fix(config-api): asset upload config and saml document store changes … #934
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish packages | |
on: | |
push: | |
tags: | |
- 'v**' | |
- 'nightly' | |
permissions: | |
contents: read | |
jobs: | |
publish_binary_packages: | |
if: github.repository == 'JanssenProject/jans' | |
runs-on: ubuntu-20.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
name: [ubuntu22, ubuntu20, el8, suse15] | |
include: | |
- name: ubuntu22 | |
asset_suffix: ~ubuntu22.04_amd64.deb | |
build_files: deb/jammy | |
asset_prefix: '_' | |
asset_path: jans | |
sign_cmd: dpkg-sig -s builder -k DE92BEF14A1A4E542F678B64DC3C790386C73900 | |
python_version: 3.8 | |
- name: ubuntu20 | |
asset_suffix: ~ubuntu20.04_amd64.deb | |
build_files: deb/focal | |
asset_prefix: '_' | |
asset_path: jans | |
sign_cmd: dpkg-sig -s builder -k DE92BEF14A1A4E542F678B64DC3C790386C73900 | |
python_version: 3.8 | |
- name: el8 | |
asset_suffix: .el8.x86_64.rpm | |
build_files: rpm/el8 | |
asset_prefix: '-' | |
asset_path: jans/rpmbuild/RPMS/x86_64 | |
sign_cmd: rpm --addsign | |
python_version: 3.6 | |
- name: suse15 | |
asset_suffix: .suse15.x86_64.rpm | |
build_files: rpm/suse15 | |
asset_prefix: '-' | |
asset_path: jans/rpmbuild/RPMS/x86_64 | |
sign_cmd: rpm --addsign | |
python_version: 3.6 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
path: temp-jans | |
- name: Getting build dependencies | |
id: get_dependencies | |
run: | | |
mkdir -p jans/jans-src/opt/ | |
cp -rp temp-jans/automation/packaging/${{ matrix.build_files }}/* jans/ | |
cp temp-jans/jans-linux-setup/jans_setup/install.py jans/install.py | |
sudo add-apt-repository ppa:deadsnakes/ppa | |
sudo apt-get update | |
sudo apt-get install -y python${{ matrix.python_version }} | |
sudo apt install -y build-essential devscripts debhelper rpm dpkg-sig python3-dev python3-requests python3-ruamel.yaml python3-pymysql python3-crypto python3-distutils python3-prompt-toolkit python${{ matrix.python_version }}-distutils libpq-dev python${{ matrix.python_version }}-dev apache2 rsyslog python3-urllib3 python3-certifi postgresql postgresql-contrib | |
sudo cp -r /usr/lib/python3/dist-packages /usr/lib/python${{ matrix.python_version }}/ | |
sudo python${{ matrix.python_version }} -m pip install psycopg2-binary psycopg2 | |
- name: Import GPG key | |
id: import_gpg | |
continue-on-error: true | |
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 | |
with: | |
gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
- name: List keys | |
id: list_keys | |
run: gpg -K | |
- name: Get latest tag | |
id: previoustag | |
run: | | |
echo "tag=$(echo ${{ github.event.ref }} | cut -d '/' -f 3)" >> $GITHUB_OUTPUT | |
if [[ ${{ github.event.ref }} == 'refs/tags/nightly' ]]; then | |
echo "version=0.0.0-nightly" >> $GITHUB_OUTPUT | |
else | |
echo "version=$(echo ${{ github.event.ref }} | cut -d 'v' -f 2)-stable" >> $GITHUB_OUTPUT | |
fi | |
echo "PACKAGE_PREFIX=jans" >> ${GITHUB_ENV} | |
- name: Print Version and tag | |
run: | | |
echo "Version: ${{ steps.previoustag.outputs.version }}" | |
echo "Tag: ${{ steps.previoustag.outputs.tag }}" | |
- name: Running install and build | |
id: run_build | |
run: | | |
cd jans/ | |
sudo python${{ matrix.python_version }} install.py -download-exit -yes --keep-downloads --keep-setup -force-download | |
cp -r /opt/dist jans-src/opt/ | |
cp -r /opt/jans jans-src/opt/ | |
touch jans-src/opt/jans/jans-setup/package | |
rm -rf install.py install jans-cli-tui | |
rm -rf jans-src/opt/jans/jans-setup/logs/setup.log | |
rm -rf jans-src/opt/jans/jans-setup/logs/setup_error.log | |
sed -i "s/%VERSION%/${{ steps.previoustag.outputs.version }}/g" run-build.sh | |
cat run-build.sh | |
sudo ./run-build.sh | |
- name: Sign package | |
id: sign_package | |
run : | | |
echo '%_gpg_name moauto (automation) <54212639+mo-auto@users.noreply.github.com>' >> ~/.rpmmacros | |
${{ matrix.sign_cmd }} ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }} | |
