Skip to content
Verify release

See if this works #20

Sign in to view logs

See if this works

See if this works #20

Workflow file for this run

.github/workflows/verify-release.yml at 9b70acc
name: Verify release
on:
# Run whenever a release is published.
release:
types: [published]
# And whenever this workflow is updated.
push:
paths:
- '.github/workflows/verify-release.yml'
# And whenever this workflow is updated.
pull_request:
paths:
- '.github/workflows/verify-release.yml'
# Allow manually triggering the workflow.
workflow_dispatch:
# Cancels all previous workflow runs for the same branch that have not yet completed.
concurrency:
# The concurrency group contains the workflow name and the branch name.
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
############################
# Verify the release assets.
############################
verify-release-assets:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
pharfile:
- 'phpcs'
- 'phpcbf'
name: "Release assets: ${{ matrix.pharfile }}"
steps:
- name: Retrieve latest release info
uses: octokit/[email protected]
id: get_latest_release
with:
route: GET /repos/PHPCSStandards/PHP_CodeSniffer/releases/latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Debug info: Show API request failure status"
if: ${{ failure() }}
run: "echo No release found. Request failed with status ${{ steps.get_latest_release.outputs.status }}"
- name: Grab latest tag name from API response
id: version
run: |
echo "TAG=${{ fromJson(steps.get_latest_release.outputs.data).tag_name }}" >> "$GITHUB_OUTPUT"
- name: Show tag name found in API response
run: "echo latest release: ${{ steps.version.outputs.TAG }}"
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 'latest'
ini-values: error_reporting=-1, display_errors=On
coverage: none
- name: Verify PHAR file is available and download
run: curl --remote-name https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/latest/${{ matrix.pharfile }}.phar
- name: Verify signature file is available and download
run: curl --remote-name https://github.com/PHPCSStandards/PHP_CodeSniffer/releases/latest/${{ matrix.pharfile }}.phar.asc
# - name: Verify attestation of the PHAR file
# run: gh attestation verify ${{ matrix.pharfile }}.phar -o PHPCSStandards
# env:
# GH_TOKEN: ${{ github.token }}
- name: Download public key
# run: gpg --keyserver https://keys.openpgp.org/ --search-keys [email protected]
run: gpg --keyserver hkps://keys.openpgp.org --recv-keys 0x689DAD778FF08760E046228BA978220305CD5C32
- name: Verify signature of the PHAR file
run: gpg --verify ${{ matrix.pharfile }}.phar.asc ${{ matrix.pharfile }}.phar
- name: Verify the PHAR is nominally functional
run: php ${{ matrix.pharfile }}.phar -e --standard=PSR12
- name: Grab the version
id: asset_version
env:
FILE_NAME: ${{ matrix.pharfile }}.phar
# yamllint disable-line rule:line-length
run: echo "VERSION=$(php "$FILE_NAME" --version | grep --only-matching --max-count=1 --extended-regexp '\b[0-9]+\.[0-9]+')" >> "$GITHUB_OUTPUT"
- name: Fail the build if the PHAR is not the correct version
if: ${{ steps.asset_version.outputs.VERSION != steps.version.outputs.TAG }}
run: exit 1
##########################################
# Verify plain downloads from the website.
##########################################
verify-plain-web:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
pharfile:
- 'phpcs'
- 'phpcbf'
name: "Unversioned web: ${{ matrix.pharfile }}"
steps:
- name: Retrieve latest release info
uses: octokit/[email protected]
id: get_latest_release
with:
route: GET /repos/PHPCSStandards/PHP_CodeSniffer/releases/latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Debug info: Show API request failure status"
if: ${{ failure() }}
run: "echo No release found. Request failed with status ${{ steps.get_latest_release.outputs.status }}"
- name: Grab latest tag name from API response
id: version
run: |
echo "TAG=${{ fromJson(steps.get_latest_release.outputs.data).tag_name }}" >> "$GITHUB_OUTPUT"
- name: Show tag name found in API response
run: "echo latest release: ${{ steps.version.outputs.TAG }}"
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 'latest'
ini-values: error_reporting=-1, display_errors=On
coverage: none
- name: Verify PHAR file is available and download
run: curl --remote-name https://phars.phpcodesniffer.com/${{ matrix.pharfile }}.phar
- name: Verify signature file is available and download
run: curl --remote-name https://phars.phpcodesniffer.com/${{ matrix.pharfile }}.phar.asc
- name: Verify attestation of the PHAR file
run: gh attestation verify ${{ matrix.pharfile }}.phar -o PHPCSStandards
env:
GH_TOKEN: ${{ github.token }}
- name: Verify signature of the PHAR file
run: gpg --verify ${{ matrix.pharfile }}.phar.asc ${{ matrix.pharfile }}.phar
