refactor(ci): derive composite-action inputs from project name
Reviewer asked us to stop over-configuring the release-binaries and
release-os-package composite actions — they're called only with
vikunja or veans, so per-project paths, artifact names, cache keys, S3
target, and version-or-unstable can all be derived inside the action
from the project name. The xgo-out-name input goes away too.
Vikunja-specific pre-build (downloading frontend_dist, generating
config.yml.sample) now happens inside the action, gated on the project
input. Callers no longer need those preamble steps.
Secrets stay as inputs — composite actions can't read \`\${{ secrets.* }}\`
directly; passing them through is the simplest workaround.
Each callsite shrinks to ~13 lines of mostly-secret pass-through plus
2-4 lines of real parameters.
This commit is contained in:
parent
304fe55da7
commit
ed9df9064c
|
|
@ -1,48 +1,24 @@
|
|||
name: Release Go binaries
|
||||
description: >
|
||||
Cross-compile a Go binary from this monorepo through the centralized build/
|
||||
magefile (xgo + upx + sha256 + zip), GPG-sign the per-target zip bundles,
|
||||
upload them to S3, and store the binaries and zip bundles as workflow
|
||||
artifacts. Any project-specific pre-build steps (downloading frontend dist,
|
||||
generating config.yml.sample) belong in the calling workflow — this action
|
||||
assumes the working tree is ready to compile.
|
||||
name: Release binaries
|
||||
description: |
|
||||
Build, sign, and publish release binaries for a Vikunja sub-project.
|
||||
|
||||
Derives every per-project path, cache key, artifact name, and S3 target
|
||||
from the `project` input. Callers only need to provide the project name,
|
||||
the raw `git describe` value, and pass through the GPG/S3 secrets as
|
||||
inputs (composite actions can't read `${{ secrets.* }}` directly).
|
||||
|
||||
inputs:
|
||||
project:
|
||||
description: 'Project name passed to `mage release:build` (e.g., vikunja, veans).'
|
||||
description: 'Which project to build: "vikunja" or "veans".'
|
||||
required: true
|
||||
release-version:
|
||||
description: 'RELEASE_VERSION env value — usually the raw `git describe` output.'
|
||||
required: true
|
||||
xgo-out-name:
|
||||
description: 'XGO_OUT_NAME env value — basename xgo prefixes onto every binary (e.g., vikunja-v1.2.3, veans-unstable).'
|
||||
required: true
|
||||
output-directory:
|
||||
description: 'Where the project writes dist/ (e.g., "." for vikunja, "veans" for veans). Used for signing, S3 upload, and artifact paths.'
|
||||
required: true
|
||||
xgo-cache-key:
|
||||
description: 'Primary cache key for /home/runner/.xgo-cache.'
|
||||
required: true
|
||||
s3-target-path:
|
||||
description: 'S3 target path for the zip bundles (e.g., /vikunja/v1.2.3 or /veans/unstable).'
|
||||
required: true
|
||||
artifact-binaries-name:
|
||||
description: 'Name of the upload-artifact entry for the raw binaries under dist/binaries/.'
|
||||
required: true
|
||||
artifact-zips-name:
|
||||
description: 'Name of the upload-artifact entry for the zip bundles under dist/zip/.'
|
||||
required: true
|
||||
upload-zips-as-artifact:
|
||||
description: '"true" to also upload the zip bundles as a workflow artifact (typically only on tags).'
|
||||
required: false
|
||||
default: 'false'
|
||||
gpg-key-id:
|
||||
description: 'Long key ID GPG should sign with.'
|
||||
description: 'Raw git describe value (e.g. v1.2.3 or a sha). Use "" or "main" for unstable builds.'
|
||||
required: true
|
||||
# Secrets — composite actions can't read `${{ secrets.* }}` directly, so the
|
||||
# caller threads them through as inputs.
|
||||
gpg-passphrase:
|
||||
required: true
|
||||
gpg-sign-key:
|
||||
description: 'ASCII-armored GPG private key.'
