refactor(ci): derive composite-action inputs from project name

Reviewer asked us to stop over-configuring the release-binaries and
release-os-package composite actions — they're called only with
vikunja or veans, so per-project paths, artifact names, cache keys, S3
target, and version-or-unstable can all be derived inside the action
from the project name. The xgo-out-name input goes away too.

Vikunja-specific pre-build (downloading frontend_dist, generating
config.yml.sample) now happens inside the action, gated on the project
input. Callers no longer need those preamble steps.

Secrets stay as inputs — composite actions can't read \`\${{ secrets.* }}\`
directly; passing them through is the simplest workaround.

Each callsite shrinks to ~13 lines of mostly-secret pass-through plus
2-4 lines of real parameters.
This commit is contained in:
kolaente 2026-05-27 13:21:26 +02:00 committed by kolaente
parent 304fe55da7
commit ed9df9064c
3 changed files with 198 additions and 207 deletions

View File

@ -1,48 +1,24 @@
name: Release Go binaries
description: >
Cross-compile a Go binary from this monorepo through the centralized build/
magefile (xgo + upx + sha256 + zip), GPG-sign the per-target zip bundles,
upload them to S3, and store the binaries and zip bundles as workflow
artifacts. Any project-specific pre-build steps (downloading frontend dist,
generating config.yml.sample) belong in the calling workflow — this action
assumes the working tree is ready to compile.
name: Release binaries
description: |
Build, sign, and publish release binaries for a Vikunja sub-project.
Derives every per-project path, cache key, artifact name, and S3 target
from the `project` input. Callers only need to provide the project name,
the raw `git describe` value, and pass through the GPG/S3 secrets as
inputs (composite actions can't read `${{ secrets.* }}` directly).
inputs:
project:
description: 'Project name passed to `mage release:build` (e.g., vikunja, veans).'
description: 'Which project to build: "vikunja" or "veans".'
required: true
release-version:
description: 'RELEASE_VERSION env value — usually the raw `git describe` output.'
required: true
xgo-out-name:
description: 'XGO_OUT_NAME env value — basename xgo prefixes onto every binary (e.g., vikunja-v1.2.3, veans-unstable).'
required: true
output-directory:
description: 'Where the project writes dist/ (e.g., "." for vikunja, "veans" for veans). Used for signing, S3 upload, and artifact paths.'
required: true
xgo-cache-key:
description: 'Primary cache key for /home/runner/.xgo-cache.'
required: true
s3-target-path:
description: 'S3 target path for the zip bundles (e.g., /vikunja/v1.2.3 or /veans/unstable).'
required: true
artifact-binaries-name:
description: 'Name of the upload-artifact entry for the raw binaries under dist/binaries/.'
required: true
artifact-zips-name:
description: 'Name of the upload-artifact entry for the zip bundles under dist/zip/.'
required: true
upload-zips-as-artifact:
description: '"true" to also upload the zip bundles as a workflow artifact (typically only on tags).'
required: false
default: 'false'
gpg-key-id:
description: 'Long key ID GPG should sign with.'
description: 'Raw git describe value (e.g. v1.2.3 or a sha). Use "" or "main" for unstable builds.'
required: true
# Secrets — composite actions can't read `${{ secrets.* }}` directly, so the
# caller threads them through as inputs.
gpg-passphrase:
required: true
gpg-sign-key:
description: 'ASCII-armored GPG private key.'
required: true
s3-access-key-id:
required: true
@ -58,43 +34,105 @@ inputs:
runs:
using: composite
steps:
- uses: useblacksmith/setup-go@647ac649bd5b480f2a262e3e3e5f4d150ed452ad # v6
with:
go-version: stable
- name: Install mage
# build/ is its own module — install a fresh mage so it picks up
# build/magefile.go on the fly.
- name: Set project paths
shell: bash
run: go install github.com/magefile/mage@v1.17.2
env:
PROJECT: ${{ inputs.project }}
RELEASE_VERSION_INPUT: ${{ inputs.release-version }}
run: |
set -euo pipefail
case "$PROJECT" in
vikunja|veans) ;;
*)
echo "::error::Unknown project '$PROJECT'. Expected 'vikunja' or 'veans'." >&2
exit 1
;;
esac
# version-or-unstable: real version unless empty/"main", in which case "unstable".
if [ -z "$RELEASE_VERSION_INPUT" ] || [ "$RELEASE_VERSION_INPUT" = "main" ]; then
version_or_unstable="unstable"
else
version_or_unstable="$RELEASE_VERSION_INPUT"
fi
case "$PROJECT" in
vikunja)
output_dir="."
