github.com/ungtb10d/cli/v2@v2.0.0-20221110210412-98537dd9d6a1/.github/workflows/releases.yml (about) 1 name: goreleaser 2 3 on: 4 push: 5 tags: 6 - "v*" 7 8 permissions: 9 contents: write # publishing releases 10 repository-projects: write # move cards between columns 11 12 jobs: 13 goreleaser: 14 runs-on: ubuntu-latest 15 steps: 16 - name: Checkout 17 uses: actions/checkout@v3 18 - name: Set up Go 1.18 19 uses: actions/setup-go@v3 20 with: 21 go-version: 1.18 22 - name: Generate changelog 23 id: changelog 24 run: | 25 echo "::set-output name=tag-name::${GITHUB_REF#refs/tags/}" 26 gh api repos/$GITHUB_REPOSITORY/releases/generate-notes \ 27 -f tag_name="${GITHUB_REF#refs/tags/}" \ 28 -f target_commitish=trunk \ 29 -q .body > CHANGELOG.md 30 env: 31 GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} 32 - name: Install osslsigncode 33 run: sudo apt-get install -y osslsigncode 34 - name: Obtain signing cert 35 run: | 36 cert="$(mktemp -t cert.XXX)" 37 base64 -d <<<"$CERT_CONTENTS" > "$cert" 38 echo "CERT_FILE=$cert" >> $GITHUB_ENV 39 env: 40 CERT_CONTENTS: ${{ secrets.WINDOWS_CERT_PFX }} 41 - name: Run GoReleaser 42 uses: goreleaser/goreleaser-action@v3 43 with: 44 version: v0.174.1 45 args: release --release-notes=CHANGELOG.md 46 env: 47 GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} 48 GORELEASER_CURRENT_TAG: ${{steps.changelog.outputs.tag-name}} 49 CERT_PASSWORD: ${{secrets.WINDOWS_CERT_PASSWORD}} 50 - name: Checkout documentation site 51 uses: actions/checkout@v3 52 with: 53 repository: github/cli.github.com 54 path: site 55 fetch-depth: 0 56 ssh-key: ${{secrets.SITE_SSH_KEY}} 57 - name: Update site man pages 58 env: 59 GIT_COMMITTER_NAME: cli automation 60 GIT_AUTHOR_NAME: cli automation 61 GIT_COMMITTER_EMAIL: noreply@github.com 62 GIT_AUTHOR_EMAIL: noreply@github.com 63 run: make site-bump 64 - name: Move project cards 65 continue-on-error: true 66 env: 67 GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} 68 PENDING_COLUMN: 8189733 69 DONE_COLUMN: 7110130 70 run: | 71 api() { gh api -H 'accept: application/vnd.github.inertia-preview+json' "$@"; } 72 api-write() { [[ $GITHUB_REF == *-* ]] && echo "skipping: api $*" || api "$@"; } 73 cards=$(api --paginate projects/columns/$PENDING_COLUMN/cards | jq ".[].id") 74 for card in $cards; do 75 api-write --silent projects/columns/cards/$card/moves -f position=top -F column_id=$DONE_COLUMN 76 done 77 echo "moved ${#cards[@]} cards to the Done column" 78 - name: Install packaging dependencies 79 run: sudo apt-get install -y rpm reprepro 80 - name: Set up GPG 81 run: | 82 echo "${{secrets.GPG_PUBKEY}}" | base64 -d | gpg --import --no-tty --batch --yes 83 echo "${{secrets.GPG_KEY}}" | base64 -d | gpg --import --no-tty --batch --yes 84 echo "allow-preset-passphrase" > ~/.gnupg/gpg-agent.conf 85 gpg-connect-agent RELOADAGENT /bye 86 echo "${{secrets.GPG_PASSPHRASE}}" | /usr/lib/gnupg2/gpg-preset-passphrase --preset "${{secrets.GPG_KEYGRIP}}" 87 - name: Sign RPMs 88 run: | 89 cp script/rpmmacros ~/.rpmmacros 90 rpmsign --addsign dist/*.rpm 91 - name: Run createrepo 92 run: | 93 mkdir -p site/packages/rpm 94 cp dist/*.rpm site/packages/rpm/ 95 ./script/createrepo.sh 96 cp -r dist/repodata site/packages/rpm/ 97 pushd site/packages/rpm 98 gpg --yes --detach-sign --armor repodata/repomd.xml 99 popd 100 - name: Run reprepro 101 env: 102 # We are no longer adding to the distribution list. 103 # All apt distributions should use "stable" according to our install documentation. 