From ed9df9064c8a04940c5ae50f2b2ddc4add8d396a Mon Sep 17 00:00:00 2001 From: kolaente Date: Wed, 27 May 2026 13:21:26 +0200 Subject: [PATCH] refactor(ci): derive composite-action inputs from project name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewer asked us to stop over-configuring the release-binaries and release-os-package composite actions — they're called only with vikunja or veans, so per-project paths, artifact names, cache keys, S3 target, and version-or-unstable can all be derived inside the action from the project name. The xgo-out-name input goes away too. Vikunja-specific pre-build (downloading frontend_dist, generating config.yml.sample) now happens inside the action, gated on the project input. Callers no longer need those preamble steps. Secrets stay as inputs — composite actions can't read \`\${{ secrets.* }}\` directly; passing them through is the simplest workaround. Each callsite shrinks to ~13 lines of mostly-secret pass-through plus 2-4 lines of real parameters. --- .github/actions/release-binaries/action.yml | 193 +++++++++++------- .github/actions/release-os-package/action.yml | 141 ++++++------- .github/workflows/release.yml | 71 +------ 3 files changed, 198 insertions(+), 207 deletions(-) diff --git a/.github/actions/release-binaries/action.yml b/.github/actions/release-binaries/action.yml index abbaa9538..33e944d36 100644 --- a/.github/actions/release-binaries/action.yml +++ b/.github/actions/release-binaries/action.yml @@ -1,48 +1,24 @@ -name: Release Go binaries -description: > - Cross-compile a Go binary from this monorepo through the centralized build/ - magefile (xgo + upx + sha256 + zip), GPG-sign the per-target zip bundles, - upload them to S3, and store the binaries and zip bundles as workflow - artifacts. Any project-specific pre-build steps (downloading frontend dist, - generating config.yml.sample) belong in the calling workflow — this action - assumes the working tree is ready to compile. +name: Release binaries +description: | + Build, sign, and publish release binaries for a Vikunja sub-project. + + Derives every per-project path, cache key, artifact name, and S3 target + from the `project` input. Callers only need to provide the project name, + the raw `git describe` value, and pass through the GPG/S3 secrets as + inputs (composite actions can't read `${{ secrets.* }}` directly). inputs: project: - description: 'Project name passed to `mage release:build` (e.g., vikunja, veans).' + description: 'Which project to build: "vikunja" or "veans".' required: true release-version: - description: 'RELEASE_VERSION env value — usually the raw `git describe` output.' - required: true - xgo-out-name: - description: 'XGO_OUT_NAME env value — basename xgo prefixes onto every binary (e.g., vikunja-v1.2.3, veans-unstable).' - required: true - output-directory: - description: 'Where the project writes dist/ (e.g., "." for vikunja, "veans" for veans). Used for signing, S3 upload, and artifact paths.' - required: true - xgo-cache-key: - description: 'Primary cache key for /home/runner/.xgo-cache.' - required: true - s3-target-path: - description: 'S3 target path for the zip bundles (e.g., /vikunja/v1.2.3 or /veans/unstable).' - required: true - artifact-binaries-name: - description: 'Name of the upload-artifact entry for the raw binaries under dist/binaries/.' - required: true - artifact-zips-name: - description: 'Name of the upload-artifact entry for the zip bundles under dist/zip/.' - required: true - upload-zips-as-artifact: - description: '"true" to also upload the zip bundles as a workflow artifact (typically only on tags).' - required: false - default: 'false' - gpg-key-id: - description: 'Long key ID GPG should sign with.' + description: 'Raw git describe value (e.g. v1.2.3 or a sha). Use "" or "main" for unstable builds.' required: true + # Secrets — composite actions can't read `${{ secrets.* }}` directly, so the + # caller threads them through as inputs. gpg-passphrase: required: true gpg-sign-key: - description: 'ASCII-armored GPG private key.' required: true s3-access-key-id: required: true @@ -58,43 +34,105 @@ inputs: runs: using: composite steps: - - uses: useblacksmith/setup-go@647ac649bd5b480f2a262e3e3e5f4d150ed452ad # v6 - with: - go-version: stable - - - name: Install mage - # build/ is its own module — install a fresh mage so it picks up - # build/magefile.go on the fly. + - name: Set project paths shell: bash - run: go install github.com/magefile/mage@v1.17.2 + env: + PROJECT: ${{ inputs.project }} + RELEASE_VERSION_INPUT: ${{ inputs.release-version }} + run: | + set -euo pipefail + + case "$PROJECT" in + vikunja|veans) ;; + *) + echo "::error::Unknown project '$PROJECT'. Expected 'vikunja' or 'veans'." >&2 + exit 1 + ;; + esac + + # version-or-unstable: real version unless empty/"main", in which case "unstable". + if [ -z "$RELEASE_VERSION_INPUT" ] || [ "$RELEASE_VERSION_INPUT" = "main" ]; then + version_or_unstable="unstable" + else + version_or_unstable="$RELEASE_VERSION_INPUT" + fi + + case "$PROJECT" in + vikunja) + output_dir="." + dist_prefix="dist" + ;; + veans) + output_dir="veans" + dist_prefix="veans/dist" + ;; + esac + + { + echo "PROJECT=$PROJECT" + echo "RELEASE_VERSION=$RELEASE_VERSION_INPUT" + echo "VERSION_OR_UNSTABLE=$version_or_unstable" + echo "XGO_OUT_NAME=${PROJECT}-${version_or_unstable}" + echo "OUTPUT_DIR=$output_dir" + echo "DIST_PREFIX=$dist_prefix" + echo "S3_TARGET_PATH=/${PROJECT}/${version_or_unstable}" + echo "ARTIFACT_BINARIES_NAME=${PROJECT}_bins" + echo "ARTIFACT_ZIPS_NAME=${PROJECT}_bin_packages" + } >> "$GITHUB_ENV" + + - name: Download Mage binary + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + with: + name: mage_bin + + - name: Make mage-static executable + shell: bash + run: chmod +x ./mage-static + + - name: Download frontend dist (vikunja only) + if: inputs.project == 'vikunja' + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 + with: + name: frontend_dist + path: frontend/dist + + - name: Generate config.yml.sample (vikunja only) + if: inputs.project == 'vikunja' + shell: bash + run: ./mage-static generate:config-yaml 1 - name: Install upx shell: bash run: | - wget https://github.com/upx/upx/releases/download/v5.0.0/upx-5.0.0-amd64_linux.tar.xz + set -euo pipefail + wget -q https://github.com/upx/upx/releases/download/v5.0.0/upx-5.0.0-amd64_linux.tar.xz echo 'b32abf118d721358a50f1aa60eacdbf3298df379c431c3a86f139173ab8289a1 upx-5.0.0-amd64_linux.tar.xz' > upx-5.0.0-amd64_linux.tar.xz.sha256 sha256sum -c upx-5.0.0-amd64_linux.tar.xz.sha256 tar xf upx-5.0.0-amd64_linux.tar.xz - mv upx-5.0.0-amd64_linux/upx /usr/local/bin + sudo mv upx-5.0.0-amd64_linux/upx /usr/local/bin - name: Setup xgo cache uses: useblacksmith/cache@71c7c918062ba3861252d84b07fe5ab2a6b467a6 # v5 with: path: /home/runner/.xgo-cache - key: ${{ inputs.xgo-cache-key }} + key: xgo-${{ inputs.project }}-${{ hashFiles('**/go.sum') }} restore-keys: | - ${{ runner.os }}-go- + xgo-${{ inputs.project }}- - - name: Build and release + - name: Install mage for the build module + shell: bash + run: go install github.com/magefile/mage@v1.17.2 + + - name: Build release artifacts shell: bash - working-directory: build env: - RELEASE_VERSION: ${{ inputs.release-version }} - XGO_OUT_NAME: ${{ inputs.xgo-out-name }} - PROJECT: ${{ inputs.project }} + RELEASE_VERSION: ${{ env.RELEASE_VERSION }} + XGO_OUT_NAME: ${{ env.XGO_OUT_NAME }} + PROJECT: ${{ env.PROJECT }} run: | - export PATH=$PATH:$GOPATH/bin - mage release:build "$PROJECT" + set -euo pipefail + export PATH="$PATH:$(go env GOPATH)/bin" + cd build && mage release:build "$PROJECT" - name: GPG setup uses: kolaente/action-gpg@main @@ -102,18 +140,27 @@ runs: gpg-passphrase: ${{ inputs.gpg-passphrase }} gpg-sign-key: ${{ inputs.gpg-sign-key }} - - name: Sign zip bundles + - name: Sign zips shell: bash - working-directory: ${{ inputs.output-directory }} env: - GPG_KEY_ID: ${{ inputs.gpg-key-id }} - GPG_PASSPHRASE: ${{ inputs.gpg-passphrase }} + DIST_PREFIX: ${{ env.DIST_PREFIX }} + RELEASE_GPG_PASSPHRASE: ${{ inputs.gpg-passphrase }} run: | - echo "=== Signing files ===" - ls -hal dist/zip/* - for file in dist/zip/*; do - gpg -v --default-key "$GPG_KEY_ID" -b --batch --yes \ - --passphrase "$GPG_PASSPHRASE" \ + set -euo pipefail + zip_dir="${DIST_PREFIX}/zip" + echo "=== GPG agent status ===" + gpg-connect-agent 'keyinfo --list' /bye || true + echo "=== GPG secret keys ===" + gpg -K --with-keygrip + echo "=== GPG public keys ===" + gpg --list-keys + echo "=== Signing files in $zip_dir ===" + ls -hal "$zip_dir"/* + for file in "$zip_dir"/*; do + gpg -v \ + --default-key 7D061A4AA61436B40713D42EFF054DACD908493A \ + -b --batch --yes \ + --passphrase "$RELEASE_GPG_PASSPHRASE" \ --pinentry-mode loopback \ --sign "$file" done @@ -126,19 +173,19 @@ runs: s3-endpoint: ${{ inputs.s3-endpoint }} s3-bucket: ${{ inputs.s3-bucket }} s3-region: ${{ inputs.s3-region }} - target-path: ${{ inputs.s3-target-path }} - files: ${{ inputs.output-directory }}/dist/zip/* - strip-path-prefix: ${{ inputs.output-directory }}/dist/zip/ + target-path: ${{ env.S3_TARGET_PATH }} + files: ${{ env.DIST_PREFIX }}/zip/* + strip-path-prefix: ${{ env.DIST_PREFIX }}/zip/ - name: Store binaries uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 with: - name: ${{ inputs.artifact-binaries-name }} - path: ${{ inputs.output-directory }}/dist/binaries/* + name: ${{ env.ARTIFACT_BINARIES_NAME }} + path: ./${{ env.DIST_PREFIX }}/binaries/* - - name: Store zip bundles - if: inputs.upload-zips-as-artifact == 'true' + - name: Store binary packages + if: github.ref_type == 'tag' uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 with: - name: ${{ inputs.artifact-zips-name }} - path: ${{ inputs.output-directory }}/dist/zip/* + name: ${{ env.ARTIFACT_ZIPS_NAME }} + path: ./${{ env.DIST_PREFIX }}/zip/* diff --git a/.github/actions/release-os-package/action.yml b/.github/actions/release-os-package/action.yml index 808764460..bfa44c64a 100644 --- a/.github/actions/release-os-package/action.yml +++ b/.github/actions/release-os-package/action.yml @@ -4,63 +4,33 @@ description: > via nfpm, optionally GPG-sign it (archlinux is signed inline; rpm is signed by nfpm itself), upload it to S3, and store it as a workflow artifact. - Templating of the project's nfpm.yaml happens via the centralized build/ - magefile (`mage release:prepare-nfpm-config `). + Most paths and names are derived from `project`; the matrix only needs to + supply the per-arch and per-format inputs. inputs: project: - description: 'Project name passed to `mage release:prepare-nfpm-config` (e.g., vikunja, veans).' + description: 'Project name (vikunja | veans). Drives all derived paths.' required: true release-version: - description: 'RELEASE_VERSION env value — the same version that ended up in the binaries artifact.' + description: 'RELEASE_VERSION env value — the same version that ended up in the binaries artifact. Empty or "main" maps to "unstable".' required: true - nfpm-bin-path: - description: 'NFPM_BIN_PATH override for the substitution. Leave empty to use the project default.' - required: false - default: '' packager: description: 'nfpm packager: rpm | deb | apk | archlinux.' required: true nfpm-arch: - description: 'nfpm arch field (amd64 | arm64 | arm7 | 386).' + description: 'nfpm arch field (amd64 | arm64 | arm7).' required: true pkg-arch: description: 'Package-format arch used in the output filename (x86_64 | aarch64 | armv7).' required: true - binaries-artifact-name: - description: 'Name of the binaries artifact to download (e.g., vikunja_bins, veans_bins).' - required: true - binaries-download-path: - description: 'Where to extract the binaries artifact (relative to workspace root).' - required: true - binary-glob: - description: 'Glob (under binaries-download-path) that matches the single binary to package.' - required: true - staged-binary-path: - description: 'Final path of the binary the nfpm config will read (relative to workspace root).' - required: true - nfpm-config-path: - description: 'Path to the project''s nfpm.yaml (relative to workspace root). Passed to nfpm via `--config`.' - required: true - package-output-dir: - description: 'Directory (relative to workspace root) where nfpm writes the resulting package.' - required: true - package-filename: - description: 'Filename of the produced package (e.g., vikunja-v1.2.3-x86_64.deb).' - required: true - artifact-name: - description: 'Name of the upload-artifact entry for the produced package.' - required: true - s3-target-path: - description: 'S3 target path for the package (e.g., /vikunja/v1.2.3 or /veans/unstable).' - required: true - gpg-key-id: - description: 'Long key ID GPG should sign with (used for archlinux signing).' + go-name: + description: 'Go-style arch token used in the binary filename (linux-amd64 | linux-arm64 | linux-arm-7).' required: true + # Secrets — composite actions can't read `${{ secrets.* }}` directly, so the + # caller threads them through as inputs. gpg-passphrase: required: true gpg-sign-key: - description: 'ASCII-armored GPG private key.' required: true s3-access-key-id: required: true @@ -76,11 +46,53 @@ inputs: runs: using: composite steps: + - name: Set project paths + shell: bash + env: + PROJECT: ${{ inputs.project }} + RELEASE_VERSION: ${{ inputs.release-version }} + PACKAGER: ${{ inputs.packager }} + PKG_ARCH: ${{ inputs.pkg-arch }} + GO_NAME: ${{ inputs.go-name }} + run: | + case "$PROJECT" in + vikunja) + echo "BINARIES_DOWNLOAD_PATH=." >> "$GITHUB_ENV" + echo "STAGED_BINARY_PATH=./vikunja" >> "$GITHUB_ENV" + echo "NFPM_BIN_PATH=" >> "$GITHUB_ENV" + echo "NFPM_CONFIG_PATH=./nfpm.yaml" >> "$GITHUB_ENV" + echo "PACKAGE_OUTPUT_DIR=./dist/os-packages" >> "$GITHUB_ENV" + ;; + veans) + echo "BINARIES_DOWNLOAD_PATH=./veans-binaries" >> "$GITHUB_ENV" + echo "STAGED_BINARY_PATH=./veans/veans-bin" >> "$GITHUB_ENV" + echo "NFPM_BIN_PATH=./veans/veans-bin" >> "$GITHUB_ENV" + echo "NFPM_CONFIG_PATH=./veans/nfpm.yaml" >> "$GITHUB_ENV" + echo "PACKAGE_OUTPUT_DIR=./veans/dist/os-packages" >> "$GITHUB_ENV" + ;; + *) + echo "::error::unknown project '$PROJECT' (expected vikunja|veans)" + exit 1 + ;; + esac + + if [ -z "$RELEASE_VERSION" ] || [ "$RELEASE_VERSION" = "main" ]; then + version_or_unstable="unstable" + else + version_or_unstable="$RELEASE_VERSION" + fi + echo "VERSION_OR_UNSTABLE=$version_or_unstable" >> "$GITHUB_ENV" + echo "BINARIES_ARTIFACT_NAME=${PROJECT}_bins" >> "$GITHUB_ENV" + echo "BINARY_GLOB=${PROJECT}-*-${GO_NAME}" >> "$GITHUB_ENV" + echo "PACKAGE_FILENAME=${PROJECT}-${version_or_unstable}-${PKG_ARCH}.${PACKAGER}" >> "$GITHUB_ENV" + echo "ARTIFACT_NAME=${PROJECT}_os_package_${PACKAGER}_${PKG_ARCH}" >> "$GITHUB_ENV" + echo "S3_TARGET_PATH=/${PROJECT}/${version_or_unstable}" >> "$GITHUB_ENV" + - name: Download project binaries uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: - name: ${{ inputs.binaries-artifact-name }} - path: ${{ inputs.binaries-download-path }} + name: ${{ env.BINARIES_ARTIFACT_NAME }} + path: ${{ env.BINARIES_DOWNLOAD_PATH }} - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6 with: @@ -104,13 +116,13 @@ runs: gpg-passphrase: ${{ inputs.gpg-passphrase }} gpg-sign-key: ${{ inputs.gpg-sign-key }} - - name: Prepare nfpm config and stage binary + - name: Prepare nfpm config shell: bash working-directory: build env: RELEASE_VERSION: ${{ inputs.release-version }} NFPM_ARCH: ${{ inputs.nfpm-arch }} - NFPM_BIN_PATH: ${{ inputs.nfpm-bin-path }} + NFPM_BIN_PATH: ${{ env.NFPM_BIN_PATH }} PROJECT: ${{ inputs.project }} run: | export PATH=$PATH:$GOPATH/bin @@ -118,39 +130,32 @@ runs: - name: Stage binary shell: bash - env: - BINARY_GLOB: ${{ inputs.binary-glob }} - DOWNLOAD_DIR: ${{ inputs.binaries-download-path }} - STAGED: ${{ inputs.staged-binary-path }} run: | - # Resolve the single matching binary and mv it into place. Using - # extglob would be tidier, but a tiny shell loop keeps this readable. + # Resolve the single matching binary and mv it into place. matched=() - for f in $DOWNLOAD_DIR/$BINARY_GLOB; do + for f in $BINARIES_DOWNLOAD_PATH/$BINARY_GLOB; do [ -e "$f" ] || continue matched+=("$f") done if [ ${#matched[@]} -ne 1 ]; then - echo "::error::expected exactly 1 binary matching '$DOWNLOAD_DIR/$BINARY_GLOB', found ${#matched[@]}" - ls -la "$DOWNLOAD_DIR" || true + echo "::error::expected exactly 1 binary matching '$BINARIES_DOWNLOAD_PATH/$BINARY_GLOB', found ${#matched[@]}" + ls -la "$BINARIES_DOWNLOAD_PATH" || true exit 1 fi - mkdir -p "$(dirname "$STAGED")" - mv "${matched[0]}" "$STAGED" - chmod +x "$STAGED" + mkdir -p "$(dirname "$STAGED_BINARY_PATH")" + mv "${matched[0]}" "$STAGED_BINARY_PATH" + chmod +x "$STAGED_BINARY_PATH" - name: Ensure package output dir exists shell: bash - env: - DIR: ${{ inputs.package-output-dir }} - run: mkdir -p "$DIR" + run: mkdir -p "$PACKAGE_OUTPUT_DIR" - name: Create package uses: kolaente/action-gh-nfpm@master with: packager: ${{ inputs.packager }} - target: ${{ inputs.package-output-dir }}/${{ inputs.package-filename }} - config: ${{ inputs.nfpm-config-path }} + target: ${{ env.PACKAGE_OUTPUT_DIR }}/${{ env.PACKAGE_FILENAME }} + config: ${{ env.NFPM_CONFIG_PATH }} env: NFPM_GPG_KEY_FILE: ${{ inputs.packager == 'rpm' && '/tmp/nfpm-signing-key.gpg' || '' }} NFPM_PASSPHRASE: ${{ inputs.packager == 'rpm' && inputs.gpg-passphrase || '' }} @@ -159,16 +164,14 @@ runs: if: inputs.packager == 'archlinux' shell: bash env: - GPG_KEY_ID: ${{ inputs.gpg-key-id }} GPG_PASSPHRASE: ${{ inputs.gpg-passphrase }} - PKG: ${{ inputs.package-output-dir }}/${{ inputs.package-filename }} run: | - gpg --default-key "$GPG_KEY_ID" \ + gpg --default-key 7D061A4AA61436B40713D42EFF054DACD908493A \ --batch --yes \ --passphrase "$GPG_PASSPHRASE" \ --pinentry-mode loopback \ --detach-sign \ - "$PKG" + "$PACKAGE_OUTPUT_DIR/$PACKAGE_FILENAME" - name: Upload to S3 uses: kolaente/s3-action@main @@ -178,12 +181,12 @@ runs: s3-endpoint: ${{ inputs.s3-endpoint }} s3-bucket: ${{ inputs.s3-bucket }} s3-region: ${{ inputs.s3-region }} - target-path: ${{ inputs.s3-target-path }} - files: ${{ inputs.package-output-dir }}/* - strip-path-prefix: ${{ inputs.package-output-dir }}/ + target-path: ${{ env.S3_TARGET_PATH }} + files: ${{ env.PACKAGE_OUTPUT_DIR }}/* + strip-path-prefix: ${{ env.PACKAGE_OUTPUT_DIR }}/ - name: Store OS package uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 with: - name: ${{ inputs.artifact-name }} - path: ${{ inputs.package-output-dir }}/* + name: ${{ env.ARTIFACT_NAME }} + path: ${{ env.PACKAGE_OUTPUT_DIR }}/* diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a39ff39ea..4cd0347ae 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,37 +63,10 @@ jobs: - name: Git describe id: ghd uses: proudust/gh-describe@v2 - # vikunja's release binary embeds frontend/dist — pull it in before the - # composite action invokes xgo. - - name: Get frontend dist - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 - with: - name: frontend_dist - path: frontend/dist - # vikunja's release zip bundle includes a config.yml.sample alongside - # the binary — generate it via the parent's mage. We pull the cached - # mage-static for this single command rather than installing mage twice. - - name: Download Mage Binary - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 - with: - name: mage_bin - - name: Generate config.yml.sample - run: | - chmod +x ./mage-static - ./mage-static generate:config-yaml 1 - - name: Build and publish - uses: ./.github/actions/release-binaries + - uses: ./.github/actions/release-binaries with: project: vikunja release-version: ${{ steps.ghd.outputs.describe }} - xgo-out-name: vikunja-${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }} - output-directory: '.' - xgo-cache-key: ${{ hashFiles('**/go.sum') }} - s3-target-path: /vikunja/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }} - artifact-binaries-name: vikunja_bins - artifact-zips-name: vikunja_bin_packages - upload-zips-as-artifact: ${{ github.ref_type == 'tag' }} - gpg-key-id: 7D061A4AA61436B40713D42EFF054DACD908493A gpg-passphrase: ${{ secrets.RELEASE_GPG_PASSPHRASE }} gpg-sign-key: ${{ secrets.RELEASE_GPG_SIGN_KEY }} s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }} @@ -109,19 +82,10 @@ jobs: - name: Git describe id: ghd uses: proudust/gh-describe@v2 - - name: Build and publish - uses: ./.github/actions/release-binaries + - uses: ./.github/actions/release-binaries with: project: veans release-version: ${{ steps.ghd.outputs.describe }} - xgo-out-name: veans-${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }} - output-directory: veans - xgo-cache-key: veans-${{ hashFiles('veans/go.sum') }} - s3-target-path: /veans/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }} - artifact-binaries-name: veans_bins - artifact-zips-name: veans_bin_packages - upload-zips-as-artifact: ${{ github.ref_type == 'tag' }} - gpg-key-id: 7D061A4AA61436B40713D42EFF054DACD908493A gpg-passphrase: ${{ secrets.RELEASE_GPG_PASSPHRASE }} gpg-sign-key: ${{ secrets.RELEASE_GPG_SIGN_KEY }} s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }} @@ -153,24 +117,14 @@ jobs: - name: Git describe id: ghd uses: proudust/gh-describe@v2 - - name: Build OS package - uses: ./.github/actions/release-os-package + - uses: ./.github/actions/release-os-package with: project: vikunja release-version: ${{ steps.ghd.outputs.describe }} packager: ${{ matrix.package }} nfpm-arch: ${{ matrix.arch.nfpm }} pkg-arch: ${{ matrix.arch.pkg }} - binaries-artifact-name: vikunja_bins - binaries-download-path: '.' - binary-glob: vikunja-*-${{ matrix.arch.go_name }} - staged-binary-path: ./vikunja - nfpm-config-path: ./nfpm.yaml - package-output-dir: ./dist/os-packages - package-filename: vikunja-${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}-${{ matrix.arch.pkg }}.${{ matrix.package }} - artifact-name: vikunja_os_package_${{ matrix.package }}_${{ matrix.arch.pkg }} - s3-target-path: /vikunja/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }} - gpg-key-id: 7D061A4AA61436B40713D42EFF054DACD908493A + go-name: ${{ matrix.arch.go_name }} gpg-passphrase: ${{ secrets.RELEASE_GPG_PASSPHRASE }} gpg-sign-key: ${{ secrets.RELEASE_GPG_SIGN_KEY }} s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }} @@ -202,27 +156,14 @@ jobs: - name: Git describe id: ghd uses: proudust/gh-describe@v2 - - name: Build OS package - uses: ./.github/actions/release-os-package + - uses: ./.github/actions/release-os-package with: project: veans release-version: ${{ steps.ghd.outputs.describe }} packager: ${{ matrix.package }} nfpm-arch: ${{ matrix.arch.nfpm }} pkg-arch: ${{ matrix.arch.pkg }} - binaries-artifact-name: veans_bins - binaries-download-path: ./veans-binaries - binary-glob: veans-*-${{ matrix.arch.go_name }} - # nfpm action runs from $GITHUB_WORKSPACE; ./veans is the source dir - # so stage under a distinct filename to avoid collision. - staged-binary-path: ./veans/veans-bin - nfpm-bin-path: ./veans/veans-bin - nfpm-config-path: ./veans/nfpm.yaml - package-output-dir: ./veans/dist/os-packages - package-filename: veans-${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}-${{ matrix.arch.pkg }}.${{ matrix.package }} - artifact-name: veans_os_package_${{ matrix.package }}_${{ matrix.arch.pkg }} - s3-target-path: /veans/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }} - gpg-key-id: 7D061A4AA61436B40713D42EFF054DACD908493A + go-name: ${{ matrix.arch.go_name }} gpg-passphrase: ${{ secrets.RELEASE_GPG_PASSPHRASE }} gpg-sign-key: ${{ secrets.RELEASE_GPG_SIGN_KEY }} s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }}