Release: Update Repositories #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Release: Update Repositories' | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| build_version: | |
| description: 'Build Version' | |
| required: true | |
| default: '8.3.0' | |
| type: string | |
| permissions: | |
| contents: write | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| shared-values: | |
| name: Setup | |
| runs-on: ubuntu-latest | |
| if: ${{ github.action_repository != 'cloudfoundry/cli' }} | |
| outputs: | |
| build-version: ${{ steps.set-build-version.outputs.build-version }} | |
| secrets-environment: ${{ steps.set-secrets-environment.outputs.secrets-environment }} | |
| steps: | |
| - name: Set environment | |
| id: set-secrets-environment | |
| run: echo "::set-output name=secrets-environment::PROD" | |
| - name: Checkout cli | |
| uses: actions/checkout@v4 | |
| - name: Set build version | |
| id: set-build-version | |
| run: | | |
| version=$(cat BUILD_VERSION) | |
| echo "::set-output name=build-version::$version" | |
| update-homebrew: | |
| name: Update Homebrew Repository | |
| runs-on: ubuntu-latest | |
| needs: shared-values | |
| environment: ${{ needs.shared-values.outputs.secrets-environment }} | |
| env: | |
| BUILD_VERSION: ${{ needs.shared-values.outputs.build-version }} | |
| steps: | |
| - name: Checkout cli-ci | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: cloudfoundry/cli-ci.git | |
| ref: main | |
| path: cli-ci | |
| - name: Checkout homebrew-tap | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: cloudfoundry/homebrew-tap | |
| ref: master | |
| path: homebrew-tap | |
| ssh-key: ${{ secrets.GIT_DEPLOY_HOMEBREW_TAP }} | |
| - name: Setup | |
| run: | | |
| mkdir cf8-cli-osx-tarball cf8-cli-linux-tarball | |
| - name: Calculate checksums | |
| run: | | |
| set -x | |
| curl -L "https://packages.cloudfoundry.org/stable?release=macosx64-binary&version=${BUILD_VERSION}&source=github-rel" \ | |
| > cf8-cli-osx-tarball/cf8-cli_${BUILD_VERSION}_osx.tgz | |
| # Because CLAW always returns 200 we have to check if we got archive | |
| file cf8-cli-osx-tarball/cf8-cli_${BUILD_VERSION}_osx.tgz | grep -q gzip || exit 1 | |
| curl -L "https://packages.cloudfoundry.org/stable?release=linux64-binary&version=${BUILD_VERSION}&source=github-rel" \ | |
| > cf8-cli-linux-tarball/cf8-cli_${BUILD_VERSION}_linux64.tgz | |
| # Because CLAW always returns 200 we have to check if we got archive | |
| file cf8-cli-linux-tarball/cf8-cli_${BUILD_VERSION}_linux64.tgz | grep -q gzip || exit 1 | |
| curl -L "https://packages.cloudfoundry.org/stable?release=linuxarm64-binary&version=${BUILD_VERSION}&source=github-rel" \ | |
| > cf8-cli-linux-tarball/cf8-cli_${BUILD_VERSION}_linuxarm64.tgz | |
| # Because CLAW always returns 200 we have to check if we got archive | |
| file cf8-cli-linux-tarball/cf8-cli_${BUILD_VERSION}_linuxarm64.tgz | grep -q gzip || exit 1 | |
| pushd cf8-cli-osx-tarball | |
| CLI_OSX_SHA256=$(shasum -a 256 cf8-cli_*_osx.tgz | cut -d ' ' -f 1) | |
| popd | |
| pushd cf8-cli-linux-tarball | |
| CLI_LINUX_64_SHA256=$(shasum -a 256 cf8-cli_*_linux64.tgz | cut -d ' ' -f 1) | |
| popd | |
| pushd cf8-cli-linux-tarball | |
| CLI_LINUX_ARM64_SHA256=$(shasum -a 256 cf8-cli_*_linuxarm64.tgz | cut -d ' ' -f 1) | |
| popd | |
| echo "CLI_OSX_SHA256=${CLI_OSX_SHA256}" >> $GITHUB_ENV | |
| echo "CLI_LINUX_64_SHA256=${CLI_LINUX_64_SHA256}" >> $GITHUB_ENV | |
| echo "CLI_LINUX_ARM64_SHA256=${CLI_LINUX_ARM64_SHA256}" >> $GITHUB_ENV | |
| - name: Generate Homebrew formula file | |
| run: | | |
| set -ex | |
| pushd homebrew-tap | |
| cat <<EOF > [email protected] | |
| require 'formula' | |
| class CfCliAT8 < Formula | |
| homepage 'https://code.cloudfoundry.org/cli' | |
| version '${BUILD_VERSION}' | |
| if OS.mac? | |
| url 'https://packages.cloudfoundry.org/homebrew/cf8-${BUILD_VERSION}.tgz' | |
| sha256 '${CLI_OSX_SHA256}' | |
| elsif OS.linux? | |
| url 'https://packages.cloudfoundry.org/stable?release=linux64-binary&version=${BUILD_VERSION}&source=homebrew' | |
