@@ -239,110 +239,6 @@ jobs:
239239 version : 2
240240 arch : amd64
241241
242- # - name: Download signed hash artifacts
243- # run: |
244- # run_id=$(echo "${{ inputs.workflow_url }}" | grep -oE '[0-9]+$')
245- # mkdir -p signed-hashes/amd64 signed-hashes/arm64
246-
247- # # Download AMD64 hashes
248- # artifact_id=$(curl -s \
249- # -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
250- # -H "Accept: application/vnd.github.v3+json" \
251- # "https://api.github.com/repos/Altinity/ClickHouse/actions/runs/$run_id/artifacts?per_page=1000" \
252- # | jq -r --arg NAME "Sign release signed-hashes" '.artifacts[] | select(.name == $NAME) | .id')
253- # if [ -z "$artifact_id" ] || [ "$artifact_id" == "null" ]; then
254- # echo "Error: Could not find artifact 'Sign release signed-hashes' for run $run_id"
255- # exit 1
256- # fi
257- # if ! curl -L \
258- # -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
259- # -H "Accept: application/vnd.github.v3+json" \
260- # -o "signed-hashes/amd64/hashes.zip" \
261- # "https://api.github.com/repos/Altinity/ClickHouse/actions/artifacts/$artifact_id/zip"; then
262- # echo "Error: Failed to download AMD64 hashes"
263- # exit 1
264- # fi
265- # unzip -o "signed-hashes/amd64/hashes.zip" -d signed-hashes/amd64
266-
267- # # Download ARM64 hashes
268- # artifact_id=$(curl -s \
269- # -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
270- # -H "Accept: application/vnd.github.v3+json" \
271- # "https://api.github.com/repos/Altinity/ClickHouse/actions/runs/$run_id/artifacts?per_page=1000" \
272- # | jq -r --arg NAME "Sign aarch64 signed-hashes" '.artifacts[] | select(.name == $NAME) | .id')
273- # if [ -z "$artifact_id" ] || [ "$artifact_id" == "null" ]; then
274- # echo "Error: Could not find artifact 'Sign aarch64 signed-hashes' for run $run_id"
275- # exit 1
276- # fi
277- # if ! curl -L \
278- # -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
279- # -H "Accept: application/vnd.github.v3+json" \
280- # -o "signed-hashes/arm64/hashes.zip" \
281- # "https://api.github.com/repos/Altinity/ClickHouse/actions/artifacts/$artifact_id/zip"; then
282- # echo "Error: Failed to download ARM64 hashes"
283- # exit 1
284- # fi
285- # unzip -o "signed-hashes/arm64/hashes.zip" -d signed-hashes/arm64
286-
287- # - name: Download packages for verification
288- # run: |
289- # # Create temporary directories for downloaded packages
290- # mkdir -p /tmp/arm_packages /tmp/amd_packages
291-
292- # # Download ARM packages
293- # echo "Downloading ARM packages for verification..."
294- # if ! aws s3 sync "${SRC_URL}/package_aarch64/" /tmp/arm_packages; then
295- # echo "Failed to download ARM packages"
296- # exit 1
297- # fi
298-
299- # # Download AMD packages
300- # echo "Downloading AMD packages for verification..."
301- # if ! aws s3 sync "${SRC_URL}/package_release/" /tmp/amd_packages; then
302- # echo "Failed to download AMD packages"
303- # exit 1
304- # fi
305-
306- # - name: Verify ARM packages
307- # run: |
308- # cd signed-hashes/arm64
309- # # Verify all files
310- # find /tmp/arm_packages -type f | while read -r file; do
311- # if [ -f "$file" ]; then
312- # file_name=$(basename "$file")
313- # echo "Verifying $file_name..."
314-
315- # if ! gpg --verify "$file_name.sha256.gpg" 2>/dev/null; then
316- # echo "GPG verification failed for $file_name"
317- # exit 1
318- # fi
319- # if ! sha256sum -c "$file_name.sha256.gpg" 2>/dev/null; then
320- # echo "SHA256 verification failed for $file_name"
321- # exit 1
322- # fi
323- # fi
324- # done
325-
326- # - name: Verify AMD packages
327- # run: |
328- # cd signed-hashes/amd64
329- # # Verify all files
330- # find /tmp/amd_packages -type f | while read -r file; do
331- # if [ -f "$file" ]; then
332- # file_name=$(basename "$file")
333- # echo "Verifying $file_name..."
334-
335- # if ! gpg --verify "$file_name.sha256.gpg" 2>/dev/null; then
336- # echo "GPG verification failed for $file_name"
337- # exit 1
338- # fi
339- # if ! sha256sum -c "$file_name.sha256.gpg" 2>/dev/null; then
340- # echo "SHA256 verification failed for $file_name"
341- # exit 1
342- # fi
343- # fi
344- # done
345-
346242 - name : Move verified packages to destination
347243 run : |
348244 # Move ARM packages
@@ -423,19 +319,19 @@ jobs:
423319 exit 1
424320 fi
425321
426- # publish-docker:
427- # needs: extract-package-info
428- # strategy:
429- # matrix:
430- # image_type: [server, keeper]
431- # variant: ['', '-alpine']
432- # uses: ./.github/workflows/docker_publish.yml
433- # with:
434- # docker_image: altinityinfra/clickhouse-${{ matrix.image_type }}:${{ needs.extract-package-info.outputs.docker_version }}${{ matrix.variant }}
435- # release_environment: ${{ inputs.release_environment }}
436- # upload_artifacts: false
437- # s3_upload_path: "${{ needs.extract-package-info.outputs.dest_url }}/docker_images/${{ matrix.image_type }}${{ matrix.variant }}/"
438- # secrets: inherit
322+ publish-docker :
323+ needs : extract-package-info
324+ strategy :
325+ matrix :
326+ image_type : [server, keeper]
327+ variant : ['', '-alpine']
328+ uses : ./.github/workflows/docker_publish.yml
329+ with :
330+ docker_image : altinityinfra/clickhouse-${{ matrix.image_type }}:${{ needs.extract-package-info.outputs.docker_version }}${{ matrix.variant }}
331+ release_environment : ${{ inputs.release_environment }}
332+ upload_artifacts : false
333+ s3_upload_path : " ${{ needs.extract-package-info.outputs.dest_url }}/docker_images/${{ matrix.image_type }}${{ matrix.variant }}/"
334+ secrets : inherit
439335
440336 sign-and-publish :
441337 needs : [extract-package-info, copy-packages]
0 commit comments