Release: Update Repositories #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Release: Update Repositories" | |
on: | |
workflow_dispatch: | |
inputs: | |
build_version: | |
description: 'build version format: n.n.n' | |
required: true | |
type: string | |
permissions: | |
contents: write | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
setup: | |
name: Setup | |
runs-on: ubuntu-latest | |
if: ${{ github.action_repository != 'cloudfoundry/cli' }} | |
outputs: | |
secrets-environment: ${{ steps.set-secrets-environment.outputs.secrets-environment }} | |
version-build: ${{ steps.parse-semver.outputs.version-build }} | |
version-major: ${{ steps.parse-semver.outputs.version-major }} | |
version-minor: ${{ steps.parse-semver.outputs.version-minor }} | |
version-patch: ${{ steps.parse-semver.outputs.version-patch }} | |
claw-url: ${{ steps.set-claw-url.outputs.claw-url }} | |
steps: | |
- name: Set environment | |
id: set-secrets-environment | |
run: echo "::set-output name=secrets-environment::PROD" | |
- name: Set CLAW URL | |
id: set-claw-url | |
run: echo "::set-output name=claw-url::https://packages.cloudfoundry.org" | |
- name: Checkout cli | |
uses: actions/checkout@v2 | |
- name: Parse semver | |
id: parse-semver | |
run: | | |
VERSION=$(cat BUILD_VERSION) | |
VERSION="${VERSION#[vV]}" | |
VERSION_MINOR="${VERSION#*.}" | |
VERSION_MINOR="${VERSION_MINOR%.*}" | |
echo "::set-output name=version-build::${VERSION}" | |
echo "::set-output name=version-major::${VERSION%%\.*}" | |
echo "::set-output name=version-minor::${VERSION_MINOR}" | |
echo "::set-output name=version-patch::${VERSION##*.}" | |
echo "VERSION_BUILD=${VERSION}" >> ${GITHUB_ENV} | |
- name: Test if CLAW serve this version | |
env: | |
CLAW_URL: ${{ steps.set-claw-url.outputs.claw-url }} | |
run: > | |
set -vx | |
curl --head "${CLAW_URL}/stable?release=linux64-binary&version=${VERSION_BUILD}&source=test" 2>&1 | | |
grep --quiet --regexp 'HTTP.*302' | |
update-homebrew: | |
name: Update Homebrew Repository | |
runs-on: ubuntu-latest | |
needs: setup | |
environment: ${{ needs.setup.outputs.secrets-environment }} | |
env: | |
CLAW_URL: ${{ needs.setup.outputs.claw-url }} | |
VERSION_BUILD: ${{ needs.setup.outputs.version-build }} | |
VERSION_MAJOR: ${{ needs.setup.outputs.version-major }} | |
steps: | |
- name: Checkout cli-ci | |
uses: actions/checkout@v2 | |
with: | |
repository: cloudfoundry/cli-ci.git | |
ref: main | |
path: cli-ci | |
- name: Checkout homebrew-tap | |
uses: actions/checkout@v2 | |
with: | |
repository: cloudfoundry/homebrew-tap | |
ref: master | |
path: homebrew-tap | |
ssh-key: ${{ secrets.GIT_DEPLOY_HOMEBREW_TAP }} | |
- name: Setup | |
run: > | |
mkdir | |
cf-cli-osx-tarball | |
cf-cli-macosarm-tarball | |
cf-cli-linux-tarball | |
- name: Calculate checksums | |
run: | | |
set -x | |
curl -L "${CLAW_URL}/stable?release=macosx64-binary&version=${VERSION_BUILD}&source=github-rel" \ | |
> cf-cli-osx-tarball/cf-cli_osx.tgz | |
curl -L "${CLAW_URL}/stable?release=macosarm-binary&version=${VERSION_BUILD}&source=github-rel" \ | |
> cf-cli-macosarm-tarball/cf-cli_macosarm.tgz | |
curl -L "${CLAW_URL}/stable?release=linux64-binary&version=${VERSION_BUILD}&source=github-rel" \ | |
> cf-cli-linux-tarball/cf-cli_linux64.tgz | |
curl -L "${CLAW_URL}/stable?release=linuxarm64-binary&version=${VERSION_BUILD}&source=github-rel" \ | |
> cf-cli-linux-tarball/cf-cli_linuxarm64.tgz | |
