Bump crazy-max/ghaction-import-gpg from 3 to 5 #289
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-vpnclient | |
| on: | |
| pull_request: | |
| types: [ opened, synchronize, reopened, closed ] | |
| branches: [ main, master ] | |
| paths: | |
| - '.github/workflows/build-release-vpnc.yml' | |
| - 'cli/CHANGELOG-VPNC.md' | |
| - 'cli/LICENSE_BUNDLE.md' | |
| - 'cli/python/docker/vpnc.Dockerfile' | |
| - 'cli/python/index.py' | |
| - 'cli/python/src/client/**' | |
| - 'cli/python/src/executor/**' | |
| - 'cli/python/src/utils/**' | |
| - '!cli/python/*.md' | |
| push: | |
| branches: [ main, master ] | |
| tags: | |
| - 'vpnc/v*' | |
| paths: | |
| - '.github/workflows/build-release-vpnc.yml' | |
| - 'cli/CHANGELOG-VPNC.md' | |
| - 'cli/LICENSE_BUNDLE.md' | |
| - 'cli/python/docker/vpnc.Dockerfile' | |
| - 'cli/python/index.py' | |
| - 'cli/python/src/client/**' | |
| - 'cli/python/src/executor/**' | |
| - 'cli/python/src/utils/**' | |
| - '!cli/python/*.md' | |
| env: | |
| APP_CODE: vpnc | |
| APP_IMAGE: playio-vpnc | |
| APP_FOLDER: cli/python/src/client | |
| PYTHON_VERSION: 3.7.10-slim-stretch | |
| PLATFORMS: linux/amd64,linux/arm/v7,linux/arm64 | |
| DOCKER_WORKDIR: cli/python | |
| DOCKER_FILE: cli/python/docker/vpnc.Dockerfile | |
| TAG_PREFIX: vpnc/v | |
| BRAND_VERSION: v2 | |
| BRAND_REPO: play-iot/brand | |
| jobs: | |
| context: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| branch: ${{ steps.context.outputs.branch }} | |
| shouldBuild: ${{ steps.context.outputs.decision_build }} | |
| shouldPublish: ${{ steps.context.outputs.decision_publish }} | |
| isRelease: ${{ steps.context.outputs.isTag }} | |
| afterRelease: ${{ steps.context.outputs.isAfterMergedReleasePR }} | |
| sha: ${{ steps.context.outputs.shortCommitId }} | |
| version: ${{ steps.context.outputs.version }} | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| token: ${{ secrets.BEEIO_CI_TOKEN }} | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@v5 | |
| with: | |
| git-user-signingkey: true | |
| git-commit-gpgsign: true | |
| git-tag-gpgsign: true | |
| git-push-gpgsign: false | |
| gpg-private-key: ${{ secrets.OSS_GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.OSS_GPG_PASSPHARSE }} | |
| - name: Project context | |
| id: context | |
| uses: zero88/gh-project-context@v1.1 | |
| with: | |
| mustSign: true | |
| nextVerMode: PATCH | |
| tagPrefix: ${{ env.TAG_PREFIX }} | |
| releaseBranchPrefix: release/${{ env.APP_CODE }}/ | |
| mergedReleaseMsgRegex: "^Merge pull request #[0-9]+ from .+/release/${{ env.APP_CODE }}/.+$" | |
| patterns: | | |
| ${{ env.APP_FOLDER }}/version.py::(APP_VERSION\s?=\s?)(')([^']+)(')::2 | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: context | |
| if: needs.context.outputs.shouldBuild == 'true' | |
| services: | |
| registry: | |
| image: zero88/gh-registry:latest | |
| ports: | |
| - 5000:5000 | |
| options: >- | |
| -v /home/runner:/var/lib/registry | |
| --name registry | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Inject Hash version | |
| run: | | |
| hash_ver="${{ needs.context.outputs.sha }}" | |
| [[ ${{ needs.context.outputs.isRelease }} == 'true' ]] || hash_ver="$hash_ver-${{ needs.context.outputs.branch }}" | |
| sed -i "s/dev/${hash_ver//\//-}/" ${{ env.APP_FOLDER }}/version.py | |
| - name: Inject brand and license | |
| run: | | |
| docker run --rm -v /tmp:/tmp zero88/ghrd:latest -a "banner.txt" -r ${{ env.BRAND_VERSION }} -o /tmp ${{ env.BRAND_REPO }} | |
| mv /tmp/banner.txt ${{ env.APP_FOLDER }}/resources | |
| cp cli/LICENSE_BUNDLE.md ${{ env.APP_FOLDER }}/resources | |
| - name: Cache Docker layers | |
| uses: actions/cache@v2 | |
| with: | |
| path: /home/runner/docker | |