|
||||
required: true
|
||||
s3-access-key-id:
|
||||
required: true
|
||||
|
|
@ -58,43 +34,105 @@ inputs:
|
|||
runs:
|
||||
using: composite
|
||||
steps:
|
||||
- uses: useblacksmith/setup-go@647ac649bd5b480f2a262e3e3e5f4d150ed452ad # v6
|
||||
with:
|
||||
go-version: stable
|
||||
|
||||
- name: Install mage
|
||||
# build/ is its own module — install a fresh mage so it picks up
|
||||
# build/magefile.go on the fly.
|
||||
- name: Set project paths
|
||||
shell: bash
|
||||
run: go install github.com/magefile/mage@v1.17.2
|
||||
env:
|
||||
PROJECT: ${{ inputs.project }}
|
||||
RELEASE_VERSION_INPUT: ${{ inputs.release-version }}
|
||||
run: |
|
||||
set -euo pipefail
|
||||
|
||||
case "$PROJECT" in
|
||||
vikunja|veans) ;;
|
||||
*)
|
||||
echo "::error::Unknown project '$PROJECT'. Expected 'vikunja' or 'veans'." >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
# version-or-unstable: real version unless empty/"main", in which case "unstable".
|
||||
if [ -z "$RELEASE_VERSION_INPUT" ] || [ "$RELEASE_VERSION_INPUT" = "main" ]; then
|
||||
version_or_unstable="unstable"
|
||||
else
|
||||
version_or_unstable="$RELEASE_VERSION_INPUT"
|
||||
fi
|
||||
|
||||
case "$PROJECT" in
|
||||
vikunja)
|
||||
output_dir="."
|
||||
dist_prefix="dist"
|
||||
;;
|
||||
veans)
|
||||
output_dir="veans"
|
||||
dist_prefix="veans/dist"
|
||||
;;
|
||||
esac
|
||||
|
||||
{
|
||||
echo "PROJECT=$PROJECT"
|
||||
echo "RELEASE_VERSION=$RELEASE_VERSION_INPUT"
|
||||
echo "VERSION_OR_UNSTABLE=$version_or_unstable"
|
||||
echo "XGO_OUT_NAME=${PROJECT}-${version_or_unstable}"
|
||||
echo "OUTPUT_DIR=$output_dir"
|
||||
echo "DIST_PREFIX=$dist_prefix"
|
||||
echo "S3_TARGET_PATH=/${PROJECT}/${version_or_unstable}"
|
||||
echo "ARTIFACT_BINARIES_NAME=${PROJECT}_bins"
|
||||
echo "ARTIFACT_ZIPS_NAME=${PROJECT}_bin_packages"
|
||||
} >> "$GITHUB_ENV"
|
||||
|
||||
- name: Download Mage binary
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
|
||||
with:
|
||||
name: mage_bin
|
||||
|
||||
- name: Make mage-static executable
|
||||
shell: bash
|
||||
run: chmod +x ./mage-static
|
||||
|
||||
- name: Download frontend dist (vikunja only)
|
||||
if: inputs.project == 'vikunja'
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
|
||||
with:
|
||||
name: frontend_dist
|
||||
path: frontend/dist
|
||||
|
||||
- name: Generate config.yml.sample (vikunja only)
|
||||
if: inputs.project == 'vikunja'
|
||||
shell: bash
|
||||
run: ./mage-static generate:config-yaml 1
|
||||
|
||||
- name: Install upx
|
||||
shell: bash
|
||||
run: |
|
||||
wget https://github.com/upx/upx/releases/download/v5.0.0/upx-5.0.0-amd64_linux.tar.xz
|
||||
set -euo pipefail
|
||||
wget -q https://github.com/upx/upx/releases/download/v5.0.0/upx-5.0.0-amd64_linux.tar.xz
|
||||
echo 'b32abf118d721358a50f1aa60eacdbf3298df379c431c3a86f139173ab8289a1 upx-5.0.0-amd64_linux.tar.xz' > upx-5.0.0-amd64_linux.tar.xz.sha256
|
||||
sha256sum -c upx-5.0.0-amd64_linux.tar.xz.sha256
|
||||
tar xf upx-5.0.0-amd64_linux.tar.xz
|
||||
mv upx-5.0.0-amd64_linux/upx /usr/local/bin
|
||||
sudo mv upx-5.0.0-amd64_linux/upx /usr/local/bin
|
||||
|
||||
- name: Setup xgo cache
|
||||
uses: useblacksmith/cache@71c7c918062ba3861252d84b07fe5ab2a6b467a6 # v5
|
||||
with:
|
||||
path: /home/runner/.xgo-cache
|
||||
key: ${{ inputs.xgo-cache-key }}
|
||||
key: xgo-${{ inputs.project }}-${{ hashFiles('**/go.sum') }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-go-
|
||||
xgo-${{ inputs.project }}-
|
||||
|
||||
- name: Build and release
