-
Notifications
You must be signed in to change notification settings - Fork 1.1k
178 lines (152 loc) · 5.62 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
name: release
on:
push:
tags:
# this is a glob, not a regexp
- '[0-9]*'
jobs:
source:
runs-on: ubuntu-latest
container:
image: quay.io/cockpit/tasks:latest
options: --user root
permissions:
# create GitHub release
contents: write
steps:
- name: Clone repository
uses: actions/checkout@v4
with:
fetch-depth: 0
# https://github.blog/2022-04-12-git-security-vulnerability-announced/
- name: Pacify git's permission check
run: git config --global --add safe.directory /__w/cockpit/cockpit
- name: Workaround for https://github.com/actions/checkout/pull/697
run: git fetch --force origin $(git describe --tags):refs/tags/$(git describe --tags)
- name: Bootstrap automake
run: ./autogen.sh
- name: Build release
run: make dist -j$(nproc) VERSION='${{ github.ref_name }}'
- id: publish
name: Publish GitHub release
uses: cockpit-project/action-release@7d2e2657382e8d34f88a24b5987f2b81ea165785
with:
filename: "cockpit-${{ github.ref_name }}.tar.xz"
outputs:
filename: ${{ steps.publish.outputs.filename }}
checksum: ${{ steps.publish.outputs.checksum }}
download: ${{ steps.publish.outputs.download }}
body: ${{ steps.publish.outputs.body }}
guide:
needs: source
environment: website
permissions: {}
runs-on: ubuntu-latest
container:
image: quay.io/cockpit/tasks:latest
options: --user root
steps:
- name: Checkout website repository
uses: actions/checkout@v4
with:
path: website
repository: cockpit-project/cockpit-project.github.io
ssh-key: ${{ secrets.DEPLOY_KEY }}
- name: Download source release
run: curl -L -o '${{ needs.source.outputs.filename }}' '${{ needs.source.outputs.download }}'
- name: Verify checksum
run: echo '${{ needs.source.outputs.checksum }} ${{ needs.source.outputs.filename }}' | sha256sum -c
- name: Build guide
run: |
mkdir source build
tar --directory source --extract --strip-components=1 --file '${{ needs.source.outputs.filename }}'
(
cd build
../source/configure
make doc/guide/html/index.html
)
- name: Update the website
run: |
rm -rf website/guide/latest
mv -Tv build/doc/guide/html website/guide/latest
# Add frontmatter for Jekyll
find website/guide/latest -name '*.html' -exec sed -i '
1i\
---\
layout: guide\
---' '{}' ';'
git config --global user.name "GitHub Workflow"
git config --global user.email "[email protected]"
cd website
git add guide/
git commit --message='Update guide to version ${{ github.ref_name }}'
git show --stat
git push origin main
flathub:
needs: source
environment: flathub
permissions: {}
runs-on: ubuntu-latest
steps:
- name: Checkout source repository
uses: actions/checkout@v4
with:
path: src
- name: Checkout flathub repository
uses: actions/checkout@v4
with:
path: flathub
repository: flathub/org.cockpit_project.CockpitClient
ssh-key: ${{ secrets.DEPLOY_KEY }}
# this is needed so we can push to a different repository
fetch-depth: 0
- name: Update flathub repository
env:
DOWNLOAD: ${{ needs.source.outputs.download }}
CHECKSUM: ${{ needs.source.outputs.checksum }}
TAG_BODY: ${{ needs.source.outputs.body }}
run: |
set -x
git config --global user.name "GitHub Workflow"
git config --global user.email "[email protected]"
cd flathub
git checkout -b "${{ github.ref_name }}"
printf '%s\n' "${TAG_BODY}" | ../src/containers/flatpak/add-release \
org.cockpit_project.CockpitClient.releases.xml \
"${{ github.ref_name }}" \
"$(date +%Y-%m-%d)"
git add "$(../src/containers/flatpak/prepare --packages=upstream --sha256="${CHECKSUM}" "${DOWNLOAD}")"
git add org.cockpit_project.CockpitClient.packages.json
git add org.cockpit_project.CockpitClient.releases.xml
git commit -m "Update to version ${{ github.ref_name }}"
git show
git push [email protected]:cockpit-project/org.cockpit_project.CockpitClient HEAD
node-cache:
# doesn't depend on it, but let's make sure the build passes before we do this
needs: [source]
runs-on: ubuntu-latest
environment: node-cache
# done via deploy key, token needs no write permissions at all
permissions: {}
steps:
- name: Clone repository
uses: actions/checkout@v4
- name: Set up git
run: |
git config user.name "GitHub Workflow"
git config user.email "[email protected]"
- name: Tag node-cache
run: |
set -eux
# this is a shared repo, prefix with project name
TAG="${GITHUB_REPOSITORY#*/}-$(basename $GITHUB_REF)"
tools/node-modules checkout
cd node_modules
git tag "$TAG"
git remote add cache "ssh://[email protected]/${GITHUB_REPOSITORY%/*}/node-cache"
eval $(ssh-agent)
ssh-add - <<< '${{ secrets.DEPLOY_KEY }}'
# make this idempotent: delete an existing tag
git push cache :"$TAG" || true
git push cache tag "$TAG"
ssh-add -D