gpg --armor --detach-sign ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }} | |
- name: Create checksum | |
id: create_checksum | |
run: | | |
cd jans/ | |
sed -i "s/%VERSION%/${{ steps.previoustag.outputs.version }}/g" checksum.sh | |
sudo ./checksum.sh | |
ls ${{github.workspace}}/${{ matrix.asset_path }} | |
- name: Upload binaries to release | |
id: upload_binaries | |
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2 | |
with: | |
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }} | |
file: ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }} | |
asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }} | |
tag: ${{ steps.previoustag.outputs.tag }} | |
overwrite: true | |
- name: Upload checksum to release | |
id: upload_shas | |
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2 | |
with: | |
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }} | |
file: ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.sha256sum | |
asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.sha256sum | |
tag: ${{ steps.previoustag.outputs.tag }} | |
overwrite: true | |
- name: Upload sig to release | |
id: upload_sigs | |
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2 | |
with: | |
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }} | |
file: ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.asc | |
asset_name: ${{ env.PACKAGE_PREFIX }}${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.asc | |
tag: ${{ steps.previoustag.outputs.tag }} | |
overwrite: true | |
build_python_packages: | |
if: github.repository == 'JanssenProject/jans' | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- uses: addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185 # v3 | |
name: Build with Suse | |
continue-on-error: true | |
with: | |
image: opensuse/leap:15.4 | |
options: -v ${{ github.workspace }}:/suse | |
run: | | |
zypper addrepo https://download.opensuse.org/repositories/openSUSE:Leap:15.1/standard/openSUSE:Leap:15.1.repo | |
zypper --gpg-auto-import-keys refresh | |
zypper --non-interactive install -y gcc-c++ make gcc automake autoconf libtool python3-pip python3-setuptools python3-wheel openssl | |
zypper addrepo https://download.opensuse.org/repositories/home:smarty12:Python/RaspberryPi_Leap_15.2/home:smarty12:Python.repo | |
zypper --gpg-auto-import-keys refresh | |
zypper download python3-dev | |
rpm -i --nodeps /var/cache/zypp/packages/home_smarty12_Python/noarch/python3-dev-0.4.0-lp152.1.4.noarch.rpm | |
zypper --non-interactive install -y python3 | |
zypper --non-interactive install -y python3-devel | |
echo "Building jans-linux-setup package" | |
cd /suse/jans-linux-setup | |
pip install shiv | |
make zipapp | |
mv jans-linux-setup.pyz jans-linux-suse-X86-64-setup.pyz | |
sha256sum jans-linux-suse-X86-64-setup.pyz > jans-linux-suse-X86-64-setup.pyz.sha256sum | |
cd ../jans-cli-tui | |
make zipapp | |
mv jans-cli-tui.pyz jans-cli-tui-linux-suse-X86-64.pyz | |
sha256sum jans-cli-tui-linux-suse-X86-64.pyz > jans-cli-tui-linux-suse-X86-64.pyz.sha256sum | |
- name: Set up Python 3.6 | |
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 | |
with: | |
python-version: 3.6 | |
- name: Build with Ubuntu | |
continue-on-error: true | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y python3 build-essential ca-certificates dbus systemd iproute2 gpg python3-pip python3-dev libpq-dev gcc | |
python3 -m pip install --upgrade pip || echo "Failed to upgrade pip" | |
pip3 install shiv wheel setuptools | |
echo "Building jans-linux-setup package" | |
sudo chown -R runner:docker /home/runner/work/jans/jans | |
cd jans-linux-setup | |
make zipapp || echo "Creating linux setup failed for ubuntu" | |
mv jans-linux-setup.pyz jans-linux-ubuntu-X86-64-setup.pyz || echo "Failed" | |
sha256sum jans-linux-ubuntu-X86-64-setup.pyz > jans-linux-ubuntu-X86-64-setup.pyz.sha256sum || echo "Failed" | |
cd ../jans-cli-tui | |
make zipapp | |