dist_prefix="dist"
;;
veans)
output_dir="veans"
dist_prefix="veans/dist"
;;
esac
{
echo "PROJECT=$PROJECT"
echo "RELEASE_VERSION=$RELEASE_VERSION_INPUT"
echo "VERSION_OR_UNSTABLE=$version_or_unstable"
echo "XGO_OUT_NAME=${PROJECT}-${version_or_unstable}"
echo "OUTPUT_DIR=$output_dir"
echo "DIST_PREFIX=$dist_prefix"
echo "S3_TARGET_PATH=/${PROJECT}/${version_or_unstable}"
echo "ARTIFACT_BINARIES_NAME=${PROJECT}_bins"
echo "ARTIFACT_ZIPS_NAME=${PROJECT}_bin_packages"
} >> "$GITHUB_ENV"
- name: Download Mage binary
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
with:
name: mage_bin
- name: Make mage-static executable
shell: bash
run: chmod +x ./mage-static
- name: Download frontend dist (vikunja only)
if: inputs.project == 'vikunja'
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
with:
name: frontend_dist
path: frontend/dist
- name: Generate config.yml.sample (vikunja only)
if: inputs.project == 'vikunja'
shell: bash
run: ./mage-static generate:config-yaml 1
- name: Install upx
shell: bash
run: |
wget https://github.com/upx/upx/releases/download/v5.0.0/upx-5.0.0-amd64_linux.tar.xz
set -euo pipefail
wget -q https://github.com/upx/upx/releases/download/v5.0.0/upx-5.0.0-amd64_linux.tar.xz
echo 'b32abf118d721358a50f1aa60eacdbf3298df379c431c3a86f139173ab8289a1 upx-5.0.0-amd64_linux.tar.xz' > upx-5.0.0-amd64_linux.tar.xz.sha256
sha256sum -c upx-5.0.0-amd64_linux.tar.xz.sha256
tar xf upx-5.0.0-amd64_linux.tar.xz
mv upx-5.0.0-amd64_linux/upx /usr/local/bin
sudo mv upx-5.0.0-amd64_linux/upx /usr/local/bin
- name: Setup xgo cache
uses: useblacksmith/cache@71c7c918062ba3861252d84b07fe5ab2a6b467a6 # v5
with:
path: /home/runner/.xgo-cache
key: ${{ inputs.xgo-cache-key }}
key: xgo-${{ inputs.project }}-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
xgo-${{ inputs.project }}-
- name: Build and release
- name: Install mage for the build module
shell: bash
run: go install github.com/magefile/mage@v1.17.2
- name: Build release artifacts
shell: bash
working-directory: build
env:
RELEASE_VERSION: ${{ inputs.release-version }}
XGO_OUT_NAME: ${{ inputs.xgo-out-name }}
PROJECT: ${{ inputs.project }}
RELEASE_VERSION: ${{ env.RELEASE_VERSION }}
XGO_OUT_NAME: ${{ env.XGO_OUT_NAME }}
PROJECT: ${{ env.PROJECT }}
run: |
export PATH=$PATH:$GOPATH/bin
mage release:build "$PROJECT"
set -euo pipefail
export PATH="$PATH:$(go env GOPATH)/bin"
cd build && mage release:build "$PROJECT"
- name: GPG setup
uses: kolaente/action-gpg@main
@ -102,18 +140,27 @@ runs:
gpg-passphrase: ${{ inputs.gpg-passphrase }}
gpg-sign-key: ${{ inputs.gpg-sign-key }}
- name: Sign zip bundles
- name: Sign zips
shell: bash
working-directory: ${{ inputs.output-directory }}
env:
GPG_KEY_ID: ${{ inputs.gpg-key-id }}
GPG_PASSPHRASE: ${{ inputs.gpg-passphrase }}
DIST_PREFIX: ${{ env.DIST_PREFIX }}
RELEASE_GPG_PASSPHRASE: ${{ inputs.gpg-passphrase }}
run: |
echo "=== Signing files ==="
ls -hal dist/zip/*
for file in dist/zip/*; do
gpg -v --default-key "$GPG_KEY_ID" -b --batch --yes \
--passphrase "$GPG_PASSPHRASE" \
set -euo pipefail
zip_dir="${DIST_PREFIX}/zip"
echo "=== GPG agent status ==="
gpg-connect-agent 'keyinfo --list' /bye || true
echo "=== GPG secret keys ==="
gpg -K --with-keygrip
echo "=== GPG public keys ==="
gpg --list-keys
echo "=== Signing files in $zip_dir ==="
ls -hal "$zip_dir"/*
for file in "$zip_dir"/*; do
gpg -v \
--default-key 7D061A4AA61436B40713D42EFF054DACD908493A \
-b --batch --yes \
--passphrase "$RELEASE_GPG_PASSPHRASE" \
--pinentry-mode loopback \
--sign "$file"
done
@ -126,19 +173,19 @@ runs:
s3-endpoint: ${{ inputs.s3-endpoint }}
s3-bucket: ${{ inputs.s3-bucket }}
s3-region: ${{ inputs.s3-region }}
