Release CLI Assets #72

Workflow file for this run

.github/workflows/release-cli-assets.yml at c8dda42

	name: Release CLI Assets

	on:
	workflow_call:
	inputs:
	publishedPackages:
	description: 'Published packages'
	required: true
	type: string
	commitSha:
	description: 'Commit SHA'
	required: true
	type: string
	workflow_dispatch:
	inputs:
	publishedPackages:
	description: 'Published packages'
	required: true
	default: '[{"name": "@xata.io/cli", "version": "1.2.0"}]'
	type: string
	commitSha:
	description: 'Commit SHA'
	required: true
	type: string

	permissions:
	id-token: write
	contents: write
	packages: write
	pages: write
	pull-requests: write

	jobs:
	release-cli-assets:
	name: Release CLI assets
	outputs:
	version: ${{ steps.capture-version.outputs.version }}
	mac_intel_sha: ${{steps.sha-macos.outputs.sha-macos-intel}}
	mac_arm_sha: ${{ steps.sha-macos.outputs.sha-macos-arm }}
	linux_sha: ${{ steps.sha-ubuntu.outputs.sha-linux }}
	linux_arm_sha: ${{ steps.sha-ubuntu.outputs.sha-linux-arm }}
	strategy:
	matrix:
	os: [ubuntu-latest, macos-latest]
	runs-on: ${{ matrix.os }}
	steps:
	- uses: actions/checkout@v3
	with:
	# This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits
	fetch-depth: 0
	# This makes the PR pushed to use GITHUB_TOKEN and trigger the checks
	persist-credentials: false

	- name: Configure
	run: \|
	echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_OUTPUT
	id: config

	- name: Install pnpm
	uses: pnpm/action-setup@v4

	- name: Use Node.js ${{ steps.config.outputs.NVMRC }}
	uses: actions/setup-node@v3
	with:
	node-version: ${{ steps.config.outputs.NVMRC }}
	cache: 'pnpm'

	- name: Install the Apple certificate
	if: matrix.os == 'macos-latest'
	env:
	BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_DEVELOPER_ID_CERT_P12 }}
	P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_CERT_SECRET }}
	KEYCHAIN_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_CERT_SECRET }}
	run: \|
	# create variables
	CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
	KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

	# import certificate from secrets
	echo -n "$BUILD_CERTIFICATE_BASE64" \| base64 --decode -o $CERTIFICATE_PATH

	# create temporary keychain
	security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

	# import certificate to keychain
	security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
	security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security list-keychain -d user -s $KEYCHAIN_PATH

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Build
	run: pnpm build

	- name: Install windows dependencies
	if: matrix.os == 'ubuntu-latest'
	run: \|
	sudo apt-get update
	sudo apt-get install -y nsis p7zip osslsigncode

	- name: Write windows certificate to file
	env:
	XATA_WINDOWS_CERTIFICATE_KEY: ${{ secrets.WINDOWS_CERTIFICATE_KEY }}
	if: matrix.os == 'ubuntu-latest'
	run: \|
	echo -n `$XATA_WINDOWS_CERTIFICATE_KEY` >> ~/xata.key

	- name: Configure AWS Credentials for production
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.CLI_ASSETS_UPLOAD_ROLE }}
	aws-region: us-east-1
	mask-aws-account-id: 'no'

	- name: Pack
	run: pnpm run release:cli:pack
	env:
	PUBLISHED_PACKAGES: ${{ inputs.publishedPackages }}
	MATRIX_OS: ${{ matrix.os }}
	XATA_WINDOWS_SIGNING_PASS: ${{ secrets.WINDOWS_CERTIFICATE_SECRET }}

