Skip to content

Prepare release (#651) #31

Prepare release (#651)

Prepare release (#651) #31

Workflow file for this run

name: release
on:
push:
tags:
- 'v[0-9]+\.[0-9]+\.[0-9]+'
jobs:
community-docs:
runs-on: ubuntu-latest
env:
GH_TOKEN: ${{ secrets.EXOSCALE_BUILD_GH_TOKEN }}
steps:
- run: gh workflow run gen-cli.yaml -R exoscale/community-ng -f version=${{ github.ref_name }}
goreleaser:
runs-on: ubuntu-latest
outputs:
version_tag: ${{ steps.get-version-tag.outputs.version_tag }}
linux_amd64_checksum: ${{ steps.get-linux-amd64-checksum.outputs.linux_amd64_checksum }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: ./.github/actions/build
- name: Import GPG key
# This is a third-party GitHub action and we trust it with our GPG key.
# To be on the safer side, we should always pin to the commit SHA.
# It's not a perfect mitigation, but we should always do some due diligence before upgrading.
# The author seems trustworthy, as the author is part of the docker and goreleaser organizations on GitHub.
uses: crazy-max/ghaction-import-gpg@72b6676b71ab476b77e676928516f6982eef7a41
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- uses: ./go.mk/.github/actions/release
with:
release_github_token: ${{ secrets.RELEASE_GITHUB_TOKEN }}
registry_username: ${{ secrets.DOCKERHUB_USERNAME }}
registry_password: ${{ secrets.DOCKERHUB_TOKEN }}
exoscale_api_key: ${{ secrets.SOS_PKG_BUCKET_KEY }}
exoscale_api_secret: ${{ secrets.SOS_PKG_BUCKET_SECRET }}
- run: echo "version_tag=$(make get-version-tag)" >> $GITHUB_OUTPUT
id: get-version-tag
shell: bash
- run: echo "linux_amd64_checksum="$(grep -P 'exoscale-cli_[0-9]+\.[0-9]+\.[0-9]+_linux_amd64.tar.gz' dist/exoscale-cli_*_checksums.txt | head -n 1 | cut -c1-64) >> $GITHUB_OUTPUT
id: get-linux-amd64-checksum
shell: bash
archrelease:
needs: goreleaser
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
aurpkg:
- exoscale-cli
- exoscale-cli-bin
- exoscale-cli-git
container:
image: archlinux
steps:
- name: create build user
run: |
useradd -G root runner
mkdir /home/runner/
chown -R runner /home/runner
shell: bash
- name: install tools
run: pacman --noconfirm -Sy base-devel git openssh glibc go
shell: bash
- name: release
run: |
cd /home/runner/
sudo -u runner mkdir -p /home/runner/.ssh
sudo -u runner sh -c "echo \"${{ secrets.AUR_SSH_PRIVATE_KEY }}\" > /home/runner/.ssh/github_actions"
cat << 'EOF' > release.bash
#!/usr/bin/env bash
set -e
set -o pipefail
aurpkg=$1
version_tag=$2
checksum=$3
export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/home/runner/.ssh/known_hosts"
ssh-keyscan aur.archlinux.org >>/home/runner/.ssh/known_hosts
chmod 600 /home/runner/.ssh/github_actions
eval $(ssh-agent)
ssh-add /home/runner/.ssh/github_actions
git clone [email protected]:$aurpkg.git
cd /home/runner/$aurpkg
sed -i "/^pkgver=/s/.*/pkgver=$version_tag/" PKGBUILD
if [ $aurpkg == "exoscale-cli-bin" ]; then
sed -i "/^sha256sums=/s/.*/sha256sums=\('$checksum'/" PKGBUILD
fi
makepkg --skippgpcheck
makepkg --printsrcinfo >.SRCINFO
git add PKGBUILD .SRCINFO
git config --global user.email "[email protected]"
git config --global user.name "Exoscale"
git commit -m "release $version_tag"
git push
EOF
chown runner release.bash
sudo -u runner chmod +x release.bash
sudo -u runner ./release.bash \
${{ matrix.aurpkg }} \
${{ needs.goreleaser.outputs.version_tag }} \
${{ needs.goreleaser.outputs.linux_amd64_checksum }}
shell: bash