# Because CLAW always returns 200 we have to check if we got archive | |
file cf-cli-osx-tarball/cf-cli_osx.tgz | grep -q gzip || exit 1 | |
file cf-cli-macosarm-tarball/cf-cli_macosarm.tgz | grep -q gzip || exit 1 | |
file cf-cli-linux-tarball/cf-cli_linux64.tgz | grep -q gzip || exit 1 | |
file cf-cli-linux-tarball/cf-cli_linuxarm64.tgz | grep -q gzip || exit 1 | |
pushd cf-cli-osx-tarball | |
CLI_OSX_SHA256=$(shasum -a 256 cf-cli_osx.tgz | cut -d ' ' -f 1) | |
popd | |
pushd cf-cli-macosarm-tarball | |
CLI_MACOSARM_SHA256=$(shasum -a 256 cf-cli_macosarm.tgz | cut -d ' ' -f 1) | |
popd | |
pushd cf-cli-linux-tarball | |
CLI_LINUX_64_SHA256=$(shasum -a 256 cf-cli_linux64.tgz | cut -d ' ' -f 1) | |
popd | |
pushd cf-cli-linux-tarball | |
CLI_LINUX_ARM64_SHA256=$(shasum -a 256 cf-cli_linuxarm64.tgz | cut -d ' ' -f 1) | |
popd | |
echo "CLI_OSX_SHA256=${CLI_OSX_SHA256}" >> "${GITHUB_ENV}" | |
echo "CLI_MACOSARM_SHA256=${CLI_MACOSARM_SHA256}" >> "${GITHUB_ENV}" | |
echo "CLI_LINUX_64_SHA256=${CLI_LINUX_64_SHA256}" >> "${GITHUB_ENV}" | |
echo "CLI_LINUX_ARM64_SHA256=${CLI_LINUX_ARM64_SHA256}" >> "${GITHUB_ENV}" | |
- name: Generate Homebrew formula file | |
run: | | |
set -ex | |
pushd homebrew-tap | |
cat <<EOF > cf-cli@${VERSION_MAJOR}.rb | |
class CfCliAT${VERSION_MAJOR} < Formula | |
desc "Cloud Foundry CLI" | |
homepage "https://code.cloudfoundry.org/cli" | |
version "${VERSION_BUILD}" | |
if OS.mac? | |
if Hardware::CPU.arm? | |
url "${CLAW_URL}/homebrew?arch=macosarm&version=${VERSION_BUILD}" | |
sha256 "${CLI_MACOSARM_SHA256}" | |
elsif | |
url "${CLAW_URL}/homebrew?arch=macosx64&version=${VERSION_BUILD}" | |
sha256 "${CLI_OSX_SHA256}" | |
end | |
elsif OS.linux? | |
url "${CLAW_URL}/stable?release=linux64-binary&version=${VERSION_BUILD}&source=homebrew" | |
sha256 "${CLI_LINUX_64_SHA256}" | |
end | |
def install | |
bin.install "cf${VERSION_MAJOR}" | |
bin.install_symlink "cf${VERSION_MAJOR}" => "cf" | |
(bash_completion/"cf${VERSION_MAJOR}-cli").write <<-completion | |
$(cat ../cli-ci/ci/installers/completion/cf${VERSION_MAJOR}) | |
completion | |
doc.install "LICENSE" | |
doc.install "NOTICE" | |
end | |
test do | |
system "#{bin}/cf${VERSION_MAJOR}" | |
end | |
end | |
EOF | |
popd | |
- name: Commit new homebrew formula | |
run: | | |
pushd homebrew-tap | |
git add cf-cli@${VERSION_MAJOR}.rb | |
if ! [ -z "$(git status --porcelain)"]; then | |
git config user.name github-actions | |
git config user.email [email protected] | |
git commit -m "Release CF CLI ${VERSION_BUILD}" | |
else | |
echo "no new version to commit" | |
fi | |
git push | |
echo "::group::cf-cli@${VERSION_MAJOR}.rb" | |
cat cf-cli@${VERSION_MAJOR}.rb | |
echo "::endgroup::" | |
echo "::group::git show" | |
git show | |
echo "::endgroup::" | |
popd | |
test-homebrew: | |
name: Test Homebrew Repository | |
runs-on: macos-latest | |
needs: | |
- setup | |
- update-homebrew | |
environment: ${{ needs.setup.outputs.secrets-environment }} | |
env: | |
CLAW_URL: ${{ needs.setup.outputs.claw-url }} | |
VERSION_BUILD: ${{ needs.setup.outputs.version-build }} | |
VERSION_MAJOR: ${{ needs.setup.outputs.version-major }} | |
steps: | |
- name: Install CF CLI via Homebrew | |
run: | | |
set -evx | |
brew install cloudfoundry/tap/cf-cli@${VERSION_MAJOR} | |
installed_cf_version=$(cf${VERSION_MAJOR} version) | |
cf_location=$(which cf) | |
echo $cf_location | |
echo $installed_cf_version | |
echo ${VERSION_BUILD} | |
codesign --verify $cf_location || echo --- | |
cf -v | grep "${VERSION_BUILD}" | |
update-deb: | |
name: Update Debian Repository | |
