2020 docker_build_publish :
2121 env :
2222 BINARY : polkadot-parachain
23- TMP : tmp
2423 runs-on : ubuntu-latest
2524
2625 steps :
3130
3231 - name : Prepare temp folder
3332 run : |
34- mkdir ${TMP}
35- ls -al
33+ TMP=$(mktemp -d)
34+ echo "TMP folder: $TMP"
35+ echo "TMP=$TMP" >> $GITHUB_ENV
36+ pwd
37+ ls -al "$TMP"
3638
3739name : Fetch files from release
3840 working-directory : ${{ env.TMP }}
@@ -49,45 +51,65 @@ jobs:
4951 chmod a+x $BINARY
5052 ls -al
5153
52- name : Check files
54+ name : Check SHA256
5355 working-directory : ${{ env.TMP }}
5456 run : |
5557 ls -al *$BINARY*
5658 shasum -a 256 -c $BINARY.sha256
5759 sha_result=$?
5860
59- KEY_PARITY_SEC=9D4B2B6EB8F97156D19669A9FF0812D491B96798
60- KEY_CHEVDOR=2835EAF92072BC01D188AF2C4A092B93E97CE1E2
61- KEYSERVER=keyserver.ubuntu.com
62-
63- gpg --keyserver $KEYSERVER --receive-keys $KEY_PARITY_SEC
64- if [[ ${{ github.event.inputs.prerelease }} == "true" ]]; then
65- gpg --keyserver $KEYSERVER --receive-keys $KEY_CHEVDOR
66- fi
67-
68- gpg --verify $BINARY.asc
69- gpg_result=$?
70-
7161 echo sha_result: $sha_result
72- echo gpg_result: $gpg_result
7362
74- # If it fails, it would fail earlier but a second check
75- # does not hurt in case of refactoring...
76- if [[ $sha_result -ne 0 || $gpg_result -ne 0 ]]; then
77- echo "Check failed, exiting with error"
63+ if [[ $sha_result -ne 0 ]]; then
64+ echo "SHA256 check failed, exiting with error"
7865 exit 1
7966 else
80- echo "Checks passed"
67+ echo "SHA256 check passed"
8168 fi
8269
70+ name : Check GPG
71+ working-directory : ${{ env.TMP }}
72+ run : |
73+ KEY_PARITY_SEC=9D4B2B6EB8F97156D19669A9FF0812D491B96798
74+ KEY_CHEVDOR=2835EAF92072BC01D188AF2C4A092B93E97CE1E2
75+ KEY_EGOR=E6FC4D4782EB0FA64A4903CCDB7D3555DD3932D3
76+ KEYSERVER=keyserver.ubuntu.com
77+
78+ gpg --keyserver $KEYSERVER --receive-keys $KEY_PARITY_SEC
79+ echo -e "5\ny\n" | gpg --no-tty --command-fd 0 --expert --edit-key $KEY_PARITY_SEC trust;
80+
81+ if [[ "${{ github.event.release.prerelease }}" == "true" ]]; then
82+ for key in $KEY_CHEVDOR $KEY_EGOR; do
83+ (
84+ echo "Importing GPG key $key"
85+ gpg --no-tty --quiet --keyserver $GPG_KEYSERVER --recv-keys $key
86+ echo -e "4\ny\n" | gpg --no-tty --command-fd 0 --expert --edit-key $key trust;
87+ ) &
88+ done
89+ wait
90+ fi
91+
92+ gpg --no-tty --verify $BINARY.asc
93+ gpg_result=$?
94+
95+ echo gpg_result: $gpg_result
96+
97+ if [[ $gpg_result -ne 0 ]]; then
98+ echo "GPG check failed, exiting with error"
99+ exit 1
100+ else
101+ echo "GPG check passed"
102+ fi
103+
83104name : Build injected image
84105 env :
85- DOCKERHUB_USERNAME : ${{ secrets.DOCKERHUB_USERNAME }}
86106 DOCKERHUB_ORG : parity
107+ OWNER : ${{ env.DOCKERHUB_ORG }}
108+ DOCKERHUB_USERNAME : ${{ secrets.DOCKERHUB_USERNAME }}
109+ IMAGE_NAME : polkadot-parachain
87110 run : |
88- export OWNER=$DOCKERHUB_ORG
89- mkdir -p target/release
90- cp -f ${TMP}/$BINARY* target/release/
111+ mkdir -p target/release-artifacts
112+ cp -f ${TMP}/$BINARY* target/release-artifacts/
91113 ./docker/scripts/build-injected-image.sh
92114
93115name : Login to Dockerhub
@@ -131,4 +153,4 @@ jobs:
131153 docker push $DOCKERHUB_ORG/$BINARY:$SEMVER
132154 fi
133155
134- docker images | grep $DOCKERHUB_ORG/$BINARY
156+ docker images
0 commit comments