mirror of
https://github.com/containers/podman.git
synced 2025-08-06 19:44:14 +08:00
41dd3f2474
Automatically generate our GitHub release. This GitHub action is traggered on a tag push, or manually. After a the trigger, all artifacts are built, including linux, mac, and windows installers. After everything is built, the release is automatically generated on our GitHub, and an email notification is sent out. Our old actions are marked deprecated, and now can only be triggered manually. Leave them as-is otherwise, as a backup, so we have a tried-and-tested way of generating images, just in case this new action goes wrong. Signed-off-by: Ashley Cui <acui@redhat.com>
157 lines
6.5 KiB
YAML
157 lines
6.5 KiB
YAML
name: Upload Windows Installer [DEPRECATED]
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
description: 'Release version to build and upload (e.g. "v9.8.7")'
|
|
required: true
|
|
dryrun:
|
|
description: 'Perform all the steps except uploading to the release page'
|
|
required: true
|
|
default: "true" # 'choice' type requires string value
|
|
type: choice
|
|
options:
|
|
- "true" # Must be quoted string, boolean value not supported.
|
|
- "false"
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: windows-latest
|
|
env:
|
|
FETCH_BASE_URL: ${{ github.server_url }}/${{ github.repository }}
|
|
steps:
|
|
- name: Consolidate dryrun setting to always be true or false
|
|
id: actual_dryrun
|
|
run: |
|
|
# The 'release' trigger will not have a 'dryrun' input set. Handle
|
|
# this case in a readable/maintainable way.
|
|
$inputs_dryrun = "${{ inputs.dryrun }}"
|
|
if ($inputs_dryrun.Length -lt 1) {
|
|
Write-Output "dryrun=false" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
|
|
} else {
|
|
Write-Output "dryrun=${{ inputs.dryrun }}" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
|
|
}
|
|
- name: Dry Run Status
|
|
run: |
|
|
Write-Output "::notice::This workflow execution will be a dry-run: ${{ steps.actual_dryrun.outputs.dryrun }}"
|
|
- name: Determine version
|
|
id: getversion
|
|
run: |
|
|
$version = "${{ inputs.version }}"
|
|
if ($version.Length -lt 1) {
|
|
$version = "${{ github.event.release.tag_name }}"
|
|
if ($version.Length -lt 1) {
|
|
Write-Host "::error::Could not determine version!"
|
|
Exit 1
|
|
}
|
|
}
|
|
Write-Output "version=$version" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
|
|
# Note this purposefully checks out the same branch the action runs in, as the
|
|
# installer build script is designed to support older releases (uses the archives
|
|
# on the release tag).
|
|
- uses: actions/checkout@v4
|
|
# This step is super-duper critical for the built/signed windows installer .exe file.
|
|
# It ensures the referenced $version github release page does NOT already contain
|
|
# this file. Windows assigns a UUID to the installer at build time, it's assumed
|
|
# by windows that one release version == one UUID (always). Breaking this assumption
|
|
# has some rather nasty side-effects in windows, such as possibly breaking 'uninstall'
|
|
# functionality. For dry-runs, the .exe is saved in the workflow artifacts for a human
|
|
# to judge w/n (i.e. in some extreme case) it should be uploaded to the release page.
|
|
- name: Check
|
|
id: check
|
|
run: |
|
|
Push-Location contrib\win-installer
|
|
.\check.ps1 ${{steps.getversion.outputs.version}}
|
|
$code = $LASTEXITCODE
|
|
if ($code -eq 2) {
|
|
Write-Output "already-exists=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
|
|
Pop-Location
|
|
Exit 0
|
|
}
|
|
Write-Output "upload_asset_name=$env:UPLOAD_ASSET_NAME" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
|
|
Pop-Location
|
|
Exit $code
|
|
# The podman release process requires a cross-compile of the windows binaries be uploaded to
|
|
# the release page as a hard-coded filename. If non-existent, this workflow will fail in
|
|
# non-obvious ways with a non-obvious error message. Address that here.
|
|
- name: Confirm upload_asset_name is non-empty
|
|
if: steps.check.outputs.upload_asset_name == ''
|
|
run: |
|
|
Write-Output "::error::check.ps1 script failed to find manually uploaded podman-remote-release-windows_amd64.zip github release asset for version ${{steps.getversion.outputs.version}}."
|
|
Exit 1
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
# N/B: already-exists may be an empty-string or "false", handle both cases.
|
|
if: steps.check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true'
|
|
with:
|
|
go-version: stable
|
|
- name: Set up WiX
|
|
run: dotnet tool install --global wix
|
|
- name: Setup Signature Tooling
|
|
if: steps.Check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true'
|
|
run: |
|
|
dotnet tool install --global AzureSignTool --version 3.0.0
|
|
echo "CERT_NAME=${{secrets.AZ_CERT_NAME}}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
|
echo "VAULT_ID=${{secrets.AZ_VAULT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
|
echo "APP_ID=${{secrets.AZ_APP_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
|
echo "TENANT_ID=${{secrets.AZ_TENANT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
|
echo "CLIENT_SECRET=${{secrets.AZ_CLIENT_SECRET}}" | Out-File -FilePath $env:GITHUB_ENV -Append
|
|
- name: Pandoc Setup
|
|
uses: r-lib/actions/setup-pandoc@v2
|
|
with:
|
|
pandoc-version: '3.1.11'
|
|
- name: Build
|
|
id: build
|
|
if: steps.check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true'
|
|
run: |
|
|
Push-Location contrib\win-installer
|
|
.\build.ps1 ${{steps.getversion.outputs.version}} prod
|
|
$code = $LASTEXITCODE
|
|
if ($code -eq 2) {
|
|
Write-Output "artifact-missing=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
|
|
Pop-Location
|
|
Exit 0
|
|
}
|
|
Pop-Location
|
|
Exit $code
|
|
- name: Artifact
|
|
if: steps.check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true'
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: installer
|
|
path: |
|
|
${{ steps.check.outputs.upload_asset_name }}
|
|
.\contrib\win-installer\shasums
|
|
- name: Upload
|
|
if: >-
|
|
steps.actual_dryrun.outputs.dryrun == 'false' &&
|
|
steps.check.outputs.already-exists != 'true' &&
|
|
steps.build.outputs.artifact-missing != 'true'
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
Push-Location contrib\win-installer
|
|
$version = "${{ steps.getversion.outputs.version }}"
|
|
if ($version[0] -ne "v") {
|
|
$version = "v$version"
|
|
}
|
|
gh release upload $version ${{ steps.check.outputs.upload_asset_name }}
|
|
if ($LASTEXITCODE -ne 0) {
|
|
.\check.ps1 $version
|
|
if ($LASTEXITCODE -eq 2) {
|
|
Write-Host "Another job uploaded before us, skipping"
|
|
Pop-Location
|
|
Exit 0
|
|
}
|
|
Pop-Location
|
|
Exit 1
|
|
}
|
|
if (Test-Path -Path shasums) {
|
|
gh release upload --clobber $version shasums
|
|
}
|
|
Pop-Location
|