chore(release): nightly (#10515) #879

Workflow file for this run

.github/workflows/build-packages.yml at ef085e6

	name: Publish packages

	on:
	push:
	tags:
	- 'v**'
	- 'nightly'
	jobs:
	publish_binary_packages:
	if: github.repository == 'JanssenProject/jans'
	runs-on: ubuntu-20.04
	strategy:
	fail-fast: false
	matrix:
	name: [ubuntu22, ubuntu20, el8, suse15]

	include:
	- name: ubuntu22
	asset_suffix: ~ubuntu22.04_amd64.deb
	build_files: deb/jammy
	asset_prefix: '_'
	asset_path: jans
	sign_cmd: dpkg-sig -s builder -k DE92BEF14A1A4E542F678B64DC3C790386C73900
	python_version: 3.8
	- name: ubuntu20
	asset_suffix: ~ubuntu20.04_amd64.deb
	build_files: deb/focal
	asset_prefix: '_'
	asset_path: jans
	sign_cmd: dpkg-sig -s builder -k DE92BEF14A1A4E542F678B64DC3C790386C73900
	python_version: 3.8
	- name: el8
	asset_suffix: .el8.x86_64.rpm
	build_files: rpm/el8
	asset_prefix: '-'
	asset_path: jans/rpmbuild/RPMS/x86_64
	sign_cmd: rpm --addsign
	python_version: 3.6
	- name: suse15
	asset_suffix: .suse15.x86_64.rpm
	build_files: rpm/suse15
	asset_prefix: '-'
	asset_path: jans/rpmbuild/RPMS/x86_64
	sign_cmd: rpm --addsign
	python_version: 3.6

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	path: temp-jans

	- name: Getting build dependencies
	id: get_dependencies
	run: \|
	mkdir -p jans/jans-src/opt/
	cp -rp temp-jans/automation/packaging/${{ matrix.build_files }}/* jans/
	cp temp-jans/jans-linux-setup/jans_setup/install.py jans/install.py
	sudo add-apt-repository ppa:deadsnakes/ppa
	sudo apt-get update
	sudo apt-get install -y python${{ matrix.python_version }}
	sudo apt install -y build-essential devscripts debhelper rpm dpkg-sig python3-dev python3-requests python3-ruamel.yaml python3-pymysql python3-crypto python3-distutils python3-prompt-toolkit python${{ matrix.python_version }}-distutils libpq-dev python${{ matrix.python_version }}-dev apache2 rsyslog python3-urllib3 python3-certifi postgresql postgresql-contrib
	sudo cp -r /usr/lib/python3/dist-packages /usr/lib/python${{ matrix.python_version }}/
	sudo python${{ matrix.python_version }} -m pip install psycopg2-binary psycopg2
	- name: Import GPG key
	id: import_gpg
	continue-on-error: true
	uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
	with:
	gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }}
	git_user_signingkey: true
	git_commit_gpgsign: true
	- name: List keys
	id: list_keys
	run: gpg -K
	- name: Get latest tag
	id: previoustag
	run: \|
	echo "tag=$(echo ${{ github.event.ref }} \| cut -d '/' -f 3)" >> $GITHUB_OUTPUT
	if [[ ${{ github.event.ref }} == 'refs/tags/nightly' ]]; then
	echo "version=0.0.0-nightly" >> $GITHUB_OUTPUT
	else
	echo "version=$(echo ${{ github.event.ref }} \| cut -d 'v' -f 2)-stable" >> $GITHUB_OUTPUT
	fi
	echo "PACKAGE_PREFIX=jans" >> ${GITHUB_ENV}

