-
Notifications
You must be signed in to change notification settings - Fork 3
176 lines (167 loc) · 7.94 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
name: Push Website to IPFS
on:
push:
branches: [ master, dev ]
jobs:
build:
name: Repo Build
runs-on: ubuntu-20.04
permissions:
contents: read
packages: write
id-token: write
pull-requests: write
container:
image: ghcr.io/kiracore/docker/base-image:v0.12.2
steps:
- name: Init Part 1
run: |
mkdir -p /github/home/.cache/pip
git config --global --add safe.directory /github/home/.cache/pip
git config --global --add safe.directory $PWD
echo "INDEX_MODE=redirect" >> $GITHUB_ENV
echo "DNS=kira.network" >> $GITHUB_ENV
echo "USERNAME=KiraCore" >> $GITHUB_ENV
echo "SOURCE_BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
echo "RELEASE=${GITHUB_WORKSPACE}/bin" >> $GITHUB_ENV
- name: Checkout ${{env.DNS}}
uses: actions/checkout@v3
with:
repository: "${{env.USERNAME}}/${{env.DNS}}"
ref: ${{ env.SOURCE_BRANCH }}
- name: Init Part 2
run: |
VERSION="$(cat ./version)" && echo "VERSION=$VERSION" >> $GITHUB_ENV
git ls-remote https://github.com/${{env.USERNAME}}/${{env.DNS}} | egrep -q "refs/tags/${VERSION}$" && echo "RELEASE_EXISTS=true" >> $GITHUB_ENV || echo "RELEASE_EXISTS=false" >> $GITHUB_ENV
- name: Publish HTML to IPFS
shell: bash
run: |
set -x
IPFS_UPLOAD_NAME="www-${{env.DNS}}-${{env.SOURCE_BRANCH}}-${{env.VERSION}}"
set -e
ipfs-api delete $IPFS_UPLOAD_NAME --key=${{secrets.PINATA_API_JWT}} --verbose=true || echo "WARNING: Failed to delete file with name '$IPFS_UPLOAD_NAME' request failed or it might not exist"
set +e
ipfs-api pin ./ $IPFS_UPLOAD_NAME --key=${{secrets.PINATA_API_JWT}} --verbose=true | tee -a ./ipfs-pin.log || echo "ERROR: Failed to pin web app"
IPFS_HASH=$(cat ./ipfs-pin.log | tail -n 1 | bash-utils jsonParse ".hash" || echo "")
[ -z "$IPFS_HASH" ] && echo "ERROR: IPFS Upload Failed" && exit 1
echo "IPFS_HASH=$IPFS_HASH" >> $GITHUB_ENV
IPFS_HASH_SHORT=${IPFS_HASH::10}...${IPFS_HASH: -3}
echo "IPFS_HASH_SHORT=$IPFS_HASH_SHORT" >> $GITHUB_ENV
rm -fv "./ipfs-pin.log"
- name: Save changes to release folder
run: |
ZIP_FILENAME="${{env.DNS}}.zip"
rm -fv "./$ZIP_FILENAME"
zip -r "./$ZIP_FILENAME" ./*
mkdir -p ${{env.RELEASE}}
echo "${{env.IPFS_HASH}}" > "${{env.RELEASE}}/ipfs-cid.txt"
cp -fv ./RELEASE.md "${{env.RELEASE}}/RELEASE.md"
cp -fv ./LICENSE.md "${{env.RELEASE}}/LICENSE.md"
cp -fv ./${INDEX_MODE}.html "${{env.RELEASE}}/index.html"
echo "${{env.DNS}}" > "${{env.RELEASE}}/CNAME"
echo "www.${{env.DNS}}" >> "${{env.RELEASE}}/CNAME"
TARGET_VAR="IPFS_CID"
REPLACE_VAR="${{env.IPFS_HASH}}"
ESCAPED_VAR=$(echo "$REPLACE_VAR" | sed 's/\//\\\//g; s/&/\\&/g; s/\?/\\?/g')
sed -i "s/$TARGET_VAR/$ESCAPED_VAR/g" "${{env.RELEASE}}/index.html"
TARGET_VAR="DNS_ADDRESS"
REPLACE_VAR="${{env.DNS}}"
ESCAPED_VAR=$(echo "$REPLACE_VAR" | sed 's/\//\\\//g; s/&/\\&/g; s/\?/\\?/g')
sed -i "s/$TARGET_VAR/$ESCAPED_VAR/g" "${{env.RELEASE}}/index.html"
TARGET_VAR="GITHUB_REPO"
REPLACE_VAR="https://github.com/${{env.USERNAME}}/${{env.DNS}}/releases/tag/${{env.VERSION}}"
ESCAPED_VAR=$(echo "$REPLACE_VAR" | sed 's/\//\\\//g; s/&/\\&/g; s/\?/\\?/g')
sed -i "s/$TARGET_VAR/$ESCAPED_VAR/g" "${{env.RELEASE}}/index.html"
- name: Publish release folder
uses: s0/git-publish-subdir-action@develop
env:
REPO: self
BRANCH: "${{ env.SOURCE_BRANCH }}-release"
