Skip to content

Commit 6915f55

Browse files
arrowplumarrowplum
authored
Workflow for sbb gh release -> jfrog (#10)
1 parent 3512375 commit 6915f55

File tree

1 file changed

+167
-0
lines changed

1 file changed

+167
-0
lines changed

.github/workflows/sign-build-bundle.yml

Lines changed: 167 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,167 @@
1+
name: Sign, Build, and Bundle
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
repository_owner:
7+
description: 'Owner of the repository to download the release from'
8+
required: true
9+
default: 'citrusleaf'
10+
repository_name:
11+
description: 'Name of the repository to download the release from'
12+
required: true
13+
default: 'aerospike-vector-search'
14+
release_tag:
15+
description: 'Release tag to download (e.g., 2.1.0)'
16+
required: true
17+
default: 'aerospike-vector-search-0.11.1'
18+
build_version:
19+
description: 'Build version to use for the release'
20+
required: true
21+
default: '0.11.1'
22+
23+
jobs:
24+
download_sign_deploy_bundle:
25+
runs-on: ubuntu-latest
26+
steps:
27+
- name: Checkout current repository
28+
uses: actions/checkout@v3
29+
30+
- name: setup GPG
31+
uses: aerospike/shared-workflows/devops/setup-gpg@main
32+
with:
33+
gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
34+
gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }}
35+
gpg-key-pass: ${{ secrets.GPG_PASS }}
36+
gpg-key-name: "aerospike-inc"
37+
38+
- name: setup jfrog
39+
uses: jfrog/setup-jfrog-cli@v4
40+
env:
41+
JF_URL: https://aerospike.jfrog.io
42+
JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
43+
JF_PROJECT: "ecosystem"
44+
45+
- name: Get release info
46+
id: get_release_info
47+
run: |
48+
release_info=$(curl -H "Authorization: token ${{ secrets.PACKAGE_PAT }}" -s https://api.github.com/repos/${{ github.event.inputs.repository_owner }}/${{ github.event.inputs.repository_name }}/releases)
49+
echo "$release_info" | jq
50+
selected_release=$(echo "$release_info" | jq --arg tag "${{ github.event.inputs.release_tag }}" '.[] | select(.tag_name == $tag)')
51+
echo "$selected_release" | jq -r '.assets[] | "\(.id) \(.name)"' > asset_ids_and_names.txt
52+
jq -n --argjson release "$selected_release" '{"release_name": $release.name, "release_tag": $release.tag_name, "release_body": $release.body}' > release_info.json
53+
echo "::set-output name=release_notes::$(echo "$selected_release" | jq -r '.body' | sed 's/\r//g')"
54+
55+
- name: Download and categorize release assets
56+
run: |
57+
mkdir -p ./downloaded_release/{debs,rpms,jars,zips,others}
58+
while read asset_id asset_name; do
59+
case "$asset_name" in
60+
*.deb) dest_folder="debs" ;;
61+
*.rpm) dest_folder="rpms" ;;
62+
*.jar) dest_folder="jars" ;;
63+
*.zip) dest_folder="zips" ;;
64+
*) dest_folder="others" ;;
65+
esac
66+
echo "Downloading $asset_name to ./downloaded_release/$dest_folder/$asset_name"
67+
curl -H "Authorization: token ${{ secrets.PACKAGE_PAT }}" \
68+
-H "Accept: application/octet-stream" \
69+
-L "https://api.github.com/repos/${{ github.event.inputs.repository_owner }}/${{ github.event.inputs.repository_name }}/releases/assets/$asset_id" \
70+
-o ./downloaded_release/$dest_folder/$asset_name
71+
done < asset_ids_and_names.txt
72+
73+
- name: "Sign rpms"
74+
env:
75+
GPG_TTY: no-tty
76+
GPG_PASSPHRASE: ${{ secrets.GPG_PASS }}
77+
run: |
78+
for rpm in ./downloaded_release/rpms/*.rpm; do
79+
echo "Signing $rpm"
80+
gpg --batch --no-tty --yes --detach-sign --armor --passphrase "$GPG_PASSPHRASE" --local-user aerospike-inc --output $rpm.asc $rpm
81+
rpm --addsign $rpm
82+
rpm --checksig $rpm
83+
shasum -a 256 $rpm > $rpm.sha256
84+
cat $rpm.asc
85+
cat $rpm.sha256
86+
done
87+
find .
88+
- name: "Sign debs"
89+
env:
90+
GPG_TTY: no-tty
91+
GPG_PASSPHRASE: ${{ secrets.GPG_PASS }}
92+
run: |
93+
for deb in ./downloaded_release/debs/*.deb; do
94+
echo "Signing $deb"
95+
dpkg-sig --sign builder $deb
96+
97+
dpkg-sig --verify $deb
98+
gpg --batch --yes --detach-sign --armor --passphrase "$GPG_PASSPHRASE" --local-user aerospike-inc --output $deb.asc $deb