| key: ${{ runner.os }}-${{ env.APP_IMAGE }}-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-${{ env.APP_IMAGE }}- | |
| - name: Validate cache | |
| run: | | |
| docker buildx imagetools inspect localhost:5000/${{ env.APP_IMAGE }}:buildcache || echo "Not Found" | |
| - name: Docker meta | |
| id: docker_meta | |
| uses: crazy-max/ghaction-docker-meta@v2 | |
| with: | |
| images: ${{ env.APP_IMAGE }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=sha | |
| type=match,pattern=${{ env.APP_CODE }}-v(.*),group=1 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v1 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v1 | |
| with: | |
| driver-opts: network=host | |
| - name: Build artifact by docker | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: ${{ env.DOCKER_WORKDIR }} | |
| file: ${{ env.DOCKER_FILE }} | |
| platforms: ${{ env.PLATFORMS }} | |
| build-args: | | |
| BASE_IMAGE_VERSION=${{ env.PYTHON_VERSION }} | |
| APP_VERSION=${{ needs.context.outputs.version }} | |
| COMMIT_SHA=${{ needs.context.outputs.sha }} | |
| cache-from: type=registry,ref=localhost:5000/${{ env.APP_IMAGE }}:buildcache | |
| cache-to: type=registry,ref=localhost:5000/${{ env.APP_IMAGE }}:buildcache,mode=max | |
| tags: localhost:5000/${{ env.APP_IMAGE }}:${{ needs.context.outputs.sha }} | |
| pull: true | |
| push: true | |
| - name: Zip artifacts | |
| run: | | |
| image=localhost:5000/${{ env.APP_IMAGE }}:${{ needs.context.outputs.sha }} | |
| output=/usr/src/app/ | |
| mkdir -p /tmp/zip /tmp/images | |
| IFS=',' read -ra ARR <<< "${{ env.PLATFORMS }}" | |
| for plat in "${ARR[@]}"; do | |
| p=$(echo "${plat//\//}") | |
| p=$(echo "${p//linux/}") | |
| perImage=$(docker buildx imagetools inspect $image | grep -B 2 $plat | grep Name: | awk '{print $2}') | |
| artifact=${{ env.APP_IMAGE }}.$p | |
| folder=/tmp/images/$artifact | |
| docker create --name $artifact $perImage && docker cp $artifact:$output $folder && docker rm $artifact | |
| cd $folder; zip -r /tmp/zip/$artifact.zip ./; cd - | |
| done | |
| - uses: actions/upload-artifact@v2 | |
| with: | |
| name: ${{ env.APP_IMAGE }} | |
| path: /tmp/zip/ | |
| retention-days: 2 | |
| - name: Cleanup Docker build cache if any | |
| run: | | |
| docker buildx imagetools inspect localhost:5000/${{ env.APP_IMAGE }}:buildcache | |
| echo "======================================================" | |
| docker buildx prune --filter until=72h --keep-storage 3GB -f | |
| - name: Create Release | |
| if: ${{ needs.context.outputs.isRelease == 'true' }} | |
| uses: softprops/action-gh-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: ${{ env.TAG_PREFIX }}${{ needs.context.outputs.version }} | |
| name: Release VPN Client v${{ needs.context.outputs.version }} | |
| draft: false | |
| prerelease: false | |
| files: | | |
| /tmp/zip/${{ env.APP_IMAGE }}.*.zip | |
| - name: Trigger release distribution | |
| if: ${{ needs.context.outputs.isRelease == 'true' }} | |
| run: | | |
| workflow=release-distribution-gh.yml | |
| repo="${{ github.repository }}" | |
| project="${{ env.APP_IMAGE }}" | |
| tag="${{ env.TAG_PREFIX }}${{ needs.context.outputs.version }}" | |
| sha="${{ needs.context.outputs.sha }}" | |
| assets="amd64,armv7" | |
| secret="${{ secrets.BEEIO_CI_PRIVATE_TOKEN }}" | |
| data="{\"ref\":\"main\",\"inputs\":{\"repo\":\"$repo\",\"project\":\"$project\",\"tag\":\"$tag\",\"sha\":\"$sha\",\"assets\":\"$assets\"}}" | |
| status=$(curl -X POST \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| -H "Authorization: Bearer $secret" \ | |
| -d "$data" -w "%{http_code}\n" -o out.json \ | |
| https://api.github.com/repos/play-iot/distribution/actions/workflows/$workflow/dispatches) | |
| cat out.json | |
| [[ "$status" =~ ^2[[:digit:]][[:digit:]] ]] || exit 1 |