Bump golang.org/x/crypto from 0.14.0 to 0.17.0 #1082
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build, Release & Publish | |
on: | |
push: | |
branches: [ release/v*.*.*, feature/*, master, dev, latest, testnet-*, mainnet-*, kira-* ] | |
pull_request: | |
branches: [ release/v*.*.*, bugfix/*, master, dev, latest, testnet-*, mainnet-*, kira-* ] | |
jobs: | |
build: | |
name: Repo Build | |
runs-on: ubuntu-20.04 | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
pull-requests: write | |
container: | |
image: ghcr.io/kiracore/docker/base-image:v0.13.14 | |
steps: | |
# Work around https://github.com/actions/checkout/issues/760 | |
- name: Add safe.directory | |
run: | | |
git config --global --add safe.directory /github/workspace | |
git config --global --add safe.directory $PWD | |
# ref.: https://github.com/actions/checkout, v3.0.0 | |
- name: Checkout repository | |
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 | |
- name: Checking dependency versions & packaging source files | |
run: | | |
echo "(current dir): $PWD" && ls -l ./ | |
cd ../ && tar -czvf src.tar.gz -C ./sekai . && cp ./src.tar.gz ./sekai/src.tar.gz | |
cd ./sekai | |
. /etc/profile && echo "Utils Version: $(bash-utils bashUtilsVersion)" | |
go version | |
echo "ENVS: $(env)" | |
echo "HOME: $HOME" | |
echo " PWD: $PWD" | |
- name: Extract branch name on push | |
if: github.event_name == 'push' | |
shell: bash | |
run: | | |
echo "SOURCE_BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV | |
echo "DESTINATION_BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV | |
- name: Extract branch name on pull request | |
if: github.event_name == 'pull_request' | |
env: | |
REF_BRANCH: ${{ github.event.pull_request.head.ref }} | |
BASE_REF_BRANCH: ${{ github.base_ref }} | |
shell: bash | |
run: | | |
echo "SOURCE_BRANCH=$(echo ${{ env.REF_BRANCH }})" >> $GITHUB_ENV | |
echo "DESTINATION_BRANCH=$(echo ${{ env.BASE_REF_BRANCH }})" >> $GITHUB_ENV | |
- name: Inspecting & organizing artifacts | |
run: | | |
echo "(current dir): $PWD" && ls -l ./ | |
chmod -Rv 555 ./scripts | |
RELEASE_VER="$(./scripts/version.sh)" && echo "RELEASE_VER=$RELEASE_VER" >> $GITHUB_ENV | |
RELEASE_BRANCH="release/$RELEASE_VER" && echo "RELEASE_BRANCH=$RELEASE_BRANCH" >> $GITHUB_ENV | |
REPOSITORY_NAME="${{ github.event.repository.name }}" && echo "REPOSITORY_NAME=$REPOSITORY_NAME" >> $GITHUB_ENV | |
git ls-remote https://github.com/kiracore/$REPOSITORY_NAME | egrep -q "refs/tags/${RELEASE_VER}$" && echo "RELEASE_EXISTS=true" >> $GITHUB_ENV || echo "RELEASE_EXISTS=false" >> $GITHUB_ENV | |
if [[ "$RELEASE_VER" =~ $VERSION_REGEX ]] && [[ "$SOURCE_BRANCH" =~ $VERSION_REGEX ]] && [ "$SOURCE_BRANCH" != "$RELEASE_VER" ] ; then | |
echo "ERROR: Version branch name MUST be the same as the app version, run scripts/version.sh to check app version!" | |
exit 1 | |
else | |
echo "INFO: Variables setup succeeded" | |
fi | |
- name: Print debug data before testing | |
run: | | |
