Merge pull request from GHSA-mwcv-ghjq-8f2g #370
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build (Daily) | |
| on: | |
| push: | |
| branches: | |
| - master | |
| jobs: | |
| current_info: | |
| runs-on: ubuntu-latest | |
| name: Current Information | |
| outputs: | |
| version: ${{ steps.release_info.outputs.version }} | |
| date: ${{ steps.commit_date_iso8601.outputs.date }} | |
| sha: ${{ github.sha }} | |
| sha_short: ${{ steps.commit_info.outputs.sha }} | |
| steps: | |
| - name: Checkout master | |
| uses: actions/checkout@master | |
| with: | |
| ref: "${{ github.sha }}" | |
| submodules: recursive | |
| fetch-depth: 0 # This is set to download the full git history for the repo | |
| - name: Get Current Version | |
| id: release_info | |
| uses: revam/gh-action-get-tag-and-version@v1 | |
| with: | |
| branch: true | |
| prefix: v | |
| prefixRegex: "[vV]?" | |
| - name: Get Commit Date (as ISO8601) | |
| id: commit_date_iso8601 | |
| shell: bash | |
| run: | | |
| echo "date=$(git --no-pager show -s --format=%aI ${{ github.sha }})" >> "$GITHUB_OUTPUT" | |
| - id: commit_info | |
| name: Shorten Commit Hash | |
| uses: actions/github-script@v6 | |
| with: | |
| script: | | |
| const sha = context.sha.substring(0, 7); | |
| core.setOutput("sha", sha); | |
| cli-daily: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - current_info | |
| strategy: | |
| matrix: | |
| rid: ['linux-x64', 'linux-arm64'] | |
| dotnet: [ '6.x' ] | |
| build_type: ['Standalone'] | |
| include: | |
| - build_props: '' | |
| build_type: 'Standalone' | |
| - build_type: 'Framework' | |
| build_props: '--no-self-contained' | |
| rid: 'linux-x64' | |
| name: Build CLI — ${{ matrix.build_type }} ${{ matrix.rid }} (Daily) | |
| steps: | |
| - name: Checkout master | |
| uses: actions/checkout@master | |
| with: | |
| ref: "${{ github.sha }}" | |
| submodules: recursive | |
| - name: Replace Sentry DSN and other keys | |
| shell: pwsh | |
| run: | | |
| ./.github/workflows/ReplaceSentryDSN.ps1 -dsn ${{ secrets.SENTRY_DSN }} | |
| ./.github/workflows/ReplaceAVD3URL.ps1 -url ${{ secrets.AVD3_URL }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| with: | |
| platforms: arm64 | |
| if: ${{ matrix.rid == 'linux-arm64' }} | |
| - name: Setup dotnet | |
| uses: actions/setup-dotnet@v1 | |
| with: | |
| dotnet-version: ${{ matrix.dotnet }} | |
| - run: dotnet publish -c Release -r ${{ matrix.rid }} ${{ matrix.build_props }} Shoko.CLI "/p:Version=\"${{ needs.current_info.outputs.version }}\",InformationalVersion=\"channel=dev,commit=${{ needs.current_info.outputs.sha }},date=${{ needs.current_info.outputs.date }}\"" | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: Shoko.CLI_${{ matrix.build_type }}_${{ matrix.rid }}.zip | |
| path: Shoko.Server/bin/Release/net6.0/${{matrix.rid}}/publish/ | |
| tray-service-daily: | |
| runs-on: windows-latest | |
| needs: | |
| - current_info | |
| strategy: | |
| matrix: | |
| dotnet: [ '6.x' ] | |
| build_type: ['Standalone', 'Framework'] | |
| include: | |
| - build_props: '-r win10-x64 --self-contained true -f net6.0-windows' | |
| build_type: 'Standalone' | |
| - build_dir: '/net6.0-windows/win10-x64' | |
| build_type: 'Standalone' | |
| - build_props: '' | |
| build_type: 'Framework' | |
| - build_dir: '/net6.0-windows' | |
| build_type: 'Framework' | |
| name: Build Tray Service ${{ matrix.build_type }} (Daily) | |