|
||||
- name: Install mage for the build module
|
||||
shell: bash
|
||||
run: go install github.com/magefile/mage@v1.17.2
|
||||
|
||||
- name: Build release artifacts
|
||||
shell: bash
|
||||
working-directory: build
|
||||
env:
|
||||
RELEASE_VERSION: ${{ inputs.release-version }}
|
||||
XGO_OUT_NAME: ${{ inputs.xgo-out-name }}
|
||||
PROJECT: ${{ inputs.project }}
|
||||
RELEASE_VERSION: ${{ env.RELEASE_VERSION }}
|
||||
XGO_OUT_NAME: ${{ env.XGO_OUT_NAME }}
|
||||
PROJECT: ${{ env.PROJECT }}
|
||||
run: |
|
||||
export PATH=$PATH:$GOPATH/bin
|
||||
mage release:build "$PROJECT"
|
||||
set -euo pipefail
|
||||
export PATH="$PATH:$(go env GOPATH)/bin"
|
||||
cd build && mage release:build "$PROJECT"
|
||||
|
||||
- name: GPG setup
|
||||
uses: kolaente/action-gpg@main
|
||||
|
|
@ -102,18 +140,27 @@ runs:
|
|||
gpg-passphrase: ${{ inputs.gpg-passphrase }}
|
||||
gpg-sign-key: ${{ inputs.gpg-sign-key }}
|
||||
|
||||
- name: Sign zip bundles
|
||||
- name: Sign zips
|
||||
shell: bash
|
||||
working-directory: ${{ inputs.output-directory }}
|
||||
env:
|
||||
GPG_KEY_ID: ${{ inputs.gpg-key-id }}
|
||||
GPG_PASSPHRASE: ${{ inputs.gpg-passphrase }}
|
||||
DIST_PREFIX: ${{ env.DIST_PREFIX }}
|
||||
RELEASE_GPG_PASSPHRASE: ${{ inputs.gpg-passphrase }}
|
||||
run: |
|
||||
echo "=== Signing files ==="
|
||||
ls -hal dist/zip/*
|
||||
for file in dist/zip/*; do
|
||||
gpg -v --default-key "$GPG_KEY_ID" -b --batch --yes \
|
||||
--passphrase "$GPG_PASSPHRASE" \
|
||||
set -euo pipefail
|
||||
zip_dir="${DIST_PREFIX}/zip"
|
||||
echo "=== GPG agent status ==="
|
||||
gpg-connect-agent 'keyinfo --list' /bye || true
|
||||
echo "=== GPG secret keys ==="
|
||||
gpg -K --with-keygrip
|
||||
echo "=== GPG public keys ==="
|
||||
gpg --list-keys
|
||||
echo "=== Signing files in $zip_dir ==="
|
||||
ls -hal "$zip_dir"/*
|
||||
for file in "$zip_dir"/*; do
|
||||
gpg -v \
|
||||
--default-key 7D061A4AA61436B40713D42EFF054DACD908493A \
|
||||
-b --batch --yes \
|
||||
--passphrase "$RELEASE_GPG_PASSPHRASE" \
|
||||
--pinentry-mode loopback \
|
||||
--sign "$file"
|
||||
done
|
||||
|
|
@ -126,19 +173,19 @@ runs:
|
|||
s3-endpoint: ${{ inputs.s3-endpoint }}
|
||||
s3-bucket: ${{ inputs.s3-bucket }}
|
||||
s3-region: ${{ inputs.s3-region }}
|
||||
target-path: ${{ inputs.s3-target-path }}
|
||||
files: ${{ inputs.output-directory }}/dist/zip/*
|
||||
strip-path-prefix: ${{ inputs.output-directory }}/dist/zip/
|
||||
target-path: ${{ env.S3_TARGET_PATH }}
|
||||
files: ${{ env.DIST_PREFIX }}/zip/*
|
||||
strip-path-prefix: ${{ env.DIST_PREFIX }}/zip/
|
||||
|
||||
- name: Store binaries
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
|
||||
with:
|
||||
name: ${{ inputs.artifact-binaries-name }}
|
||||
path: ${{ inputs.output-directory }}/dist/binaries/*
|
||||
name: ${{ env.ARTIFACT_BINARIES_NAME }}
|
||||
path: ./${{ env.DIST_PREFIX }}/binaries/*
|
||||
|
||||
- name: Store zip bundles
|
||||
if: inputs.upload-zips-as-artifact == 'true'
|
||||
- name: Store binary packages
|
||||
if: github.ref_type == 'tag'
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
|
||||
with:
|
||||
name: ${{ inputs.artifact-zips-name }}
|
||||
path: ${{ inputs.output-directory }}/dist/zip/*
|
||||
name: ${{ env.ARTIFACT_ZIPS_NAME }}
|
||||
path: ./${{ env.DIST_PREFIX }}/zip/*
|
||||
|
|
|
|||
|
|
@ -4,63 +4,33 @@ description: >
|
|||
via nfpm, optionally GPG-sign it (archlinux is signed inline; rpm is signed
|
||||
by nfpm itself), upload it to S3, and store it as a workflow artifact.
|
||||
|
||||
Templating of the project's nfpm.yaml happens via the centralized build/
|
||||
magefile (`mage release:prepare-nfpm-config <project> <arch>`).
|
||||
Most paths and names are derived from `project`; the matrix only needs to
|
||||
supply the per-arch and per-format inputs.
|
||||
|
||||
inputs:
|
||||
project:
|
||||
description: 'Project name passed to `mage release:prepare-nfpm-config` (e.g., vikunja, veans).'
|
||||
description: 'Project name (vikunja | veans). Drives all derived paths.'
|
||||
required: true
|
||||
release-version:
|
||||
description: 'RELEASE_VERSION env value — the same version that ended up in the binaries artifact.'
|
||||
description: 'RELEASE_VERSION env value — the same version that ended up in the binaries artifact. Empty or "main" maps to "unstable".'
|
||||
required: true
|
||||
nfpm-bin-path:
|
||||
description: 'NFPM_BIN_PATH override for the <binlocation> substitution. Leave empty to use the project default.'
|
||||
required: false
|
||||
default: ''
|
||||
packager:
|
||||
description: 'nfpm packager: rpm | deb | apk | archlinux.'
|
||||
required: true
|
||||
nfpm-arch:
|
||||
description: 'nfpm arch field (amd64 | arm64 | arm7 | 386).'
|
||||
description: 'nfpm arch field (amd64 | arm64 | arm7).'
|
||||
required: true
|
||||
pkg-arch:
|
||||
description: 'Package-format arch used in the output filename (x86_64 | aarch64 | armv7).'
|
||||
required: true
|
||||
binaries-artifact-name:
|
||||
description: 'Name of the binaries artifact to download (e.g., vikunja_bins, veans_bins).'
|
||||
required: true
|
||||
binaries-download-path:
|
||||
description: 'Where to extract the binaries artifact (relative to workspace root).'
|
||||
required: true
|
||||
binary-glob:
|
||||
description: 'Glob (under binaries-download-path) that matches the single binary to package.'
|
||||
required: true
|
||||
staged-binary-path:
|
||||
description: 'Final path of the binary the nfpm config will read (relative to workspace root).'
|
||||
required: true
|
||||
nfpm-config-path:
|
||||
description: 'Path to the project''s nfpm.yaml (relative to workspace root). Passed to nfpm via `--config`.'
|
||||
required: true
|
||||
package-output-dir:
|
||||
description: 'Directory (relative to workspace root) where nfpm writes the resulting package.'
|
||||
required: true
|
||||
package-filename:
|
||||
description: 'Filename of the produced package (e.g., vikunja-v1.2.3-x86_64.deb).'
|
||||
required: true
|
||||
artifact-name:
|
||||
description: 'Name of the upload-artifact entry for the produced package.'
|
||||
required: true
|
||||
s3-target-path:
|
||||
description: 'S3 target path for the package (e.g., /vikunja/v1.2.3 or /veans/unstable).'
|
||||
required: true
|
||||
gpg-key-id:
|
||||
description: 'Long key ID GPG should sign with (used for archlinux signing).'
