Release CLI Assets #59

Workflow file for this run

.github/workflows/release-cli-assets.yml at ab6c563

	name: Release CLI Assets

	on:
	workflow_call:
	inputs:
	publishedPackages:
	description: 'Published packages'
	required: true
	type: string
	commitSha:
	description: 'Commit SHA'
	required: true
	type: string
	workflow_dispatch:
	inputs:
	publishedPackages:
	description: 'Published packages'
	required: true
	default: '[{"name": "@xata.io/cli", "version": "1.2.0"}]'
	type: string
	commitSha:
	description: 'Commit SHA'
	required: true
	type: string

	permissions:
	id-token: write
	contents: write
	packages: write
	pages: write
	pull-requests: write

	jobs:
	release-cli-assets:
	id: release-cli-assets
Check failure on line 35 in .github/workflows/release-cli-assets.yml View workflow run for this annotation GitHub Actions / Release CLI Assets Invalid workflow file `The workflow is not valid. .github/workflows/release-cli-assets.yml (Line: 35, Col: 5): Unexpected value 'id' .github/workflows/release-cli-assets.yml (Line: 208, Col: 5): Unexpected value 'uses'`
	name: Release CLI assets
	outputs:
	version: ${{ steps.capture-version.outputs.version }}
	mac_intel_sha: ${{steps.sha-macos.outputs.sha-macos-intel}},
	mac_arm_sha: ${{ steps.sha-macos.outputs.sha-macos-arm }}
	linux_sha: ${{ steps.sha-ubuntu.outputs.sha-linux }},
	linux_arm_sha: ${{ steps.sha-ubuntu.outputs.sha-linux-arm }}
	strategy:
	matrix:
	os: [ubuntu-latest, macos-latest]
	runs-on: ${{ matrix.os }}
	steps:
	- uses: actions/checkout@v3
	with:
	# This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits
	fetch-depth: 0
	# This makes the PR pushed to use GITHUB_TOKEN and trigger the checks
	persist-credentials: false

	- name: Configure
	run: \|
	echo "NVMRC=$(cat .nvmrc)" >> $GITHUB_OUTPUT
	id: config

	- name: Install pnpm
	uses: pnpm/action-setup@v4

	- name: Use Node.js ${{ steps.config.outputs.NVMRC }}
	uses: actions/setup-node@v3
	with:
	node-version: ${{ steps.config.outputs.NVMRC }}
	cache: 'pnpm'

	- name: Install the Apple certificate
	if: matrix.os == 'macos-latest'
	env:
	BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_DEVELOPER_ID_CERT_P12 }}
	P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_CERT_SECRET }}
	KEYCHAIN_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_CERT_SECRET }}
	run: \|
	# create variables
	CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
	KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

	# import certificate from secrets
	echo -n "$BUILD_CERTIFICATE_BASE64" \| base64 --decode -o $CERTIFICATE_PATH

	# create temporary keychain
	security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
	security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

	# import certificate to keychain
	security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
	security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
	security list-keychain -d user -s $KEYCHAIN_PATH

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Build
	run: pnpm build

	- name: Install windows dependencies
	if: matrix.os == 'ubuntu-latest'
	run: \|
	sudo apt-get update
	sudo apt-get install -y nsis
	sudo apt-get install -y p7zip

	- name: Configure AWS Credentials for production
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.CLI_ASSETS_UPLOAD_ROLE }}
	aws-region: us-east-1
	mask-aws-account-id: 'no'

	- name: Pack
	run: pnpm run release:cli:pack
	env:
	PUBLISHED_PACKAGES: ${{ inputs.publishedPackages }}
	MATRIX_OS: ${{ matrix.os }}

	# - name: Upload CLI Assets to GitHub Releases
	# run: pnpm run release:cli:upload:gh
	# env:
	# MATRIX_OS: ${{ matrix.os }}
	# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Debian cert
	if: matrix.os == 'ubuntu-latest'
	working-directory: /home/runner/work/client-ts/client-ts/cli/dist/deb
	run: \|
	echo "$DEBIAN_GPG_KEY_PRIVATE" \| gpg --import --batch --passphrase "$DEBIAN_GPG_KEY_PASS"
	gpg --digest-algo SHA512 --clearsign --pinentry-mode loopback --passphrase "$DEBIAN_GPG_KEY_PASS" -u $DEBIAN_GPG_KEY_ID -o InRelease Release
	gpg --digest-algo SHA512 -abs --pinentry-mode loopback --passphrase "$DEBIAN_GPG_KEY_PASS" -u $DEBIAN_GPG_KEY_ID -o Release.gpg Release
	echo "Signed debian packages successfully"
	echo "sha256 sums:"
	sha256sum Release

	mkdir -p /home/runner/work/client-ts/client-ts/cli/dist/apt
	echo "$DEBIAN_GPG_KEY_PUBLIC" > /home/runner/work/client-ts/client-ts/cli/dist/apt/release.key
	env:
	DEBIAN_GPG_KEY_PRIVATE: ${{ secrets.DEBIAN_GPG_KEY_PRIVATE }}
	DEBIAN_GPG_KEY_PASS: ${{ secrets.DEBIAN_GPG_KEY_PASS }}
	DEBIAN_GPG_KEY_PUBLIC: ${{ secrets.DEBIAN_GPG_KEY_PUBLIC }}
	DEBIAN_GPG_KEY_ID: ${{ secrets.DEBIAN_GPG_KEY_ID }}

	- name: Capture version
	id: capture-version
	working-directory: ./cli
	run: echo "version=$(cat package.json \| jq -r '.version')" >> $GITHUB_OUTPUT

	- name: Create SHA outputs macos
	if: matrix.os == 'macos-latest'
	working-directory: ./cli/dist
	id: sha-macos
	run: \|
	ls -l
	VER="${{steps.capture-version.outputs.version}}"
	COMMITSHA="${{inputs.commitSha}}"
	COM="$(echo $COMMITSHA \| head -c8)"
	echo "sha-macos-arm=$(sh -c 'shasum < "$1" \| cut -d" " -f1' -- xata-v${VER}-${COM}-darwin-arm64.tar.xz)" >> "$GITHUB_OUTPUT"
	echo "sha-macos-intel=$(sh -c 'shasum < "$1" \| cut -d" " -f1' -- xata-v${VER}-${COM}-darwin-x64.tar.xz)" >> "$GITHUB_OUTPUT"

	- name: Create SHA outputs ubuntu
	if: matrix.os == 'ubuntu-latest'
	working-directory: ./cli/dist
	id: sha-ubuntu
	run: \|
	ls -l
	VER="${{steps.capture-version.outputs.version}}"
	COMMITSHA="${{inputs.commitSha}}"
	COM="$(echo $COMMITSHA \| head -c8)"
	echo "sha-linux=$(sha256sum xata-v${VER}-${COM}-linux-arm.tar.xz)" >> "$GITHUB_OUTPUT"
	echo "sha-linux-arm=$(sha256sum xata-v${VER}-${COM}-linux-arm64.tar.xz)" >> "$GITHUB_OUTPUT"

	# - name: Upload and Promote CLI Assets to S3
	# run: pnpm run release:cli:upload:s3
	# env:
	# MATRIX_OS: ${{ matrix.os }}
	# COMMIT_SHA: ${{ inputs.commitSha }}

	# - name: Pack (Windows only)
	# if: matrix.os == 'ubuntu-latest'
	# run: pnpm run release:cli:pack
	# env:
	# PUBLISHED_PACKAGES: ${{ inputs.publishedPackages }}
	# MATRIX_OS: ${{ matrix.os }}
	# OS_OVERRIDE: windows-latest
	# - name: Upload CLI Assets to GitHub Releases (Windows only)
	# run: pnpm run release:cli:upload:gh
	# if: matrix.os == 'ubuntu-latest'
	# env:
	# MATRIX_OS: ${{ matrix.os }}
	# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	# OS_OVERRIDE: windows-latest
	# - name: Upload and Promote CLI Assets to S3 (Windows only)
	# if: matrix.os == 'ubuntu-latest'
	# run: pnpm run release:cli:upload:s3
	# env:
	# MATRIX_OS: ${{ matrix.os }}
	# COMMIT_SHA: ${{ inputs.commitSha }}
	# OS_OVERRIDE: windows-latest

	- name: Clean up keychain
	if: matrix.os == 'macos-latest'
	run: \|
	security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
	update-homebrew:
	runs-on: ubuntu-latest
	needs: [release-cli-assets]
	uses: ./.github/workflows/update-homebrew.yml
	with:
	commit_sha: ${{ github.sha }}
	version: ${{ needs.publish-cli-assets.outputs.version }}
	mac_intel_sha: ${{ needs.publish-cli-assets.outputs.mac_intel_sha }}
	mac_arm_sha: ${{ needs.publish-cli-assets.outputs.mac_arm_sha }}
	linux_sha: ${{ needs.publish-cli-assets.outputs.linux_sha }}
	linux_arm_sha: ${{ needs.publish-cli-assets.outputs.linux_arm_sha }}
	secrets: inherit

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release CLI Assets #59

Workflow file

Release CLI Assets #59

Jobs

Run details

Workflow file for this run

GitHub Actions / Release CLI Assets