FOLDER: "${{ env.RELEASE }}"
GITHUB_TOKEN: ${{ secrets.REPO_ACCESS }}
- name: Signing release files
shell: bash
env:
KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
run: |
ZIP_FILENAME="${{env.DNS}}.zip"
cp -fv ./$ZIP_FILENAME "${{env.RELEASE}}/html-web-site.zip"
echo -e "\n\r\n\rPublished web site:" >> ./bin/RELEASE.md
echo -e " * Private Gateway: [ipfs.kira.network/ipfs/${{env.IPFS_HASH_SHORT}}](https://ipfs.kira.network/ipfs/${{env.IPFS_HASH}}/index.html)" >> ./bin/RELEASE.md
echo -e " * Public Gateway: [ipfs.io/ipfs/${{env.IPFS_HASH_SHORT}}](https://ipfs.io/ipfs/${{env.IPFS_HASH}}/index.html)" >> ./bin/RELEASE.md
echo -e "\n\r\n\r\`\`\`" >> ./bin/RELEASE.md
echo -e " Release Versions: ${{env.VERSION}}" >> ./bin/RELEASE.md
echo -e " Release Date Time: $(date --rfc-2822)" >> ./bin/RELEASE.md
echo -e " Release CID Hash: ${{env.IPFS_HASH}}\n\r" >> ./bin/RELEASE.md
echo " html-web-site.zip: sha256:$(sha256sum ./html-web-site.zip | awk '{ print $1 }')" >> ./bin/RELEASE.md
echo " ipfs-cid.txt: sha256:$(sha256sum ./ipfs-cid.txt | awk '{ print $1 }')" >> ./bin/RELEASE.md
echo " index.html: sha256:$(sha256sum ./index.html | awk '{ print $1 }')" >> ./bin/RELEASE.md
echo -e "\`\`\`" >> ./bin/RELEASE.md
cd ./bin
echo "$KEY" > ../../cosign.key
for FILE in *; do FILE_NAME=$(basename $FILE); cosign sign-blob --key=../../cosign.key --output-signature=./${FILE_NAME}.sig ./$FILE_NAME; done
rm -fv ../../cosign.key
ls -a1 "${{env.RELEASE}}"
- name: Delete old release
if: env.SOURCE_BRANCH == 'master'
uses: dev-drprasad/[email protected]
with:
tag_name: "${{env.VERSION}}"
delete_release: true
env:
GITHUB_TOKEN: ${{secrets.REPO_ACCESS}}
- name: Publish release
if: env.SOURCE_BRANCH == 'master'
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844
with:
token: ${{secrets.REPO_ACCESS}}
body_path: "${{env.RELEASE}}/RELEASE.md"
tag_name: "${{env.VERSION}}"
name: "${{env.VERSION}}"
prerelease: false
draft: false
fail_on_unmatched_files: true
files: |
${{env.RELEASE}}/html-web-site.zip
${{env.RELEASE}}/html-web-site.zip.sig
${{env.RELEASE}}/ipfs-cid.txt
${{env.RELEASE}}/ipfs-cid.txt.sig
${{env.RELEASE}}/index.html
${{env.RELEASE}}/index.html.sig
- name: Cleanup
run: |
cd ${GITHUB_WORKSPACE}
rm -rfv ./*
- name: Download current version of the site
if: env.SOURCE_BRANCH == 'dev'
uses: actions/checkout@v3
with:
ref: dev
- name: Close All PRs
if: env.SOURCE_BRANCH == 'dev'
uses: crondaemon/close-pr@v1
with:
comment: "This PR is obsolete, dev branch is ahead of your branch."
env:
GITHUB_TOKEN: ${{secrets.REPO_ACCESS}}
- name: Create PR from dev to master branch
uses: cea2aj/pull-request@84eb0c3478f13651e5649367941b867ca02d7926
if: env.SOURCE_BRANCH == 'dev'
with:
github_token: ${{secrets.REPO_ACCESS}}
source_branch: ${{env.SOURCE_BRANCH}}
destination_branch: master
pr_title: "${{env.SOURCE_BRANCH}} -> master"
pr_label: "kira-automation"
pr_allow_empty: true
pr_body: |
Web app was deployed to IPFS: ```${{env.IPFS_HASH}}```
* Private Gateway: [ipfs.${{env.DNS}}/ipfs/${{env.IPFS_HASH}}](https://ipfs.${{env.DNS}}/ipfs/${{env.IPFS_HASH}}/index.html)
* Public Gateway: [ipfs.io/ipfs/${{env.IPFS_HASH}}](https://ipfs.io/ipfs/${{env.IPFS_HASH}}/index.html)
- name: Cleanup all even if some tasks fail
shell: bash
continue-on-error: true
run: |
cd ${GITHUB_WORKSPACE} && rm -rfv ./*
echo "(current dir): $PWD" && ls -l ./