin/packages @@ -220,16 +216,22 @@ jobs: run: | # cd ~/work/asvec/asvec/bin/packages - rpm --addsign ${RPM_ARTIFACTS} - rpm --checksig ${RPM_ARTIFACTS} + rpm --addsign ${{needs.build.outputs.rpm-artifacts}} + rpm --checksig ${{needs.build.outputs.rpm-artifacts}} - dpkg-sig --sign builder ${DEB_ARTIFACTS} - dpkg-sig --verify ${DEB_ARTIFACTS} + dpkg-sig --sign builder ${{needs.build.outputs.deb-artifacts}} + dpkg-sig --verify ${{needs.build.outputs.deb-artifacts}} - for file in ${ZIP_ARTIFACTS} ${PKG_ARTIFACTS}; do + for file in ${{needs.build.outputs.zip-artifacts}} ${{needs.build.outputs.pkg-artifacts}}; do gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}" gpg --verify "${file}.asc" "${file}" done + - name: "Upload Artifacts" + uses: actions/upload-artifact@v4 + with: + name: asvec-artifacts + path: asvec-* + release: needs: @@ -249,7 +251,7 @@ jobs: # cd ~/work/asvec/asvec/bin/packages TAG=${{needs.build.outputs.version}} FULLCOMMIT=$(git rev-parse HEAD) - gh release create -R github.com/aerospike/asvec --prerelease --target ${FULLCOMMIT} --title "Asvec - ${TAG}" ${TAG} ${ARTIFACTS} ${SHA256_FILES} ${ASC_FILES} + gh release create -R github.com/aerospike/asvec --prerelease --target ${FULLCOMMIT} --title "Asvec - ${TAG}" ${TAG} ${{needs.build.outputs.artifacts}} ${{needs.build.outputs.sha-artifacts}} ${{needs.build.outputs.asc-artifacts}} - name: "Delete previous pre-release" env: TAG: ${{ inputs.version }} From 7716bc80cd6ff4aee2c071b79c6141affcdfb7de Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Wed, 2 Oct 2024 12:46:09 -0700 Subject: [PATCH 16/21] add overwrite --- .github/workflows/create-prerelease.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index f17b2a4..be1d8e0 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -231,6 +231,7 @@ jobs: with: name: asvec-artifacts path: asvec-* + overwrite: true release: From 787c918e6dc0fad9fdf08b6075e469578304c4f5 Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Wed, 2 Oct 2024 13:00:46 -0700 Subject: [PATCH 17/21] add checkout --- .github/workflows/create-prerelease.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index be1d8e0..f595622 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -240,6 +240,10 @@ jobs: - build runs-on: ubuntu-latest steps: + - name: "Git checkout" + uses: actions/checkout@v3 + with: + fetch-depth: 0 - name: "Download Artifacts" uses: actions/download-artifact@v4 with: From cd4dbff748aef8f3c1a2861e42730be47748d558 Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Wed, 2 Oct 2024 13:20:00 -0700 Subject: [PATCH 18/21] rm rpm.asc and deb.asc --- .github/workflows/create-prerelease.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index f595622..e10a3c9 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -172,7 +172,11 @@ jobs: SHA256_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.sha256"; done | tr '\n' ' ') echo "sha-artifacts=${SHA256_FILES}" >> $GITHUB_OUTPUT - ASC_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.asc"; done | tr '\n' ' ') + ASC_FILES=$(for pkg in ${ARTIFACTS}; do + if [[ ! "${pkg}" =~ \.rpm$ && ! "${pkg}" =~ \.deb$ ]]; then + echo "${pkg}.asc" + fi + done | tr '\n' ' ') echo "asc-artifacts=${ASC_FILES}" >> $GITHUB_OUTPUT - name: "Upload Artifacts" From 64d9b31ce471f3eb2992c5b17da0968c9c06b7f3 Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Wed, 2 Oct 2024 13:42:34 -0700 Subject: [PATCH 19/21] try to fix delete previous pre-release --- .github/workflows/create-prerelease.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index e10a3c9..1bbf134 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -21,6 +21,7 @@ jobs: build: outputs: version: ${{ steps.save-version.outputs.version }} + full-tag: ${{ steps.tag.outputs.full-tag }} rpm-version: ${{ steps.save-version.outputs.rpm-version }} artifacts: ${{ steps.save-version.outputs.artifacts }} rpm-artifacts: ${{ steps.save-version.outputs.rpm-artifacts }} @@ -62,6 +63,7 @@ jobs: cd /Volumes/Packages sudo installer -pkg Install\ Packages.pkg -target / - name: Tag Before Building + id: tag if: inputs.version != '' env: TAG: ${{ inputs.version }} @@ -76,6 +78,8 @@ jobs: COMMIT=$(git rev-parse --short HEAD) TAG="${TAG}-SNAPSHOT-${COMMIT}" fi + + echo full-tag=${TAG} >> $GITHUB_OUTPUT # Ensure the tag does not already exist if ! gh release view "${TAG}" > /dev/null 2>&1; then @@ -238,7 +242,7 @@ jobs: overwrite: true - release: + pre-release: needs: - sign - build @@ -263,15 +267,14 @@ jobs: gh release create -R github.com/aerospike/asvec --prerelease --target ${FULLCOMMIT} --title "Asvec - ${TAG}" ${TAG} ${{needs.build.outputs.artifacts}} ${{needs.build.outputs.sha-artifacts}} ${{needs.build.outputs.asc-artifacts}} - name: "Delete previous pre-release" env: - TAG: ${{ inputs.version }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} DELPREV: ${{ inputs.deletePrevBuild }} run: | if [ "${DELPREV}" = "true" ]; then set -e gh release list -R github.com/aerospike/asvec -L 100 | grep Pre-release | awk -F'\t' '{print $3}' | while read -r line; do - if [ "$line" != "${TAG}" ]; then - if [[ "$line" == "${TAG}-SNAPSHOT-"* ]]; then + if [ "$line" != "${{ needs.build.outputs.full-tag }}" ]; then + if [[ "$line" == "${{ inputs.version }}-SNAPSHOT-"* ]]; then echo "Removing $line" gh release delete "$line" -R github.com/aerospike/asvec --yes --cleanup-tag fi From 40ccce216397a878653f34cc5d894b902dd211b6 Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Wed, 2 Oct 2024 13:48:11 -0700 Subject: [PATCH 20/21] create checksum last --- .github/workflows/create-prerelease.yml | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index 1bbf134..80cb1de 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -189,8 +189,6 @@ jobs: name: asvec-artifacts path: ~/work/asvec/asvec/bin/packages/asvec-* - - sign: needs: build runs-on: ubuntu-latest @@ -210,20 +208,12 @@ jobs: gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }} gpg-key-pass: ${{ secrets.GPG_PASS }} gpg-key-name: "aerospike-inc" - - name: Create Checksums - run: | - # cd ~/work/asvec/asvec/bin/packages - for pkg in ${{needs.build.outputs.artifacts}}; do - shasum -a 256 $pkg > ${pkg}.sha256 - done - name: GPG Sign All Files env: GPG_TTY: no-tty GPG_PASSPHRASE: ${{ secrets.GPG_PASS }} run: | - # cd ~/work/asvec/asvec/bin/packages - rpm --addsign ${{needs.build.outputs.rpm-artifacts}} rpm --checksig ${{needs.build.outputs.rpm-artifacts}} @@ -234,6 +224,13 @@ jobs: gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}" gpg --verify "${file}.asc" "${file}" done + + - name: Create Checksums + run: | + for pkg in ${{needs.build.outputs.artifacts}}; do + shasum -a 256 $pkg > ${pkg}.sha256 + done + - name: "Upload Artifacts" uses: actions/upload-artifact@v4 with: @@ -261,7 +258,6 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | set -e - # cd ~/work/asvec/asvec/bin/packages TAG=${{needs.build.outputs.version}} FULLCOMMIT=$(git rev-parse HEAD) gh release create -R github.com/aerospike/asvec --prerelease --target ${FULLCOMMIT} --title "Asvec - ${TAG}" ${TAG} ${{needs.build.outputs.artifacts}} ${{needs.build.outputs.sha-artifacts}} ${{needs.build.outputs.asc-artifacts}} From 188039206801b5819a8b5e90b6eebb28d812e807 Mon Sep 17 00:00:00 2001 From: Jesse Schmidt Date: Wed, 2 Oct 2024 14:05:21 -0700 Subject: [PATCH 21/21] again --- .github/workflows/create-prerelease.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/create-prerelease.yml b/.github/workflows/create-prerelease.yml index 80cb1de..38376bc 100644 --- a/.github/workflows/create-prerelease.yml +++ b/.github/workflows/create-prerelease.yml @@ -21,7 +21,6 @@ jobs: build: outputs: version: ${{ steps.save-version.outputs.version }} - full-tag: ${{ steps.tag.outputs.full-tag }} rpm-version: ${{ steps.save-version.outputs.rpm-version }} artifacts: ${{ steps.save-version.outputs.artifacts }} rpm-artifacts: ${{ steps.save-version.outputs.rpm-artifacts }} @@ -78,8 +77,6 @@ jobs: COMMIT=$(git rev-parse --short HEAD) TAG="${TAG}-SNAPSHOT-${COMMIT}" fi - - echo full-tag=${TAG} >> $GITHUB_OUTPUT # Ensure the tag does not already exist if ! gh release view "${TAG}" > /dev/null 2>&1; then @@ -176,7 +173,7 @@ jobs: SHA256_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.sha256"; done | tr '\n' ' ') echo "sha-artifacts=${SHA256_FILES}" >> $GITHUB_OUTPUT - ASC_FILES=$(for pkg in ${ARTIFACTS}; do + ASC_FILES=$(for pkg in ${ARTIFACTS} ${SHA256_FILES}; do if [[ ! "${pkg}" =~ \.rpm$ && ! "${pkg}" =~ \.deb$ ]]; then echo "${pkg}.asc" fi @@ -231,6 +228,10 @@ jobs: shasum -a 256 $pkg > ${pkg}.sha256 done + for file in ${{needs.build.outputs.sha-artifacts}}; do + gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}" + gpg --verify "${file}.asc" "${file}" + done - name: "Upload Artifacts" uses: actions/upload-artifact@v4 with: @@ -269,7 +270,7 @@ jobs: if [ "${DELPREV}" = "true" ]; then set -e gh release list -R github.com/aerospike/asvec -L 100 | grep Pre-release | awk -F'\t' '{print $3}' | while read -r line; do - if [ "$line" != "${{ needs.build.outputs.full-tag }}" ]; then + if [ "$line" != "${{needs.build.outputs.version}}" ]; then if [[ "$line" == "${{ inputs.version }}-SNAPSHOT-"* ]]; then echo "Removing $line" gh release delete "$line" -R github.com/aerospike/asvec --yes --cleanup-tag