mv jans-cli-tui.pyz jans-cli-tui-linux-ubuntu-X86-64.pyz | |
sha256sum jans-cli-tui-linux-ubuntu-X86-64.pyz > jans-cli-tui-linux-ubuntu-X86-64.pyz.sha256sum | |
- uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 | |
id: cache-installers | |
with: | |
path: | | |
${{github.workspace}}/jans-linux-setup/jans-linux-suse-X86-64-setup.pyz | |
${{github.workspace}}/jans-linux-setup/jans-linux-suse-X86-64-setup.pyz.sha256sum | |
${{github.workspace}}/jans-linux-setup/jans-linux-ubuntu-X86-64-setup.pyz | |
${{github.workspace}}/jans-linux-setup/jans-linux-ubuntu-X86-64-setup.pyz.sha256sum | |
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-suse-X86-64.pyz | |
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-suse-X86-64.pyz.sha256sum | |
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-ubuntu-X86-64.pyz | |
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-ubuntu-X86-64.pyz.sha256sum | |
key: ${{ github.sha }} | |
upload_python_packages: | |
if: github.repository == 'JanssenProject/jans' | |
needs: build_python_packages | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
name: [ubuntu, suse] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 | |
id: cache-installers | |
with: | |
path: | | |
${{github.workspace}}/jans-linux-setup/jans-linux-suse-X86-64-setup.pyz | |
${{github.workspace}}/jans-linux-setup/jans-linux-suse-X86-64-setup.pyz.sha256sum | |
${{github.workspace}}/jans-linux-setup/jans-linux-ubuntu-X86-64-setup.pyz | |
${{github.workspace}}/jans-linux-setup/jans-linux-ubuntu-X86-64-setup.pyz.sha256sum | |
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-suse-X86-64.pyz | |
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-suse-X86-64.pyz.sha256sum | |
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-ubuntu-X86-64.pyz | |
${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-ubuntu-X86-64.pyz.sha256sum | |
key: ${{ github.sha }} | |
- name: Get latest tag | |
id: previoustag | |
run: | | |
echo "version=${VERSION}" >> $GITHUB_OUTPUT | |
echo "tag=$(echo ${{ github.event.ref }} | cut -d '/' -f 3)" >> $GITHUB_OUTPUT | |
echo "SETUP_PREFIX=jans-linux" >> ${GITHUB_ENV} | |
echo "TUI_PREFIX=jans-cli-tui-linux" >> ${GITHUB_ENV} | |
echo "PACKAGE_PREFIX=jans" >> ${GITHUB_ENV} | |
- name: Print Version and tag | |
run: | | |
echo "Version: ${{ steps.previoustag.outputs.version }}" | |
echo "Tag: ${{ github.event.ref }}" | |
- name: Upload binaries to release | |
id: upload_binaries_setup | |
continue-on-error: true | |
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2 | |
with: | |
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }} | |
file: ${{github.workspace}}/jans-linux-setup/jans-linux-${{ matrix.name }}-X86-64-setup.pyz | |
asset_name: ${{ env.SETUP_PREFIX }}-${{ matrix.name }}-X86-64-setup.pyz | |
tag: ${{ steps.previoustag.outputs.tag }} | |
overwrite: true | |
- name: Upload checksum to release | |
id: upload_shas_setup | |
continue-on-error: true | |
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2 | |
with: | |
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }} | |
file: ${{github.workspace}}/jans-linux-setup/jans-linux-${{ matrix.name }}-X86-64-setup.pyz.sha256sum | |
asset_name: ${{ env.SETUP_PREFIX }}-${{ matrix.name }}-X86-64-setup.pyz.sha256sum | |
tag: ${{ steps.previoustag.outputs.tag }} | |
overwrite: true | |
- name: Upload binaries to release | |
id: upload_binaries_cli | |
continue-on-error: true | |
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2 | |
with: | |
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }} | |
file: ${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-${{ matrix.name }}-X86-64.pyz | |
asset_name: ${{ env.TUI_PREFIX }}-${{ matrix.name }}-X86-64.pyz | |
tag: ${{ steps.previoustag.outputs.tag }} | |
overwrite: true | |
- name: Upload checksum to release | |
id: upload_shas_cli | |
continue-on-error: true | |
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2 | |
with: | |
