Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create automated Signed releases. #2749

Merged
merged 11 commits into from
Nov 27, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions .github/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
changelog:
exclude:
labels:
- ignore-for-release
authors:
- octocat
- dependabot
categories:
- title: 🏕 Features
labels:
- '*'
exclude:
labels:
- dependencies
- title: 👒 Dependencies
labels:
- dependencies
47 changes: 44 additions & 3 deletions .github/workflows/CICD.yml
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ jobs:

createArtifact:
name: 4️⃣ Build Artifact
if: github.ref == 'refs/heads/master'
if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')
needs:
- phpstan
- dist
Expand Down Expand Up @@ -191,7 +191,7 @@ jobs:
run: |
make clean dist

- name: Upload a Build Artifact
- name: Upload build artifact
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: Lychee.zip
Expand Down Expand Up @@ -227,4 +227,45 @@ jobs:

# The GitHub token used to make authenticated API requests. Default is
# ${{ github.token }}
github-token: ${{ github.token }}
github-token: ${{ github.token }}


release:
name: 5️⃣ Release
if: startsWith(github.ref, 'refs/tags/')
needs:
- createArtifact
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
env:
extensions: bcmath, curl, dom, gd, imagick, json, libxml, mbstring, pcntl, pdo, pdo_sqlite, pdo_mysql, pdo_pgsql, pgsql, sqlite3, zip

steps:
- name: Install Cosign
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0

- name: Download generated artifact
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.18
with:
name: Lychee.zip

# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
- name: Sign release with a key
run: |
cosign sign-blob --yes --key env://COSIGN_PRIVATE_KEY --output-signature Lychee.zip.asc Lychee.zip
env:
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}

- name: Create release
uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
with:
files: |
Lychee.zip.asc
Lychee.zip
token: ${{ secrets.GITHUB_TOKEN }}
generate_release_notes: true
make_latest: true

13 changes: 1 addition & 12 deletions .github/workflows/CICD_no_legacy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -181,29 +181,18 @@ jobs:
extensions: ${{ env.extensions }}
coverage: none

- name: Install Composer dependencies
uses: ramsey/composer-install@57532f8be5bda426838819c5ee9afb8af389d51a # 3.0.0
with:
composer-options: --no-dev

- name: Use Node.js 20
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: 20

- name: Install
run: npm ci

- name: Compile Front-end
run: npm run build

- name: Build Dist
run: |
make clean dist

- name: Upload a Build Artifact
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: Lychee-Dist.zip
name: Lychee-No-Legacy.zip
path: Lychee.zip
if-no-files-found: error # 'warn' or 'ignore' are also available, defaults to `warn`
5 changes: 0 additions & 5 deletions .github/workflows/php_dist.yml
Original file line number Diff line number Diff line change
Expand Up @@ -67,11 +67,6 @@ jobs:
extensions: ${{ env.extensions }}
tools: pecl, composer

- name: Install Composer dependencies
uses: ramsey/composer-install@57532f8be5bda426838819c5ee9afb8af389d51a # 3.0.0
with:
composer-options: --no-dev

- name: Build Dist
run: |
make dist-clean
Expand Down
5 changes: 0 additions & 5 deletions .github/workflows/php_no_legacy_dist.yml
Original file line number Diff line number Diff line change
Expand Up @@ -71,11 +71,6 @@ jobs:
extensions: ${{ env.extensions }}
tools: pecl, composer

- name: Install Composer dependencies
uses: ramsey/composer-install@57532f8be5bda426838819c5ee9afb8af389d51a # 3.0.0
with:
composer-options: --no-dev

- name: Build Dist
run: |
make dist-clean
Expand Down