-
Notifications
You must be signed in to change notification settings - Fork 11
147 lines (133 loc) · 4.84 KB
/
Copy pathstage.yml
File metadata and controls
147 lines (133 loc) · 4.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
---
name: Stage
on:
workflow_dispatch:
push:
branches:
- main
paths-ignore:
- ".github/**"
jobs:
build:
runs-on: ubuntu-latest
name: Build project
concurrency:
group: stage-build-${{ github.ref }}
cancel-in-progress: true
steps:
- name: Checkout sources
uses: actions/checkout@v6
- name: Set up Java 21
uses: actions/setup-java@v5
with:
distribution: temurin
java-version: 21
cache: maven
- name: Build with Maven
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: mvn package -B -DskipTests -Dskip.junit_platform=true
- name: Upload JAR artifacts
uses: actions/upload-artifact@v7
with:
name: distributions
path: |
./target/trustify-da-java-client-*.jar
!./target/original-*.jar
release:
runs-on: ubuntu-latest
name: Create an early-access release
concurrency:
group: stage-release-${{ github.ref }}
cancel-in-progress: false
permissions:
contents: write
needs: build
if: github.repository_owner == 'guacsec'
steps:
- name: Checkout sources
uses: actions/checkout@v6
- name: Download distribution artifacts
uses: actions/download-artifact@v8
with:
name: distributions
path: ./distributions
- name: Check for existing early-access release
id: existing_release
uses: actions/github-script@v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const repo_name = context.payload.repository.full_name
try {
const response = await github.request('GET /repos/' + repo_name + '/releases/tags/early-access')
core.setOutput('id', response.data.id)
} catch (error) {
if (error.status === 404) {
core.info('No existing early-access release found')
core.setOutput('id', '')
} else {
core.setFailed(`Failed to check for early-access release: ${error.status} ${error.message}`)
}
}
- name: Delete early-access release if exists
if: ${{ steps.existing_release.outputs.id }}
uses: actions/github-script@v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const repo_name = context.payload.repository.full_name
await github.request('DELETE /repos/' + repo_name + '/releases/' + ${{ steps.existing_release.outputs.id }})
- name: Delete early-access tag if exists
continue-on-error: true
run: git push --delete origin early-access
# a little pause between deleting the release and creating a new one
# without it, the new release might be a weird release, i.e. a draft release
- name: Sleep 5
run: sleep 5
- name: Create new early-access release
id: new_release
uses: actions/github-script@v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const repo_name = context.payload.repository.full_name
const response = await github.request('POST /repos/' + repo_name + '/releases', {
tag_name: 'early-access',
name: 'Early-Access',
draft: false,
prerelease: true,
generate_release_notes: true,
make_latest: 'false'
})
core.setOutput('upload_url', response.data.upload_url)
- name: Create SHA256 checksums for the binaries
working-directory: distributions
run: |
short_sha="${{ github.sha }}"
short_sha="${short_sha:0:7}"
# Rename JAR files to include short commit ID and create checksums
for pkg in *.jar; do
[ ! -f "$pkg" ] && continue
new_filename="${pkg%.jar}-${short_sha}.jar"
echo "Renaming $pkg to $new_filename"
mv "$pkg" "$new_filename"
echo "Creating checksum for $new_filename"
sha256sum "$new_filename" > "$new_filename.sha256"
done
- name: Upload packages and checksums as early-access release assets
working-directory: distributions
run: |
set -euo pipefail
for file in *
do
asset_name=$(basename "$file")
upload_url=$(echo "${{ steps.new_release.outputs.upload_url }}" | sed "s/{?name,label}/?name=$asset_name/g")
echo "Uploading $asset_name..."
curl --fail-with-body --retry 3 --retry-all-errors --show-error --silent \
--data-binary @"$file" \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Content-Type: application/octet-stream" \
"$upload_url"
echo ""
done