| steps: | |
| - name: Checkout master | |
| uses: actions/checkout@master | |
| with: | |
| ref: "${{ github.sha }}" | |
| submodules: recursive | |
| - name: Replace Sentry DSN and other keys | |
| shell: pwsh | |
| run: | | |
| .\\.github\\workflows\\ReplaceSentryDSN.ps1 -dsn ${{ secrets.SENTRY_DSN }} | |
| .\\.github\\workflows\\ReplaceAVD3URL.ps1 -url ${{ secrets.AVD3_URL }} | |
| - name: Setup dotnet | |
| uses: actions/setup-dotnet@v1 | |
| with: | |
| dotnet-version: ${{ matrix.dotnet }} | |
| - run: dotnet publish -c Release ${{ matrix.build_props }} Shoko.TrayService "/p:Version=\`"${{ needs.current_info.outputs.version }}\`",InformationalVersion=\`"channel=dev,commit=${{ needs.current_info.outputs.sha }},date=${{ needs.current_info.outputs.date }}\`"" | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: Shoko.TrayService_${{ matrix.build_type }}_win10-x64.zip | |
| path: Shoko.Server/bin/Release${{ matrix.build_dir }}/publish/ | |
| - name: Upload to shokoanime.com | |
| if: ${{ matrix.build_type == 'Standalone' }} | |
| shell: pwsh | |
| env: | |
| FTP_USERNAME: ${{ secrets.FTP_USERNAME }} | |
| FTP_PASSWORD: ${{ secrets.FTP_PASSWORD }} | |
| FTP_SERVER: ${{ secrets.FTP_SERVER }} | |
| run : Compress-Archive .\\Shoko.Server\\bin\\Release\\net6.0-windows\\win10-x64\\publish .\\ShokoServer.zip && .\\.github\\workflows\\UploadArchive.ps1 | |
| docker-daily-build: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - arch: 'amd64' | |
| dockerfile: 'Dockerfile' | |
| - arch: 'arm64' | |
| dockerfile: 'Dockerfile.aarch64' | |
| name: Build Docker Image - ${{ matrix.arch }} (Daily) | |
| needs: | |
| - current_info | |
| steps: | |
| - name: Checkout master | |
| uses: actions/checkout@master | |
| with: | |
| ref: "${{ github.sha }}" | |
| submodules: recursive | |
| - name: Replace Sentry DSN and other keys | |
| shell: pwsh | |
| run: | | |
| ./.github/workflows/ReplaceSentryDSN.ps1 -dsn ${{ secrets.SENTRY_DSN }} | |
| ./.github/workflows/ReplaceAVD3URL.ps1 -url ${{ secrets.AVD3_URL }} | |
| - uses: docker/setup-qemu-action@v2 | |
| name: Set up QEMU | |
| with: | |
| platforms: arm64 | |
| if: ${{ matrix.arch == 'arm64' }} | |
| - uses: docker/setup-buildx-action@v2 | |
| name: Set up Docker Buildx | |
| - uses: docker/login-action@v2 | |
| name: Log into GitHub Container Registry | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: docker/login-action@v2 | |
| name: Log into Docker Hub | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| # Disabled provenance for now, until it works with docker manifest create. | |
| # The manifest list produced by the new feature is incompatible with the | |
| # expected format used in the docker manifest create command. | |
| - uses: docker/build-push-action@v4 | |
| name: Build and Push the Docker image | |
| with: | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| push: true | |
| tags: | | |
| ghcr.io/${{ secrets.DOCKER_REPO }}:daily-${{ matrix.arch }} | |
| ${{ secrets.DOCKER_REPO }}:daily-${{ matrix.arch }} | |
| platforms: linux/${{ matrix.arch }} | |
| build-args: | | |
| version=${{ needs.current_info.outputs.version }} | |
| channel=dev | |
| commit=${{ needs.current_info.outputs.sha }} | |
| date=${{ needs.current_info.outputs.date }} | |
| provenance: false | |
| docker-daily-push_manifest: | |
| runs-on: ubuntu-latest | |
| name: Push combined tag for both docker images | |
| needs: | |
| - docker-daily-build | |
| steps: | |
| - uses: docker/login-action@v2 | |
| name: Log into GitHub Container Registry | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: docker/login-action@v2 | |
| name: Log into Docker Hub | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Create manifest | |
| run: | | |
| docker manifest create ghcr.io/${{ secrets.DOCKER_REPO }}:daily --amend ghcr.io/${{ secrets.DOCKER_REPO }}:daily-amd64 --amend ghcr.io/${{ secrets.DOCKER_REPO }}:daily-arm64 | |
| docker manifest create ${{ secrets.DOCKER_REPO }}:daily --amend ${{ secrets.DOCKER_REPO }}:daily-amd64 --amend ${{ secrets.DOCKER_REPO }}:daily-arm64 | |
| - name: Push manifest | |
| run: | | |
| docker manifest push ghcr.io/${{ secrets.DOCKER_REPO }}:daily | |
| docker manifest push ${{ secrets.DOCKER_REPO }}:daily | |
| sentry-upload: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - current_info | |
| - cli-daily | |
| - tray-service-daily | |
| - docker-daily-push_manifest | |
| name: Upload version info to Sentry.io | |
| steps: | |
| - name: Checkout master | |
| uses: actions/checkout@master | |
| with: | |
| ref: "${{ github.sha }}" | |
| submodules: recursive | |
| # Only add the release to sentry if the build is successful. | |
| - name: Push Sentry Release "${{ needs.current_info.outputs.version }}-dev-${{ needs.current_info.outputs.sha_short }}" | |
| uses: getsentry/[email protected] | |
| env: | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
| SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }} | |
| # SENTRY_URL: https://sentry.io/ | |
| with: | |
| environment: 'dev' | |
| version: ${{ needs.current_info.outputs.version }}-dev-${{ needs.current_info.outputs.sha_short }} | |
| discord-notify: | |
| runs-on: ubuntu-latest | |
| name: Send notifications about the new daily build | |
| needs: | |
| - current_info | |
| - sentry-upload | |
| steps: | |
| - name: Checkout master | |
| uses: actions/checkout@master | |
| with: | |
| ref: "${{ github.sha }}" | |
| submodules: recursive | |
| - name: Generate Changelog for Sentry Release | |
| id: generate_changelog | |
| env: | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
| SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }} | |
| RELEASE_VERSION: ${{ needs.current_info.outputs.version }}-dev-${{ needs.current_info.outputs.sha_short }} | |
| run: | | |
| EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
| echo "CHANGELOG<<$EOF" >> "$GITHUB_OUTPUT" | |
| curl -s "https://sentry.io/api/0/projects/$SENTRY_ORG/$SENTRY_PROJECT/releases/$RELEASE_VERSION/commits/" \ | |
| -H "Authorization: Bearer $SENTRY_AUTH_TOKEN" \ | |
| -H "Content-Type: application/json" \ | |
| | jq -r '.[].message + "\n"' >> "$GITHUB_OUTPUT" | |
| echo "$EOF" >> "$GITHUB_OUTPUT" | |
| - name: Notify Discord Users | |
| uses: sarisia/actions-status-discord@v1 | |
| with: | |
| webhook: ${{ secrets.DISCORD_WEBHOOK }} | |
| nodetail: true | |
| title: New Daily Server Build! | |
| description: | | |
| **Version**: `${{ needs.current_info.outputs.version }}-dev-${{ needs.current_info.outputs.sha_short }}` | |
| Update by grabbing the latest daily from [our site](https://shokoanime.com/downloads/shoko-server) or through Docker! | |
| **Changes since last build**: | |
| ${{ steps.generate_changelog.outputs.CHANGELOG }} |