target-path: ${{ inputs.s3-target-path }}
files: ${{ inputs.output-directory }}/dist/zip/*
strip-path-prefix: ${{ inputs.output-directory }}/dist/zip/
target-path: ${{ env.S3_TARGET_PATH }}
files: ${{ env.DIST_PREFIX }}/zip/*
strip-path-prefix: ${{ env.DIST_PREFIX }}/zip/
- name: Store binaries
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
with:
name: ${{ inputs.artifact-binaries-name }}
path: ${{ inputs.output-directory }}/dist/binaries/*
name: ${{ env.ARTIFACT_BINARIES_NAME }}
path: ./${{ env.DIST_PREFIX }}/binaries/*
- name: Store zip bundles
if: inputs.upload-zips-as-artifact == 'true'
- name: Store binary packages
if: github.ref_type == 'tag'
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
with:
name: ${{ inputs.artifact-zips-name }}
path: ${{ inputs.output-directory }}/dist/zip/*
name: ${{ env.ARTIFACT_ZIPS_NAME }}
path: ./${{ env.DIST_PREFIX }}/zip/*

View File

@ -4,63 +4,33 @@ description: >
via nfpm, optionally GPG-sign it (archlinux is signed inline; rpm is signed
by nfpm itself), upload it to S3, and store it as a workflow artifact.
Templating of the project's nfpm.yaml happens via the centralized build/
magefile (`mage release:prepare-nfpm-config <project> <arch>`).
Most paths and names are derived from `project`; the matrix only needs to
supply the per-arch and per-format inputs.
inputs:
project:
description: 'Project name passed to `mage release:prepare-nfpm-config` (e.g., vikunja, veans).'
description: 'Project name (vikunja | veans). Drives all derived paths.'
required: true
release-version:
description: 'RELEASE_VERSION env value — the same version that ended up in the binaries artifact.'
description: 'RELEASE_VERSION env value — the same version that ended up in the binaries artifact. Empty or "main" maps to "unstable".'
required: true
nfpm-bin-path:
description: 'NFPM_BIN_PATH override for the <binlocation> substitution. Leave empty to use the project default.'
required: false
default: ''
packager:
description: 'nfpm packager: rpm | deb | apk | archlinux.'
required: true
nfpm-arch:
description: 'nfpm arch field (amd64 | arm64 | arm7 | 386).'
description: 'nfpm arch field (amd64 | arm64 | arm7).'
required: true
pkg-arch:
description: 'Package-format arch used in the output filename (x86_64 | aarch64 | armv7).'
required: true
binaries-artifact-name:
description: 'Name of the binaries artifact to download (e.g., vikunja_bins, veans_bins).'
required: true
binaries-download-path:
description: 'Where to extract the binaries artifact (relative to workspace root).'
required: true
binary-glob:
description: 'Glob (under binaries-download-path) that matches the single binary to package.'
required: true
staged-binary-path:
description: 'Final path of the binary the nfpm config will read (relative to workspace root).'
required: true
nfpm-config-path:
description: 'Path to the project''s nfpm.yaml (relative to workspace root). Passed to nfpm via `--config`.'
required: true
package-output-dir:
description: 'Directory (relative to workspace root) where nfpm writes the resulting package.'
required: true
package-filename:
description: 'Filename of the produced package (e.g., vikunja-v1.2.3-x86_64.deb).'
required: true
artifact-name:
description: 'Name of the upload-artifact entry for the produced package.'
required: true
s3-target-path:
description: 'S3 target path for the package (e.g., /vikunja/v1.2.3 or /veans/unstable).'
required: true
gpg-key-id:
description: 'Long key ID GPG should sign with (used for archlinux signing).'
go-name:
description: 'Go-style arch token used in the binary filename (linux-amd64 | linux-arm64 | linux-arm-7).'