| sha256 '${CLI_LINUX_64_SHA256}' | |
| end | |
| depends_on :arch => :x86_64 | |
| def install | |
| bin.install 'cf8' | |
| bin.install_symlink 'cf8' => 'cf' | |
| (bash_completion/"cf8-cli").write <<-completion | |
| $(cat ../cli-ci/ci/installers/completion/cf8) | |
| completion | |
| doc.install 'LICENSE' | |
| doc.install 'NOTICE' | |
| end | |
| test do | |
| system "#{bin}/cf8" | |
| end | |
| end | |
| EOF | |
| popd | |
| - name: Commit new homebrew formula | |
| run: | | |
| pushd homebrew-tap | |
| git add [email protected] | |
| if ! [ -z "$(git status --porcelain)"]; then | |
| git config user.name github-actions | |
| git config user.email [email protected] | |
| git commit -m "Release CF CLI $BUILD_VERSION" | |
| else | |
| echo "no new version to commit" | |
| fi | |
| git push | |
| echo "::group::[email protected]" | |
| cat [email protected] | |
| echo "::endgroup::" | |
| echo "::group::git show" | |
| git show | |
| echo "::endgroup::" | |
| popd | |
| test-homebrew: | |
| name: Test Homebrew Repository | |
| runs-on: macos-latest | |
| needs: | |
| - shared-values | |
| - update-homebrew | |
| environment: ${{ needs.shared-values.outputs.secrets-environment }} | |
| env: | |
| BUILD_VERSION: ${{ needs.shared-values.outputs.build-version }} | |
| steps: | |
| - name: Install CF CLI via Homebrew | |
| run: | | |
| set -evx | |
| brew install cloudfoundry/tap/cf-cli@8 | |
| installed_cf_version=$(cf8 version) | |
| cf_location=$(which cf) | |
| echo $cf_location | |
| echo $installed_cf_version | |
| echo $BUILD_VERSION | |
| codesign --verify $cf_location || echo --- | |
| cf -v | grep "$BUILD_VERSION" | |
| update-deb: | |
| name: Update Debian Repository | |
| runs-on: ubuntu-latest | |
| needs: shared-values | |
| environment: ${{ needs.shared-values.outputs.secrets-environment }} | |
| env: | |
| BUILD_VERSION: ${{ needs.shared-values.outputs.build-version }} | |
| AWS_BUCKET_NAME: cf-cli-debian-repo | |
| AWS_DEFAULT_REGION: us-west-2 | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| steps: | |
| - name: Setup | |
| run: | | |
| echo "BUILD_VERSION: $BUILD_VERSION" | |
| echo "Environment: $ENVIRONMENT" | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - uses: actions/checkout@v4 | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: 2.3 | |
| - run: gem install deb-s3 | |
| #RUN apt install -y ruby1.9.1 createrepo | |
| - name: Load GPG key | |
| env: | |
| SIGNING_KEY_GPG: ${{ secrets.SIGNING_KEY_GPG }} | |
| SIGNING_KEY_GPG_PASSPHRASE: ${{ secrets.SIGNING_KEY_GPG_PASSPHRASE }} | |
| run: | | |
| echo -n "$SIGNING_KEY_GPG" | base64 --decode | gpg --no-tty --batch --pinentry-mode loopback --import | |
| - name: View GPG keys | |
| run: gpg --list-keys | |
| - name: Configure GPG | |
| run: | | |
| echo "Configure GPG" | |
| # mkdir gpg-dir | |
| # export GNUPGHOME=$PWD/gpg-dir | |
| # chmod 700 $GNUPGHOME | |
| # TODO: restore | |
| # trap "rm -rf $GNUPGHOME" 0 | |
| cat >> ~/gpg.conf <<EOF | |
| personal-digest-preferences SHA256 | |
| cert-digest-algo SHA256 | |
| default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed | |
| EOF | |
| - name: Download New Debian Packages From CLAW | |
| run: | | |
| mkdir installers | |
| curl -L "https://cli.run.pivotal.io/stable?release=debian32&version=${BUILD_VERSION}&source=github-rel" > installers/cf8-cli-installer_${BUILD_VERSION}_i686.deb | |
| curl -L "https://cli.run.pivotal.io/stable?release=debian64&version=${BUILD_VERSION}&source=github-rel" > installers/cf8-cli-installer_${BUILD_VERSION}_x86-64.deb | |
| curl -L "https://cli.run.pivotal.io/stable?release=debianarm64&version=${BUILD_VERSION}&source=github-rel" > installers/cf8-cli-installer_${BUILD_VERSION}_arm64.deb | |
| - name: Update Debian Repository | |
| env: | |
| DEBIAN_FRONTEND: noninteractive | |
| SIGNING_KEY_GPG_ID: ${{ secrets.SIGNING_KEY_GPG_ID }} | |
| run: | | |
| deb-s3 upload installers/*.deb \ | |
| --preserve-versions \ | |
| --bucket=${AWS_BUCKET_NAME} \ | |
| --sign=${SIGNING_KEY_GPG_ID} | |
