-
Notifications
You must be signed in to change notification settings - Fork 20
124 lines (98 loc) · 4 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: release
on:
push:
tags:
- 'v[0-9]+\.[0-9]+\.[0-9]+'
jobs:
goreleaser:
runs-on: ubuntu-latest
outputs:
version_tag: ${{ steps.get-version-tag.outputs.version_tag }}
linux_amd64_checksum: ${{ steps.get-linux-amd64-checksum.outputs.linux_amd64_checksum }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: ./.github/actions/build
- name: Import GPG key
# This is a third-party GitHub action and we trust it with our GPG key.
# To be on the safer side, we should always pin to the commit SHA.
# It's not a perfect mitigation, but we should always do some due diligence before upgrading.
# The author seems trustworthy, as the author is part of the docker and goreleaser organizations on GitHub.
uses: crazy-max/ghaction-import-gpg@72b6676b71ab476b77e676928516f6982eef7a41
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- uses: ./go.mk/.github/actions/release
with:
release_github_token: ${{ secrets.RELEASE_GITHUB_TOKEN }}
registry_username: ${{ secrets.DOCKERHUB_USERNAME }}
registry_password: ${{ secrets.DOCKERHUB_TOKEN }}
exoscale_api_key: ${{ secrets.SOS_PKG_BUCKET_KEY }}
exoscale_api_secret: ${{ secrets.SOS_PKG_BUCKET_SECRET }}
- run: echo "version_tag=$(make get-version-tag)" >> $GITHUB_OUTPUT
id: get-version-tag
shell: bash
- run: echo "linux_amd64_checksum="$(grep -P 'exoscale-cli_[0-9]+\.[0-9]+\.[0-9]_linux_amd64.tar.gz' dist/exoscale-cli_*_checksums.txt | head -n 1 | cut -c1-64) >> $GITHUB_OUTPUT
id: get-linux-amd64-checksum
shell: bash
archrelease:
needs: goreleaser
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
aurpkg:
- exoscale-cli
- exoscale-cli-bin
- exoscale-cli-git
container:
image: archlinux
steps:
- name: create build user
run: |
useradd -G root runner
mkdir /home/runner/
chown -R runner /home/runner
shell: bash
- name: install tools
run: pacman --noconfirm -Sy git openssh glibc sudo binutils make gcc pkg-config fakeroot go which
shell: bash
- name: release
run: |
cd /home/runner/
sudo -u runner mkdir -p /home/runner/.ssh
sudo -u runner sh -c "echo \"${{ secrets.AUR_SSH_PRIVATE_KEY }}\" > /home/runner/.ssh/github_actions"
cat << 'EOF' > release.bash
#!/usr/bin/env bash
set -e
set -o pipefail
aurpkg=$1
version_tag=$2
checksum=$3
export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/home/runner/.ssh/known_hosts"
ssh-keyscan aur.archlinux.org >>/home/runner/.ssh/known_hosts
chmod 600 /home/runner/.ssh/github_actions
eval $(ssh-agent)
ssh-add /home/runner/.ssh/github_actions
git clone [email protected]:$aurpkg.git
cd /home/runner/$aurpkg
sed -i "/^pkgver=/s/.*/pkgver=$version_tag/" PKGBUILD
if [ $aurpkg == "exoscale-cli-bin" ]; then
sed -i "/^sha256sums=/s/.*/sha256sums=\('$checksum'/" PKGBUILD
fi
makepkg --skippgpcheck
makepkg --printsrcinfo >.SRCINFO
git add PKGBUILD .SRCINFO
git config --global user.email "[email protected]"
git config --global user.name "Exoscale"
git commit -m "release $version_tag"
git push
EOF
chown runner release.bash
sudo -u runner chmod +x release.bash
sudo -u runner ./release.bash \
${{ matrix.aurpkg }} \
${{ needs.goreleaser.outputs.version_tag }} \
${{ needs.goreleaser.outputs.linux_amd64_checksum }}
shell: bash