Skip to content
Github Release

Github Release #74

Sign in to view logs

Github Release

Github Release #74

Workflow file for this run

.github/workflows/gh-release.yaml at d849d05
# release package
name: Github Release
on:
workflow_dispatch:
push:
tags:
- "v*.*.*"
jobs:
build-tarballs:
runs-on: ubuntu-latest
permissions:
contents: read
env:
TARBALL_TARGETS: linux-x64,linux-arm64,darwin-x64,darwin-arm64,win32-x64
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE }}
aws-region: us-west-2
- uses: actions/setup-node@v4
with:
node-version: '18.x'
cache: yarn
- run: yarn
- run: yarn build
- name: Find packaged node version
id: find_packaged_node_version
working-directory: packages/cli
run: |
echo "NODE_VERSION=$(jq -r .oclif.update.node.version package.json)" >> "${GITHUB_OUTPUT}"
- uses: actions/cache@v3
id: cache-oclif-pack
name: Setup cache for oclif pack
with:
path: packages/cli/tmp/cache
key: preevy-oclif-pack-node-v${{ steps.find_packaged_node_version.outputs.NODE_VERSION }}
- name: Pack tarballs
working-directory: packages/cli
run: yarn oclif pack tarballs --parallel --no-xz --targets $TARBALL_TARGETS
- name: Upload tarballs artifacts
uses: actions/upload-artifact@v4
with:
name: preevy-tarballs
path: ./packages/cli/dist/preevy-v*
if-no-files-found: error
retention-days: 1
compression-level: 0
sign-mac-binaries:
runs-on: macos-latest
needs: build-tarballs
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: preevy-tarballs
path: packages/cli/dist/
- uses: apple-actions/import-codesign-certs@v2
with:
p12-file-base64: ${{ secrets.APPLE_CERT_DATA }}
p12-password: ${{ secrets.APPLE_CERT_PASS }}
- name: Sign mac binaries
working-directory: packages/cli/dist
env:
CERT_CN: ${{ vars.APPLE_CERT_CN }}
run: |
work_dir="${RUNNER_TEMP}/preevy-package"
for tarball in $(find . -name 'preevy-v*-darwin-*.tar.gz' -type f -maxdepth 1); do
rm -rf "${work_dir}"
mkdir -p "${work_dir}"
tar -xf "$tarball" -C "${work_dir}"
for binfile in "${work_dir}/preevy/bin/preevy" "${work_dir}/preevy/bin/node"; do
codesign --remove-signature "$binfile"
security find-identity -v
codesign --verbose=4 --sign "$CERT_CN" "$binfile"
done
rm "$tarball"
tar -czf "$tarball" -C "${work_dir}" .
done
- name: Upload signed tarballs artifacts
uses: actions/upload-artifact@v4
with:
name: preevy-tarballs-signed
path: ./packages/cli/dist/preevy-v*
if-no-files-found: error
retention-days: 1
compression-level: 0
upload-tarballs-to-s3:
runs-on: ubuntu-latest
needs: sign-mac-binaries
permissions:
contents: read
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE }}
aws-region: us-west-2
- uses: actions/setup-node@v4
with:
node-version: '18.x'
cache: yarn
- run: yarn
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: preevy-tarballs-signed
path: packages/cli/dist/
- name: Upload tarballs
working-directory: packages/cli
run: yarn oclif upload tarballs --no-xz --targets $TARBALL_TARGETS
create-gh-release:
runs-on: ubuntu-latest
needs: sign-mac-binaries
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: preevy-tarballs-signed
path: packages/cli/dist/
- name: Rename tarballs
# if: startsWith(github.ref, 'refs/tags/')
working-directory: packages/cli/dist
run: |
git_sha="$(git rev-parse --short HEAD)"
for f in $(find . -maxdepth 1 -type f -name 'preevy-v*'); do
new_name="$(echo ${f} | sed 's/-'"${git_sha}"'//')"
echo "Renaming ${f} to ${new_name}"
mv "${f}" "${new_name}"
done
- name: Release
uses: softprops/action-gh-release@v1
with:
generate_release_notes: true
draft: ${{ !startsWith(github.ref, 'refs/tags/') }}
prerelease: ${{ !startsWith(github.ref, 'refs/tags/') }}
files: |
packages/cli/dist/preevy-v*.tar.gz