cd #593
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: cd | |
# creates a draft release with srcs and binary products attached | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
required: true | |
concurrency: | |
group: cd/${{ github.event.inputs.version }} | |
cancel-in-progress: true | |
jobs: | |
qa: | |
uses: ./.github/workflows/ci.yml | |
integration-tests: | |
uses: ./.github/workflows/ci.shellcode.yml | |
attach-srcs: | |
runs-on: ubuntu-latest | |
needs: [qa, integration-tests] | |
env: | |
FILENAME: pkgx-${{ github.event.inputs.version }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
path: ${{ env.FILENAME }} | |
- name: clean | |
run: rm -rf ${{ env.FILENAME }}/.github .gitbook.yml | |
- name: stamp version.ts | |
run: echo "export default function() { return '${{github.event.inputs.version}}' }" > $FILENAME/src/modes/version.ts | |
- name: include GPG pubkey | |
run: echo "${{ secrets.GPG_PUBLIC_KEY }}" | base64 -d > $FILENAME/pkgx.dev.pub.asc | |
- run: tar cJf $FILENAME.tar.xz $FILENAME | |
- name: attach srcs to release | |
run: gh release upload --clobber | |
v${{ github.event.inputs.version }} | |
../$FILENAME.tar.xz | |
working-directory: | |
${{ env.FILENAME }} | |
env: | |
# using this token rather than github.token due to `release not found` bug | |
# https://github.com/pkgxdev/cli/issues/5252 | |
GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: srcs | |
path: ${{ env.FILENAME }}.tar.xz | |
if-no-files-found: error | |
attach-binary-products: | |
needs: attach-srcs | |
permissions: | |
actions: write | |
strategy: | |
matrix: | |
platform: | |
- os: macos-latest | |
build-id: darwin+x86-64 | |
- os: ubuntu-latest | |
build-id: linux+x86-64 | |
- os: [self-hosted, macOS, ARM64] | |
build-id: darwin+aarch64 | |
- os: [self-hosted, linux, ARM64] | |
build-id: linux+aarch64 | |
runs-on: ${{ matrix.platform.os }} | |
name: ${{ matrix.platform.build-id }} | |
env: | |
FILENAME: pkgx-${{ github.event.inputs.version }}+${{ matrix.platform.build-id }}.tar.xz | |
steps: | |
- uses: actions/download-artifact@v3 | |
with: | |
name: srcs | |
- run: tar xJf pkgx-${{ github.event.inputs.version }}.tar.xz --strip-components=1 | |
- uses: pkgxdev/dev@v0 | |
- run: deno task compile | |
- uses: teaxyz/brewkit/actions/setup-codesign@v0 | |
if: startsWith(matrix.platform.build-id, 'darwin+') | |
with: | |
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }} | |
p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }} | |
# codesign always fails for deno binaries, even though it | |
# signs fine. See https://github.com/denoland/deno/issues/575 | |
- run: codesign --sign "$APPLE_IDENTITY" --force --preserve-metadata=entitlements,requirements,flags,runtime ./pkgx || true | |
env: | |
APPLE_IDENTITY: ${{ secrets.APPLE_IDENTITY }} | |
- name: sanity check | |
run: test "$(./pkgx --version)" = "pkgx ${{ github.event.inputs.version }}" | |
- run: tar cJf $FILENAME pkgx | |
- name: GPG sign archive | |
run: | | |
./pkgx gpg-agent --daemon || true | |
echo $GPG_PRIVATE_KEY | \ | |
base64 -d | \ | |
./pkgx gpg --import --batch --yes | |
./pkgx gpg \ | |
--detach-sign --armor \ | |
--local-user $GPG_KEY_ID \ | |
$FILENAME | |
env: | |
GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} | |
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
- name: attach product to release | |
run: ./pkgx gh release upload --clobber | |
v${{ github.event.inputs.version }} | |
$FILENAME $FILENAME.asc | |
env: | |
# using this token rather than github.token due to `release not found` bug | |
# https://github.com/pkgxdev/cli/issues/5252 | |
GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
GH_REPO: pkgxdev/pkgx |