	- name: Upload CLI Assets to GitHub Releases
	run: pnpm run release:cli:upload:gh
	env:
	MATRIX_OS: ${{ matrix.os }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Debian cert
	if: matrix.os == 'ubuntu-latest'
	working-directory: /home/runner/work/client-ts/client-ts/cli/dist/deb
	run: \|
	echo "$DEBIAN_GPG_KEY_PRIVATE" \| gpg --import --batch --passphrase "$DEBIAN_GPG_KEY_PASS"
	gpg --digest-algo SHA512 --clearsign --pinentry-mode loopback --passphrase "$DEBIAN_GPG_KEY_PASS" -u $DEBIAN_GPG_KEY_ID -o InRelease Release
	gpg --digest-algo SHA512 -abs --pinentry-mode loopback --passphrase "$DEBIAN_GPG_KEY_PASS" -u $DEBIAN_GPG_KEY_ID -o Release.gpg Release
	echo "Signed debian packages successfully"
	echo "sha256 sums:"
	sha256sum Release

	mkdir -p /home/runner/work/client-ts/client-ts/cli/dist/apt
	echo "$DEBIAN_GPG_KEY_PUBLIC" > /home/runner/work/client-ts/client-ts/cli/dist/apt/release.key
	env:
	DEBIAN_GPG_KEY_PRIVATE: ${{ secrets.DEBIAN_GPG_KEY_PRIVATE }}
	DEBIAN_GPG_KEY_PASS: ${{ secrets.DEBIAN_GPG_KEY_PASS }}
	DEBIAN_GPG_KEY_PUBLIC: ${{ secrets.DEBIAN_GPG_KEY_PUBLIC }}
	DEBIAN_GPG_KEY_ID: ${{ secrets.DEBIAN_GPG_KEY_ID }}

	- name: Capture version
	id: capture-version
	working-directory: ./cli
	run: echo "version=$(cat package.json \| jq -r '.version')" >> $GITHUB_OUTPUT

	- name: Create SHA outputs macos
	if: matrix.os == 'macos-latest'
	working-directory: ./cli/dist
	id: sha-macos
	run: \|
	ls -l
	VER="${{steps.capture-version.outputs.version}}"
	COMMITSHA="${{inputs.commitSha}}"
	COM="$(echo $COMMITSHA \| head -c8)"
	echo "sha-macos-arm=$(shasum --algorithm 256 xata-v${VER}-${COM}-darwin-arm64.tar.xz \| cut -d" " -f1)" >> "$GITHUB_OUTPUT"
	echo "sha-macos-intel=$(shasum --algorithm 256 xata-v${VER}-${COM}-darwin-x64.tar.xz \| cut -d" " -f1)" >> "$GITHUB_OUTPUT"

	- name: Create SHA outputs ubuntu
	if: matrix.os == 'ubuntu-latest'
	working-directory: ./cli/dist
	id: sha-ubuntu
	run: \|
	ls -l
	VER="${{steps.capture-version.outputs.version}}"
	COMMITSHA="${{inputs.commitSha}}"
	COM="$(echo $COMMITSHA \| head -c8)"
	echo "sha-linux=$(sha256sum xata-v${VER}-${COM}-linux-arm.tar.xz \| cut -d " " -f1)" >> "$GITHUB_OUTPUT"
	echo "sha-linux-arm=$(sha256sum xata-v${VER}-${COM}-linux-arm64.tar.xz \| cut -d " " -f1)" >> "$GITHUB_OUTPUT"

	- name: Upload and Promote CLI Assets to S3
	run: pnpm run release:cli:upload:s3
	env:
	MATRIX_OS: ${{ matrix.os }}
	COMMIT_SHA: ${{ inputs.commitSha }}

	- name: Pack (Windows only)
	if: matrix.os == 'ubuntu-latest'
	run: pnpm run release:cli:pack
	env:
	PUBLISHED_PACKAGES: ${{ inputs.publishedPackages }}
	MATRIX_OS: ${{ matrix.os }}
	OS_OVERRIDE: windows-latest
	XATA_WINDOWS_SIGNING_PASS: ${{ secrets.WINDOWS_CERTIFICATE_SECRET }}

	- name: Upload CLI Assets to GitHub Releases (Windows only)
	run: pnpm run release:cli:upload:gh
	if: matrix.os == 'ubuntu-latest'
	env:
	MATRIX_OS: ${{ matrix.os }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	OS_OVERRIDE: windows-latest

	- name: Upload and Promote CLI Assets to S3 (Windows only)
	if: matrix.os == 'ubuntu-latest'
	run: pnpm run release:cli:upload:s3
	env:
	MATRIX_OS: ${{ matrix.os }}
	COMMIT_SHA: ${{ inputs.commitSha }}
	OS_OVERRIDE: windows-latest

