Create Repo for RustDesk latest and nightly #53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create Repo for RustDesk latest and nightly | |
on: | |
schedule: | |
# Every 3AM UTC | |
- cron: "0 3 * * *" | |
pull_request: | |
branches: | |
- main | |
paths-ignore: | |
- '**.md' | |
workflow_dispatch: | |
permissions: | |
contents: read | |
pages: write | |
id-token: write | |
jobs: | |
verify: | |
name: Verify container | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install Cosign | |
uses: sigstore/[email protected] | |
- name: Verify | |
run: | | |
cosign verify --rekor-url=https://rekor.sigstore.dev \ | |
--certificate-identity-regexp "https://github.com/xlionjuan/.*" \ | |
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ | |
ghcr.io/xlionjuan/fedora-createrepo-image-minimal:latest | |
build: | |
name: Build | |
needs: verify | |
runs-on: ubuntu-latest | |
container: ghcr.io/xlionjuan/fedora-createrepo-image-minimal:latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Pages | |
uses: actions/configure-pages@v5 | |
- name: Import GPG Key | |
if: github.event_name != 'pull_request' || github.actor == 'renovate[bot]' | |
run: | | |
echo "$GPG_PRIVATE_KEY" | gpg --batch --yes --import | |
GPG_PUBLIC_KEY=$(gpg --list-keys --with-colons | grep fpr | head -n1 | cut -d: -f10) | |
echo "%_signature gpg | |
%_gpg_name $GPG_PUBLIC_KEY" > ~/.rpmmacros | |
env: | |
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
- name: Download RustDesk latest and nightly | |
run: bash rustdesk_latest.sh & bash rustdesk_nightly.sh | |
- name: Sign RPMs | |
if: github.event_name != 'pull_request' || github.actor == 'renovate[bot]' | |
run: bash createrepo/1_sign_rpm.sh | |
- name: Create repo | |
run: bash createrepo/2_createrepo.sh | |
- name: Sign repo | |
if: github.event_name != 'pull_request' || github.actor == 'renovate[bot]' | |
run: bash createrepo/3_sign_repo.sh | |
- name: Upload Pages artifact | |
uses: actions/upload-pages-artifact@v3 | |
with: | |
name: github-pages | |
path: wwwroot | |
- name: Publish Artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: cf_r2 | |
path: wwwroot | |
if-no-files-found: error | |
deploy: | |
name: Deploy to GitHub Pages | |
if: github.event_name != 'pull_request' | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Deploy to GitHub Pages | |
id: deployment | |
uses: actions/deploy-pages@v4 | |
push-to-cf-r2: | |
name: Push to Cloudflare R2 | |
if: github.event_name != 'pull_request' | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Download artifact | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: cf_r2 | |
path: wwwroot | |
merge-multiple: true | |
- name: Upload to Cloudflare R2 | |
uses: ryand56/r2-upload-action@latest | |
with: | |
r2-account-id: ${{ secrets.R2_ACCOUNT_ID }} | |
r2-access-key-id: ${{ secrets.R2_ACCESS_KEY_ID }} | |
r2-secret-access-key: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
r2-bucket: ${{ secrets.R2_BUCKET }} | |
keep-file-fresh: true | |
source-dir: wwwroot | |
destination-dir: ./ |