-
-
Notifications
You must be signed in to change notification settings - Fork 87
146 lines (118 loc) · 4.8 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: "Continuous Deployment"
on:
push:
tags:
- "**"
jobs:
release:
name: Release
runs-on: ubuntu-latest
strategy:
matrix:
dependencies:
- locked
env:
PHAR: "build/phar/captainhook.phar"
PHAR_SIGNATURE: "build/phar/captainhook.phar.asc"
GPG_KEYS: "build/captainhook-signing-keys.asc"
GPG_KEYS_ENCRYPTED: "build/captainhook-signing-keys.asc.gpg"
steps:
- name: Checkout
uses: actions/checkout@v2.0.0
with:
ref: main
fetch-depth: 0
- name: Install PHP with extensions
uses: shivammathur/setup-php@v2
with:
coverage: none
extensions: mbstring
php-version: 8.0
- name: Install dependencies
run: composer install --prefer-dist --no-dev --no-interaction --no-progress
- name: Install tooling
run: "GITHUB_AUTH_TOKEN=${{ secrets.GITHUB_TOKEN }} tools/phive --no-progress --home ./.phive install --force-accept-unsigned --trust-gpg-keys 51C67305FFC2E5C0,4AA394086372C20A,31C7E470E2138192,8E730BA25823D8B5,CF1A108D0E7AE720,2DF45277AEF09A2F"
- name: Validate configuration for humbug/box
run: tools/box validate box.json
- name: Force install Symfony 5
if: ${{ matrix.buildphar }}
run: COMPOSER=composer.phar.json composer update
- name: Compile phar with humbug/box
run: tools/box compile
- name: Show info about generated phar with humbug/box
run: tools/box info ${{ env.PHAR }}
- name: Run phar
run: ${{ env.PHAR }} --help
- name: Show gpg version
run: gpg --version
- name: Decrypt signing key with gpg
run: "gpg --batch --output ${{ env.GPG_KEYS }} --passphrase \"${{ secrets.GPG_DECRYPT_PASSPHRASE }}\" --yes --ignore-mdc-error --decrypt ${{ env.GPG_KEYS_ENCRYPTED }}"
- name: Import keys with gpg
run: "gpg --batch --import ${{ env.GPG_KEYS }}"
- name: Sign phar with gpg
run: "gpg --armor --local-user \"${{ secrets.GPG_KEY_EMAIL }}\" --output ${{ env.PHAR_SIGNATURE }} --passphrase \"${{ secrets.GPG_KEY_PASSPHRASE }}\" --pinentry-mode loopback --yes --detach-sig ${{ env.PHAR }}"
- name: Verify signature with gpg
run: "gpg --verify ${{ env.PHAR_SIGNATURE }} ${{ env.PHAR }}"
- name: Remove decrypted keys
run: "rm ${{ env.GPG_KEYS }}"
- name: Determine tag
id: determine-tag
run: "echo \"::set-output name=tag::${GITHUB_REF#refs/tags/}\""
- name: Fetch all
run: git fetch --all && git fetch --tags --force
- name: Determine previous tag
id: determine-prev-tag
run: echo "##[set-output name=tag;]$(git describe --abbrev=0 ${{ steps.determine-tag.outputs.tag }})^"
- name: Prepare release notes
id: changelog
run: |
changelog=$(php build/release-notes)
echo $changelog
changelog="${changelog//'%'/'%25'}"
changelog="${changelog//$'\n'/'%0A'}"
changelog="${changelog//$'\r'/'%0D'}"
echo "::set-output name=changelog::$changelog"
- name: Check release notes
run: "echo \"${{ steps.changelog.outputs.changelog }}\""
- name: Create release
id: create-release
uses: actions/create-release@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
draft: false
prerelease: false
tag_name: "${{ steps.determine-tag.outputs.tag }}"
release_name: "${{ steps.determine-tag.outputs.tag }}"
body: "${{ steps.changelog.outputs.changelog }}"
- name: Upload captainhook.phar
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
asset_content_type: application/octet-stream
asset_name: captainhook.phar
asset_path: "${{ env.PHAR }}"
upload_url: "${{ steps.create-release.outputs.upload_url }}"
- name: Upload captainhook.phar.asc
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
asset_content_type: text/plain
asset_name: captainhook.phar.asc
asset_path: "${{ env.PHAR_SIGNATURE }}"
upload_url: "${{ steps.create-release.outputs.upload_url }}"
- name: Check out the phar repo
uses: actions/checkout@v2
with:
repository: captainhookphp/captainhook-phar
token: ${{ secrets.PAT_SF }}
path: phar-repo
- name: Tag and push the phar repo
run: |
cd phar-repo
git config user.name "Sebastian Feldmann"
git config user.email sebastianfeldmann@users.noreply.github.com
git tag ${{ steps.determine-tag.outputs.tag }}
git push --tags