required: true
# Secrets — composite actions can't read `${{ secrets.* }}` directly, so the
# caller threads them through as inputs.
gpg-passphrase:
required: true
gpg-sign-key:
description: 'ASCII-armored GPG private key.'
required: true
s3-access-key-id:
required: true
@ -76,11 +46,53 @@ inputs:
runs:
using: composite
steps:
- name: Set project paths
shell: bash
env:
PROJECT: ${{ inputs.project }}
RELEASE_VERSION: ${{ inputs.release-version }}
PACKAGER: ${{ inputs.packager }}
PKG_ARCH: ${{ inputs.pkg-arch }}
GO_NAME: ${{ inputs.go-name }}
run: |
case "$PROJECT" in
vikunja)
echo "BINARIES_DOWNLOAD_PATH=." >> "$GITHUB_ENV"
echo "STAGED_BINARY_PATH=./vikunja" >> "$GITHUB_ENV"
echo "NFPM_BIN_PATH=" >> "$GITHUB_ENV"
echo "NFPM_CONFIG_PATH=./nfpm.yaml" >> "$GITHUB_ENV"
echo "PACKAGE_OUTPUT_DIR=./dist/os-packages" >> "$GITHUB_ENV"
;;
veans)
echo "BINARIES_DOWNLOAD_PATH=./veans-binaries" >> "$GITHUB_ENV"
echo "STAGED_BINARY_PATH=./veans/veans-bin" >> "$GITHUB_ENV"
echo "NFPM_BIN_PATH=./veans/veans-bin" >> "$GITHUB_ENV"
echo "NFPM_CONFIG_PATH=./veans/nfpm.yaml" >> "$GITHUB_ENV"
echo "PACKAGE_OUTPUT_DIR=./veans/dist/os-packages" >> "$GITHUB_ENV"
;;
*)
echo "::error::unknown project '$PROJECT' (expected vikunja|veans)"
exit 1
;;
esac
if [ -z "$RELEASE_VERSION" ] || [ "$RELEASE_VERSION" = "main" ]; then
version_or_unstable="unstable"
else
version_or_unstable="$RELEASE_VERSION"
fi
echo "VERSION_OR_UNSTABLE=$version_or_unstable" >> "$GITHUB_ENV"
echo "BINARIES_ARTIFACT_NAME=${PROJECT}_bins" >> "$GITHUB_ENV"
echo "BINARY_GLOB=${PROJECT}-*-${GO_NAME}" >> "$GITHUB_ENV"
echo "PACKAGE_FILENAME=${PROJECT}-${version_or_unstable}-${PKG_ARCH}.${PACKAGER}" >> "$GITHUB_ENV"
echo "ARTIFACT_NAME=${PROJECT}_os_package_${PACKAGER}_${PKG_ARCH}" >> "$GITHUB_ENV"
echo "S3_TARGET_PATH=/${PROJECT}/${version_or_unstable}" >> "$GITHUB_ENV"
- name: Download project binaries
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
with:
name: ${{ inputs.binaries-artifact-name }}
path: ${{ inputs.binaries-download-path }}
name: ${{ env.BINARIES_ARTIFACT_NAME }}
path: ${{ env.BINARIES_DOWNLOAD_PATH }}
- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
with:
@ -104,13 +116,13 @@ runs:
gpg-passphrase: ${{ inputs.gpg-passphrase }}
gpg-sign-key: ${{ inputs.gpg-sign-key }}
- name: Prepare nfpm config and stage binary
- name: Prepare nfpm config
shell: bash
working-directory: build
env:
RELEASE_VERSION: ${{ inputs.release-version }}
NFPM_ARCH: ${{ inputs.nfpm-arch }}
NFPM_BIN_PATH: ${{ inputs.nfpm-bin-path }}
NFPM_BIN_PATH: ${{ env.NFPM_BIN_PATH }}
PROJECT: ${{ inputs.project }}
run: |
export PATH=$PATH:$GOPATH/bin
@ -118,39 +130,32 @@ runs:
- name: Stage binary
shell: bash
env:
