Skip to content

chore: nightly release (#1961) #799

chore: nightly release (#1961)

chore: nightly release (#1961) #799

Workflow file for this run

name: Publish packages
on:
push:
tags:
- 'v**'
- 'nightly'
permissions:
contents: read
jobs:
publish_binary_packages:
if: github.repository == 'GluuFederation/flex'
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
name: [ubuntu22, ubuntu20, el8, suse15]
include:
- name: ubuntu22
asset_suffix: ~ubuntu22.04_amd64.deb
build_files: deb/jammy
asset_prefix: '_'
asset_path: flex
sign_cmd: dpkg-sig -s builder -k DE92BEF14A1A4E542F678B64DC3C790386C73900
python_version: "3.8"
- name: ubuntu20
asset_suffix: ~ubuntu20.04_amd64.deb
build_files: deb/focal
asset_prefix: '_'
asset_path: flex
sign_cmd: dpkg-sig -s builder -k DE92BEF14A1A4E542F678B64DC3C790386C73900
python_version: "3.8"
- name: el8
asset_suffix: .el8.x86_64.rpm
build_files: rpm/el8
asset_prefix: '-'
asset_path: flex/rpmbuild/RPMS/x86_64
sign_cmd: rpm --addsign
python_version: "3.6"
- name: suse15
asset_suffix: .suse15.x86_64.rpm
build_files: rpm/suse15
asset_prefix: '-'
asset_path: flex/rpmbuild/RPMS/x86_64
sign_cmd: rpm --addsign
python_version: "3.6"
steps:
- name: Harden Runner
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
path: temp-flex
- name: Getting build dependencies
id: get_dependencies
run: |
mkdir -p flex/flex-src/opt/
cp -rp temp-flex/automation/packaging/${{ matrix.build_files }}/* flex/
cp temp-flex/flex-linux-setup/flex_linux_setup/flex_setup.py flex/flex_setup.py
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt-get update
sudo apt-get install -y python${{ matrix.python_version }}
sudo apt install -y build-essential devscripts debhelper rpm dpkg-sig python3-dev python3-requests python3-ruamel.yaml python3-pymysql python3-crypto python3-distutils python3-prompt-toolkit python${{ matrix.python_version }}-distutils libpq-dev python${{ matrix.python_version }}-dev apache2 rsyslog python3-urllib3 python3-certifi postgresql postgresql-contrib
sudo cp -r /usr/lib/python3/dist-packages /usr/lib/python${{ matrix.python_version }}/
sudo python${{ matrix.python_version }} -m pip install psycopg2-binary psycopg2
- name: Import GPG key
id: import_gpg
continue-on-error: true
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
with:
gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
- name: List keys
id: list_keys
run: gpg -K
- name: Get latest tag
id: previoustag
run: |
echo "tag=$(echo ${{ github.event.ref }} | cut -d '/' -f 3)" >> $GITHUB_OUTPUT
if [[ ${{ github.event.ref }} == 'refs/tags/nightly' ]]; then
echo "version=0.0.0-nightly" >> $GITHUB_OUTPUT
else
echo "version=$(echo ${{ github.event.ref }} | cut -d 'v' -f 2)-stable" >> $GITHUB_OUTPUT
fi
echo "PACKAGE_PREFIX=flex" >> ${GITHUB_ENV}
- name: Print Version and tag
run: |
echo "Version: ${{ steps.previoustag.outputs.version }}"
echo "Tag: ${{ steps.previoustag.outputs.tag }}"
- name: Running install and build
id: run_build
run: |
cd flex/
sudo python${{ matrix.python_version }} flex_setup.py --jans-branch="main" --jans-setup-branch="main" -download-exit -yes --keep-downloads --keep-setup -force-download
cp -r /opt/dist flex-src/opt/
cp -r /opt/jans flex-src/opt/
touch flex-src/opt/jans/jans-setup/package
rm -rf install.py install jans-cli
rm -rf flex-src/opt/jans/jans-setup/logs/setup.log
rm -rf flex-src/opt/jans/jans-setup/logs/setup_error.log
sed -i "s/%VERSION%/${{ steps.previoustag.outputs.version }}/g" run-build.sh
cat run-build.sh
sudo ./run-build.sh
- name: Sign package
id: sign_package
run : |
ls ${{github.workspace}}/${{ matrix.asset_path }}
sudo mv ${{github.workspace}}/${{ matrix.asset_path }}/flex* ${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }} || echo "no need to rename"
echo '%_gpg_name moauto (automation) <[email protected]>' >> ~/.rpmmacros
${{ matrix.sign_cmd }} ${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
gpg --armor --detach-sign ${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
ls ${{github.workspace}}/${{ matrix.asset_path }}
- name: Create checksum
id: create_checksum
run: |
cd flex/
sed -i "s/%VERSION%/${{ steps.previoustag.outputs.version }}/g" checksum.sh
sudo ./checksum.sh
ls ${{github.workspace}}/${{ matrix.asset_path }}
- name: Upload binaries to release
id: upload_binaries
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
with:
repo_token: ${{ secrets.MOWORKFLOWTOKEN }}
file: ${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
tag: ${{ steps.previoustag.outputs.tag }}
overwrite: true
- name: Upload checksum to release
id: upload_shas
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
with:
repo_token: ${{ secrets.MOWORKFLOWTOKEN }}
file: ${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.sha256sum
asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.sha256sum
tag: ${{ steps.previoustag.outputs.tag }}
overwrite: true
- name: Upload sig to release
id: upload_sigs
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
with:
repo_token: ${{ secrets.MOWORKFLOWTOKEN }}
file: ${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.asc
asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.asc
tag: ${{ steps.previoustag.outputs.tag }}
overwrite: true