Merge pull request #88 from iits-consulting/Ninja243/apk-push-issue #66
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "*" | |
| jobs: | |
| goreleaser: | |
| runs-on: macos-13 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set env | |
| run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
| - name: Setup Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: '1.20' | |
| - name: Import Code-Signing Certificates | |
| uses: apple-actions/import-codesign-certs@v1 | |
| with: | |
| p12-file-base64: ${{ secrets.MAC_CERT }} | |
| p12-password: ${{ secrets.MAC_CERT_PASS }} | |
| keychain: build | |
| keychain-password: ${{ secrets.MAC_CERT_PASS }} | |
| - name: Setup Keychain | |
| run: | | |
| KEYCHAIN=build.keychain | |
| security default-keychain -s $KEYCHAIN | |
| security unlock-keychain -p $MAC_CERT_PASS $KEYCHAIN | |
| curl -o AppleWWDRCAG3.cer https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer | |
| security import AppleWWDRCAG3.cer -k $KEYCHAIN -T /usr/bin/codesign | |
| curl -o AppleRootCA.cer https://www.apple.com/appleca/AppleIncRootCertificate.cer | |
| security import AppleRootCA.cer -k $KEYCHAIN -T /usr/bin/codesign | |
| curl -o AppleDevIntermediate.cer https://www.apple.com/certificateauthority/DeveloperIDG2CA.cer | |
| security import AppleDevIntermediate.cer -k $KEYCHAIN -T /usr/bin/codesign | |
| security find-identity -v $KEYCHAIN | |
| rm *.cer | |
| env: | |
| MAC_CERT_PASS: ${{ secrets.MAC_CERT_PASS }} | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v3 | |
| with: | |
| version: latest | |
| args: release --clean | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NOTARYTOOL_PASS: ${{ secrets.NOTARYTOOL_PASS }} | |
| - name: Read post build hook logs | |
| if: always() | |
| run: cat post_build_output.txt | |
| dockerrelease: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set env | |
| run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push Docker images | |
| uses: docker/build-push-action@v3 | |
| with: | |
| push: true | |
| tags: | | |
| ghcr.io/iits-consulting/otc-auth:latest | |
| ghcr.io/iits-consulting/otc-auth:${{ env.RELEASE_VERSION }} | |
| aur-publish: | |
| runs-on: ubuntu-latest | |
| needs: goreleaser | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Prepare PKGBUILD | |
| run: | | |
| # We simply imply that ref is always a valid tag for now. | |
| sed -e "s/__VERSION__/${GITHUB_REF_NAME}/" <PKGBUILD.template >PKGBUILD | |
| - name: Publish AUR package | |
| uses: KSXGitHub/github-actions-deploy-aur@v2.7.0 | |
| with: | |
| pkgname: otc-auth | |
| pkgbuild: ./PKGBUILD | |
| commit_username: ${{ secrets.AUR_USERNAME }} | |
| commit_email: ${{ secrets.AUR_EMAIL }} | |
| ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }} | |
| commit_message: "Bump to ${{ github.github_ref_name }}" | |
| ssh_keyscan_types: rsa,dsa,ecdsa,ed25519 | |
| apk-publish: | |
| runs-on: ubuntu-latest | |
| needs: goreleaser | |
| container: | |
| image: alpine:latest | |
| steps: | |
| - name: Get latest apks | |
| uses: robinraju/release-downloader@v1.8 | |
| with: | |
| latest: true | |
| fileName: "*.apk" | |
| - name: Install dependencies | |
| run: | | |
| apk add alpine-sdk openssl | |
| - name: Import keys | |
| run: | | |
| mkdir ~/.abuild | |
| echo "$APK_PACKAGE_RSA" > ~/.abuild/abuild.rsa | |
| openssl rsa -pubout -in ~/.abuild/abuild.rsa -out ~/.abuild/abuild.rsa.pub | |
| echo "PACKAGER_PRIVKEY=\"~/.abuild/abuild.rsa\"" >> /etc/abuild.conf | |
| cp ~/.abuild/abuild.rsa.pub /etc/apk/keys/ | |
| env: | |
| APK_PACKAGE_RSA: ${{ secrets.APK_PACKAGE_RSA }} | |
| - name: Make and sign apkindex | |
| run: | | |
| apk index -o APKINDEX.tar.gz *.apk | |
| abuild-sign -k ~/.abuild/abuild.rsa -p /etc/apk/keys/abuild.rsa.pub APKINDEX.tar.gz | |
| - name: Create repo structure | |
| run: | | |
| cp ~/.abuild/abuild.rsa.pub otc-auth.rsa.pub | |
| echo -e " # <img src='https://github.com/iits-consulting/otc-auth/blob/main/static/images/iits-2024.svg' width="150"/> otc-auth apk-repo \n This repo contains .apk files built from the [latest version of otc-auth](https://github.com/iits-consulting/otc-auth/releases).\n\n ## Usage \n \`\`\`bash \n apk add curl \n curl -SsL -o /etc/apk/keys/otc-auth.rsa.pub https://iits-consulting.github.io/apk-repo otc-auth.rsa.pub \n apk add otc-auth --repository='https://iits-consulting.github.io/apk-repo' \n \`\`\`" > README.md; | |
| - name: Cleanup | |
| run: | | |
| rm -rf ~/.abuild | |
| - name: Push to APK repo | |
| uses: cpina/github-action-push-to-another-repository@main | |
| env: | |
| SSH_DEPLOY_KEY: ${{ secrets.APK_SSH_DEPLOY_KEY }} | |
| with: | |
| source-directory: . | |
| destination-github-username: 'iits-consulting' | |
| destination-repository-name: 'apk-repo' | |
| user-email: mweya.ruider@iits-consulting.de | |
| target-branch: main | |
| rpm-publish: | |
| runs-on: ubuntu-latest | |
| needs: goreleaser | |
| container: | |
| image: fedora:latest | |
| steps: | |
| - name: Get latest rpms | |
| uses: robinraju/release-downloader@v1.8 | |
| with: | |
| latest: true | |
| fileName: "*.rpm" | |
| - name: Get dependencies | |
| run: | | |
| dnf install rpm-sign createrepo -y | |
| - name: Generate keys | |
| run: | | |
| export GPG_TTY=`tty`; | |
| echo "$GPG_PPA_PRIV_KEY" | base64 --decode | gpg --import --batch; | |
| echo -e "pinentry-mode loopback \npassphrase ${GPG_PPA_PRIV_KEY_PASSPHRASE}" > ~/.gnupg/gpg.conf | |
| echo -e "%_signature gpg \n%_gpg_name mweya.ruider@iits-consulting.de" > /root/.rpmmacros | |
| echo "Sanity check: $(cat /root/.rpmmacros)" | |
| rpm --define "_gpg_name mweya.ruider@iits-consulting.de" --addsign *.rpm | |
| mkdir -p otc\-auth/packages | |
| mv *.rpm otc\-auth/packages | |
| cd otc\-auth/packages | |
| createrepo . | |
| gpg --detach-sign --armor --default-key "mweya.ruider@iits-consulting.de" repodata/repomd.xml | |
| gpg --armor --export "mweya.ruider@iits-consulting.de" > KEY.gpg; | |
| cd ../../ | |
| echo -e "[rpm-repo]\nname=otc-auth RPM repo\nbaseurl=http://iits-consulting.github.io/rpm-repo/packages\nenabled=1\ngpgcheck=1\ngpgkey=http://iits-consulting.github.io/rpm-repo/KEY.gpg" > rpm-repo.repo | |
| echo -e " # <img src='https://github.com/iits-consulting/otc-auth/blob/main/static/images/iits-2024.svg' width="150"/> otc-auth RPM Repo \n This repo contains .rpm files built from the [latest version of otc-auth](https://github.com/iits-consulting/otc-auth/releases).\n\n ## Usage \n \`\`\`bash \n yum-config-manager --add-repo https://iits-consulting.github.io/rpm-repo.repo \n yum install -y hello-world \n \`\`\`" > README.md; | |
| env: | |
| GPG_PPA_PRIV_KEY: ${{ secrets.GPG_PPA_PRIV_KEY }} | |
| GPG_PPA_PRIV_KEY_PASSPHRASE: ${{ secrets.GPG_PPA_PRIV_KEY_PASSPHRASE }} | |
| - name: Push to RPM repo | |
| uses: cpina/github-action-push-to-another-repository@main | |
| env: | |
| SSH_DEPLOY_KEY: ${{ secrets.RPM_SSH_DEPLOY_KEY }} | |
| with: | |
| source-directory: . | |
| destination-github-username: 'iits-consulting' | |
| destination-repository-name: 'rpm-repo' | |
| user-email: mweya.ruider@iits-consulting.de | |
| target-branch: main | |
| deb-publish: | |
| runs-on: ubuntu-latest | |
| needs: goreleaser | |
| steps: | |
| - name: Get latest debs | |
| uses: robinraju/release-downloader@v1.8 | |
| with: | |
| latest: true | |
| fileName: "*.deb" | |
| - name: Create PPA repo structure | |
| run: | | |
| dpkg-scanpackages --multiversion . > Packages; | |
| gzip -k -f Packages; | |
| apt-ftparchive release . > Release; | |
| echo "deb [signed-by=/etc/apt/trusted.gpg.d/otc-auth_ppa.gpg] https://iits-consulting.github.io/ppa/debian ./" > otc-auth.list | |
| echo -e " # <img src='https://github.com/iits-consulting/otc-auth/blob/main/static/images/iits-2024.svg' width="150"/> otc-auth PPA \n This repo (based on the one [here](https://github.com/assafmo/ppa)) contains .deb files built from the [latest version of otc-auth](https://github.com/iits-consulting/otc-auth/releases).\n\n ## Usage \n \`\`\`bash \n sudo curl -SsL -o /etc/apt/trusted.gpg.d/otc-auth_ppa.gpg https://iits-consulting.github.io/ppa/debian/KEY.gpg \n sudo curl -SsL -o /etc/apt/sources.list.d/otc-auth.list https://iits-consulting.github.io/ppa/debian/otc-auth.list \n cat /etc/apt/trusted.gpg.d/otc-auth_ppa.gpg | gpg --dearmor | tee /etc/apt/trusted.gpg.d/otc-auth_ppa.gpg >/dev/null \n sudo apt update \n sudo apt install otc-auth \n \`\`\`" > README.md; | |