BINARY_GLOB: ${{ inputs.binary-glob }}
DOWNLOAD_DIR: ${{ inputs.binaries-download-path }}
STAGED: ${{ inputs.staged-binary-path }}
run: |
# Resolve the single matching binary and mv it into place. Using
# extglob would be tidier, but a tiny shell loop keeps this readable.
# Resolve the single matching binary and mv it into place.
matched=()
for f in $DOWNLOAD_DIR/$BINARY_GLOB; do
for f in $BINARIES_DOWNLOAD_PATH/$BINARY_GLOB; do
[ -e "$f" ] || continue
matched+=("$f")
done
if [ ${#matched[@]} -ne 1 ]; then
echo "::error::expected exactly 1 binary matching '$DOWNLOAD_DIR/$BINARY_GLOB', found ${#matched[@]}"
ls -la "$DOWNLOAD_DIR" || true
echo "::error::expected exactly 1 binary matching '$BINARIES_DOWNLOAD_PATH/$BINARY_GLOB', found ${#matched[@]}"
ls -la "$BINARIES_DOWNLOAD_PATH" || true
exit 1
fi
mkdir -p "$(dirname "$STAGED")"
mv "${matched[0]}" "$STAGED"
chmod +x "$STAGED"
mkdir -p "$(dirname "$STAGED_BINARY_PATH")"
mv "${matched[0]}" "$STAGED_BINARY_PATH"
chmod +x "$STAGED_BINARY_PATH"
- name: Ensure package output dir exists
shell: bash
env:
DIR: ${{ inputs.package-output-dir }}
run: mkdir -p "$DIR"
run: mkdir -p "$PACKAGE_OUTPUT_DIR"
- name: Create package
uses: kolaente/action-gh-nfpm@master
with:
packager: ${{ inputs.packager }}
target: ${{ inputs.package-output-dir }}/${{ inputs.package-filename }}
config: ${{ inputs.nfpm-config-path }}
target: ${{ env.PACKAGE_OUTPUT_DIR }}/${{ env.PACKAGE_FILENAME }}
config: ${{ env.NFPM_CONFIG_PATH }}
env:
NFPM_GPG_KEY_FILE: ${{ inputs.packager == 'rpm' && '/tmp/nfpm-signing-key.gpg' || '' }}
NFPM_PASSPHRASE: ${{ inputs.packager == 'rpm' && inputs.gpg-passphrase || '' }}
@ -159,16 +164,14 @@ runs:
if: inputs.packager == 'archlinux'
shell: bash
env:
GPG_KEY_ID: ${{ inputs.gpg-key-id }}
GPG_PASSPHRASE: ${{ inputs.gpg-passphrase }}
PKG: ${{ inputs.package-output-dir }}/${{ inputs.package-filename }}
run: |
gpg --default-key "$GPG_KEY_ID" \
gpg --default-key 7D061A4AA61436B40713D42EFF054DACD908493A \
--batch --yes \
--passphrase "$GPG_PASSPHRASE" \
--pinentry-mode loopback \
--detach-sign \
"$PKG"
"$PACKAGE_OUTPUT_DIR/$PACKAGE_FILENAME"
- name: Upload to S3
uses: kolaente/s3-action@main
@ -178,12 +181,12 @@ runs:
s3-endpoint: ${{ inputs.s3-endpoint }}
s3-bucket: ${{ inputs.s3-bucket }}
s3-region: ${{ inputs.s3-region }}
target-path: ${{ inputs.s3-target-path }}
files: ${{ inputs.package-output-dir }}/*
strip-path-prefix: ${{ inputs.package-output-dir }}/
target-path: ${{ env.S3_TARGET_PATH }}
files: ${{ env.PACKAGE_OUTPUT_DIR }}/*
strip-path-prefix: ${{ env.PACKAGE_OUTPUT_DIR }}/
- name: Store OS package
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
with:
name: ${{ inputs.artifact-name }}
path: ${{ inputs.package-output-dir }}/*
name: ${{ env.ARTIFACT_NAME }}
path: ${{ env.PACKAGE_OUTPUT_DIR }}/*

View File

@ -63,37 +63,10 @@ jobs:
- name: Git describe
id: ghd
uses: proudust/gh-describe@v2
# vikunja's release binary embeds frontend/dist — pull it in before the
# composite action invokes xgo.
- name: Get frontend dist
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
with:
name: frontend_dist
path: frontend/dist
# vikunja's release zip bundle includes a config.yml.sample alongside
# the binary — generate it via the parent's mage. We pull the cached
# mage-static for this single command rather than installing mage twice.
- name: Download Mage Binary
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7
with:
name: mage_bin
- name: Generate config.yml.sample
run: |
chmod +x ./mage-static
./mage-static generate:config-yaml 1
- name: Build and publish
uses: ./.github/actions/release-binaries
- uses: ./.github/actions/release-binaries
with:
project: vikunja
release-version: ${{ steps.ghd.outputs.describe }}
xgo-out-name: vikunja-${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}
output-directory: '.'
