forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 0
149 lines (143 loc) · 5.09 KB
/
mobile-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: Mobile/Release
permissions:
contents: read
on:
workflow_dispatch:
schedule:
# Mondays at 1pm UTC (8am EST)
- cron: "0 13 * * 1"
jobs:
env:
secrets:
lock-app-key: ${{ secrets.ENVOY_CI_MUTEX_APP_KEY }}
lock-app-id: ${{ secrets.ENVOY_CI_MUTEX_APP_ID }}
permissions:
contents: read
uses: ./.github/workflows/_load_env.yml
release:
permissions:
contents: read
packages: read
if: >-
${{
github.repository == 'envoyproxy/envoy'
&& (github.event.schedule
|| !contains(github.actor, '[bot]'))
}}
needs: env
uses: ./.github/workflows/_mobile_container_ci.yml
with:
args: ${{ matrix.args }}
container: ${{ fromJSON(needs.env.outputs.build-image).mobile }}
container-output: |
"bazel-bin/library/kotlin/io/envoyproxy/envoymobile/${{ matrix.output }}.aar": build/
"bazel-bin/library/kotlin/io/envoyproxy/envoymobile/${{ matrix.output }}-pom.xml": build/
"bazel-bin/library/kotlin/io/envoyproxy/envoymobile/${{ matrix.output }}-sources.jar": build/
"bazel-bin/library/kotlin/io/envoyproxy/envoymobile/${{ matrix.output }}-javadoc.jar": build/
request: ${{ needs.env.outputs.request }}
steps-pre: |
- run: |
mkdir /tmp/mobile
VERSION="0.5.0.$(date '+%Y%m%d')"
echo "VERSION=${VERSION}" >> $GITHUB_ENV
shell: bash
steps-post: |
- run: |
mkdir /tmp/output
shell: bash
- name: Tar artifacts
run: >-
tar
-czhf
/tmp/output/${{ matrix.output }}_android_aar_sources.tar.gz
-C
/tmp/container-output/build
.
shell: bash
target: ${{ matrix.target }}
upload-name: ${{ matrix.output }}_android_aar_sources
upload-path: /tmp/output/${{ matrix.output }}_android_aar_sources.tar.gz
strategy:
fail-fast: false
matrix:
include:
- target: android-release
args: >-
build
--config=mobile-remote-release-clang-android-publish
--define=pom_version=$VERSION
//:android_dist
output: envoy
- target: xds-release
args: >-
build
--config=mobile-remote-release-clang-android-publish-xds
--define=pom_version=$VERSION
//:android_xds_dist
output: envoy_xds
deploy:
needs: release
permissions:
contents: read
packages: read
runs-on: ubuntu-22.04
timeout-minutes: 20
strategy:
fail-fast: false
matrix:
include:
- output: envoy
- output: envoy_xds
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
- name: Add safe directory
run: git config --global --add safe.directory /__w/envoy/envoy
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: ${{ matrix.output }}_android_aar_sources
path: .
- name: Expand archive
run: |
tar -xf ${{ matrix.output }}_android_aar_sources.tar.gz
- name: 'Configure gpg signing'
env:
GPG_KEY: ${{ secrets.EM_GPG_KEY }}
GPG_KEY_NAME: ${{ secrets.EM_GPG_KEY_NAME }}
GPG_PASSPHRASE: ${{ secrets.EM_GPG_PASSPHRASE }}
run: |
# https://github.com/keybase/keybase-issues/issues/2798
export GPG_TTY=$(tty)
# Import gpg keys and warm the passphrase to avoid the gpg
# passphrase prompt when initating a deploy
# `--pinentry-mode=loopback` could be needed to ensure we
# suppress the gpg prompt
echo $GPG_KEY | base64 --decode > signing-key
gpg --passphrase $GPG_PASSPHRASE --batch --import signing-key
shred signing-key
gpg --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -ab ${{ matrix.output }}.aar
gpg --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -ab ${{ matrix.output }}-pom.xml
gpg --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -ab ${{ matrix.output }}-javadoc.jar
gpg --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -ab ${{ matrix.output }}-sources.jar
- name: 'Release to sonatype repository'
env:
READWRITE_USER: ${{ secrets.EM_SONATYPE_USER }}
READWRITE_API_KEY: ${{ secrets.EM_SONATYPE_PASSWORD }}
SONATYPE_PROFILE_ID: ${{ secrets.EM_SONATYPE_PROFILE_ID }}
run: |
version="0.5.0.$(date '+%Y%m%d')"
python mobile/ci/sonatype_nexus_upload.py \
--profile_id=$SONATYPE_PROFILE_ID \
--artifact_id=${{ matrix.output }} \
--version=$version \
--files \
${{ matrix.output }}.aar \
${{ matrix.output }}-pom.xml \
${{ matrix.output }}-sources.jar \
${{ matrix.output }}-javadoc.jar \
--signed_files \
${{ matrix.output }}.aar.asc \
${{ matrix.output }}-pom.xml.asc \
${{ matrix.output }}-sources.jar.asc \
${{ matrix.output }}-javadoc.jar.asc