| - name: Generate keys | |
| run: | | |
| export GPG_TTY=`tty`; | |
| echo "$GPG_PPA_PRIV_KEY" | base64 --decode | gpg --import --batch; | |
| gpg --armor --export "mweya.ruider@iits-consulting.de" > KEY.gpg; | |
| echo "Sanity Check: $(ls -la Release)" | |
| echo -e "pinentry-mode loopback \npassphrase ${GPG_PPA_PRIV_KEY_PASSPHRASE}" > ~/.gnupg/gpg.conf | |
| gpg --default-key "mweya.ruider@iits-consulting.de" -abs -o - Release > Release.gpg; | |
| gpg --default-key "mweya.ruider@iits-consulting.de" --clearsign -o - Release > InRelease; | |
| sudo apt-get install -y debsigs | |
| for package in *.deb; do | |
| debsigs --sign=origin --default-key="mweya.ruider@iits-consulting.de" "$package" | |
| done | |
| env: | |
| GPG_PPA_PRIV_KEY: ${{ secrets.GPG_PPA_PRIV_KEY }} | |
| GPG_PPA_PRIV_KEY_PASSPHRASE: ${{ secrets.GPG_PPA_PRIV_KEY_PASSPHRASE }} | |
| - name: Final cleanup | |
| run: | | |
| mkdir .debian | |
| mv README.md .README.md | |
| mv * .debian | |
| mv .README.md README.md | |
| mv .debian debian | |
| rm ~/.gnupg/gpg.conf | |
| - name: Push to PPA repo | |
| uses: cpina/github-action-push-to-another-repository@main | |
| env: | |
| SSH_DEPLOY_KEY: ${{ secrets.SSH_DEPLOY_KEY }} | |
| with: | |
| source-directory: . | |
| destination-github-username: 'iits-consulting' | |
| destination-repository-name: 'ppa' | |
| user-email: mweya.ruider@iits-consulting.de | |
| target-branch: main | |
| brew-publish: | |
| runs-on: ubuntu-latest | |
| needs: goreleaser | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Set output | |
| id: vars | |
| run: | | |
| echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT | |
| echo "revision=$(git rev-list -n 1 ${GITHUB_REF#refs/*/})" >> $GITHUB_OUTPUT | |
| - name: Checkout brew repo | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: 'iits-consulting/homebrew-tap' | |
| ref: main | |
| fetch-depth: 0 | |
| - name: Update otc-auth Formula | |
| working-directory: Formula | |
| env: | |
| TAG: ${{ steps.vars.outputs.tag }} | |
| REVISION: ${{ steps.vars.outputs.revision }} | |
| run: | | |
| set -e | |
| echo $TAG | |
| echo $REVISION | |
| echo ${{ steps.vars.outputs.tag }} | |
| echo ${{ steps.vars.outputs.revision }} | |
| echo -e 'class OtcAuth < Formula\n desc "Open Source CLI for the Open Telekom Cloud written in go"\n homepage "https://github.com/iits-consulting/otc-auth"\n url "https://github.com/iits-consulting/otc-auth.git",\n tag: "'${TAG}'",\n revision: "'${REVISION}'"\n license "GPLv3"\n head "https://github.com/iits-consulting/otc-auth.git", branch: "main"\n depends_on "bash" => :build\n depends_on "coreutils" => :build\n depends_on "go" => :build\n uses_from_macos "rsync" => :build\n def install\n system "go", "build", "-ldflags", "-X main.version=#{version} -X main.date=#{Date.today}"\n bin.install "./otc-auth"\n end\n test do\n run_output = shell_output("#{bin}/otc-auth version 2>&1")\n assert run_output.start_with?("OTC-Auth #{version}")\n end\nend' > otc-auth.rb | |
| - name: Push to brew repo | |
| uses: cpina/github-action-push-to-another-repository@main | |
| env: | |
| SSH_DEPLOY_KEY: ${{ secrets.BREW_SSH_DEPLOY_KEY }} | |
| with: | |
| source-directory: Formula | |
| target-directory: Formula | |
| destination-github-username: 'iits-consulting' | |
| destination-repository-name: 'homebrew-tap' | |
| user-email: mweya.ruider@iits-consulting.de | |
| target-branch: main | |
| wikiupdate: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Setup Go environment | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: '1.20' | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Get dependencies | |
| run: go mod download | |
| - name: Build | |
| run: go run main.go documentation | |
| - name: Checkout wiki code | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: ${{github.repository}}.wiki | |
| path: markdown | |
| - name: Push to wiki | |
| run: | | |
| cp -r generated-documentation.md markdown/ | |
| cd markdown | |
| git config --local user.email "action@github.com" | |
| git config --local user.name "GitHub Action" | |
| git add . | |
| git diff-index --quiet HEAD || git commit -m "Updated docs" && git push | |