Skip to content

build(deps): bump actions/checkout from 3 to 4 #651

build(deps): bump actions/checkout from 3 to 4

build(deps): bump actions/checkout from 3 to 4 #651

Workflow file for this run

name: CI
on:
push:
branches:
- master
pull_request:
branches:
- master
workflow_dispatch:
inputs:
dist_root:
description: 'DIST_ROOT'
required: true
default: '/ipns/dist.ipfs.tech'
env:
DIST_ROOT: ${{ github.event.inputs.custom_dist_root || '/ipns/dist.ipfs.tech' }} # content root used for calculating diff to build
KUBO_VER: 'v0.22.0' # kubo daemon used for chunking and applying diff
CLUSTER_CTL_VER: 'v1.0.6' # ipfs-cluster-ctl used for pinning
jobs:
build:
runs-on: ${{ fromJSON(vars.CI_BUILD_RUNS_ON || '"ubuntu-latest"') }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: '16'
- env:
CLUSTER_USER: ${{ secrets.CLUSTER_USER }}
CLUSTER_PASSWORD: ${{ secrets.CLUSTER_PASSWORD }}
uses: ./.github/actions/setup-ipfs
timeout-minutes: 30
- name: Build any new ./releases
run: ./dockerized make all_dists
- name: Inspect git status and contents of ./releases
run: git status && ls -Rhl ./releases
- name: Temporarily save ./releases artifacts
uses: actions/upload-artifact@v3
with:
name: releases-unsigned-diff
path: releases
retention-days: 3
lint:
runs-on: "ubuntu-latest"
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: '16'
- run: npm ci --no-audit --progress=false
- run: npm run lint
sign-macos:
runs-on: "macos-latest"
needs: build
steps:
- uses: actions/checkout@v4
- name: Retrieve unsigned artifacts
uses: actions/download-artifact@v3
with:
name: releases-unsigned-diff
path: releases
continue-on-error: true # skip if no releases
- name: List ./releases before
run: ls -Rhl ./releases || echo "No ./releases"
- name: Install gon via HomeBrew for code signing and app notarization
run: |
brew tap mitchellh/gon
brew install ipfs coreutils gawk gnu-sed jq mitchellh/gon/gon
ipfs init --profile test # needed for calculating NEW_CID later
- name: Import Keychain Certs
uses: apple-actions/import-codesign-certs@8f3fb608891dd2244cdab3d69cd68c0d37a7fe93 # v2
with:
p12-file-base64: ${{ secrets.APPLE_CERTS_P12 }}
p12-password: ${{ secrets.APPLE_CERTS_PASS }}
- name: Verify identity used for signing
run: security find-identity -v
- name: Sign any new releases
run: ./scripts/ci/sign-new-macos-releases.sh
env:
WORK_DIR: ${{ github.workspace }}
AC_USERNAME: ${{ secrets.APPLE_AC_USERNAME }} # implicitly read from env by gon
AC_PASSWORD: ${{ secrets.APPLE_AC_PASSWORD }}
- name: List ./releases after
run: ls -Rhl ./releases || echo "No ./releases"
- name: Temporarily save notarized artifacts
uses: actions/upload-artifact@v3
with:
name: releases-signed-macos-diff
path: releases
retention-days: 3
continue-on-error: true # skip if no releases
persist:
runs-on: ${{ fromJSON(vars.CI_BUILD_RUNS_ON || '"ubuntu-latest"') }}
needs: sign-macos
environment: Deploy
steps:
- name: Setup node
uses: actions/setup-node@v3
with:
node-version: '16'
- uses: actions/checkout@v4
- name: Retrieve signed artifacts
uses: actions/download-artifact@v3
continue-on-error: true # skip if no releases
with:
name: releases-signed-macos-diff
path: releases
- name: List ./releases
run: ls -Rhl ./releases || echo "No ./releases"
- env:
CLUSTER_USER: ${{ secrets.CLUSTER_USER }}
CLUSTER_PASSWORD: ${{ secrets.CLUSTER_PASSWORD }}
uses: ./.github/actions/setup-ipfs
timeout-minutes: 30
- run: ./dockerized make publish
- run: git status
- name: Read CID of updated DAG
id: cid-reader
run: echo "CID=$(tail -1 ./versions)" >> $GITHUB_OUTPUT
- name: Pin new website to ipfs-websites.collab.ipfscluster.io
run: ./scripts/ci/pin-to-cluster.sh
env:
PIN_CID: ${{ steps.cid-reader.outputs.CID }}
PIN_NAME: "https://github.com/ipfs/distributions/commits/${{ github.sha }}"
PIN_ADD_EXTRA_ARGS: ""
CLUSTER_USER: ${{ secrets.CLUSTER_USER }}
CLUSTER_PASSWORD: ${{ secrets.CLUSTER_PASSWORD }}
timeout-minutes: 60
- name: Update PR status with preview link
run: ./scripts/ci/github-preview-link.sh
env:
CONTENT_PATH: "/ipfs/${{ steps.cid-reader.outputs.CID }}/"
GIT_REVISION: ${{ github.sha }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: ./dockerized make diff
if: github.event_name == 'pull_request'
- uses: actions/upload-artifact@v3
if: github.event_name == 'pull_request'
with:
name: diff
path: diff
- name: Update .tech DNSLink (if on the main branch)
run: npx dnslink-dnsimple --domain dist.ipfs.tech --link /ipfs/${{ steps.cid-reader.outputs.CID }}
if: github.ref == 'refs/heads/master'
env:
DNSIMPLE_TOKEN: ${{ secrets.DNSIMPLE_TOKEN }}
- name: Update legacy .io DNSLink (if on the main branch)
run: npx dnslink-dnsimple --domain dist.ipfs.io --link /ipfs/${{ steps.cid-reader.outputs.CID }}
if: github.ref == 'refs/heads/master'
env:
DNSIMPLE_TOKEN: ${{ secrets.DNSIMPLE_TOKEN }}
diff:
needs: persist
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v3
with:
name: diff
- name: Create comment with the diff
uses: actions/github-script@v6
with:
script: |
const fs = require('fs').promises
const diff = await fs.readFile('diff', 'utf8')
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: ${{ github.event.number }},
body: diff
})