switched to user token for sonatype access #44
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build GitHub releases | |
# This is triggered by merging a PR from a branch named release-*. This workflow builds and publishes the release artifacts to | |
# GitHub. Then it changes the version to *-SNAPSHOT in various Java-related files. | |
on: | |
pull_request: | |
types: | |
- closed | |
jobs: | |
release: | |
if: github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release-') | |
runs-on: ubuntu-22.04 | |
needs: | |
- build-java | |
# CPP is current disabled because of an issue with Cmake https://github.com/IronCoreLabs/ironoxide-swig-bindings/issues/222 | |
# - build-cpp | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# base_ref will typically be main. We'll need to commit a change to that branch and push it. | |
ref: ${{ github.base_ref }} | |
# If we use the default GITHUB_TOKEN then CI won't run after we push our changes. This WORKFLOW_PAT is a personal | |
# access token with "repo" permissions. | |
token: ${{ secrets.WORKFLOW_PAT }} | |
- name: Decrypt PGP key | |
uses: IronCoreLabs/ironhide-actions/decrypt@v3 | |
with: | |
keys: ${{ secrets.IRONHIDE_KEYS }} | |
input: .github/signing-key.asc.iron | |
- name: Import PGP key | |
run: gpg --batch --import .github/signing-key.asc | |
- name: Configure git | |
run: | | |
git config --local user.email [email protected] | |
git config --local user.name "Leeroy Travis" | |
- name: Calculate versions from head_ref | |
id: version | |
run: | | |
CURRENT=$(basename ${{ github.head_ref }}) | |
NAME=$(echo ${CURRENT} | sed 's/release-//') | |
NUMBER=$(echo ${NAME} | sed -E -e 's/[^0-9.]+/./g' -e 's/\.+/./g' -e 's/^\.//' -e 's/\.$//') | |
NEXT=$(echo ${NUMBER} | awk -F. -v OFS=. '{$NF++;print}') | |
echo "tag=${NAME}" >> "$GITHUB_OUTPUT" | |
echo "next=${NEXT}" >> "$GITHUB_OUTPUT" | |
- name: Create release tag | |
run: | | |
git tag ${{ steps.version.outputs.tag }} | |
git push origin ${{ steps.version.outputs.tag }} | |
- uses: actions/create-release@v1 | |
id: release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ steps.version.outputs.tag }} | |
release_name: Version ${{ steps.version.outputs.tag }} | |
- name: Download java release artifacts from ubuntu-22.04 | |
uses: actions/download-artifact@v3 | |
with: | |
name: release-ubuntu-22.04 | |
path: release/ubuntu-22.04 | |
- name: Delete artifact | |
uses: geekyeggo/delete-artifact@v2 | |
with: | |
name: release-ubuntu-22.04 | |
failOnError: false | |
- name: Sign java artifact for ubuntu-22.04 | |
run: | | |
gpg --batch --detach-sign -a release/ubuntu-22.04/libironoxide_java.so | |
gpg --batch --verify release/ubuntu-22.04/libironoxide_java.so.asc release/ubuntu-22.04/libironoxide_java.so | |
- name: Upload java lib for ubuntu-22.04 | |
run: gh release upload ${{ steps.version.outputs.tag }} release/ubuntu-22.04/libironoxide_java.so release/ubuntu-22.04/libironoxide_java.so.asc --clobber | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Download java release artifacts from macos-12 | |
uses: actions/download-artifact@v3 | |
with: | |
name: release-macos-12 | |
path: release/macos-12 | |
- name: Delete artifact | |
uses: geekyeggo/delete-artifact@v2 | |
with: | |
name: release-macos-12 | |
failOnError: false | |
- name: Sign java artifact for macos-12 | |
run: | | |
gpg --batch --detach-sign -a release/macos-12/libironoxide_java.dylib | |
gpg --batch --verify release/macos-12/libironoxide_java.dylib.asc release/macos-12/libironoxide_java.dylib | |
- name: Upload java lib for macos-12 | |
run: gh release upload ${{ steps.version.outputs.tag }} release/macos-12/libironoxide_java.dylib release/macos-12/libironoxide_java.dylib.asc --clobber | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# - name: Download iOS release artifacts from build-cpp | |
# uses: actions/download-artifact@v3 | |
# with: | |
# name: release-iOS | |
# path: release/release-iOS | |
# - name: Delete artifact | |
# uses: geekyeggo/delete-artifact@v1 | |
# with: | |
# name: release-macos-12 | |
# failOnError: false | |
# - name: Sign iOS artifact | |
# run: | | |
# gpg --batch --detach-sign -a release/release-iOS/ironoxide-homebrew.tar.gz | |
# gpg --batch --verify release/release-iOS/ironoxide-homebrew.tar.gz.asc release/release-iOS/ironoxide-homebrew.tar.gz | |
# - name: Upload tar for release-iOS | |
# run: gh release upload ${{ steps.version.outputs.tag }} release/release-iOS/ironoxide-homebrew.tar.gz release/release-iOS/ironoxide-homebrew.tar.gz.asc --clobber | |
# env: | |
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Increment to next -SNAPSHOT version for Java. | |
