cd #569
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: cd | |
| # creates a draft release with srcs and binary products attached | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| required: true | |
| concurrency: | |
| group: cd/${{ github.event.inputs.version }} | |
| cancel-in-progress: true | |
| jobs: | |
| qa: | |
| uses: ./.github/workflows/ci.yml | |
| integration-tests: | |
| uses: ./.github/workflows/ci.shellcode.yml | |
| attach-srcs: | |
| runs-on: ubuntu-latest | |
| needs: [qa, integration-tests] | |
| env: | |
| FILENAME: tea-${{ github.event.inputs.version }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| path: ${{ env.FILENAME }} | |
| - name: clean | |
| run: rm -rf ${{ env.FILENAME }}/.github .gitbook.yml | |
| - name: stamp version.ts | |
| run: echo "export default function() { return '${{github.event.inputs.version}}' }" > $FILENAME/src/modes/version.ts | |
| - name: include GPG pubkey | |
| run: echo ${{ secrets.GPG_PUBLIC_KEY }} | base64 -d > $FILENAME/tea.xyz.pub.asc | |
| - run: tar cJf $FILENAME.tar.xz $FILENAME | |
| - name: attach srcs to release | |
| run: gh release upload --clobber | |
| v${{ github.event.inputs.version }} | |
| ../$FILENAME.tar.xz | |
| working-directory: | |
| ${{ env.FILENAME }} | |
| env: | |
| # using this token rather than github.token due to `release not found` bug | |
| # https://github.com/cli/cli/issues/5252 | |
| GH_TOKEN: ${{ secrets.TEMP_JACOBS_GITHUB_PAT }} | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: srcs | |
| path: ${{ env.FILENAME }}.tar.xz | |
| if-no-files-found: error | |
| attach-binary-products: | |
| needs: attach-srcs | |
| permissions: | |
| actions: write | |
| strategy: | |
| matrix: | |
| platform: | |
| - os: macos-latest | |
| build-id: darwin+x86-64 | |
| - os: ubuntu-latest | |
| build-id: linux+x86-64 | |
| - os: [self-hosted, macOS, ARM64] | |
| build-id: darwin+aarch64 | |
| - os: [self-hosted, linux, ARM64] | |
| build-id: linux+aarch64 | |
| runs-on: ${{ matrix.platform.os }} | |
| name: ${{ matrix.platform.build-id }} | |
| env: | |
| FILENAME: tea-${{ github.event.inputs.version }}+${{ matrix.platform.build-id }}.tar.xz | |
| steps: | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: srcs | |
| - run: tar xJf tea-${{ github.event.inputs.version }}.tar.xz --strip-components=1 | |
| - uses: teaxyz/setup@v0 | |
| with: | |
| srcroot: null # due to v0/v1 issues here will be fixed with setup@v1 | |
| +: deno.land | |
| - run: deno task compile | |
| - uses: teaxyz/brewkit/actions/setup-codesign@v0 | |
| if: startsWith(matrix.platform.build-id, 'darwin+') | |
| with: | |
| p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }} | |
| p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }} | |
| # codesign always fails for deno binaries, even though it | |
| # signs fine. See https://github.com/denoland/deno/issues/575 | |
| - run: codesign --sign "$APPLE_IDENTITY" --force --preserve-metadata=entitlements,requirements,flags,runtime ./tea || true | |
| env: | |
| APPLE_IDENTITY: ${{ secrets.APPLE_IDENTITY }} | |
| - name: sanity check | |
| run: test "$(./tea --version)" = "tea ${{ github.event.inputs.version }}" | |
| - run: tar cJf $FILENAME tea | |
| - name: GPG sign archive | |
| run: | | |
| ./tea gpg-agent --daemon || true | |
| echo $GPG_PRIVATE_KEY | \ | |
| base64 -d | \ | |
| ./tea gpg --import --batch --yes | |
| ./tea gpg \ | |
| --detach-sign --armor \ | |
| --local-user $GPG_KEY_ID \ | |
| $FILENAME | |
| env: | |
| GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} | |
| GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| - name: attach product to release | |
| run: ./tea gh release upload --clobber | |
| v${{ github.event.inputs.version }} | |
| $FILENAME $FILENAME.asc | |
| env: | |
| # using this token rather than github.token due to `release not found` bug | |
| # https://github.com/cli/cli/issues/5252 | |
| GH_TOKEN: ${{ secrets.TEMP_JACOBS_GITHUB_PAT }} | |
| GH_REPO: teaxyz/cli |