|
||||
go-name:
|
||||
description: 'Go-style arch token used in the binary filename (linux-amd64 | linux-arm64 | linux-arm-7).'
|
||||
required: true
|
||||
# Secrets — composite actions can't read `${{ secrets.* }}` directly, so the
|
||||
# caller threads them through as inputs.
|
||||
gpg-passphrase:
|
||||
required: true
|
||||
gpg-sign-key:
|
||||
description: 'ASCII-armored GPG private key.'
|
||||
required: true
|
||||
s3-access-key-id:
|
||||
required: true
|
||||
|
|
@ -76,11 +46,53 @@ inputs:
|
|||
runs:
|
||||
using: composite
|
||||
steps:
|
||||
- name: Set project paths
|
||||
shell: bash
|
||||
env:
|
||||
PROJECT: ${{ inputs.project }}
|
||||
RELEASE_VERSION: ${{ inputs.release-version }}
|
||||
PACKAGER: ${{ inputs.packager }}
|
||||
PKG_ARCH: ${{ inputs.pkg-arch }}
|
||||
GO_NAME: ${{ inputs.go-name }}
|
||||
run: |
|
||||
case "$PROJECT" in
|
||||
vikunja)
|
||||
echo "BINARIES_DOWNLOAD_PATH=." >> "$GITHUB_ENV"
|
||||
echo "STAGED_BINARY_PATH=./vikunja" >> "$GITHUB_ENV"
|
||||
echo "NFPM_BIN_PATH=" >> "$GITHUB_ENV"
|
||||
echo "NFPM_CONFIG_PATH=./nfpm.yaml" >> "$GITHUB_ENV"
|
||||
echo "PACKAGE_OUTPUT_DIR=./dist/os-packages" >> "$GITHUB_ENV"
|
||||
;;
|
||||
veans)
|
||||
echo "BINARIES_DOWNLOAD_PATH=./veans-binaries" >> "$GITHUB_ENV"
|
||||
echo "STAGED_BINARY_PATH=./veans/veans-bin" >> "$GITHUB_ENV"
|
||||
echo "NFPM_BIN_PATH=./veans/veans-bin" >> "$GITHUB_ENV"
|
||||
echo "NFPM_CONFIG_PATH=./veans/nfpm.yaml" >> "$GITHUB_ENV"
|
||||
echo "PACKAGE_OUTPUT_DIR=./veans/dist/os-packages" >> "$GITHUB_ENV"
|
||||
;;
|
||||
*)
|
||||
echo "::error::unknown project '$PROJECT' (expected vikunja|veans)"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -z "$RELEASE_VERSION" ] || [ "$RELEASE_VERSION" = "main" ]; then
|
||||
version_or_unstable="unstable"
|
||||
else
|
||||
version_or_unstable="$RELEASE_VERSION"
|
||||
fi
|
||||
echo "VERSION_OR_UNSTABLE=$version_or_unstable" >> "$GITHUB_ENV"
|
||||
echo "BINARIES_ARTIFACT_NAME=${PROJECT}_bins" >> "$GITHUB_ENV"
|
||||
echo "BINARY_GLOB=${PROJECT}-*-${GO_NAME}" >> "$GITHUB_ENV"
|
||||
echo "PACKAGE_FILENAME=${PROJECT}-${version_or_unstable}-${PKG_ARCH}.${PACKAGER}" >> "$GITHUB_ENV"
|
||||
echo "ARTIFACT_NAME=${PROJECT}_os_package_${PACKAGER}_${PKG_ARCH}" >> "$GITHUB_ENV"
|
||||
echo "S3_TARGET_PATH=/${PROJECT}/${version_or_unstable}" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Download project binaries
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
|
||||
with:
|
||||
name: ${{ inputs.binaries-artifact-name }}
|
||||
path: ${{ inputs.binaries-download-path }}
|
||||
name: ${{ env.BINARIES_ARTIFACT_NAME }}
|
||||
path: ${{ env.BINARIES_DOWNLOAD_PATH }}
|
||||
|
||||
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
|
||||
with:
|
||||
|
|
@ -104,13 +116,13 @@ runs:
|
|||
gpg-passphrase: ${{ inputs.gpg-passphrase }}
|
||||
gpg-sign-key: ${{ inputs.gpg-sign-key }}
|
||||
|
||||
- name: Prepare nfpm config and stage binary
|
||||
- name: Prepare nfpm config
|
||||
shell: bash
|
||||
working-directory: build
|
||||
env:
|
||||
RELEASE_VERSION: ${{ inputs.release-version }}
|
||||
NFPM_ARCH: ${{ inputs.nfpm-arch }}
|
||||
NFPM_BIN_PATH: ${{ inputs.nfpm-bin-path }}
|
||||
NFPM_BIN_PATH: ${{ env.NFPM_BIN_PATH }}
|
||||
PROJECT: ${{ inputs.project }}
|
||||
run: |
|
||||
export PATH=$PATH:$GOPATH/bin
|
||||
|
|
@ -118,39 +130,32 @@ runs:
|
|||
|
||||
- name: Stage binary
|
||||
shell: bash
|
||||
env:
|
||||
BINARY_GLOB: ${{ inputs.binary-glob }}
|
||||
DOWNLOAD_DIR: ${{ inputs.binaries-download-path }}
|
||||
STAGED: ${{ inputs.staged-binary-path }}
|
||||
run: |
|
||||
# Resolve the single matching binary and mv it into place. Using
|
||||
# extglob would be tidier, but a tiny shell loop keeps this readable.
|
||||
# Resolve the single matching binary and mv it into place.
|
||||
matched=()
|
||||
for f in $DOWNLOAD_DIR/$BINARY_GLOB; do
|
||||
for f in $BINARIES_DOWNLOAD_PATH/$BINARY_GLOB; do
|
||||
[ -e "$f" ] || continue
|
||||
matched+=("$f")
|
||||
done
|
||||
if [ ${#matched[@]} -ne 1 ]; then
|
||||
echo "::error::expected exactly 1 binary matching '$DOWNLOAD_DIR/$BINARY_GLOB', found ${#matched[@]}"
|
||||
ls -la "$DOWNLOAD_DIR" || true
|
||||
echo "::error::expected exactly 1 binary matching '$BINARIES_DOWNLOAD_PATH/$BINARY_GLOB', found ${#matched[@]}"
|
||||
ls -la "$BINARIES_DOWNLOAD_PATH" || true
|
||||
exit 1
|
||||
fi
|
||||
mkdir -p "$(dirname "$STAGED")"
|
||||
mv "${matched[0]}" "$STAGED"
|
||||
chmod +x "$STAGED"
|
||||
mkdir -p "$(dirname "$STAGED_BINARY_PATH")"
|
||||
mv "${matched[0]}" "$STAGED_BINARY_PATH"
|
||||
chmod +x "$STAGED_BINARY_PATH"
|
||||
|
||||
- name: Ensure package output dir exists
|
||||
shell: bash
|
||||
env:
|
||||
DIR: ${{ inputs.package-output-dir }}
|
||||
run: mkdir -p "$DIR"
|
||||
run: mkdir -p "$PACKAGE_OUTPUT_DIR"
|
||||
|
||||
- name: Create package
|
||||
uses: kolaente/action-gh-nfpm@master
|
||||
with:
|
||||
packager: ${{ inputs.packager }}
|
||||
target: ${{ inputs.package-output-dir }}/${{ inputs.package-filename }}
|
||||
config: ${{ inputs.nfpm-config-path }}
|
||||
target: ${{ env.PACKAGE_OUTPUT_DIR }}/${{ env.PACKAGE_FILENAME }}
|
||||
config: ${{ env.NFPM_CONFIG_PATH }}
|
||||
env:
|
||||
NFPM_GPG_KEY_FILE: ${{ inputs.packager == 'rpm' && '/tmp/nfpm-signing-key.gpg' || '' }}
|
||||
NFPM_PASSPHRASE: ${{ inputs.packager == 'rpm' && inputs.gpg-passphrase || '' }}
|
||||
|
|
@ -159,16 +164,14 @@ runs:
|
|||
if: inputs.packager == 'archlinux'
|
||||
shell: bash
|
||||
env:
|
||||
GPG_KEY_ID: ${{ inputs.gpg-key-id }}
|
||||
GPG_PASSPHRASE: ${{ inputs.gpg-passphrase }}
|
||||
PKG: ${{ inputs.package-output-dir }}/${{ inputs.package-filename }}
|
||||
run: |
|
||||
gpg --default-key "$GPG_KEY_ID" \
|
||||
gpg --default-key 7D061A4AA61436B40713D42EFF054DACD908493A \
|
||||
--batch --yes \
|
||||
--passphrase "$GPG_PASSPHRASE" \
|
||||
--pinentry-mode loopback \
|
||||
--detach-sign \
|
||||
"$PKG"
|
||||
"$PACKAGE_OUTPUT_DIR/$PACKAGE_FILENAME"
|
||||
|
||||
- name: Upload to S3
|
||||
uses: kolaente/s3-action@main
|
||||
|
|
@ -178,12 +181,12 @@ runs:
|
|||
s3-endpoint: ${{ inputs.s3-endpoint }}
|
||||
s3-bucket: ${{ inputs.s3-bucket }}
|
||||
s3-region: ${{ inputs.s3-region }}
|
||||
target-path: ${{ inputs.s3-target-path }}
|
||||
files: ${{ inputs.package-output-dir }}/*
|
||||
strip-path-prefix: ${{ inputs.package-output-dir }}/
|
||||
target-path: ${{ env.S3_TARGET_PATH }}
|
||||
files: ${{ env.PACKAGE_OUTPUT_DIR }}/*
|
||||
strip-path-prefix: ${{ env.PACKAGE_OUTPUT_DIR }}/
|
||||
|
||||
- name: Store OS package
|
||||
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
|
||||
with:
|
||||
name: ${{ inputs.artifact-name }}
|
||||
path: ${{ inputs.package-output-dir }}/*
|
||||
name: ${{ env.ARTIFACT_NAME }}
|
||||
path: ${{ env.PACKAGE_OUTPUT_DIR }}/*
|
||||
|
|
|
|||
|
|
@ -63,37 +63,10 @@ jobs:
|
|||
- name: Git describe
|
||||
id: ghd
|
||||
uses: proudust/gh-describe@v2
|
||||
# vikunja's release binary embeds frontend/dist — pull it in before the
|
||||
# composite action invokes xgo.
|
||||
- name: Get frontend dist
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
|
||||
with:
|
||||
name: frontend_dist
|
||||
path: frontend/dist
|
||||
# vikunja's release zip bundle includes a config.yml.sample alongside
|
||||
# the binary — generate it via the parent's mage. We pull the cached
|
||||
# mage-static for this single command rather than installing mage twice.
|
||||
- name: Download Mage Binary
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
|
||||
with:
|
||||
name: mage_bin
|
||||
- name: Generate config.yml.sample
|
||||
run: |
|
||||
chmod +x ./mage-static
|
||||
./mage-static generate:config-yaml 1
|
||||
- name: Build and publish
|
||||
uses: ./.github/actions/release-binaries
|
||||
- uses: ./.github/actions/release-binaries
|
||||
with:
|
||||
project: vikunja
|
||||
release-version: ${{ steps.ghd.outputs.describe }}
|
||||
xgo-out-name: vikunja-${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}
|
||||
output-directory: '.'
|
||||
xgo-cache-key: ${{ hashFiles('**/go.sum') }}
|
||||
s3-target-path: /vikunja/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}
|
||||
artifact-binaries-name: vikunja_bins
|
||||
artifact-zips-name: vikunja_bin_packages
|
||||
upload-zips-as-artifact: ${{ github.ref_type == 'tag' }}
|
||||
gpg-key-id: 7D061A4AA61436B40713D42EFF054DACD908493A
|
||||
gpg-passphrase: ${{ secrets.RELEASE_GPG_PASSPHRASE }}
|
||||
gpg-sign-key: ${{ secrets.RELEASE_GPG_SIGN_KEY }}
|
||||
s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }}
|
||||
|
|
@ -109,19 +82,10 @@ jobs:
|
|||
- name: Git describe
|
||||
id: ghd
|
||||
uses: proudust/gh-describe@v2
|
||||
- name: Build and publish
|
||||
uses: ./.github/actions/release-binaries
|
||||
- uses: ./.github/actions/release-binaries
|
||||
with:
|
||||
project: veans
|
||||
release-version: ${{ steps.ghd.outputs.describe }}
|
||||
xgo-out-name: veans-${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}
|
||||
output-directory: veans
|
||||
xgo-cache-key: veans-${{ hashFiles('veans/go.sum') }}
|
||||
s3-target-path: /veans/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}
|
||||
artifact-binaries-name: veans_bins
|
||||
artifact-zips-name: veans_bin_packages
|
||||
upload-zips-as-artifact: ${{ github.ref_type == 'tag' }}
|
||||
gpg-key-id: 7D061A4AA61436B40713D42EFF054DACD908493A
|
||||
gpg-passphrase: ${{ secrets.RELEASE_GPG_PASSPHRASE }}