echo " Source branch: ${{ env.SOURCE_BRANCH }}" | |
echo "Destination branch: ${{ env.DESTINATION_BRANCH }}" | |
echo " Release branch: ${{ env.RELEASE_BRANCH }}" | |
echo " Event name: ${{ github.event_name }}" | |
echo " Repository name: ${{ env.REPOSITORY_NAME }}" | |
echo " Release version: ${{ env.RELEASE_VER }}" | |
echo " Release exists: ${{ env.RELEASE_EXISTS }}" | |
- name: Testing SEKAI | |
run: | | |
make test | |
make install | |
sekaid version | |
make test-local | |
- name: Publishing SEKAID binaries | |
shell: bash | |
run: | | |
make publish | |
touch ./RELEASE.md | |
cp -fv ./RELEASE.md ./bin/RELEASE.md | |
cp -fv ./src.tar.gz ./bin/source-code.tar.gz | |
chmod -Rv 777 ./bin | |
echo -e "\n\r\n\r\`\`\`" >> ./bin/RELEASE.md | |
echo -e " Release Versions: $RELEASE_VER\n\r" >> ./bin/RELEASE.md | |
echo -e " Release Date Time: $(date --rfc-2822)" >> ./bin/RELEASE.md | |
echo " sekai-darwin-amd64.deb: sha256:$(sha256sum ./bin/sekai-darwin-amd64.deb | awk '{ print $1 }')" >> ./bin/RELEASE.md | |
echo " sekai-darwin-arm64.deb: sha256:$(sha256sum ./bin/sekai-darwin-arm64.deb | awk '{ print $1 }')" >> ./bin/RELEASE.md | |
echo " sekai-linux-amd64.deb: sha256:$(sha256sum ./bin/sekai-linux-amd64.deb | awk '{ print $1 }')" >> ./bin/RELEASE.md | |
echo " sekai-linux-arm64.deb: sha256:$(sha256sum ./bin/sekai-linux-arm64.deb | awk '{ print $1 }')" >> ./bin/RELEASE.md | |
echo "sekai-windows-amd64.exe: sha256:$(sha256sum ./bin/sekai-windows-amd64.exe | awk '{ print $1 }')" >> ./bin/RELEASE.md | |
echo "sekai-windows-arm64.exe: sha256:$(sha256sum ./bin/sekai-windows-arm64.exe | awk '{ print $1 }')" >> ./bin/RELEASE.md | |
echo " source-code.tar.gz: sha256:$(sha256sum ./bin/source-code.tar.gz | awk '{ print $1 }')" >> ./bin/RELEASE.md | |
echo " sekai-utils.sh: sha256:$(sha256sum ./bin/sekai-utils.sh | awk '{ print $1 }')" >> ./bin/RELEASE.md | |
echo " sekai-env.sh: sha256:$(sha256sum ./bin/sekai-env.sh | awk '{ print $1 }')" >> ./bin/RELEASE.md | |
echo -e "\`\`\`" >> ./bin/RELEASE.md | |
tar -czvf deb.tar.gz -C ./bin . | |
- name: Uploading artifacts | |
uses: actions/[email protected] | |
with: | |
name: sekai-bin-deb | |
path: ./deb.tar.gz | |
release: | |
name: Create Release | |
runs-on: ubuntu-20.04 | |
needs: [build] | |
permissions: | |
contents: write | |
packages: write | |
id-token: write | |
pull-requests: write | |
steps: | |
# Install the cosign tool | |
# ref.: https://github.com/sigstore/cosign-installer, v3.2.0 | |
- name: Install cosign | |
uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 | |
with: | |
cosign-release: 'v2.0.0' | |
- name: Confirm installation! | |
run: cosign version | |
- name: Download artifacts | |
uses: actions/[email protected] | |
with: | |
name: sekai-bin-deb | |
- name: Inspecting & organizing artifacts | |
run: | | |
echo "(current dir): $PWD" && ls -l ./ | |
tar xvf ./deb.tar.gz | |
chmod -Rv 777 ./ | |
RELEASE_VER=$(cat ./RELEASE.md | tac | grep -Fn -m 1 'Release Versions: ' | rev | cut -d ":" -f1 | rev | xargs | tr -dc '[:alnum:]\-\.' || echo '') | |
