Release CLI Assets #48
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release CLI Assets | |
on: | |
workflow_call: | |
inputs: | |
publishedPackages: | |
description: 'Published packages' | |
required: true | |
type: string | |
commitSha: | |
description: 'Commit SHA' | |
required: true | |
type: string | |
workflow_dispatch: | |
inputs: | |
publishedPackages: | |
description: 'Published packages' | |
required: true | |
default: '[{"name": "@xata.io/cli", "version": "1.2.0"}]' | |
type: string | |
commitSha: | |
description: 'Commit SHA' | |
required: true | |
type: string | |
permissions: | |
id-token: write | |
contents: write | |
packages: write | |
pages: write | |
pull-requests: write | |
jobs: | |
release-cli-assets: | |
name: Release CLI assets | |
outputs: | |
version: ${{ steps.capture-version.outputs.version }} | |
mac_intel_sha: ${{steps.sha-macos.outputs.sha-macos-intel}}, | |
mac_arm_sha: ${{ steps.sha-macos.outputs.sha-macos-arm }} | |
linux_sha: ${{ steps.sha-ubuntu.outputs.sha-linux }}, | |
linux_arm_sha: ${{ steps.sha-ubuntu.outputs.sha-linux-arm }} | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macos-latest] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
# This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits | |
fetch-depth: 0 | |
# This makes the PR pushed to use GITHUB_TOKEN and trigger the checks | |
persist-credentials: false | |
- name: Configure | |
run: | | |
echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_OUTPUT | |
id: config | |
- name: Install pnpm | |
uses: pnpm/action-setup@v4 | |
- name: Use Node.js ${{ steps.config.outputs.NVMRC }} | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ steps.config.outputs.NVMRC }} | |
cache: 'pnpm' | |
- name: Install the Apple certificate | |
if: matrix.os == 'macos-latest' | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_DEVELOPER_ID_CERT_P12 }} | |
P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_CERT_SECRET }} | |
KEYCHAIN_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_CERT_SECRET }} | |
run: | | |
# create variables | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
- name: Install dependencies | |
run: pnpm install --frozen-lockfile | |
- name: Build | |
run: pnpm build | |
- name: Install windows dependencies | |
if: matrix.os == 'ubuntu-latest' | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y nsis | |
sudo apt-get install -y p7zip | |
- name: Configure AWS Credentials for production | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.CLI_ASSETS_UPLOAD_ROLE }} | |
aws-region: us-east-1 | |
mask-aws-account-id: 'no' | |
- name: Pack | |
run: pnpm run release:cli:pack | |
env: | |
PUBLISHED_PACKAGES: ${{ inputs.publishedPackages }} | |
MATRIX_OS: ${{ matrix.os }} | |
# - name: Upload CLI Assets to GitHub Releases | |
# run: pnpm run release:cli:upload:gh | |
# env: | |
# MATRIX_OS: ${{ matrix.os }} | |
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Debian cert | |
if: matrix.os == 'ubuntu-latest' | |
working-directory: /home/runner/work/client-ts/client-ts/cli/dist/deb | |
run: | | |
echo "$DEBIAN_GPG_KEY_PRIVATE" | gpg --import --batch --passphrase "$DEBIAN_GPG_KEY_PASS" | |
gpg --digest-algo SHA512 --clearsign --pinentry-mode loopback --passphrase "$DEBIAN_GPG_KEY_PASS" -u $DEBIAN_GPG_KEY_ID -o InRelease Release | |
gpg --digest-algo SHA512 -abs --pinentry-mode loopback --passphrase "$DEBIAN_GPG_KEY_PASS" -u $DEBIAN_GPG_KEY_ID -o Release.gpg Release | |
echo "Signed debian packages successfully" | |
echo "sha256 sums:" | |
sha256sum *Release* | |
mkdir -p /home/runner/work/client-ts/client-ts/cli/dist/apt | |
echo "$DEBIAN_GPG_KEY_PUBLIC" > /home/runner/work/client-ts/client-ts/cli/dist/apt/release.key | |
env: | |
DEBIAN_GPG_KEY_PRIVATE: ${{ secrets.DEBIAN_GPG_KEY_PRIVATE }} | |
DEBIAN_GPG_KEY_PASS: ${{ secrets.DEBIAN_GPG_KEY_PASS }} | |
DEBIAN_GPG_KEY_PUBLIC: ${{ secrets.DEBIAN_GPG_KEY_PUBLIC }} | |
DEBIAN_GPG_KEY_ID: ${{ secrets.DEBIAN_GPG_KEY_ID }} | |
- name: Capture version | |
id: capture-version | |
run: | | |
version=$(pnpm run release:version --silent); | |
echo "$version" >> "$GITHUB_OUTPUT" | |
- name: Create SHA outputs macos | |
if: matrix.os == 'macos-latest' | |
working-directory: /home/runner/work/client-ts/client-ts/cli/dist | |
id: sha-macos | |
run: | | |
echo "sha-macos-arm=$(sh -c 'shasum < "$1" | cut -d" " -f1' -- xata-v${{ steps.capture-version.version }}-${{inputs.commitSha}}-darwin-arm64.tar.gz)" >> "$GITHUB_OUTPUT" | |
echo "sha-macos-intel=$(sh -c 'shasum < "$1" | cut -d" " -f1' -- xata-v${{ steps.capture-version.version }}-${{inputs.commitSha}}-darwin-x64.tar.gz)" >> "$GITHUB_OUTPUT" | |
- name: Create SHA outputs ubuntu | |
if: matrix.os == 'ubuntu-latest' | |
working-directory: /home/runner/work/client-ts/client-ts/cli/dist | |
id: sha-ubuntu | |
run: | | |
echo "sha-linux=(sha256sum xata-v${{ steps.capture-version.version }}-${{inputs.commitSha}}-linux-arm.tar.gz)" >> "$GITHUB_OUTPUT" | |
echo "sha-linux-arm=(sha256sum xata-v${{ steps.capture-version.version }}-${{inputs.commitSha}}-linux-arm64.tar.gz)" >> "$GITHUB_OUTPUT" | |
# - name: Upload and Promote CLI Assets to S3 | |
# run: pnpm run release:cli:upload:s3 | |
# env: | |
# MATRIX_OS: ${{ matrix.os }} | |
# COMMIT_SHA: ${{ inputs.commitSha }} | |
# - name: Pack (Windows only) | |
# if: matrix.os == 'ubuntu-latest' | |
# run: pnpm run release:cli:pack | |
# env: | |
# PUBLISHED_PACKAGES: ${{ inputs.publishedPackages }} | |
# MATRIX_OS: ${{ matrix.os }} | |
# OS_OVERRIDE: windows-latest | |
# - name: Upload CLI Assets to GitHub Releases (Windows only) | |
# run: pnpm run release:cli:upload:gh | |
# if: matrix.os == 'ubuntu-latest' | |
# env: | |
# MATRIX_OS: ${{ matrix.os }} | |
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# OS_OVERRIDE: windows-latest | |
# - name: Upload and Promote CLI Assets to S3 (Windows only) | |
# if: matrix.os == 'ubuntu-latest' | |
# run: pnpm run release:cli:upload:s3 | |
# env: | |
# MATRIX_OS: ${{ matrix.os }} | |
# COMMIT_SHA: ${{ inputs.commitSha }} | |
# OS_OVERRIDE: windows-latest | |
- name: Clean up keychain | |
if: matrix.os == 'macos-latest' | |
run: | | |
security delete-keychain $RUNNER_TEMP/app-signing.keychain-db |