repo_token: ${{ secrets.MOAUTO_WORKFLOW_TOKEN }} | |
file: ${{github.workspace}}/jans-cli-tui/jans-cli-tui-linux-${{ matrix.name }}-X86-64.pyz.sha256sum | |
asset_name: ${{ env.TUI_PREFIX }}-${{ matrix.name }}-X86-64.pyz.sha256sum | |
tag: ${{ steps.previoustag.outputs.tag }} | |
overwrite: true | |
build_demo_packages: | |
if: github.repository == 'JanssenProject/jans' | |
# Needs cedarling wasm as jans-tarp uses the wasm package | |
needs: build_cedarling_wasm | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Build with Ubuntu | |
continue-on-error: true | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y zip | |
cd demos | |
VER=$(echo ${{ github.event.ref }} | cut -d '/' -f 3) | |
for i in $(ls -d */); do zip -r demo-${i%/}-$VER-source.zip $i && sha256sum demo-${i%/}-$VER-source.zip > demo-${i%/}-$VER-source.zip.sha256sum; done | |
sudo rm demo-jans-tarp-$VER-source.zip demo-jans-tarp-$VER-source.zip.sha256sum | |
cd jans-tarp | |
# Get the latest cedarling wasm package | |
TAG=$(echo ${{ github.event.ref }} | cut -d '/' -f 3 | sed 's/^v//') | |
if [ "${TAG}" == "nightly" ]; then | |
TAG="0.0.0" | |
fi | |
wget https://github.com/${{ github.repository }}/releases/download/"${VER}"/cedarling_wasm_"${TAG}"_pkg.tar.gz -O cedarling_wasm.tar.gz | |
mkdir -p wasm | |
tar -xvf cedarling_wasm.tar.gz -C wasm | |
rm cedarling_wasm.tar.gz | |
ls wasm | |
# END Get the latest cedarling wasm package | |
npm install | |
npm run build | |
npm run pack | |
mv ./release/jans-tarp-chrome-*.zip ../demo-jans-tarp-chrome-$VER.zip | |
mv ./release/jans-tarp-firefox-*.zip ../demo-jans-tarp-firefox-$VER.zip | |
sha256sum ../demo-jans-tarp-chrome-$VER.zip > ../demo-jans-tarp-chrome-$VER.zip.sha256sum | |
sha256sum ../demo-jans-tarp-firefox-$VER.zip > ../demo-jans-tarp-firefox-$VER.zip.sha256sum | |
cd .. | |
echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" | gh auth login --with-token | |
gh release upload $VER *.zip *.sha256sum --clobber | |
build_cedarling_python: | |
if: github.repository == 'JanssenProject/jans' | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Import GPG key | |
id: import_gpg | |
continue-on-error: true | |
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 | |
with: | |
gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
- uses: PyO3/maturin-action@ea5bac0f1ccd0ab11c805e2b804bfcb65dac2eab # v1.45.0 | |
with: | |
working-directory: ${{ github.workspace }}/jans-cedarling/bindings/cedarling_python | |
command: build | |
args: --release -i python3.10 python3.11 | |
- name: Generate sha256sum and sign | |
id: sign-cedarling | |
run: | | |
TAG=$(echo ${{ github.event.ref }} | cut -d '/' -f 3 | sed 's/^v//') | |
VERSION="$(echo ${{ github.event.ref }} | cut -d '/' -f 3)" | |
if [ "${TAG}" == "nightly" ]; then | |
VERSION=nightly | |
TAG="0.0.0" | |
fi | |
cd ${{ github.workspace }}/jans-cedarling/target/wheels | |
sha256sum cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_31_x86_64.whl > cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_31_x86_64.whl.sha256sum | |
sha256sum cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_31_x86_64.whl > cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_31_x86_64.whl.sha256sum | |
gpg --armor --detach-sign cedarling_python-"${TAG}"-cp311-cp311-manylinux_2_31_x86_64.whl || echo "Failed to sign" | |
gpg --armor --detach-sign cedarling_python-"${TAG}"-cp310-cp310-manylinux_2_31_x86_64.whl || echo "Failed to sign" | |
echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" | gh auth login --with-token | |
gh release upload "${VERSION}" *.whl *.sha256sum *.asc | |
build_cedarling_wasm: | |
if: github.repository == 'JanssenProject/jans' | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Import GPG key | |
id: import_gpg | |
continue-on-error: true | |
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 | |
with: | |
gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
- name: Build WASM build | |