RELEASE_BRANCH="release/$RELEASE_VER" && echo "RELEASE_BRANCH=$RELEASE_BRANCH" >> $GITHUB_ENV | |
echo "RELEASE_VER=$RELEASE_VER" >> $GITHUB_ENV | |
REPOSITORY_NAME="${{ github.event.repository.name }}" | |
echo "REPOSITORY_NAME=$REPOSITORY_NAME" >> $GITHUB_ENV | |
git ls-remote https://github.com/kiracore/$REPOSITORY_NAME | egrep -q "refs/tags/${RELEASE_VER}$" && echo "RELEASE_EXISTS=true" >> $GITHUB_ENV || echo "RELEASE_EXISTS=false" >> $GITHUB_ENV | |
[[ "$RELEASE_VER" == *"-rc"* ]] && echo "PRE_RELEASE=true" >> $GITHUB_ENV || echo "PRE_RELEASE=false" >> $GITHUB_ENV | |
# Branch name is also a version of the release | |
# ref: https://stackoverflow.com/questions/58033366/how-to-get-the-current-branch-within-github-actions | |
- name: Extract branch name on push | |
if: github.event_name == 'push' | |
shell: bash | |
run: | | |
echo "SOURCE_BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV | |
echo "DESTINATION_BRANCH=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV | |
- name: Extract branch name on pull request | |
if: github.event_name == 'pull_request' | |
env: | |
REF_BRANCH: ${{ github.event.pull_request.head.ref }} | |
BASE_REF_BRANCH: ${{ github.base_ref }} | |
shell: bash | |
run: | | |
echo "SOURCE_BRANCH=$(echo ${{ env.REF_BRANCH }})" >> $GITHUB_ENV | |
echo "DESTINATION_BRANCH=$(echo ${{ env.BASE_REF_BRANCH }})" >> $GITHUB_ENV | |
- name: Print debug data before publishing | |
run: | | |
echo " Source branch: ${{ env.SOURCE_BRANCH }}" | |
echo " Dest. branch: ${{ env.DESTINATION_BRANCH }}" | |
echo "Release branch: ${{ env.RELEASE_BRANCH }}" | |
echo " Repo Name: ${{ env.REPOSITORY_NAME }}" | |
echo " Event name: ${{ github.event_name }}" | |
echo " Release ver.: ${{ env.RELEASE_VER }}" | |
echo "Release exists: ${{ env.RELEASE_EXISTS }}" | |
echo " Pre-release: ${{ env.PRE_RELEASE }}" | |
- name: Reject on error | |
# ref.: https://github.com/andrewslotin/rummelsnuff, v1.1.0 | |
uses: andrewslotin/rummelsnuff@a0c9c1929f44eefff922aced1ee4dd64eddf12d6 | |
if: ${{ failure() }} | |
with: | |
spam_label: "Build Errors" | |
close_spam_prs: "yes" | |
access_token: ${{ secrets.GITHUB_TOKEN }} | |
# ref: https://github.com/softprops/action-gh-release, v0.1.14 | |
# Release on merge only (push action) - this should run only once | |
- name: Signing release files | |
if: | | |
github.event_name == 'push' && | |
( env.RELEASE_EXISTS == false || env.RELEASE_EXISTS == 'false' ) && | |
( startsWith(env.SOURCE_BRANCH, 'release/v') && contains(env.SOURCE_BRANCH, '.') ) | |
shell: bash | |
env: | |
KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
run: | | |
echo "$KEY" > ../cosign.key | |
for FILE in *; do FILE_NAME=$(basename $FILE); cosign sign-blob --yes --key=../cosign.key --output-signature=./${FILE_NAME}.sig ./$FILE_NAME; done | |
rm -fv ../cosign.key | |
# ref: https://github.com/softprops/action-gh-release, v0.1.14 | |
# Release on merge only (push action) - this should run only once | |
- name: Publish release | |