	- name: Print Version and tag
	run: \|
	echo "Version: ${{ steps.previoustag.outputs.version }}"
	echo "Tag: ${{ steps.previoustag.outputs.tag }}"
	- name: Running install and build
	id: run_build
	run: \|
	cd jans/
	sudo python${{ matrix.python_version }} install.py -download-exit -yes --keep-downloads --keep-setup -force-download
	cp -r /opt/dist jans-src/opt/
	cp -r /opt/jans jans-src/opt/
	touch jans-src/opt/jans/jans-setup/package
	rm -rf install.py install jans-cli-tui
	rm -rf jans-src/opt/jans/jans-setup/logs/setup.log
	rm -rf jans-src/opt/jans/jans-setup/logs/setup_error.log
	sed -i "s/%VERSION%/${{ steps.previoustag.outputs.version }}/g" run-build.sh
	cat run-build.sh
	sudo ./run-build.sh
	- name: Sign package
	id: sign_package
	run : \|
	echo '%_gpg_name moauto (automation) <[email protected]>' >> ~/.rpmmacros
	${{ matrix.sign_cmd }} ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
	gpg --armor --detach-sign ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}

	- name: Create checksum
	id: create_checksum
	run: \|
	cd jans/
	sed -i "s/%VERSION%/${{ steps.previoustag.outputs.version }}/g" checksum.sh
	sudo ./checksum.sh
	ls ${{github.workspace}}/${{ matrix.asset_path }}

	- name: Upload binaries to release
	id: upload_binaries
	uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
	with:
	repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
	file: ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
	asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
	tag: ${{ steps.previoustag.outputs.tag }}
	overwrite: true
	- name: Upload checksum to release
	id: upload_shas
	uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
	with:
	repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
	file: ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.sha256sum
	asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.sha256sum
	tag: ${{ steps.previoustag.outputs.tag }}
	overwrite: true
	- name: Upload sig to release
	id: upload_sigs
	uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
	with:
	repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
	file: ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.asc
	asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.asc
	tag: ${{ steps.previoustag.outputs.tag }}
	overwrite: true
	build_python_packages:
	if: github.repository == 'JanssenProject/jans'
	runs-on: ubuntu-20.04
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- uses: addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185 # v3
	name: Build with Suse
	continue-on-error: true
	with:
	image: opensuse/leap:15.4
	options: -v ${{ github.workspace }}:/suse
	run: \|
	zypper addrepo https://download.opensuse.org/repositories/openSUSE:Leap:15.1/standard/openSUSE:Leap:15.1.repo
	zypper --gpg-auto-import-keys refresh
	zypper --non-interactive install -y gcc-c++ make gcc automake autoconf libtool python3-pip python3-setuptools python3-wheel openssl
	zypper addrepo https://download.opensuse.org/repositories/home:smarty12:Python/RaspberryPi_Leap_15.2/home:smarty12:Python.repo
	zypper --gpg-auto-import-keys refresh
	zypper download python3-dev
	rpm -i --nodeps /var/cache/zypp/packages/home_smarty12_Python/noarch/python3-dev-0.4.0-lp152.1.4.noarch.rpm
