CI nightly release #236
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: CI nightly release | |
| on: | |
| push: | |
| # any tags, including tags with / like v1.0/alpha | |
| tags: | |
| - '**' | |
| schedule: | |
| # every day at 1 AM | |
| - cron: 00 1 * * * | |
| workflow_dispatch: | |
| jobs: | |
| cargo-audit: | |
| name: Security Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: EmbarkStudios/cargo-deny-action@v1 | |
| cargo-lint: | |
| uses: ./.github/workflows/clippy.yml | |
| with: | |
| toolchain: nightly-2024-06-09 | |
| build: | |
| uses: ./.github/workflows/build_all.yml | |
| secrets: inherit | |
| with: | |
| toolchain: nightly-2024-06-09 | |
| debug_or_release: release | |
| cargo-doc: | |
| uses: Cosmian/reusable_workflows/.github/workflows/cargo-doc.yml@develop | |
| with: | |
| toolchain: nightly-2024-06-09 | |
| python_and_docker: | |
| uses: ./.github/workflows/build_and_test_docker_image.yml | |
| ckms_gui: | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags') | |
| steps: | |
| - name: Build ckms_gui on tags | |
| uses: benc-uk/workflow-dispatch@v1 | |
| with: | |
| workflow: main.yml | |
| repo: Cosmian/ckms_gui | |
| ref: main | |
| token: ${{ secrets.PAT_TOKEN }} | |
| inputs: '{ "kms_version": "${{ github.ref_name }}" }' | |
| ############################################################################## | |
| ### Releases | |
| ############################################################################## | |
| release: | |
| name: release | |
| needs: | |
| - cargo-audit | |
| - cargo-lint | |
| - cargo-doc | |
| - build | |
| - python_and_docker | |
| runs-on: [self-hosted, not-sgx] | |
| container: | |
| image: cosmian/docker_doc_ci | |
| volumes: | |
| - /home/cosmian/.ssh/id_rsa:/root/.ssh/id_rsa | |
| env: | |
| ARCHIVE_NAMES: rhel9-release fips_ubuntu_20_04-release ubuntu_20_04-release ubuntu_22_04-release ubuntu_24_04-release macos_intel-release macos_arm-release | |
| windows-release kms_python_linux kms_python_macos_intel kms_python_macos_arm kms_python_windows | |
| steps: | |
| - run: rm -rf kms_* fips_* python-* windows* ubuntu* macos* rhel9* centos* | |
| - uses: actions/download-artifact@v3 | |
| - run: find . | |
| - name: Creating zip to be attached to release | |
| run: | | |
| apt update -y | |
| apt-get install -y zip | |
| for archive_name in $ARCHIVE_NAMES; do | |
| zip -r "$archive_name".zip "$archive_name" | |
| done | |
| - name: Push to package.cosmian.com | |
| run: | | |
| set -x | |
| if [[ ${GITHUB_REF} = *'refs/tags/'* ]]; then | |
| BRANCH="${GITHUB_REF_NAME}" | |
| else | |
| BRANCH="last_build/${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" | |
| fi | |
| DESTINATION_DIR=/mnt/package/kms/$BRANCH | |
| ssh -o 'StrictHostKeyChecking no' -i /root/.ssh/id_rsa [email protected] mkdir -p $DESTINATION_DIR | |
| scp -o 'StrictHostKeyChecking no' -i /root/.ssh/id_rsa \ | |
| *.zip \ | |
| [email protected]:$DESTINATION_DIR/ | |
| ssh -o 'StrictHostKeyChecking no' -i /root/.ssh/id_rsa [email protected] mkdir -p $DESTINATION_DIR/{rhel9,ubuntu-20.04,ubuntu-22.04,ubuntu-24.04} | |
| scp -o 'StrictHostKeyChecking no' -i /root/.ssh/id_rsa rhel9-release/generate-rpm/*.rpm [email protected]:$DESTINATION_DIR/rhel9 | |
| scp -o 'StrictHostKeyChecking no' -i /root/.ssh/id_rsa ubuntu_20_04-release/debian/*.deb [email protected]:$DESTINATION_DIR/ubuntu-20.04 | |
| scp -o 'StrictHostKeyChecking no' -i /root/.ssh/id_rsa ubuntu_22_04-release/debian/*.deb [email protected]:$DESTINATION_DIR/ubuntu-22.04 | |
| scp -o 'StrictHostKeyChecking no' -i /root/.ssh/id_rsa ubuntu_24_04-release/debian/*.deb [email protected]:$DESTINATION_DIR/ubuntu-24.04 | |
| - name: Release on tags, attach asset on release | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| files: | | |
| *.zip | |
| rhel9-release/generate-rpm/*.rpm \ | |
| ubuntu_20_04-release/debian/*.deb \ | |
| ubuntu_22_04-release/debian/*.deb \ | |
| ubuntu_24_04-release/debian/*.deb | |
| python_publish: | |
| name: python publish | |
| needs: | |
| - python_and_docker | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - archive_name: kms_python_linux | |
| - archive_name: kms_python_macos_intel | |
| - archive_name: kms_python_macos_arm | |
| - archive_name: kms_python_windows | |
| steps: | |
| - uses: actions/download-artifact@v3 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.7 | |
| - name: List directory | |
| if: contains(runner.os, 'Linux') | |
| run: find . | |
| - name: Install requirements | |
| run: | | |
| set -ex | |
| pip install twine | |
| mkdir -p dist | |
| cp ${{ matrix.archive_name }}/*.whl dist/ | |
| - name: Publish package to PyPi | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| repository-url: https://upload.pypi.org/legacy/ | |
| print-hash: true | |
| password: ${{ secrets.PYPI_API_TOKEN }} | |
| public_documentation: | |
| needs: | |
| - release | |
| - python_publish | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Deploy documentation in staging | |
| if: ${{ github.ref_name == 'develop' }} | |
| uses: benc-uk/workflow-dispatch@v1 | |
| with: | |
| workflow: staging.yml | |
| repo: Cosmian/public_documentation | |
| ref: develop | |
| token: ${{ secrets.PAT_TOKEN }} | |
| - name: Deploy documentation in prod | |
| if: startsWith(github.ref, 'refs/tags') | |
| uses: benc-uk/workflow-dispatch@v1 | |
| with: | |
| workflow: prod.yml | |
| repo: Cosmian/public_documentation | |
| ref: main | |
| token: ${{ secrets.PAT_TOKEN }} |