126 lines (99 loc) 路 4.28 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
# https://docs.github.com/en/actions
name: "Release"
on: # yamllint disable-line rule:truthy
push:
tags:
- "**"
jobs:
release:
name: "Release"
runs-on: "ubuntu-latest"
strategy:
matrix:
php-version:
- "7.4"
dependencies:
- "locked"
env:
COMPOSER_NORMALIZE_PHAR: ".build/phar/composer-normalize.phar"
COMPOSER_NORMALIZE_PHAR_SIGNATURE: ".build/phar/composer-normalize.phar.asc"
COMPOSER_VERSION: "2.3.5"
GPG_KEYS: ".build/phar/keys.asc"
GPG_KEYS_ENCRYPTED: "phar/keys.asc.gpg"
steps:
- name: "Checkout"
uses: "actions/checkout@v3"
- name: "Set up PHP"
uses: "shivammathur/setup-php@2.19.1"
with:
coverage: "none"
extensions: "none, ctype, dom, json, mbstring, phar, simplexml, tokenizer, xml, xmlwriter"
php-version: "${{ matrix.php-version }}"
- name: "Determine composer cache directory"
uses: "ergebnis/.github/actions/composer/determine-cache-directory@1.5.0"
- name: "Cache dependencies installed with composer"
uses: "actions/cache@v3"
with:
path: "${{ env.COMPOSER_CACHE_DIR }}"
key: "php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-${{ hashFiles('composer.lock') }}"
restore-keys: "php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-"
- name: "Install ${{ matrix.dependencies }} dependencies with composer"
uses: "ergebnis/.github/actions/composer/install@1.5.0"
with:
dependencies: "${{ matrix.dependencies }}"
- name: "Require composer/composer"
run: "composer require composer/composer:${{ env.COMPOSER_VERSION }} --no-interaction --no-progress"
- name: "Validate configuration for humbug/box"
run: ".phive/box validate box.json"
- name: "Compile composer-normalize.phar with humbug/box"
run: ".phive/box compile --config=box.json"
- name: "Show info about composer-normalize.phar with humbug/box"
run: ".phive/box info ${{ env.COMPOSER_NORMALIZE_PHAR }}"
- name: "Run composer-normalize.phar"
run: "${{ env.COMPOSER_NORMALIZE_PHAR }}"
- name: "Show gpg version"
run: "gpg --version"
- name: "Decrypt keys.asc.gpg with gpg"
run: "gpg --batch --output ${{ env.GPG_KEYS }} --passphrase \"${{ secrets.GPG_DECRYPT_PASSPHRASE }}\" --yes --decrypt ${{ env.GPG_KEYS_ENCRYPTED }}"
- name: "Import keys from keys.asc with gpg"
run: "gpg --batch --import ${{ env.GPG_KEYS }}"
- name: "Sign composer-normalize.phar with gpg"
run: "gpg --armor --local-user \"${{ secrets.GPG_LOCAL_USER }}\" --output ${{ env.COMPOSER_NORMALIZE_PHAR_SIGNATURE }} --passphrase \"${{ secrets.GPG_KEY_PASSPHRASE }}\" --pinentry-mode loopback --yes --detach-sig ${{ env.COMPOSER_NORMALIZE_PHAR }}"
- name: "Remove decrypted keys.asc"
run: "rm ${{ env.GPG_KEYS }}"
- name: "Determine tag"
run: "echo \"RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV"
- name: "Create release"
uses: "ergebnis/.github/actions/github/release/create@1.5.0"
with:
github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
- name: "Upload release assets"
uses: "actions/github-script@v6.1.0"
with:
github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
script: |
const fs = require("fs");
const files = [
{
name: "composer-normalize.phar",
path: process.env.COMPOSER_NORMALIZE_PHAR,
},
{
name: "composer-normalize.phar.asc",
path: process.env.COMPOSER_NORMALIZE_PHAR_SIGNATURE,
},
];
for (const file of files) {
try {
await github.rest.repos.uploadReleaseAsset({
data: fs.readFileSync(file.path),
name: file.name,
origin: process.env.RELEASE_UPLOAD_URL,
owner: context.repo.owner,
release_id: process.env.RELEASE_ID,
repo: context.repo.repo,
});
} catch (error) {
core.setFailed(error.message);
}
}