	zypper --non-interactive install -y python3
	zypper --non-interactive install -y python3-devel
	echo "Building jans-linux-setup package"
	cd /suse/jans-linux-setup
	pip install shiv
	make zipapp
	mv jans-linux-setup.pyz jans-linux-suse-X86-64-setup.pyz
	sha256sum jans-linux-suse-X86-64-setup.pyz > jans-linux-suse-X86-64-setup.pyz.sha256sum
	cd ../jans-cli-tui
	make zipapp
	mv jans-cli-tui.pyz jans-cli-tui-linux-suse-X86-64.pyz
	sha256sum jans-cli-tui-linux-suse-X86-64.pyz > jans-cli-tui-linux-suse-X86-64.pyz.sha256sum
	- name: Set up Python 3.6
	uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
	with:
	python-version: 3.6
	- name: Build with Ubuntu
	continue-on-error: true
	run: \|
	sudo apt-get update
	sudo apt-get install -y python3 build-essential ca-certificates dbus systemd iproute2 gpg python3-pip python3-dev libpq-dev gcc
	python3 -m pip install --upgrade pip
	pip3 install shiv wheel setuptools
	echo "Building jans-linux-setup package"
	sudo chown -R runner:docker /home/runner/work/jans/jans
	cd jans-linux-setup
	make zipapp \|\| echo "Creating linux setup failed for ubuntu"
	mv jans-linux-setup.pyz jans-linux-ubuntu-X86-64-setup.pyz \|\| echo "Failed"
	sha256sum jans-linux-ubuntu-X86-64-setup.pyz > jans-linux-ubuntu-X86-64-setup.pyz.sha256sum \|\| echo "Failed"
	cd ../jans-cli-tui
	make zipapp
	mv jans-cli-tui.pyz jans-cli-tui-linux-ubuntu-X86-64.pyz
	sha256sum jans-cli-tui-linux-ubuntu-X86-64.pyz > jans-cli-tui-linux-ubuntu-X86-64.pyz.sha256sum
	- uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
	id: cache-installers
	with:
	path: \|
	${{github.workspace}}/jans-linux-setup/jans-linux-suse-X86-64-setup.pyz
	${{github.workspace}}/jans-linux-setup/jans-linux-suse-X86-64-setup.pyz.sha256sum
	${{github.workspace}}/jans-linux-setup/jans-linux-ubuntu-X86-64-setup.pyz
	${{github.workspace}}/jans-linux-setup/jans-linux-ubuntu-X86-64-setup.pyz.sha256sum
	${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-suse-X86-64.pyz
	${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-suse-X86-64.pyz.sha256sum
	${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-ubuntu-X86-64.pyz
	${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-ubuntu-X86-64.pyz.sha256sum
	key: ${{ github.sha }}
	upload_python_packages:
	if: github.repository == 'JanssenProject/jans'
	needs: build_python_packages
	runs-on: ubuntu-20.04
	strategy:
	matrix:
	name: [ubuntu, suse]
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
	id: cache-installers
	with:
	path: \|
	${{github.workspace}}/jans-linux-setup/jans-linux-suse-X86-64-setup.pyz
	${{github.workspace}}/jans-linux-setup/jans-linux-suse-X86-64-setup.pyz.sha256sum
	${{github.workspace}}/jans-linux-setup/jans-linux-ubuntu-X86-64-setup.pyz
	${{github.workspace}}/jans-linux-setup/jans-linux-ubuntu-X86-64-setup.pyz.sha256sum
	${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-suse-X86-64.pyz
	${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-suse-X86-64.pyz.sha256sum
	${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-ubuntu-X86-64.pyz
	${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-ubuntu-X86-64.pyz.sha256sum
	key: ${{ github.sha }}
	- name: Get latest tag
	id: previoustag
	run: \|