if: | | |
github.event_name == 'push' && | |
( env.RELEASE_EXISTS == false || env.RELEASE_EXISTS == 'false' ) && | |
( startsWith(env.SOURCE_BRANCH, 'release/v') && contains(env.SOURCE_BRANCH, '.') ) | |
uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 | |
with: | |
body_path: RELEASE.md | |
tag_name: ${{ env.RELEASE_VER }} | |
name: ${{ env.RELEASE_VER }} | |
prerelease: ${{ env.PRE_RELEASE }} | |
draft: false | |
fail_on_unmatched_files: true | |
files: | | |
./sekai-linux-amd64.deb | |
./sekai-linux-amd64.deb.sig | |
./sekai-linux-arm64.deb | |
./sekai-linux-arm64.deb.sig | |
./sekai-darwin-amd64.deb | |
./sekai-darwin-amd64.deb.sig | |
./sekai-darwin-arm64.deb | |
./sekai-darwin-arm64.deb.sig | |
./sekai-windows-amd64.exe | |
./sekai-windows-amd64.exe.sig | |
./sekai-windows-arm64.exe | |
./sekai-windows-arm64.exe.sig | |
./sekai-utils.sh | |
./sekai-utils.sh.sig | |
./sekai-env.sh | |
./sekai-env.sh.sig | |
./source-code.tar.gz | |
./source-code.tar.gz.sig | |
# ref.: https://github.com/hmarr/auto-approve-action, v2.1.0 | |
# Do NOT approve IF release exists and the source branch is NOT a version branch | |
- name: Approve pull request on success | |
uses: hmarr/auto-approve-action@5d04a5ca6da9aeb8ca9f31a5239b96fc3e003029 | |
if: | | |
( github.event_name == 'pull_request' ) && | |
( env.SOURCE_BRANCH == env.RELEASE_BRANCH || env.DESTINATION_BRANCH == env.RELEASE_BRANCH ) | |
with: | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
- name: Cleanup all resources | |
shell: bash | |
run: | | |
rm -rfv ./* | |
echo "(current dir): $PWD" && ls -l ./ | |
# Work around https://github.com/actions/checkout/issues/760 | |
- name: Add safe.directory | |
run: | | |
git config --global --add safe.directory /github/workspace | |
git config --global --add safe.directory $PWD | |
# ref.: https://github.com/actions/checkout, v3.0.0 | |
- name: Checkout repository | |
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 | |
- name: Create PR from a version branch to latest | |
# ref. repo-sync/pull-request is broken, using cea2aj/pull-request instead | |
uses: cea2aj/pull-request@84eb0c3478f13651e5649367941b867ca02d7926 | |
if: | | |
github.event_name == 'push' && | |
( startsWith(env.SOURCE_BRANCH, 'release/v') && contains(env.SOURCE_BRANCH, '.') ) | |
with: | |
github_token: ${{ secrets.REPO_ACCESS }} | |
source_branch: ${{ env.SOURCE_BRANCH }} | |
destination_branch: 'latest' | |
pr_title: "${{ env.SOURCE_BRANCH }} -> latest" | |
pr_label: "kira-automation,automerge" | |
pr_allow_empty: true | |
- name: Auto-merge version branch to latest branch | |
uses: pascalgn/automerge-action@04dfc9eae2586d19b7362d4f6413c48135d9c25a | |
if: github.event_name == 'pull_request' && env.DESTINATION_BRANCH == 'latest' && | |
( startsWith(env.SOURCE_BRANCH, 'release/v') && contains(env.SOURCE_BRANCH, '.') ) | |
env: | |
MERGE_LABELS: "automerge" | |
GITHUB_TOKEN: "${{ secrets.REPO_ACCESS }}" | |
LOG: "TRACE" |