Skip to content
Release

add docker to release workflow #205

Sign in to view logs

add docker to release workflow

add docker to release workflow #205

Workflow file for this run

.github/workflows/release.yaml at 26d6b36
# STACKIT CLI release workflow.
name: Release
# This GitHub action creates a release when a tag that matches one of the patterns below
# E.g. v0.1.0, v0.1.0-something.1, etc
on:
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
- "v[0-9]+.[0-9]+.[0-9]+-*"
workflow_dispatch:
# Releases need permissions to read and write the repository contents.
# GitHub considers creating releases and uploading assets as writing contents.
permissions:
contents: write
jobs:
goreleaser:
name: Release
runs-on: macOS-latest
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }}
# Needed to publish new packages to our S3-hosted APT repo
AWS_ACCESS_KEY_ID: ${{ secrets.OBJECT_STORAGE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.OBJECT_STORAGE_SECRET_ACCESS_KEY }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# Allow goreleaser to access older tag information.
fetch-depth: 0
- name: Install go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
cache: true
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v6
id: import_gpg
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Set up keychain
run: |
echo -n $SIGNING_CERTIFICATE_BASE64 | base64 -d -o ./ApplicationID.p12
KEYCHAIN_PATH=$RUNNER_TEMP/ios_signing_temp.keychain-db
security create-keychain -p "${{ secrets.TEMP_KEYCHAIN }}" $KEYCHAIN_PATH
security default-keychain -s $KEYCHAIN_PATH
security unlock-keychain -p "${{ secrets.TEMP_KEYCHAIN }}" $KEYCHAIN_PATH
# the keychain gets locked automatically after 300s, so we have to extend this interval to e.g. 900 seconds
security set-keychain-settings -lut 900
security import ./ApplicationID.p12 -P "${{ secrets.APPLICATION_ID }}" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
echo -n $AUTHKEY_BASE64 | base64 -d -o ./AuthKey.p8
xcrun notarytool store-credentials stackit-cli -i $APPLE_ISSUER -d $APPLE_KEY_ID -k AuthKey.p8 --keychain $KEYCHAIN_PATH
rm ./ApplicationID.p12
rm ./AuthKey.p8
env:
APPLE_ISSUER: ${{ secrets.APPLE_ISSUER }}
APPLE_KEY_ID: ${{ secrets.APPLE_KEY_ID }}
SIGNING_CERTIFICATE_BASE64: ${{ secrets.APPLICATION_ID_CERT }}
AUTHKEY_BASE64: ${{ secrets.APPLE_API_KEY }}
# aptly version 1.6.0 results in an segmentation fault. Therefore we fall back to version 1.5.0.
# Since it is not possible to specify a version via brew command a formula was added for aptly 1.5.0
# (source: https://github.com/Homebrew/homebrew-core/pull/202415/files)
- name: Install Aptly version 1.5.0
run: brew install aptly.rb
- name: Install Snapcraft
uses: samuelmeuli/action-snapcraft@v3
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.CLI_RELEASE }}
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
- name: Install Docker
run: |
# Install Docker on macOS runner
brew install --cask docker
# Start Docker daemon
sudo /Applications/Docker.app/Contents/MacOS/Docker &
# Wait for Docker to be ready
sleep 30
docker --version
echo "Docker is now available for createrepo_c operations"
- name: Publish packages to APT repo
if: contains(github.ref_name, '-') == false
env:
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
GPG_PRIVATE_KEY_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
run: ./scripts/publish-apt-packages.sh
- name: Publish packages to RPM repo
if: contains(github.ref_name, '-') == false
env:
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
GPG_PRIVATE_KEY_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
run: ./scripts/publish-rpm-packages.sh