-
Notifications
You must be signed in to change notification settings - Fork 1
150 lines (130 loc) · 4.56 KB
/
build-1password-cli.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
---
# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.
name: "📦 Build 1password-cli"
on:
workflow_dispatch:
push:
branches: [main]
paths:
- ".github/workflows/build-1password-cli.yml"
- "packages/1password-cli/**"
pull_request:
branches: [main]
paths:
- ".github/workflows/build-1password-cli.yml"
- "packages/1password-cli/**"
schedule:
- cron: "0 0 * * *"
defaults:
run:
shell: bash
env:
DOCKER_BUILDKIT: 1
REGISTRY: ${{ vars.REGISTRY }}
permissions: read-all
jobs:
lookup:
runs-on: ubuntu-latest
name: Lookup current version
permissions:
packages: write
contents: read
strategy:
fail-fast: false
container:
image: ghcr.io/northwood-labs/package-builder/ubuntu-v22.04:latest
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
outputs:
cache_hit: ${{ steps.check.outputs.cache-hit }}
package_version: ${{ steps.lookup_version.outputs.package_version }}
steps:
- name: Lookup latest version of package
id: lookup_version
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "package_version=$(curl -sSLf https://app-updates.agilebits.com/check/1/0/CLI2/en/2000001/N | jq -Mr '.version')" >> $GITHUB_OUTPUT
- name: Check to see if we've already built this version
uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
id: check
with:
key: "1password-cli-${{ steps.lookup_version.outputs.package_version }}"
path: "packages/1password-cli/dist"
lookup-only: true
build:
if: needs.lookup.outputs.cache_hit != 'true'
needs: lookup
runs-on: ubuntu-latest
name: "📦 Build and cache"
strategy:
fail-fast: false
container:
image: ghcr.io/northwood-labs/package-builder/ubuntu-v22.04:latest
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
options: --privileged
steps:
- name: Git clone
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.base_ref }}
- name: "📦 Build the package"
working-directory: packages/1password-cli
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
GORELEASER_KEY: "${{ secrets.GORELEASER_KEY }}"
GPG_KEY_B64: ${{ secrets.GPG_KEY_B64 }}
RSA_KEY_B64: ${{ secrets.RSA_KEY_B64 }}
NFPM_PASSPHRASE: "${{ secrets.GPG_PWD }}"
run: |
# We just need to set a git tag. None of the rest of this matters.
git init
git config user.email "[email protected]"
git config user.name "Your Name"
git add .
git commit -m "Test"
git remote add origin https://example.com
git tag "${{ needs.lookup.outputs.package_version }}"
# Decode the contents into files.
echo -n "${GPG_KEY_B64}" | base64 --decode > 3C7658F0.asc
echo -n "${RSA_KEY_B64}" | base64 --decode > signing.pem
# Build the package
goreleaser release --clean --nightly --skip=announce,publish,validate --verbose
- name: Cache the packages
uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
id: cache-packages
with:
key: "1password-cli-${{ needs.lookup.outputs.package_version }}"
path: packages/1password-cli/dist
upload:
if: needs.lookup.outputs.cache_hit != 'true'
needs: build
name: Upload to S3
uses: northwood-labs/package-building/.github/workflows/upload-to-s3.yml@main
secrets: inherit
with:
package-name: "1password-cli"
package-version: ${{ needs.lookup.outputs.package_version }}
metadata_rpm:
if: needs.lookup.outputs.cache_hit != 'true'
needs: upload
name: RPM metadata
uses: northwood-labs/package-building/.github/workflows/generate-rpm-meta.yml@main
secrets: inherit
metadata_deb:
if: needs.lookup.outputs.cache_hit != 'true'
needs: upload
name: DEB metadata
uses: northwood-labs/package-building/.github/workflows/generate-deb-meta.yml@main
secrets: inherit
metadata_apk:
if: needs.lookup.outputs.cache_hit != 'true'
needs: upload
name: APK metadata
uses: northwood-labs/package-building/.github/workflows/generate-apk-meta.yml@main
secrets: inherit