|
||||
gpg-sign-key: ${{ secrets.RELEASE_GPG_SIGN_KEY }}
|
||||
s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }}
|
||||
|
|
@ -153,24 +117,14 @@ jobs:
|
|||
- name: Git describe
|
||||
id: ghd
|
||||
uses: proudust/gh-describe@v2
|
||||
- name: Build OS package
|
||||
uses: ./.github/actions/release-os-package
|
||||
- uses: ./.github/actions/release-os-package
|
||||
with:
|
||||
project: vikunja
|
||||
release-version: ${{ steps.ghd.outputs.describe }}
|
||||
packager: ${{ matrix.package }}
|
||||
nfpm-arch: ${{ matrix.arch.nfpm }}
|
||||
pkg-arch: ${{ matrix.arch.pkg }}
|
||||
binaries-artifact-name: vikunja_bins
|
||||
binaries-download-path: '.'
|
||||
binary-glob: vikunja-*-${{ matrix.arch.go_name }}
|
||||
staged-binary-path: ./vikunja
|
||||
nfpm-config-path: ./nfpm.yaml
|
||||
package-output-dir: ./dist/os-packages
|
||||
package-filename: vikunja-${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}-${{ matrix.arch.pkg }}.${{ matrix.package }}
|
||||
artifact-name: vikunja_os_package_${{ matrix.package }}_${{ matrix.arch.pkg }}
|
||||
s3-target-path: /vikunja/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}
|
||||
gpg-key-id: 7D061A4AA61436B40713D42EFF054DACD908493A
|
||||
go-name: ${{ matrix.arch.go_name }}
|
||||
gpg-passphrase: ${{ secrets.RELEASE_GPG_PASSPHRASE }}
|
||||
gpg-sign-key: ${{ secrets.RELEASE_GPG_SIGN_KEY }}
|
||||
s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }}
|
||||
|
|
@ -202,27 +156,14 @@ jobs:
|
|||
- name: Git describe
|
||||
id: ghd
|
||||
uses: proudust/gh-describe@v2
|
||||
- name: Build OS package
|
||||
uses: ./.github/actions/release-os-package
|
||||
- uses: ./.github/actions/release-os-package
|
||||
with:
|
||||
project: veans
|
||||
release-version: ${{ steps.ghd.outputs.describe }}
|
||||
packager: ${{ matrix.package }}
|
||||
nfpm-arch: ${{ matrix.arch.nfpm }}
|
||||
pkg-arch: ${{ matrix.arch.pkg }}
|
||||
binaries-artifact-name: veans_bins
|
||||
binaries-download-path: ./veans-binaries
|
||||
binary-glob: veans-*-${{ matrix.arch.go_name }}
|
||||
# nfpm action runs from $GITHUB_WORKSPACE; ./veans is the source dir
|
||||
# so stage under a distinct filename to avoid collision.
|
||||
staged-binary-path: ./veans/veans-bin
|
||||
nfpm-bin-path: ./veans/veans-bin
|
||||
nfpm-config-path: ./veans/nfpm.yaml
|
||||
package-output-dir: ./veans/dist/os-packages
|
||||
package-filename: veans-${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}-${{ matrix.arch.pkg }}.${{ matrix.package }}
|
||||
artifact-name: veans_os_package_${{ matrix.package }}_${{ matrix.arch.pkg }}
|
||||
s3-target-path: /veans/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}
|
||||
gpg-key-id: 7D061A4AA61436B40713D42EFF054DACD908493A
|
||||
go-name: ${{ matrix.arch.go_name }}
|
||||
gpg-passphrase: ${{ secrets.RELEASE_GPG_PASSPHRASE }}
|
||||
gpg-sign-key: ${{ secrets.RELEASE_GPG_SIGN_KEY }}
|
||||
s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }}
|
||||
|
|
|
|||
Loading…
Reference in New Issue