	echo "version=${VERSION}" >> $GITHUB_OUTPUT
	echo "tag=$(echo ${{ github.event.ref }} \| cut -d '/' -f 3)" >> $GITHUB_OUTPUT
	echo "SETUP_PREFIX=jans-linux" >> ${GITHUB_ENV}
	echo "TUI_PREFIX=jans-cli-tui-linux" >> ${GITHUB_ENV}
	echo "PACKAGE_PREFIX=jans" >> ${GITHUB_ENV}

	- name: Print Version and tag
	run: \|
	echo "Version: ${{ steps.previoustag.outputs.version }}"
	echo "Tag: ${{ github.event.ref }}"
	- name: Upload binaries to release
	id: upload_binaries_setup
	continue-on-error: true
	uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
	with:
	repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
	file: ${{github.workspace}}/jans-linux-setup/jans-linux-${{ matrix.name }}-X86-64-setup.pyz
	asset_name: ${{ env.SETUP_PREFIX }}-${{ matrix.name }}-X86-64-setup.pyz
	tag: ${{ steps.previoustag.outputs.tag }}
	overwrite: true
	- name: Upload checksum to release
	id: upload_shas_setup
	continue-on-error: true
	uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
	with:
	repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
	file: ${{github.workspace}}/jans-linux-setup/jans-linux-${{ matrix.name }}-X86-64-setup.pyz.sha256sum
	asset_name: ${{ env.SETUP_PREFIX }}-${{ matrix.name }}-X86-64-setup.pyz.sha256sum
	tag: ${{ steps.previoustag.outputs.tag }}
	overwrite: true
	- name: Upload binaries to release
	id: upload_binaries_cli
	continue-on-error: true
	uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
	with:
	repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
	file: ${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-${{ matrix.name }}-X86-64.pyz
	asset_name: ${{ env.TUI_PREFIX }}-${{ matrix.name }}-X86-64.pyz
	tag: ${{ steps.previoustag.outputs.tag }}
	overwrite: true
	- name: Upload checksum to release
	id: upload_shas_cli
	continue-on-error: true
	uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
	with:
	repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }}
	file: ${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-${{ matrix.name }}-X86-64.pyz.sha256sum
	asset_name: ${{ env.TUI_PREFIX }}-${{ matrix.name }}-X86-64.pyz.sha256sum
	tag: ${{ steps.previoustag.outputs.tag }}
	overwrite: true
	build_demo_packages:
	if: github.repository == 'JanssenProject/jans'
	runs-on: ubuntu-latest
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- name: Build with Ubuntu
	continue-on-error: true
	run: \|
	sudo apt-get update
	sudo apt-get install -y zip
	cd demos
	VER=$(echo ${{ github.event.ref }} \| cut -d '/' -f 3)
	for i in $(ls -d */); do zip -r demo-${i%/}-$VER-source.zip $i && sha256sum demo-${i%/}-$VER-source.zip > demo-${i%/}-$VER-source.zip.sha256sum; done
	sudo rm demo-jans-tarp-$VER-source.zip demo-jans-tarp-$VER-source.zip.sha256sum
	cd jans-tarp
	npm install
	npm run build
	npm run pack
	mv ./release/jans-tarp-chrome-*.zip ../demo-jans-tarp-chrome-$VER.zip
	mv ./release/jans-tarp-firefox-*.zip ../demo-jans-tarp-firefox-$VER.zip
	sha256sum ../demo-jans-tarp-chrome-$VER.zip > ../demo-jans-tarp-chrome-$VER.zip.sha256sum
	sha256sum ../demo-jans-tarp-firefox-$VER.zip > ../demo-jans-tarp-firefox-$VER.zip.sha256sum
	cd ..

	echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" \| gh auth login --with-token
	gh release upload $VER .zip .sha256sum --clobber
	build_cedarling_python:
	if: github.repository == 'JanssenProject/jans'
	runs-on: ubuntu-latest
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- name: Import GPG key
	id: import_gpg
	continue-on-error: true
	uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
	with:
	gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }}
	git_user_signingkey: true
	git_commit_gpgsign: true

	- uses: actions/setup-python@v5
	- uses: PyO3/maturin-action@v1
	with:
	working-directory: ${{ github.workspace }}/jans-cedarling/bindings/cedarling_python
	command: build
	args: --release -i python3.10 python3.11

	- name: Generate sha256sum and sign
	id: sign-cedarling
	run: \|
	TAG=$(echo ${{ github.event.ref }} \| cut -d '/' -f 3 \| sed 's/^v//')
	VERSION="$(echo ${{ github.event.ref }} \| cut -d '/' -f 3)"
	if [ "${TAG}" == "nightly" ]; then
	VERSION=nightly
	TAG="0.0.0"
	fi
	cd ${{ github.workspace }}/jans-cedarling/target/wheels
	sha256sum cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_34_x86_64.whl > cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_34_x86_64.whl.sha256sum
	sha256sum cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_34_x86_64.whl > cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_34_x86_64.whl.sha256sum
	gpg --armor --detach-sign cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_34_x86_64.whl \|\| echo "Failed to sign"
	gpg --armor --detach-sign cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_34_x86_64.whl \|\| echo "Failed to sign"
	echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" \| gh auth login --with-token
	gh release upload "${VERSION}" .whl .sha256sum *.asc

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(release): nightly (#10515) #879

Workflow file

chore(release): nightly (#10515) #879

Jobs

Run details

Workflow file for this run