id: sign-cedarling | |
working-directory: ${{ github.workspace }}/jans-cedarling/bindings/cedarling_wasm | |
run: | | |
rustup update stable && rustup default stable | |
cargo install wasm-pack | |
wasm-pack build --release --target web | |
ls pkg | |
- name: Archive and sign pkg contents | |
id: archive_pkg | |
working-directory: ${{ github.workspace }}/jans-cedarling/bindings/cedarling_wasm | |
run: | | |
TAG=$(echo ${{ github.event.ref }} | cut -d '/' -f 3 | sed 's/^v//') | |
VERSION="$(echo ${{ github.event.ref }} | cut -d '/' -f 3)" | |
if [ "${TAG}" == "nightly" ]; then | |
VERSION=nightly | |
TAG="0.0.0" | |
fi | |
rm -rf pkg/.gitignore || echo "Failed to remove gitignore" | |
tar -czvf cedarling_wasm_"${TAG}"_pkg.tar.gz -C pkg . | |
sha256sum cedarling_wasm_"${TAG}"_pkg.tar.gz > cedarling_wasm_"${TAG}"_pkg.tar.gz.sha256sum | |
gpg --armor --detach-sign cedarling_wasm_"${TAG}"_pkg.tar.gz || echo "Failed to sign" | |
echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" | gh auth login --with-token | |
gh release upload "${VERSION}" *.tar.gz *.sha256sum *.asc | |
build_cedarling_krakend: | |
if: github.repository == 'JanssenProject/jans' | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
krakend-builder-image: [ 'builder:2.9.0', 'builder:2.9.0-linux-generic' ] | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Import GPG key | |
id: import_gpg | |
continue-on-error: true | |
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 | |
with: | |
gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
- name: Set environment variables | |
run: | | |
TAG=$(echo ${{ github.event.ref }} | cut -d '/' -f 3 | sed 's/^v//') | |
VERSION="$(echo ${{ github.event.ref }} | cut -d '/' -f 3)" | |
if [ "${TAG}" == "nightly" ]; then | |
VERSION=nightly | |
TAG="0.0.0" | |
fi | |
echo TAG=${TAG} >> $GITHUB_ENV | |
echo VERSION=${VERSION} >> $GITHUB_ENV | |
KRAKEND_BUILDER_IMAGE=${{ matrix.krakend-builder-image }} | |
KRAKEND_BUILDER_IMAGE=${KRAKEND_BUILDER_IMAGE/:/-} | |
echo KRAKEND_BUILDER_IMAGE=${KRAKEND_BUILDER_IMAGE} >> $GITHUB_ENV | |
echo CC="aarch64-linux-musl-gcc" >> $GITHUB_ENV | |
if [ "${{ matrix.krakend-builder-image }}" == "builder:2.9.0-linux-generic" ]; then | |
echo CC="aarch64-linux-gnu-gcc" >> $GITHUB_ENV | |
fi | |
- name: Build plugin for AMD64 | |
working-directory: ${{ github.workspace }}/jans-cedarling/cedarling-krakend | |
run: | | |
docker run -i -v "$PWD:/app" -w /app krakend/"${{ matrix.krakend-builder-image }}" go build -buildmode=plugin -o cedarling-krakend-amd64-"${{ env.KRAKEND_BUILDER_IMAGE }}"-"${{ env.TAG }}".so . | |
- name: Build plugin for ARM64 | |
working-directory: ${{ github.workspace }}/jans-cedarling/cedarling-krakend | |
run: | | |
docker run -i -v "$PWD:/app" -w /app -e "CGO_ENABLED=1" -e "CC=${{ env.CC }}" -e "GOARCH=arm64" -e "GOHOSTARCH=amd64" krakend/"${{ matrix.krakend-builder-image }}" go build -ldflags='-extldflags=-fuse-ld=bfd -extld=${{ env.CC }}' -buildmode=plugin -o cedarling-krakend-arm64-"${{ env.KRAKEND_BUILDER_IMAGE }}"-"${{ env.TAG }}".so . | |
- name: Generate sha256sum and sign | |
working-directory: ${{ github.workspace }}/jans-cedarling/cedarling-krakend | |
run: | | |
sha256sum cedarling-krakend-amd64-"${{ env.KRAKEND_BUILDER_IMAGE }}"-"${{ env.TAG }}".so >> cedarling-krakend-amd64-"${{ env.KRAKEND_BUILDER_IMAGE }}"-"${{ env.TAG }}".so.sha256sum | |
sha256sum cedarling-krakend-arm64-"${{ env.KRAKEND_BUILDER_IMAGE }}"-"${{ env.TAG }}".so >> cedarling-krakend-arm64-"${{ env.KRAKEND_BUILDER_IMAGE }}"-"${{ env.TAG }}".so.sha256sum | |
gpg --armor --detach-sign cedarling-krakend-amd64-"${{ env.KRAKEND_BUILDER_IMAGE }}"-"${{ env.TAG }}".so || echo "Failed to sign" | |
gpg --armor --detach-sign cedarling-krakend-arm64-"${{ env.KRAKEND_BUILDER_IMAGE }}"-"${{ env.TAG }}".so || echo "Failed to sign" | |
echo "${{ secrets.MOAUTO_WORKFLOW_TOKEN }}" | gh auth login --with-token | |
gh release upload "${{ env.VERSION }}" *.so *.sha256sum *.asc |