11name : Chocolatey Deploy
22
3- # This GH action will push a okta-aws-cli build to chocolatey.org when a
4- # okta-aws-cli GH release is completed .
5- #
3+ # This workflow runs after the release workflow completes successfully,
4+ # ensuring release assets are available before packaging for Chocolatey .
5+ #
66# inspired by https://github.com/rcmaehl/MSEdgeRedirect thank you rcmaehl 🙏🙏🙏
77
88on :
9- release :
9+ workflow_run :
10+ workflows : ["release"]
1011 types :
11- - published
12+ - completed
13+ workflow_dispatch : # Manual trigger for re-runs if needed
1214
1315defaults :
1416 run :
@@ -17,53 +19,62 @@ defaults:
1719jobs :
1820 chocolatey :
1921 runs-on : windows-latest
22+ # Only run if manually triggered OR release workflow succeeded on a tag
23+ if : ${{ github.event_name == 'workflow_dispatch' || (github.event.workflow_run.conclusion == 'success' && startsWith(github.event.workflow_run.head_branch, 'v')) }}
2024 steps :
21- -
22- name : Checkout
25+ - name : Checkout
2326 uses : actions/checkout@v4
24- -
25- name : Unshallow
27+
28+ - name : Unshallow
2629 run : git fetch --prune --unshallow
27- -
28- name : Get latest release tag
30+
31+ - name : Get latest release tag
2932 uses : oprypin/find-latest-tag@v1
3033 with :
3134 repository : ${{ github.repository }}
3235 releases-only : true
3336 id : latesttag
34- -
35- name : Set Version
37+
38+ - name : Set Version
3639 id : version
3740 run : |
3841 version=$(echo "${{ steps.latesttag.outputs.tag }}" | grep -oE "[[:digit:]]{1,}\.[[:digit:]]{1,}\.[[:digit:]]{1,}")
3942 echo "nuget=$version" >> $GITHUB_OUTPUT
4043 sed -i "s/{VERSION}/${version}/g" "nuspec/chocolatey/okta-aws-cli.nuspec"
41- -
42- name : Set Checksum
44+
45+ - name : Download and Embed Binary
4346 run : |
4447 filename="okta-aws-cli_${{ steps.version.outputs.nuget }}_windows_386.zip"
4548 url="https://github.com/${{ github.repository }}/releases/download/${{ steps.latesttag.outputs.tag }}/${filename}"
46- sed -i "s#{ZIPURL}#${url}#g" "nuspec/chocolatey/tools/chocolateyinstall.ps1"
47- curl -sSL "${url}" -o "nuspec/chocolatey/${filename}"
48- sha256=$(cat "nuspec/chocolatey/${filename}" | sha256sum -)
49- sed -i "s/{SHA256CHECKSUM}/${sha256:0:64}/g" "nuspec/chocolatey/tools/chocolateyinstall.ps1"
50-
51- name : Choco Downgrade
49+
50+ echo "Downloading ${url}..."
51+ curl -sSL --fail "${url}" -o "nuspec/chocolatey/tools/okta-aws-cli.zip"
52+
53+ # Verify the downloaded file is a valid zip archive
54+ if [ "$(head -c 2 "nuspec/chocolatey/tools/okta-aws-cli.zip")" != "PK" ]; then
55+ echo "ERROR: Downloaded file is not a valid zip archive"
56+ exit 1
57+ fi
58+
59+ echo "Successfully downloaded and verified binary"
60+ ls -la nuspec/chocolatey/tools/
61+
62+ name : Choco Downgrade
5263 uses : crazy-max/ghaction-chocolatey@v3
5364 with :
5465 args : install chocolatey --version=1.2.1 --allow-downgrade -y -r --no-progress
55- -
56- name : Pack Release
66+
67+ - name : Pack Release
5768 uses : crazy-max/ghaction-chocolatey@v3
5869 with :
5970 args : pack nuspec/chocolatey/okta-aws-cli.nuspec --outputdirectory nuspec/chocolatey
60- -
61- name : Choco Upgrade
71+
72+ - name : Choco Upgrade
6273 uses : crazy-max/ghaction-chocolatey@v3
6374 with :
6475 args : upgrade chocolatey
65- -
66- name : Upload Release
76+
77+ - name : Upload Release
6778 uses : crazy-max/ghaction-chocolatey@v3
6879 with :
69- args : push nuspec/chocolatey/okta-aws-cli.${{ steps.version.outputs.nuget }}.nupkg -s https://push.chocolatey.org/ -k ${{ secrets.CHOCO_API_KEY }}
80+ args : push nuspec/chocolatey/okta-aws-cli.${{ steps.version.outputs.nuget }}.nupkg -s https://push.chocolatey.org/ -k ${{ secrets.CHOCO_API_KEY }}
0 commit comments