Skip to content

Release CLI Assets

Release CLI Assets #67

name: Release CLI Assets
on:
workflow_call:
inputs:
publishedPackages:
description: 'Published packages'
required: true
type: string
commitSha:
description: 'Commit SHA'
required: true
type: string
workflow_dispatch:
inputs:
publishedPackages:
description: 'Published packages'
required: true
default: '[{"name": "@xata.io/cli", "version": "1.2.0"}]'
type: string
commitSha:
description: 'Commit SHA'
required: true
type: string
permissions:
id-token: write
contents: write
packages: write
pages: write
pull-requests: write
jobs:
release-cli-assets:
name: Release CLI assets
outputs:
version: ${{ steps.capture-version.outputs.version }}
mac_intel_sha: ${{steps.sha-macos.outputs.sha-macos-intel}}
mac_arm_sha: ${{ steps.sha-macos.outputs.sha-macos-arm }}
linux_sha: ${{ steps.sha-ubuntu.outputs.sha-linux }}
linux_arm_sha: ${{ steps.sha-ubuntu.outputs.sha-linux-arm }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
with:
# This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits
fetch-depth: 0
# This makes the PR pushed to use GITHUB_TOKEN and trigger the checks
persist-credentials: false
- name: Configure
run: |
echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_OUTPUT
id: config
- name: Install pnpm
uses: pnpm/action-setup@v4
- name: Use Node.js ${{ steps.config.outputs.NVMRC }}
uses: actions/setup-node@v3
with:
node-version: ${{ steps.config.outputs.NVMRC }}
cache: 'pnpm'
- name: Install the Apple certificate
if: matrix.os == 'macos-latest'
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_DEVELOPER_ID_CERT_P12 }}
P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_CERT_SECRET }}
KEYCHAIN_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_CERT_SECRET }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Build
run: pnpm build
- name: Install windows dependencies
if: matrix.os == 'ubuntu-latest'
run: |
sudo apt-get update
sudo apt-get install -y nsis
sudo apt-get install -y p7zip
- name: Configure AWS Credentials for production
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.CLI_ASSETS_UPLOAD_ROLE }}
aws-region: us-east-1
mask-aws-account-id: 'no'
- name: Pack
run: pnpm run release:cli:pack
env:
PUBLISHED_PACKAGES: ${{ inputs.publishedPackages }}
MATRIX_OS: ${{ matrix.os }}
- name: Upload CLI Assets to GitHub Releases
run: pnpm run release:cli:upload:gh
env:
MATRIX_OS: ${{ matrix.os }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Debian cert
if: matrix.os == 'ubuntu-latest'
working-directory: /home/runner/work/client-ts/client-ts/cli/dist/deb
run: |
echo "$DEBIAN_GPG_KEY_PRIVATE" | gpg --import --batch --passphrase "$DEBIAN_GPG_KEY_PASS"
gpg --digest-algo SHA512 --clearsign --pinentry-mode loopback --passphrase "$DEBIAN_GPG_KEY_PASS" -u $DEBIAN_GPG_KEY_ID -o InRelease Release
gpg --digest-algo SHA512 -abs --pinentry-mode loopback --passphrase "$DEBIAN_GPG_KEY_PASS" -u $DEBIAN_GPG_KEY_ID -o Release.gpg Release
echo "Signed debian packages successfully"
echo "sha256 sums:"
sha256sum *Release*
mkdir -p /home/runner/work/client-ts/client-ts/cli/dist/apt
echo "$DEBIAN_GPG_KEY_PUBLIC" > /home/runner/work/client-ts/client-ts/cli/dist/apt/release.key
env:
DEBIAN_GPG_KEY_PRIVATE: ${{ secrets.DEBIAN_GPG_KEY_PRIVATE }}
DEBIAN_GPG_KEY_PASS: ${{ secrets.DEBIAN_GPG_KEY_PASS }}
DEBIAN_GPG_KEY_PUBLIC: ${{ secrets.DEBIAN_GPG_KEY_PUBLIC }}
DEBIAN_GPG_KEY_ID: ${{ secrets.DEBIAN_GPG_KEY_ID }}
- name: Capture version
id: capture-version
working-directory: ./cli
run: echo "version=$(cat package.json | jq -r '.version')" >> $GITHUB_OUTPUT
- name: Create SHA outputs macos
if: matrix.os == 'macos-latest'
working-directory: ./cli/dist
id: sha-macos
run: |
ls -l
VER="${{steps.capture-version.outputs.version}}"
COMMITSHA="${{inputs.commitSha}}"
COM="$(echo $COMMITSHA | head -c8)"
echo "sha-macos-arm=$(shasum --algorithm 256 xata-v${VER}-${COM}-darwin-arm64.tar.xz | cut -d" " -f1)" >> "$GITHUB_OUTPUT"