runs-on: ubuntu-20.04 | |
needs: setup | |
environment: ${{ needs.setup.outputs.secrets-environment }} | |
env: | |
CLAW_URL: ${{ needs.setup.outputs.claw-url }} | |
VERSION_BUILD: ${{ needs.setup.outputs.version-build }} | |
VERSION_MAJOR: ${{ needs.setup.outputs.version-major }} | |
steps: | |
- name: Setup | |
run: | | |
echo "VERSION_BUILD: ${VERSION_BUILD}" | |
echo "Environment: ${ENVIRONMENT}" | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- uses: actions/checkout@v2 | |
- uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: 2.7 | |
- run: gem install deb-s3 | |
#RUN apt install -y ruby1.9.1 createrepo | |
- name: Load GPG key | |
env: | |
SIGNING_KEY_GPG: ${{ secrets.SIGNING_KEY_GPG }} | |
SIGNING_KEY_GPG_PASSPHRASE: ${{ secrets.SIGNING_KEY_GPG_PASSPHRASE }} | |
run: | | |
echo -n "${SIGNING_KEY_GPG}" | base64 --decode | gpg --no-tty --batch --pinentry-mode loopback --import | |
- name: View GPG keys | |
run: gpg --list-keys | |
- name: Configure GPG | |
run: | | |
echo "Configure GPG" | |
# mkdir gpg-dir | |
# export GNUPGHOME=${PWD}/gpg-dir | |
# chmod 700 ${GNUPGHOME} | |
# TODO: restore | |
# trap "rm -rf ${GNUPGHOME}" 0 | |
cat >> ~/gpg.conf <<EOF | |
personal-digest-preferences SHA256 | |
cert-digest-algo SHA256 | |
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed | |
EOF | |
- name: Download New Debian Packages From CLAW | |
run: | | |
mkdir installers | |
curl -L "${CLAW_URL}/stable?release=debian32&version=${VERSION_BUILD}&source=github-rel" > installers/cf${VERSION_MAJOR}-cli-installer_${VERSION_BUILD}_i686.deb | |
curl -L "${CLAW_URL}/stable?release=debian64&version=${VERSION_BUILD}&source=github-rel" > installers/cf${VERSION_MAJOR}-cli-installer_${VERSION_BUILD}_x86-64.deb | |
curl -L "${CLAW_URL}/stable?release=debianarm64&version=${VERSION_BUILD}&source=github-rel" > installers/cf${VERSION_MAJOR}-cli-installer_${VERSION_BUILD}_arm64.deb | |
- name: Update Debian Repository | |
env: | |
DEBIAN_FRONTEND: noninteractive | |
SIGNING_KEY_GPG_ID: ${{ secrets.SIGNING_KEY_GPG_ID }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_BUCKET_NAME: cf-cli-debian-repo | |
AWS_DEFAULT_REGION: us-west-2 | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_S3_ROLE_ARN: ${{ secrets.AWS_S3_ROLE_ARN }} | |
run: | | |
export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" $(aws sts assume-role --role-arn ${AWS_S3_ROLE_ARN} --role-session-name foobar --output text --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]")) | |
deb-s3 upload installers/*.deb \ | |
--preserve-versions \ | |
--bucket=${AWS_BUCKET_NAME} \ | |
--sign=${SIGNING_KEY_GPG_ID} | |
test-deb: | |
name: Test Debian Repository | |
runs-on: ubuntu-20.04 | |
needs: | |
- setup | |
- update-deb | |
environment: ${{ needs.setup.outputs.secrets-environment }} | |
env: | |
CLAW_URL: ${{ needs.setup.outputs.claw-url }} | |
VERSION_BUILD: ${{ needs.setup.outputs.version-build }} | |
VERSION_MAJOR: ${{ needs.setup.outputs.version-major }} | |
steps: | |
- name: Install CF CLI via apt | |
run: | | |
set -o pipefail -e | |
sudo apt update | |
sudo apt install -y wget gnupg | |
wget -q -O - ${CLAW_URL}/debian/cli.cloudfoundry.org.key | sudo apt-key add - | |
echo "deb ${CLAW_URL}/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list | |
sudo apt update | |
sudo apt install -y cf${VERSION_MAJOR}-cli | |
which cf | |
set -x | |
cf -v | |
cf${VERSION_MAJOR} -v | |
cf -v | grep "${VERSION_BUILD}" | |
update-rpm: | |
name: Update RPM Repository | |