104 # In the future we will remove legacy distributions listed here. 105 RELEASES: "cosmic eoan disco groovy focal stable oldstable testing sid unstable buster bullseye stretch jessie bionic trusty precise xenial hirsute impish kali-rolling" 106 run: | 107 mkdir -p upload 108 for release in $RELEASES; do 109 for file in dist/*.deb; do 110 reprepro --confdir="+b/script" includedeb "$release" "$file" 111 done 112 done 113 cp -a dists/ pool/ upload/ 114 mkdir -p site/packages 115 cp -a upload/* site/packages/ 116 - name: Publish site 117 env: 118 GIT_COMMITTER_NAME: cli automation 119 GIT_AUTHOR_NAME: cli automation 120 GIT_COMMITTER_EMAIL: noreply@github.com 121 GIT_AUTHOR_EMAIL: noreply@github.com 122 working-directory: ./site 123 run: | 124 git add packages 125 git commit -m "Add rpm and deb packages for ${GITHUB_REF#refs/tags/}" 126 if [[ $GITHUB_REF == *-* ]]; then 127 git log --oneline @{upstream}.. 128 git diff --name-status @{upstream}.. 129 else 130 git push 131 fi 132 133 msi: 134 needs: goreleaser 135 runs-on: windows-latest 136 steps: 137 - name: Checkout 138 uses: actions/checkout@v3 139 - name: Download gh.exe 140 id: download_exe 141 shell: bash 142 run: | 143 hub release download "${GITHUB_REF#refs/tags/}" -i '*windows_amd64*.zip' 144 printf "::set-output name=zip::%s\n" *.zip 145 unzip -o *.zip && rm -v *.zip 146 env: 147 GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} 148 - name: Prepare PATH 149 id: setupmsbuild 150 uses: microsoft/setup-msbuild@v1.1.3 151 - name: Build MSI 152 id: buildmsi 153 shell: bash 154 env: 155 ZIP_FILE: ${{ steps.download_exe.outputs.zip }} 156 MSBUILD_PATH: ${{ steps.setupmsbuild.outputs.msbuildPath }} 157 run: | 158 name="$(basename "$ZIP_FILE" ".zip")" 159 version="$(echo -e ${GITHUB_REF#refs/tags/v} | sed s/-.*$//)" 160 "${MSBUILD_PATH}\MSBuild.exe" ./build/windows/gh.wixproj -p:SourceDir="$PWD" -p:OutputPath="$PWD" -p:OutputName="$name" -p:ProductVersion="$version" 161 - name: Obtain signing cert 162 id: obtain_cert 163 shell: bash 164 run: | 165 base64 -d <<<"$CERT_CONTENTS" > ./cert.pfx 166 printf "::set-output name=cert-file::%s\n" ".\\cert.pfx" 167 env: 168 CERT_CONTENTS: ${{ secrets.WINDOWS_CERT_PFX }} 169 - name: Sign MSI 170 env: 171 CERT_FILE: ${{ steps.obtain_cert.outputs.cert-file }} 172 EXE_FILE: ${{ steps.buildmsi.outputs.msi }} 173 CERT_PASSWORD: ${{ secrets.WINDOWS_CERT_PASSWORD }} 174 run: .\script\signtool sign /d "GitHub CLI" /f $env:CERT_FILE /p $env:CERT_PASSWORD /fd sha256 /tr http://timestamp.digicert.com /v $env:EXE_FILE 175 - name: Upload MSI 176 shell: bash 177 run: | 178 tag_name="${GITHUB_REF#refs/tags/}" 179 hub release edit "$tag_name" -m "" -a "$MSI_FILE" 180 release_url="$(gh api repos/:owner/:repo/releases -q ".[]|select(.tag_name==\"${tag_name}\")|.url")" 181 publish_args=( -F draft=false ) 182 if [[ $GITHUB_REF != *-* ]]; then 183 publish_args+=( -f discussion_category_name="$DISCUSSION_CATEGORY" ) 184 fi 185 gh api -X PATCH "$release_url" "${publish_args[@]}" 186 env: 187 MSI_FILE: ${{ steps.buildmsi.outputs.msi }} 188 DISCUSSION_CATEGORY: General 189 GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} 190 - name: Bump homebrew-core formula 191 uses: mislav/bump-homebrew-formula-action@v1 192 if: "!contains(github.ref, '-')" # skip prereleases 193 with: 194 formula-name: gh 195 env: 196 COMMITTER_TOKEN: ${{ secrets.UPLOAD_GITHUB_TOKEN }} 197 - name: Checkout scoop bucket 198 uses: actions/checkout@v3 199 with: 200 repository: cli/scoop-gh 201 path: scoop-gh 202 fetch-depth: 0 203 token: ${{secrets.UPLOAD_GITHUB_TOKEN}} 204 - name: Bump scoop bucket 205 shell: bash 206 run: | 207 hub release download "${GITHUB_REF#refs/tags/}" -i '*_checksums.txt' 208 script/scoop-gen "${GITHUB_REF#refs/tags/}" ./scoop-gh/gh.json < *_checksums.txt 209 git -C ./scoop-gh commit -m "gh ${GITHUB_REF#refs/tags/}" gh.json 210 if [[ $GITHUB_REF == *-* ]]; then 211 git -C ./scoop-gh show -m 212 else 213 git -C ./scoop-gh push 214 fi 215 env: 216 GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} 217 GIT_COMMITTER_NAME: cli automation 218 GIT_AUTHOR_NAME: cli automation 219 GIT_COMMITTER_EMAIL: noreply@github.com 220 GIT_AUTHOR_EMAIL: noreply@github.com