Skip to content

Commit

Permalink
Fix: signature of tar balls
Browse files Browse the repository at this point in the history
Uses the `sign-release`files` action instead of using curl manually.

This allows us easier maintenance as we can get support from a dedicated
team.

Besides that the version calculation is separated into an own job by
using the output functionality. This allows us to reuse that calculation
later.
  • Loading branch information
nichtsfrei committed May 20, 2023
1 parent 631b66f commit 5ca655b
Showing 1 changed file with 46 additions and 13 deletions.
59 changes: 46 additions & 13 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,8 @@ on:
# Once the version is found and enhanced, each CMakeLists file is updated to the new
# version, and a commit is created in the found branch.
jobs:
release:
name: release
calculate_version:
runs-on: "ubuntu-latest"
if: |
${{
(github.event_name == 'workflow_dispatch') ||
Expand All @@ -45,11 +45,14 @@ jobs:
contains(github.event.pull_request.labels.*.name, 'major_release') ||
contains(github.event.pull_request.labels.*.name, 'minor_release') ||
contains(github.event.pull_request.labels.*.name, 'patch_release')
)
)
}}
runs-on: "ubuntu-latest"
outputs:
new_version: ${{ steps.version.outputs.new_version }}
latest_version: ${{ steps.version.outputs.latest_version }}
release_kind: ${{ steps.version.outputs.release_kind }}
release_ref: ${{ steps.version.outputs.release_ref }}
steps:
- uses: actions/checkout@v3
with:
Expand Down Expand Up @@ -103,6 +106,29 @@ jobs:
echo "NEW_VERSION=$(sh .github/enhance_version.sh ${{ env.LATEST_VERSION }} ${{ env.RELEASE_KIND }})" >> $GITHUB_ENV
- name: NEW_VERSION != NULL
run: ([ -n "${{ env.NEW_VERSION }}" ])
- name: set output
id: version
run: |
echo "latest_version=$LATEST_VERSION" >> "$GITHUB_OUTPUT"
echo "new_version=$NEW_VERSION" >> "$GITHUB_OUTPUT"
echo "release_kind=$RELEASE_KIND" >> "$GITHUB_OUTPUT"
echo "release_ref=$RELEASE_REF" >> "$GITHUB_OUTPUT"
release:
name: release
needs: calculate_version
runs-on: "ubuntu-latest"
env:
RELEASE_KIND: ${{needs.calculate_version.outputs.release_kind}}
RELEASE_REF: ${{needs.calculate_version.outputs.release_ref}}
LATEST_VERSION: ${{needs.calculate_version.outputs.latest_version}}
NEW_VERSION: ${{needs.calculate_version.outputs.new_version}}
steps:
- uses: actions/checkout@v3
with:
token: ${{ secrets.GREENBONE_BOT_TOKEN }}
fetch-depth: '0'
- name: set git credentials
run: |
git config --global user.email "${{ secrets.GREENBONE_BOT_MAIL }}"
Expand All @@ -122,7 +148,8 @@ jobs:
git checkout "${{ env.RELEASE_REF }}"
# change version
python3 -m pip install pontos
pontos-version update ${{ env.NEW_VERSION }}
# ignore failure on setting version
pontos-version update ${{ env.NEW_VERSION }} || true
# as soon as pontos-version release is available and it supports cargo do
# cd rust
# pontos-version update ${{ env.NEW_VERSION }}
Expand All @@ -145,7 +172,8 @@ jobs:
rust/target/
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- run: rustup update stable && rustup default stable
- run: cargo install cross
# ignore failing install, it may already be installed
- run: cargo install cross || true
- run: CROSS_CONFIG=Cross.toml cross -v build --release --target aarch64-unknown-linux-gnu
working-directory: rust
- run: CROSS_CONFIG=Cross.toml cross build --release --target x86_64-unknown-linux-gnu
Expand Down Expand Up @@ -178,12 +206,17 @@ jobs:
export nrn="v${{ env.NEW_VERSION }}"
export filename="$PROJECT-$nrn"
gh release create "$nrn" -F /tmp/changelog.md
mkdir -p assets
ls -las assets/
curl -Lo assets/$filename.zip https://github.com/${{ github.repository }}/openvas-scanner/archive/refs/tags/$nrn.zip
curl -Lo assets/$filename.tar.gz https://github.com/${{ github.repository }}/openvas-scanner/archive/refs/tags/$nrn.tar.gz
echo -e "${{ secrets.GPG_KEY }}" > private.pgp
echo ${{ secrets.GPG_PASSPHRASE }} | bash .github/sign-assets.sh private.pgp
rm assets/$filename.zip
rm assets/$filename.tar.gz
gh release upload $nrn assets/*
sign:
name: "sign ${{needs.calculate_version.outputs.new_version}}"
runs-on: "ubuntu-latest"
needs: [calculate_version, release]
steps:
- name: Sign release files
uses: greenbone/actions/sign-release-files@v2
with:
gpg-key: ${{ secrets.GPG_KEY }}
gpg-fingerprint: ${{ secrets.GPG_FINGERPRINT }}
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
release-version: ${{needs.calculate_version.outputs.new_version}}

0 comments on commit 5ca655b

Please sign in to comment.