| test-deb: | |
| name: Test Debian Repository | |
| runs-on: ubuntu-latest | |
| needs: | |
| - shared-values | |
| - update-deb | |
| environment: ${{ needs.shared-values.outputs.secrets-environment }} | |
| env: | |
| BUILD_VERSION: ${{ needs.shared-values.outputs.build-version }} | |
| steps: | |
| - name: Install CF CLI via apt | |
| run: | | |
| set -o pipefail -e | |
| sudo apt update | |
| sudo apt install -y wget gnupg | |
| wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | sudo apt-key add - | |
| echo "deb https://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list | |
| sudo apt update | |
| sudo apt install -y cf8-cli | |
| which cf | |
| set -x | |
| cf -v | |
| cf8 -v | |
| cf -v | grep "$BUILD_VERSION" | |
| update-rpm: | |
| name: Update RPM Repository | |
| runs-on: ubuntu-20.04 | |
| environment: ${{ needs.shared-values.outputs.secrets-environment }} | |
| needs: shared-values | |
| env: | |
| AWS_DEFAULT_REGION: us-east-1 | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| steps: | |
| - name: Setup | |
| env: | |
| BUILD_VERSION: ${{ github.event.inputs.build_version }} | |
| ENVIRONMENT: ${{ github.event.inputs.environment }} | |
| run: | | |
| echo "BUILD_VERSION: $BUILD_VERSION" | |
| echo "Environment: $ENVIRONMENT" | |
| # TODO: fix backup | |
| # - name: Download current RPM repodata | |
| # env: | |
| # AWS_DEFAULT_REGION: us-east-1 | |
| # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| # uses: docker://amazon/aws-cli:latest | |
| # with: | |
| # args: > | |
| # s3 cp --recursive | |
| # s3://cf-cli-rpm-repo/ | |
| # backup | |
| # TODO: fix https://aws.amazon.com/premiumsupport/knowledge-center/s3-access-denied-listobjects-sync/ | |
| # | |
| # - name: List assets | |
| # run: | | |
| # ls -R | |
| # | |
| # - name: Backup current Linux RPM repodata | |
| # uses: actions/upload-artifact@v3 | |
| # with: | |
| # if-no-files-found: error | |
| # name: cf-cli-linux-rpm-repodata-backup | |
| # path: backup | |
| - name: Install Linux Packages | |
| run: > | |
| sudo apt update && | |
| sudo apt install -y --no-install-recommends | |
| gnupg createrepo | |
| - name: Download V8 RPMs | |
| uses: docker://amazon/aws-cli:latest | |
| with: | |
| args: > | |
| s3 sync --exclude "*" --include "releases/*/*installer*.rpm" | |
| s3://v8-cf-cli-releases . | |
| - name: Download V7 RPMs | |
| uses: docker://amazon/aws-cli:latest | |
| with: | |
| args: > | |
| s3 sync --exclude "*" --include "releases/*/*installer*.rpm" | |
| s3://v7-cf-cli-releases . | |
| - name: Download V6 RPMs | |
| uses: docker://amazon/aws-cli:latest | |
| with: | |
| args: > | |
| s3 sync --exclude "*" --include "releases/*/*installer*.rpm" | |
| s3://cf-cli-releases . | |
| - name: Sign repo | |
| run: | | |
| createrepo --checksum=sha . | |
| - name: List assets | |
| run: | | |
| ls -R | |
| - name: Store Linux RPM repodata | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| if-no-files-found: error | |
| name: cf-cli-linux-rpm-repodata | |
| path: repodata | |
| - name: Upload RPM repodata | |
| uses: docker://amazon/aws-cli:latest | |
| with: | |
| args: > | |
| s3 sync --delete | |
| repodata | |
| s3://cf-cli-rpm-repo/repodata | |
| test-rpm-repo: | |
| name: Test RPM Repository | |
| needs: | |
| - shared-values | |
| - update-rpm | |
| runs-on: ubuntu-latest | |
| container: | |
| image: fedora | |
| environment: ${{ needs.shared-values.outputs.secrets-environment }} | |
| env: | |
| BUILD_VERSION: ${{ needs.shared-values.outputs.build-version }} | |
| steps: | |
| - name: Configure Custom CF Repository | |
| run: | | |
| curl -sL -o /etc/yum.repos.d/cloudfoundry-cli.repo \ | |
| https://packages.cloudfoundry.org/fedora/cloudfoundry-cli.repo | |
| - name: Install cf8-cli package | |
| run: dnf install -y cf8-cli | |
| - name: Print CF CLI Versions | |
| run: | | |
| cf -v | |
| cf8 -v | |
| - name: Test Version Match | |
| run: cf -v | grep -q "$BUILD_VERSION" | |
| # vim: set sw=2 ts=2 sts=2 et tw=78 foldlevel=2 fdm=indent nospell: |