echo "sha-macos-intel=$(shasum --algorithm 256 xata-v${VER}-${COM}-darwin-x64.tar.xz | cut -d" " -f1)" >> "$GITHUB_OUTPUT"
- name: Create SHA outputs ubuntu
if: matrix.os == 'ubuntu-latest'
working-directory: ./cli/dist
id: sha-ubuntu
run: |
ls -l
VER="${{steps.capture-version.outputs.version}}"
COMMITSHA="${{inputs.commitSha}}"
COM="$(echo $COMMITSHA | head -c8)"
echo "sha-linux=$(sha256sum xata-v${VER}-${COM}-linux-arm.tar.xz | cut -d " " -f1)" >> "$GITHUB_OUTPUT"
echo "sha-linux-arm=$(sha256sum xata-v${VER}-${COM}-linux-arm64.tar.xz | cut -d " " -f1)" >> "$GITHUB_OUTPUT"
- name: Upload and Promote CLI Assets to S3
run: pnpm run release:cli:upload:s3
env:
MATRIX_OS: ${{ matrix.os }}
COMMIT_SHA: ${{ inputs.commitSha }}
- name: Pack (Windows only)
if: matrix.os == 'ubuntu-latest'
run: pnpm run release:cli:pack
env:
PUBLISHED_PACKAGES: ${{ inputs.publishedPackages }}
MATRIX_OS: ${{ matrix.os }}
OS_OVERRIDE: windows-latest
- name: Upload CLI Assets to GitHub Releases (Windows only)
run: pnpm run release:cli:upload:gh
if: matrix.os == 'ubuntu-latest'
env:
MATRIX_OS: ${{ matrix.os }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
OS_OVERRIDE: windows-latest
- name: Upload and Promote CLI Assets to S3 (Windows only)
if: matrix.os == 'ubuntu-latest'
run: pnpm run release:cli:upload:s3
env:
MATRIX_OS: ${{ matrix.os }}
COMMIT_SHA: ${{ inputs.commitSha }}
OS_OVERRIDE: windows-latest
- name: Clean up keychain
if: matrix.os == 'macos-latest'
run: |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
update-homebrew:
needs: [release-cli-assets]
name: Update Homebrew Formula
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }}
steps:
- uses: actions/checkout@v3
with:
repository: xataio/homebrew-brew
ref: 'main'
token: ${{ secrets.GIT_TOKEN }}
fetch-depth: 0
- name: setup git config
run: |
git config user.email "[email protected]"
git config user.name "Xata"
- name: Read template file
id: gettemplate
run: |
{
echo 'template<<EOF'
cat ./Template/xata.rb
echo
echo EOF
} >> "$GITHUB_OUTPUT"
- name: Update Homebrew Formula using template variables
id: updateformula
env:
TEMPLATE_CONTENTS: ${{ steps.gettemplate.outputs.template }}
run: |
echo "$TEMPLATE_CONTENTS" > ./Formula/xata.rb
sed -i 's/__CLI_VERSION__/${{ needs.release-cli-assets.outputs.version }}/g' ./Formula/xata.rb
sed -i 's/__CLI_MAC_INTEL_SHA256__/${{ needs.release-cli-assets.outputs.mac_intel_sha }}/g' ./Formula/xata.rb
sed -i 's/__CLI_MAC_ARM_SHA256__/${{ needs.release-cli-assets.outputs.mac_arm_sha }}/g' ./Formula/xata.rb
sed -i 's/__CLI_LINUX_SHA256__/${{ needs.release-cli-assets.outputs.linux_sha }}/g' ./Formula/xata.rb
sed -i 's/__CLI_LINUX_ARM_SHA256__/${{ needs.release-cli-assets.outputs.linux_arm_sha }}/g' ./Formula/xata.rb
VER="${{needs.release-cli-assets.outputs.version}}"
COMMITSHA="${{inputs.commitSha}}"
COM="$(echo $COMMITSHA | head -c8)"
BASE_URL="https://xata-cli-assets.s3.us-east-1.amazonaws.com/versions/${VER}/${COM}/xata-v${VER}-${COM}"
CLI_MAC_INTEL_DOWNLOAD_URL="${BASE_URL}-darwin-x64.tar.xz"
CLI_MAC_ARM_DOWNLOAD_URL="${BASE_URL}-darwin-arm64.tar.xz"
CLI_LINUX_DOWNLOAD_URL="${BASE_URL}-linux-x64.tar.xz"
CLI_LINUX_ARM_DOWNLOAD_URL="${BASE_URL}-linux-arm64.tar.xz"
sed -i "s|__CLI_MAC_INTEL_DOWNLOAD_URL__|${CLI_MAC_INTEL_DOWNLOAD_URL}|g" ./Formula/xata.rb
sed -i "s|__CLI_MAC_ARM_DOWNLOAD_URL__|${CLI_MAC_ARM_DOWNLOAD_URL}|g" ./Formula/xata.rb
sed -i "s|__CLI_LINUX_DOWNLOAD_URL__|${CLI_LINUX_DOWNLOAD_URL}|g" ./Formula/xata.rb
sed -i "s|__CLI_LINUX_ARM_DOWNLOAD_URL__|${CLI_LINUX_ARM_DOWNLOAD_URL}|g" ./Formula/xata.rb
- name: Read formula file
id: getformula
run: |
{
echo 'formula<<EOF'
cat ./Formula/xata.rb
echo
echo EOF
} >> "$GITHUB_OUTPUT"
- name: commit changes
run: git commit -a -m "Update dependencies to version ${{ needs.release-cli-assets.outputs.version }}"
- name: Push changes
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GIT_TOKEN }}
branch: main
repository: xataio/homebrew-brew