99+
shasum -a 256 $deb > $deb.sha256
100+
cat $deb.asc
101+
cat $deb.sha256
102+
103+
done
104+
find .
105+
- name: "Deploy debs to JFrog"
106+
run: |
107+
cd ./downloaded_release/debs
108+
for file in *; do
109+
if [[ "$file" == *.deb ]]; then
110+
arch=$(dpkg --info "$file" | grep 'Architecture' | awk '{print $2}')
111+
jf rt upload "$file" "ecosystem-deb-dev-local/${{ github.event.inputs.repository_name }}/${{ github.event.inputs.build_version }}/" \
112+
--build-name="${{ github.event.inputs.repository_name }}-deb" --build-number="${{ github.event.inputs.build_version }}" --project="ecosystem" \
113+
--target-props "deb.distribution=stable;deb.component=main;deb.architecture=$arch" --deb "stable/main/$arch"
114+
else
115+
jf rt upload "$file" "ecosystem-deb-dev-local/${{ github.event.inputs.repository_name }}/${{ github.event.inputs.build_version }}/" \
116+
--build-name="${{ github.event.inputs.repository_name }}-deb" --build-number="${{ github.event.inputs.build_version }}" --project="ecosystem"
117+
fi
118+
done
119+
jfrog rt build-collect-env "${{ github.event.inputs.repository_name }}-deb" "${{ github.event.inputs.build_version }}"
120+
jfrog rt build-add-git "${{ github.event.inputs.repository_name }}-deb" "${{ github.event.inputs.build_version }}"
121+
jfrog rt build-add-dependencies "${{ github.event.inputs.repository_name }}-deb" "${{ github.event.inputs.build_version }}" .
122+
jfrog rt build-publish "${{ github.event.inputs.repository_name }}-deb" "${{ github.event.inputs.build_version }}" --project="ecosystem"
123+
124+
- name: "Deploy rpms to JFrog"
125+
run: |
126+
cd ./downloaded_release/rpms
127+
for file in *; do
128+
if [[ "$file" == *.rpm ]]; then
129+
arch=$(rpm -q --qf "%{ARCH}" -p "$file")
130+
jf rt upload "$file" "ecosystem-rpm-dev-local/${{ github.event.inputs.repository_name }}/${{ github.event.inputs.build_version }}/" \
131+
--build-name="${{ github.event.inputs.repository_name }}-rpm" --build-number="${{ github.event.inputs.build_version }}" --project="ecosystem" \
132+
--target-props "rpm.distribution=stable;rpm.component=main;rpm.architecture=$arch"
133+
else
134+
jf rt upload "$file" "ecosystem-rpm-dev-local/${{ github.event.inputs.repository_name }}/${{ github.event.inputs.build_version }}/" \
135+
--build-name="${{ github.event.inputs.repository_name }}-rpm" --build-number="${{ github.event.inputs.build_version }}" --project="ecosystem"
136+
fi
137+
done
138+
jfrog rt build-collect-env "${{ github.event.inputs.repository_name }}-rpm" "${{ github.event.inputs.build_version }}"
139+
jfrog rt build-add-git "${{ github.event.inputs.repository_name }}-rpm" "${{ github.event.inputs.build_version }}"
140+
jfrog rt build-add-dependencies "${{ github.event.inputs.repository_name }}-rpm" "${{ github.event.inputs.build_version }}" .
141+
jfrog rt build-publish "${{ github.event.inputs.repository_name }}-rpm" "${{ github.event.inputs.build_version }}" --project="ecosystem"
142+
143+
- name: Create release bundle
144+
145+
run: |
146+
sanitized_release_notes=$(echo "${{ steps.get_release_info.outputs.release_notes }}" | jq -Rsa '.')
147+
echo '{
148+
149+
"name": "${{ github.event.inputs.repository_name }}-release-bundle",
150+
"version": "${{ github.event.inputs.build_version }}",
151+
"description": "Release for build version ${{ github.event.inputs.build_version }}",
152+
"release_notes": "$sanitized_release_notes",
153+
"files": [
154+
{
155+
"project": "ecosystem",
156+
"build": "${{ github.event.inputs.repository_name }}-deb/${{ github.event.inputs.build_version }}"
157+
},
158+
{
159+
"project": "ecosystem",
160+
"build": "${{ github.event.inputs.repository_name }}-rpm/${{ github.event.inputs.build_version }}"
161+
}
162+
]
163+
}' > release-bundle-spec.json
164+
cat release-bundle-spec.json
165+
jf release-bundle-create "${{ github.event.inputs.repository_name }}" "${{ github.event.inputs.build_version }}" \
166+
--spec release-bundle-spec.json --project="ecosystem" --signing-key="aerospike"
167+

0 commit comments

Comments
 (0)