-
-
Notifications
You must be signed in to change notification settings - Fork 32
127 lines (100 loc) · 4.39 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# https://docs.github.com/en/actions
name: "Release"
on: # yamllint disable-line rule:truthy
push:
tags:
- "**"
env:
COMPOSER_VERSION: "2.0.8"
PHP_EXTENSIONS: "mbstring"
PHP_INI_VALUES: "memory_limit=-1, phar.readonly=0"
jobs:
release:
name: "Release"
runs-on: "ubuntu-latest"
strategy:
matrix:
php-version:
- "7.4"
dependencies:
- "locked"
env:
COMPOSER_NORMALIZE_PHAR: ".build/phar/composer-normalize.phar"
COMPOSER_NORMALIZE_PHAR_SIGNATURE: ".build/phar/composer-normalize.phar.asc"
GPG_KEYS: ".build/phar/keys.asc"
GPG_KEYS_ENCRYPTED: "phar/keys.asc.gpg"
steps:
- name: "Checkout"
uses: "actions/checkout@v2.3.4"
- name: "Install PHP with extensions"
uses: "shivammathur/setup-php@2.9.0"
with:
coverage: "none"
extensions: "${{ env.PHP_EXTENSIONS }}"
ini-values: "${{ env.PHP_INI_VALUES }}"
php-version: "${{ matrix.php-version }}"
- name: "Determine composer cache directory"
uses: "./.github/actions/composer/composer/determine-cache-directory"
- name: "Cache dependencies installed with composer"
uses: "actions/cache@v2.1.3"
with:
path: "${{ env.COMPOSER_CACHE_DIR }}"
key: "php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-${{ hashFiles('composer.lock') }}"
restore-keys: "php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-"
- name: "Install ${{ matrix.dependencies }} dependencies with composer"
uses: "./.github/actions/composer/composer/install"
with:
dependencies: "${{ matrix.dependencies }}"
- name: "Require composer/composer"
run: "composer require composer/composer:${{ env.COMPOSER_VERSION }} --no-interaction --no-progress"
- name: "Validate configuration for humbug/box"
run: "phar/box.phar validate box.json"
- name: "Compile composer-normalize.phar with humbug/box"
run: "phar/box.phar compile --config=box.json"
- name: "Show info about composer-normalize.phar with humbug/box"
run: "phar/box.phar info ${{ env.COMPOSER_NORMALIZE_PHAR }}"
- name: "Run composer-normalize.phar"
run: "${{ env.COMPOSER_NORMALIZE_PHAR }}"
- name: "Show gpg version"
run: "gpg --version"
- name: "Decrypt keys.asc.gpg with gpg"
run: "gpg --batch --output ${{ env.GPG_KEYS }} --passphrase \"${{ secrets.GPG_DECRYPT_PASSPHRASE }}\" --yes --decrypt ${{ env.GPG_KEYS_ENCRYPTED }}"
- name: "Import keys from keys.asc with gpg"
run: "gpg --batch --import ${{ env.GPG_KEYS }}"
- name: "Sign composer-normalize.phar with gpg"
run: "gpg --armor --local-user \"${{ secrets.GPG_LOCAL_USER }}\" --output ${{ env.COMPOSER_NORMALIZE_PHAR_SIGNATURE }} --passphrase \"${{ secrets.GPG_KEY_PASSPHRASE }}\" --pinentry-mode loopback --yes --detach-sig ${{ env.COMPOSER_NORMALIZE_PHAR }}"
- name: "Remove decrypted keys.asc"
run: "rm ${{ env.GPG_KEYS }}"
- name: "Determine tag"
id: "determine-tag"
run: "echo \"::set-output name=tag::${GITHUB_REF#refs/tags/}\""
- name: "Create release"
id: "create-release"
uses: "actions/create-release@v1.1.4"
env:
GITHUB_TOKEN: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
with:
draft: false
prerelease: false
release_name: "${{ steps.determine-tag.outputs.tag }}"
tag_name: "${{ steps.determine-tag.outputs.tag }}"
- name: "Upload composer-normalize.phar"
if: "always()"
uses: "actions/upload-release-asset@v1.0.2"
env:
GITHUB_TOKEN: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
with:
asset_content_type: "text/plain"
asset_name: "composer-normalize.phar"
asset_path: "${{ env.COMPOSER_NORMALIZE_PHAR }}"
upload_url: "${{ steps.create-release.outputs.upload_url }}"
- name: "Upload composer-normalize.phar.asc"
if: "always()"
uses: "actions/upload-release-asset@v1.0.2"
env:
GITHUB_TOKEN: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
with:
asset_content_type: "text/plain"
asset_name: "composer-normalize.phar.asc"
asset_path: "${{ env.COMPOSER_NORMALIZE_PHAR_SIGNATURE }}"
upload_url: "${{ steps.create-release.outputs.upload_url }}"