	- name: Clean up keychain
	if: matrix.os == 'macos-latest'
	run: \|
	security delete-keychain $RUNNER_TEMP/app-signing.keychain-db

	update-homebrew:
	needs: [release-cli-assets]
	name: Update Homebrew Formula
	runs-on: ubuntu-latest
	env:
	GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }}
	steps:
	- uses: actions/checkout@v3
	with:
	repository: xataio/homebrew-brew
	ref: 'main'
	token: ${{ secrets.GIT_TOKEN }}
	fetch-depth: 0

	- name: setup git config
	run: \|
	git config user.email "[email protected]"
	git config user.name "Xata"

	- name: Read template file
	id: gettemplate
	run: \|
	{
	echo 'template<<EOF'
	cat ./Template/xata.rb
	echo
	echo EOF
	} >> "$GITHUB_OUTPUT"

	- name: Update Homebrew Formula using template variables
	id: updateformula
	env:
	TEMPLATE_CONTENTS: ${{ steps.gettemplate.outputs.template }}
	run: \|
	echo "$TEMPLATE_CONTENTS" > ./Formula/xata.rb
	sed -i 's/__CLI_VERSION__/${{ needs.release-cli-assets.outputs.version }}/g' ./Formula/xata.rb
	sed -i 's/__CLI_MAC_INTEL_SHA256__/${{ needs.release-cli-assets.outputs.mac_intel_sha }}/g' ./Formula/xata.rb
	sed -i 's/__CLI_MAC_ARM_SHA256__/${{ needs.release-cli-assets.outputs.mac_arm_sha }}/g' ./Formula/xata.rb
	sed -i 's/__CLI_LINUX_SHA256__/${{ needs.release-cli-assets.outputs.linux_sha }}/g' ./Formula/xata.rb
	sed -i 's/__CLI_LINUX_ARM_SHA256__/${{ needs.release-cli-assets.outputs.linux_arm_sha }}/g' ./Formula/xata.rb

	VER="${{needs.release-cli-assets.outputs.version}}"
	COMMITSHA="${{inputs.commitSha}}"
	COM="$(echo $COMMITSHA \| head -c8)"
	BASE_URL="https://xata-cli-assets.s3.us-east-1.amazonaws.com/versions/${VER}/${COM}/xata-v${VER}-${COM}"

	CLI_MAC_INTEL_DOWNLOAD_URL="${BASE_URL}-darwin-x64.tar.xz"
	CLI_MAC_ARM_DOWNLOAD_URL="${BASE_URL}-darwin-arm64.tar.xz"
	CLI_LINUX_DOWNLOAD_URL="${BASE_URL}-linux-x64.tar.xz"
	CLI_LINUX_ARM_DOWNLOAD_URL="${BASE_URL}-linux-arm64.tar.xz"

	sed -i "s\|__CLI_MAC_INTEL_DOWNLOAD_URL__\|${CLI_MAC_INTEL_DOWNLOAD_URL}\|g" ./Formula/xata.rb
	sed -i "s\|__CLI_MAC_ARM_DOWNLOAD_URL__\|${CLI_MAC_ARM_DOWNLOAD_URL}\|g" ./Formula/xata.rb
	sed -i "s\|__CLI_LINUX_DOWNLOAD_URL__\|${CLI_LINUX_DOWNLOAD_URL}\|g" ./Formula/xata.rb
	sed -i "s\|__CLI_LINUX_ARM_DOWNLOAD_URL__\|${CLI_LINUX_ARM_DOWNLOAD_URL}\|g" ./Formula/xata.rb

	- name: Read formula file
	id: getformula
	run: \|
	{
	echo 'formula<<EOF'
	cat ./Formula/xata.rb
	echo
	echo EOF
	} >> "$GITHUB_OUTPUT"

	- name: commit changes
	run: git commit -a -m "Update dependencies to version ${{ needs.release-cli-assets.outputs.version }}"

	- name: Push changes
	uses: ad-m/github-push-action@master
	with:
	github_token: ${{ secrets.GIT_TOKEN }}
	branch: main
	repository: xataio/homebrew-brew

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release CLI Assets #72

Workflow file

Release CLI Assets #72

Jobs

Run details

Workflow file for this run