- name: Verify the PHAR is nominally functional
run: php ${{ matrix.pharfile }}.phar -e --standard=PSR12
- name: Grab the version
id: asset_version
env:
FILE_NAME: ${{ matrix.pharfile }}.phar
# yamllint disable-line rule:line-length
run: echo "VERSION=$(php "$FILE_NAME" --version | grep --only-matching --max-count=1 --extended-regexp '\b[0-9]+\.[0-9]+')" >> "$GITHUB_OUTPUT"
- name: Fail the build if the PHAR is not the correct version
if: ${{ steps.asset_version.outputs.VERSION != steps.version.outputs.TAG }}
run: exit 1
# #########################################
# Verify versioned downloads from the website.
# #########################################
verify-versioned-web:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
pharfile:
- 'phpcs'
- 'phpcbf'
name: "Versioned web: ${{ matrix.pharfile }}"
steps:
- name: Retrieve latest release info
uses: octokit/[email protected]
id: get_latest_release
with:
route: GET /repos/PHPCSStandards/PHP_CodeSniffer/releases/latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Debug info: Show API request failure status"
if: ${{ failure() }}
run: "echo No release found. Request failed with status ${{ steps.get_latest_release.outputs.status }}"
- name: Grab latest tag name from API response
id: version
run: |
echo "TAG=${{ fromJson(steps.get_latest_release.outputs.data).tag_name }}" >> "$GITHUB_OUTPUT"
- name: Show tag name found in API response
run: "echo latest release: ${{ steps.version.outputs.TAG }}"
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 'latest'
ini-values: error_reporting=-1, display_errors=On
coverage: none
- name: Verify PHAR file is available and download
run: curl --remote-name https://phars.phpcodesniffer.com/phars/${{ matrix.pharfile }}-${{ steps.version.outputs.TAG }}.phar
- name: Verify signature file is available and download
run: curl --remote-name https://phars.phpcodesniffer.com/phars/${{ matrix.pharfile }}-${{ steps.version.outputs.TAG }}.phar.asc
- name: Verify attestation of the PHAR file
run: gh attestation verify ${{ matrix.pharfile }}-${{ steps.version.outputs.TAG }}.phar -o PHPCSStandards
env:
GH_TOKEN: ${{ github.token }}
- name: Verify signature of the PHAR file
run: >
gpg --verify ${{ matrix.pharfile }}-${{ steps.version.outputs.TAG }}.phar.asc
${{ matrix.pharfile }}-${{ steps.version.outputs.TAG }}.phar
- name: Verify the PHAR is nominally functional
run: php ${{ matrix.pharfile }}-${{ steps.version.outputs.TAG }}.phar -e --standard=PSR12
- name: Grab the version
id: asset_version
env:
FILE_NAME: ${{ matrix.pharfile }}-${{ steps.version.outputs.TAG }}.phar
# yamllint disable-line rule:line-length
run: echo "VERSION=$(php "$FILE_NAME" --version | grep --only-matching --max-count=1 --extended-regexp '\b[0-9]+\.[0-9]+')" >> "$GITHUB_OUTPUT"
- name: Fail the build if the PHAR is not the correct version
if: ${{ steps.asset_version.outputs.VERSION != steps.version.outputs.TAG }}
run: exit 1
# #########################################
# Verify install via PHIVE.
# #########################################
verify-phive:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
pharfile:
- 'phpcs'
- 'phpcbf'
name: "PHIVE: ${{ matrix.pharfile }}"
steps:
- name: Retrieve latest release info
uses: octokit/[email protected]
id: get_latest_release
with:
route: GET /repos/PHPCSStandards/PHP_CodeSniffer/releases/latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Debug info: Show API request failure status"
if: ${{ failure() }}
run: "echo No release found. Request failed with status ${{ steps.get_latest_release.outputs.status }}"
- name: Grab latest tag name from API response
id: version
run: |
echo "TAG=${{ fromJson(steps.get_latest_release.outputs.data).tag_name }}" >> "$GITHUB_OUTPUT"
- name: Show tag name found in API response
run: "echo latest release: ${{ steps.version.outputs.TAG }}"
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 'latest'
ini-values: error_reporting=-1, display_errors=On
coverage: none
tools: phive
- name: Install
run: phive install ${{ matrix.pharfile }} --copy --trust-gpg-keys 689DAD778FF08760E046228BA978220305CD5C32
- name: List files
run: ls -R
- name: Verify attestation of the PHAR file
run: gh attestation verify ./tools/${{ matrix.pharfile }} -o PHPCSStandards
env:
GH_TOKEN: ${{ github.token }}
- name: Verify the PHAR is nominally functional
run: php ./tools/${{ matrix.pharfile }}.phar -e --standard=PSR12
- name: Grab the version
id: asset_version
env:
FILE_NAME: ./tools/${{ matrix.pharfile }}.phar
# yamllint disable-line rule:line-length
run: echo "VERSION=$(php "$FILE_NAME" --version | grep --only-matching --max-count=1 --extended-regexp '\b[0-9]+\.[0-9]+')" >> "$GITHUB_OUTPUT"
- name: Fail the build if the PHAR is not the correct version
if: ${{ steps.asset_version.outputs.VERSION != steps.version.outputs.TAG }}
run: exit 1