Merge pull request #2535 from felixhandte/gha-release-artifacts

Add GitHub Action to Automatically Publish Release Tarballs
dev
Felix Handte 2021-03-15 13:58:27 -04:00 committed by GitHub
commit d1a6d080cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 68 additions and 27 deletions

View File

@ -36,33 +36,6 @@ jobs:
make armbuild V=1; make clean make armbuild V=1; make clean
make -C tests test-legacy test-longmatch; make clean make -C tests test-legacy test-longmatch; make clean
make -C lib libzstd-nomt; make clean make -C lib libzstd-nomt; make clean
# This step is only run on release tags.
# It publishes the source tarball as artifacts and if the GITHUB_TOKEN
# environment variable is set it will publish the source tarball to the
# tagged release.
publish-github-release:
docker:
- image: fbopensource/zstd-circleci-primary:0.0.1
environment:
CIRCLE_ARTIFACTS: /tmp/circleci-artifacts
steps:
- checkout
- run:
name: Publish
command: |
export VERSION=$(echo $CIRCLE_TAG | tail -c +2)
export ZSTD_VERSION=zstd-$VERSION
git archive $CIRCLE_TAG --prefix $ZSTD_VERSION/ --format tar \
-o $ZSTD_VERSION.tar
sha256sum $ZSTD_VERSION.tar > $ZSTD_VERSION.tar.sha256
zstd -19 $ZSTD_VERSION.tar
sha256sum $ZSTD_VERSION.tar.zst > $ZSTD_VERSION.tar.zst.sha256
gzip -k -9 $ZSTD_VERSION.tar
sha256sum $ZSTD_VERSION.tar.gz > $ZSTD_VERSION.tar.gz.sha256
mkdir -p $CIRCLE_ARTIFACTS
cp $ZSTD_VERSION.tar* $CIRCLE_ARTIFACTS
- store_artifacts:
path: /tmp/circleci-artifacts
# This step should only be run in a cron job # This step should only be run in a cron job
regression-test: regression-test:
docker: docker:

View File

@ -0,0 +1,68 @@
name: publish-release-artifacts
on:
release:
types:
- created
jobs:
publish-release-artifacts:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Archive
env:
RELEASE_SIGNING_KEY: ${{ secrets.RELEASE_SIGNING_KEY }}
RELEASE_SIGNING_KEY_PASSPHRASE: ${{ secrets.RELEASE_SIGNING_KEY_PASSPHRASE }}
run: |
# compute file name
export TAG="$(echo "$GITHUB_REF" | sed -n 's_^refs/tags/__p')"
if [ -z "$TAG" ]; then
echo "action must be run on a tag. GITHUB_REF is not a tag: $GITHUB_REF"
exit 1
fi
# Attempt to extract "1.2.3" from "v1.2.3" to maintain artifact name backwards compat.
# Otherwise, degrade to using full tag.
export VERSION="$(echo "$TAG" | sed 's_^v\([0-9]\+\.[0-9]\+\.[0-9]\+\)$_\1_')"
export ZSTD_VERSION="zstd-$VERSION"
# archive
git archive $TAG \
--prefix $ZSTD_VERSION/ \
--format tar \
-o $ZSTD_VERSION.tar
# Do the rest of the work in a sub-dir so we can glob everything we want to publish.
mkdir artifacts/
mv $ZSTD_VERSION.tar artifacts/
cd artifacts/
# compress
zstd -k -19 $ZSTD_VERSION.tar
gzip -k -9 $ZSTD_VERSION.tar
# we only publish the compressed tarballs
rm $ZSTD_VERSION.tar
# hash
sha256sum $ZSTD_VERSION.tar.zst > $ZSTD_VERSION.tar.zst.sha256
sha256sum $ZSTD_VERSION.tar.gz > $ZSTD_VERSION.tar.gz.sha256
# sign
if [ -n "$RELEASE_SIGNING_KEY" ]; then
export GPG_BATCH_OPTS="--batch --no-use-agent --pinentry-mode loopback --no-tty --yes"
echo "$RELEASE_SIGNING_KEY" | gpg $GPG_BATCH_OPTS --import
gpg $GPG_BATCH_OPTS --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.zst.sig $ZSTD_VERSION.tar.zst
gpg $GPG_BATCH_OPTS --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.gz.sig $ZSTD_VERSION.tar.gz
fi
- name: Publish
uses: skx/github-action-publish-binaries@release-1.3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
args: artifacts/*