xgo-cache-key: ${{ hashFiles('**/go.sum') }}
s3-target-path: /vikunja/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}
artifact-binaries-name: vikunja_bins
artifact-zips-name: vikunja_bin_packages
upload-zips-as-artifact: ${{ github.ref_type == 'tag' }}
gpg-key-id: 7D061A4AA61436B40713D42EFF054DACD908493A
gpg-passphrase: ${{ secrets.RELEASE_GPG_PASSPHRASE }}
gpg-sign-key: ${{ secrets.RELEASE_GPG_SIGN_KEY }}
s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }}
@ -109,19 +82,10 @@ jobs:
- name: Git describe
id: ghd
uses: proudust/gh-describe@v2
- name: Build and publish
uses: ./.github/actions/release-binaries
- uses: ./.github/actions/release-binaries
with:
project: veans
release-version: ${{ steps.ghd.outputs.describe }}
xgo-out-name: veans-${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}
output-directory: veans
xgo-cache-key: veans-${{ hashFiles('veans/go.sum') }}
s3-target-path: /veans/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}
artifact-binaries-name: veans_bins
artifact-zips-name: veans_bin_packages
upload-zips-as-artifact: ${{ github.ref_type == 'tag' }}
gpg-key-id: 7D061A4AA61436B40713D42EFF054DACD908493A
gpg-passphrase: ${{ secrets.RELEASE_GPG_PASSPHRASE }}
gpg-sign-key: ${{ secrets.RELEASE_GPG_SIGN_KEY }}
s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }}
@ -153,24 +117,14 @@ jobs:
- name: Git describe
id: ghd
uses: proudust/gh-describe@v2
- name: Build OS package
uses: ./.github/actions/release-os-package
- uses: ./.github/actions/release-os-package
with:
project: vikunja
release-version: ${{ steps.ghd.outputs.describe }}
packager: ${{ matrix.package }}
nfpm-arch: ${{ matrix.arch.nfpm }}
pkg-arch: ${{ matrix.arch.pkg }}
binaries-artifact-name: vikunja_bins
binaries-download-path: '.'
binary-glob: vikunja-*-${{ matrix.arch.go_name }}
staged-binary-path: ./vikunja
nfpm-config-path: ./nfpm.yaml
package-output-dir: ./dist/os-packages
package-filename: vikunja-${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}-${{ matrix.arch.pkg }}.${{ matrix.package }}
artifact-name: vikunja_os_package_${{ matrix.package }}_${{ matrix.arch.pkg }}
s3-target-path: /vikunja/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}
gpg-key-id: 7D061A4AA61436B40713D42EFF054DACD908493A
go-name: ${{ matrix.arch.go_name }}
gpg-passphrase: ${{ secrets.RELEASE_GPG_PASSPHRASE }}
gpg-sign-key: ${{ secrets.RELEASE_GPG_SIGN_KEY }}
s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }}
@ -202,27 +156,14 @@ jobs:
- name: Git describe
id: ghd
uses: proudust/gh-describe@v2
- name: Build OS package
uses: ./.github/actions/release-os-package
- uses: ./.github/actions/release-os-package
with:
project: veans
release-version: ${{ steps.ghd.outputs.describe }}
packager: ${{ matrix.package }}
nfpm-arch: ${{ matrix.arch.nfpm }}
pkg-arch: ${{ matrix.arch.pkg }}
binaries-artifact-name: veans_bins
binaries-download-path: ./veans-binaries
binary-glob: veans-*-${{ matrix.arch.go_name }}
# nfpm action runs from $GITHUB_WORKSPACE; ./veans is the source dir
# so stage under a distinct filename to avoid collision.
staged-binary-path: ./veans/veans-bin
nfpm-bin-path: ./veans/veans-bin
nfpm-config-path: ./veans/nfpm.yaml
package-output-dir: ./veans/dist/os-packages
package-filename: veans-${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}-${{ matrix.arch.pkg }}.${{ matrix.package }}
artifact-name: veans_os_package_${{ matrix.package }}_${{ matrix.arch.pkg }}
s3-target-path: /veans/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}
gpg-key-id: 7D061A4AA61436B40713D42EFF054DACD908493A
go-name: ${{ matrix.arch.go_name }}
gpg-passphrase: ${{ secrets.RELEASE_GPG_PASSPHRASE }}
gpg-sign-key: ${{ secrets.RELEASE_GPG_SIGN_KEY }}
s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }}