use eToken for signing #4462
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/publish-go-tester-task.md | |
| name: Publish Tester Build | |
| # See: https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows | |
| on: | |
| create: | |
| push: | |
| paths: | |
| - ".github/workflows/publish-go-tester-task.ya?ml" | |
| - "go.mod" | |
| - "go.sum" | |
| - "Taskfile.ya?ml" | |
| - "DistTasks.ya?ml" | |
| - "**.go" | |
| pull_request: | |
| paths: | |
| - ".github/workflows/publish-go-tester-task.ya?ml" | |
| - "go.mod" | |
| - "go.sum" | |
| - "Taskfile.ya?ml" | |
| - "DistTasks.ya?ml" | |
| - "**.go" | |
| workflow_dispatch: | |
| repository_dispatch: | |
| env: | |
| # As defined by the Taskfile's PROJECT_NAME variable | |
| PROJECT_NAME: arduino-cli | |
| # As defined by the Taskfile's DIST_DIR variable | |
| DIST_DIR: dist | |
| jobs: | |
| run-determination: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| result: ${{ steps.determination.outputs.result }} | |
| steps: | |
| - name: Determine if the rest of the workflow should run | |
| id: determination | |
| run: | | |
| RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" | |
| TAG_REGEX="refs/tags/.*" | |
| # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. | |
| if [[ \ | |
| ("${{ github.event_name }}" != "create" || \ | |
| "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX) && \ | |
| ! "${{ github.ref }}" =~ $TAG_REGEX \ | |
| ]]; then | |
| # Run the other jobs. | |
| RESULT="true" | |
| else | |
| # There is no need to run the other jobs. | |
| RESULT="false" | |
| fi | |
| echo "result=$RESULT" >> $GITHUB_OUTPUT | |
| package-name-prefix: | |
| needs: run-determination | |
| if: needs.run-determination.outputs.result == 'true' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| prefix: ${{ steps.calculation.outputs.prefix }} | |
| steps: | |
| - name: package name prefix calculation | |
| id: calculation | |
| run: | | |
| PACKAGE_NAME_PREFIX="test" | |
| if [ "${{ github.event_name }}" = "pull_request" ]; then | |
| PACKAGE_NAME_PREFIX="$PACKAGE_NAME_PREFIX-${{ github.event.number }}" | |
| fi | |
| PACKAGE_NAME_PREFIX="$PACKAGE_NAME_PREFIX-${{ github.sha }}-" | |
| echo "prefix=$PACKAGE_NAME_PREFIX" >> $GITHUB_OUTPUT | |
| create-artifacts: | |
| needs: package-name-prefix | |
| name: Create artifact ${{ matrix.artifact.name }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| artifact: | |
| - task: dist:Windows_32bit | |
| path: "*Windows_32bit.zip" | |
| name: Windows_X86-32 | |
| - task: dist:Windows_64bit | |
| path: "*Windows_64bit.zip" | |
| name: Windows_X86-64 | |
| - task: dist:Linux_32bit | |
| path: "*Linux_32bit.tar.gz" | |
| name: Linux_X86-32 | |
| - task: dist:Linux_64bit | |
| path: "*Linux_64bit.tar.gz" | |
| name: Linux_X86-64 | |
| - task: dist:Linux_ARMv6 | |
| path: "*Linux_ARMv6.tar.gz" | |
| name: Linux_ARMv6 | |
| - task: dist:Linux_ARMv7 | |
| path: "*Linux_ARMv7.tar.gz" | |
| name: Linux_ARMv7 | |
| - task: dist:Linux_ARM64 | |
| path: "*Linux_ARM64.tar.gz" | |
| name: Linux_ARM64 | |
| - task: dist:macOS_64bit | |
| path: "*macOS_64bit.tar.gz" | |
| name: macOS_64 | |
| - task: dist:macOS_ARM64 | |
| path: "*macOS_ARM64.tar.gz" | |
| name: macOS_ARM64 | |
| - task: protoc:collect | |
| path: "*_proto.zip" | |
| name: rpc-protocol-files | |
| - task: dist:jsonschema | |
| path: "*configuration.schema.json" | |
| name: configuration-schema | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Task | |
| uses: arduino/setup-task@v2 | |
| with: | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| version: 3.x | |
| - name: Build | |
| run: | | |
| PACKAGE_NAME_PREFIX=${{ needs.package-name-prefix.outputs.prefix }} | |
| export PACKAGE_NAME_PREFIX | |
| task ${{ matrix.artifact.task }} | |
| # Transfer builds to artifacts job | |
| - name: Upload build artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| path: ${{ env.DIST_DIR }}/${{ matrix.artifact.path }} | |
| name: ${{ matrix.artifact.name }} | |
| checksums: | |
| needs: | |
| - create-artifacts | |
| - package-name-prefix | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v3 | |
| - name: Output checksum | |
| run: | | |
| TAG="${{ needs.package-name-prefix.outputs.prefix }}git-snapshot" | |
| declare -a artifacts=($(ls -d */)) | |
| for artifact in ${artifacts[@]} | |
| do | |
| cd $artifact | |
| checksum=$(sha256sum ${{ env.PROJECT_NAME }}_${TAG}*) | |
| cd .. | |
| echo $checksum >> ${TAG}-checksums.txt | |
| done | |
| - name: Upload checksum artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| path: ./*checksums.txt | |
| name: checksums |