run: | | |
rm -rf release | |
.github/set-versions.sh -j ${{ steps.version.outputs.next }}-SNAPSHOT | |
- run: git commit -m "Set next -SNAPSHOT version for Java." | |
- run: git push | |
build-java: | |
if: github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release-') | |
strategy: | |
matrix: | |
os: [ubuntu-22.04, macos-12] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: olafurpg/setup-scala@v14 | |
with: | |
java-version: 11 | |
# Not installing llvm for Mac because https://stackoverflow.com/a/35753922/107357 | |
- name: Install llvm (ubuntu) | |
if: startsWith(matrix.os, 'ubuntu') | |
run: sudo apt-get update && sudo apt-get install -y llvm | |
- uses: IronCoreLabs/rust-toolchain@v1 | |
- uses: actions-rs/cargo@v1 | |
with: | |
command: build | |
args: --release | |
- name: Upload artifacts for ubuntu-22.04 | |
if: startsWith(matrix.os, 'ubuntu') | |
uses: actions/upload-artifact@v3 | |
with: | |
name: release-ubuntu-22.04 | |
path: target/release/libironoxide_java.so | |
- name: Upload artifacts for macos-12 | |
if: startsWith(matrix.os, 'macos') | |
uses: actions/upload-artifact@v3 | |
with: | |
name: release-macos-12 | |
path: target/release/libironoxide_java.dylib | |
# See https://github.com/IronCoreLabs/ironoxide-swig-bindings/issues/222 | |
# build-cpp: | |
# if: github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release-') | |
# runs-on: macos-12 | |
# steps: | |
# - uses: actions/checkout@v4 | |
# - uses: IronCoreLabs/rust-toolchain@v1 | |
# - name: Setup iOS build | |
# run: | | |
# rustup target add x86_64-apple-ios aarch64-apple-ios | |
# cargo install cargo-lipo | |
# - name: Build for iOS | |
# run: cargo lipo --release -p ironoxide-cpp | |
# - name: Build iOS tar | |
# run: | | |
# ( cd cpp/generated && mv sdk headers ) | |
# tar -c -f ironoxide-homebrew.tar -C cpp/generated headers | |
# tar -r -f ironoxide-homebrew.tar -C cpp ironoxide.pc.in | |
# tar -r -f ironoxide-homebrew.tar -C target/universal/release libironoxide.a | |
# gzip ironoxide-homebrew.tar | |
# - name: Upload iOS artifact | |
# uses: actions/upload-artifact@v3 | |
# with: | |
# name: release-iOS | |
# path: ironoxide-homebrew.tar.gz | |
# See https://github.com/IronCoreLabs/ironoxide-swig-bindings/issues/222 | |
# Creates a PR to update homebrew-ironcore, which depends on releases from this repository. | |
# homebrew-ironcore: | |
# if: github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release-') | |
# runs-on: ubuntu-22.04 | |
# needs: | |
# - release | |
# steps: | |
# - uses: actions/checkout@v4 | |
# with: | |
# # If we use the default GITHUB_TOKEN, it won't run our CI job once we create a PR. The WORKFLOW_PAT is a personal | |
# # access token with "repo" permissions. | |
# token: ${{ secrets.WORKFLOW_PAT }} | |
# repository: IronCoreLabs/homebrew-ironcore | |
# - name: Configure git | |
# run: | | |
# git config --local user.email [email protected] | |
# git config --local user.name "Leeroy Travis" | |
# - name: Set variables from version and hash | |
# id: vars | |
# run: | | |
# CURRENT=$(basename ${{ github.head_ref }}) | |
# NAME=$(echo ${CURRENT} | sed 's/release-//') | |
# ARTIFACT=https://github.com/IronCoreLabs/ironoxide-swig-bindings/releases/download/${NAME}/ironoxide-homebrew.tar.gz | |
# wget -q ${ARTIFACT} | |
# SHA256=$(sha256sum -b ironoxide-homebrew.tar.gz | awk '{print $1}') | |
# echo "tag=${NAME}" >> "$GITHUB_OUTPUT" | |
# echo "pr_branch=ironoxide-swig-bindings-${NAME}" >> "$GITHUB_OUTPUT" | |
# echo "artifact=${ARTIFACT}" >> "$GITHUB_OUTPUT" | |
# echo "sha256=${SHA256}" >> "$GITHUB_OUTPUT" | |
# - name: Edit files for pending release | |
# run: | | |
# sed -i -e 's,^\( *url "\)[^"]*\("\)$,\1${{ steps.vars.outputs.artifact }}\2,' Formula/ironoxide.rb | |
# sed -i -e 's,^\( *sha256 "\)[0-9a-f]*\("\)$,\1${{ steps.vars.outputs.sha256 }}\2,' Formula/ironoxide.rb | |
# - run: git add Formula/ironoxide.rb | |
# - run: git checkout -b ${{ steps.vars.outputs.pr_branch }} | |
# - run: git commit -m "Use new ironoxide-homebrew ${{ steps.vars.outputs.tag }}" | |
# - run: git push origin ${{ steps.vars.outputs.pr_branch }} | |
# - name: Create PR | |
# run: | | |
# curl --silent --show-error --fail -X POST \ | |
# -H "Authorization: token ${{ secrets.WORKFLOW_PAT }}" \ | |
# -H "Content-Type: application/json" \ | |
# --data '{"title": "Use new ironoxide-swig-bindings ${{ steps.vars.outputs.tag }}", | |
# "head": "${{ steps.vars.outputs.pr_branch }}", | |
# "base": "main", | |
# "body": "" | |
# }' \ | |
# https://api.github.com/repos/IronCoreLabs/homebrew-ironcore/pulls |