runs-on: ubuntu-20.04 | |
container: ubuntu:18.04 | |
environment: ${{ needs.setup.outputs.secrets-environment }} | |
needs: setup | |
env: | |
CLAW_URL: ${{ needs.setup.outputs.claw-url }} | |
VERSION_BUILD: ${{ needs.setup.outputs.version-build }} | |
VERSION_MAJOR: ${{ needs.setup.outputs.version-major }} | |
steps: | |
- name: Setup | |
env: | |
ENVIRONMENT: ${{ github.event.inputs.environment }} | |
VERSION_BUILD: ${{ github.event.inputs.build_version }} | |
run: | | |
echo "VERSION_BUILD: ${VERSION_BUILD}" | |
echo "Environment: ${ENVIRONMENT}" | |
# TODO: fix backup | |
# - name: Download current RPM repodata | |
# env: | |
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
# AWS_DEFAULT_REGION: us-east-1 | |
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
# uses: docker://amazon/aws-cli:latest | |
# with: | |
# args: > | |
# s3 cp --recursive | |
# s3://cf-cli-rpm-repo/ | |
# backup | |
# TODO: fix https://aws.amazon.com/premiumsupport/knowledge-center/s3-access-denied-listobjects-sync/ | |
# | |
# - name: List assets | |
# run: | | |
# ls -R | |
# | |
# - name: Backup current Linux RPM repodata | |
# uses: actions/upload-artifact@v2 | |
# with: | |
# if-no-files-found: error | |
# name: cf-cli-linux-rpm-repodata-backup | |
# path: backup | |
- name: Install Linux Packages | |
env: | |
DEBIAN_FRONTEND: noninteractive | |
run: > | |
apt update && | |
apt install --yes --no-install-recommends | |
gnupg | |
createrepo | |
awscli | |
- name: Setup aws to upload installers to CLAW S3 bucket | |
uses: aws-actions/configure-aws-credentials@v3 | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_S3_ROLE_ARN: ${{ secrets.AWS_S3_ROLE_ARN }} | |
with: | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-west-1 | |
role-to-assume: ${{ env.AWS_S3_ROLE_ARN }} | |
role-skip-session-tagging: true | |
role-duration-seconds: 1200 | |
- name: Download V8 RPMs | |
run: aws s3 sync --exclude "*" --include "releases/*/*installer*.rpm" s3://v8-cf-cli-releases . | |
- name: Download V7 RPMs | |
run: aws s3 sync --exclude "*" --include "releases/*/*installer*.rpm" s3://v7-cf-cli-releases . | |
- name: Download V6 RPMs | |
run: aws s3 sync --exclude "*" --include "releases/*/*installer*.rpm" s3://cf-cli-releases . | |
- name: Sign repo | |
run: createrepo --checksum=sha . | |
- name: List assets | |
run: ls -R | |
- name: Store Linux RPM repodata | |
uses: actions/upload-artifact@v2 | |
with: | |
if-no-files-found: error | |
name: cf-cli-linux-rpm-repodata | |
path: repodata | |
- name: Upload RPM repodata | |
run: aws s3 sync --delete repodata s3://cf-cli-rpm-repo/repodata | |
test-rpm-repo: | |
name: Test RPM Repository | |
needs: | |
- setup | |
- update-rpm | |
runs-on: ubuntu-latest | |
container: | |
image: fedora | |
environment: ${{ needs.setup.outputs.secrets-environment }} | |
env: | |
CLAW_URL: ${{ needs.setup.outputs.claw-url }} | |
VERSION_BUILD: ${{ needs.setup.outputs.version-build }} | |
VERSION_MAJOR: ${{ needs.setup.outputs.version-major }} | |
steps: | |
- name: Configure Custom CF Repository | |
run: | | |
curl -sL -o /etc/yum.repos.d/cloudfoundry-cli.repo \ | |
${CLAW_URL}/fedora/cloudfoundry-cli.repo | |
- name: Install cf cli package | |
run: dnf install -y cf${VERSION_MAJOR}-cli | |
- name: Print CF CLI Versions | |
run: | | |
cf -v | |
cf${VERSION_MAJOR} -v | |
- name: Test Version Match | |
run: cf -v | grep -q "${VERSION_BUILD}" | |
# vim: set sw=2 ts=2 sts=2 et tw=78 foldlevel=2 fdm=indent nospell: |