pezkuwichain/pezkuwi-sdk
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
37b4ab2fb50cd0ac384a9d1ff4e5c0578aed4e0e
pezkuwi-sdk/.github/workflows/release-reusable-publish-packages.yml
T
pezkuwichain ee389beb8c feat: Add rebrand CI/CD workflows to main branch 
- Add 72 rebrand workflow files (polkadot→pezkuwi, substrate→bizinikiwi, cumulus→pezcumulus)
- Add GitHub actions, issue templates, and configs
- Removed unnecessary workflows (fork-sync, gitspiegel, upstream-tracker, sync-templates, backport)
- Renamed zombienet test files to match new naming convention
2025-12-19 22:51:57 +03:00

189 lines
7.6 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
name: Reusable - Publish Package
on:
workflow_call:
inputs:
tag:
description: Current final release tag (e.g., pezkuwi-stableYYMM)
required: true
type: string
distribution:
description: Distribution where to publish package (e.g., release, staging)
required: true
type: string
package_type:
description: Type of package to publish (deb or rpm)
required: true
type: string
aws_repo_base_path:
description: Base S3 path for package repositories
type: string
cloudfront_distribution_id:
description: CloudFront Distribution ID for cache invalidation
required: true
type: string
jobs:
# DISABLED: Workflow synchronization check
# check-synchronization:
# uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main
# secrets:
# fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
validate-inputs:
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Validate package type
if: ${{ inputs.package_type != 'deb' && inputs.package_type != 'rpm' }}
run: |
echo "Error: package_type must be either 'deb' or 'rpm'"
exit 1
- name: Validate inputs
id: validate_inputs
run: |
# Source common library for helper functions
. ./.github/scripts/common/lib.sh
RELEASE_TAG=$(validate_stable_tag ${{ inputs.tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
fetch-artifacts-from-s3:
runs-on: ubuntu-latest
needs: [validate-inputs]
environment: release
env:
REPO: ${{ github.repository }}
VERSION: ${{ needs.validate-inputs.outputs.release_tag }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
outputs:
NODE_VERSION: ${{ steps.fetch_artifacts_from_s3.outputs.NODE_VERSION }}
steps:
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Fetch rc artifacts or release artifacts from s3 based on version
id: fetch_artifacts_from_s3
run: |
. ./.github/scripts/common/lib.sh
NODE_VERSION="$(get_pezkuwi_node_version_from_code)"
echo "NODE_VERSION=${NODE_VERSION}" >> $GITHUB_OUTPUT
# Fetch specific package type artifact (deb or rpm)
if [[ "${{ inputs.package_type }}" == "deb" ]]; then
fetch_debian_package_from_s3 pezkuwi
elif [[ "${{ inputs.package_type }}" == "rpm" ]]; then
fetch_rpm_package_from_s3 pezkuwi
fi
- name: Upload artifacts for later jobs
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: release-artifacts-${{ inputs.package_type }}
path: release-artifacts/pezkuwi/*.${{ inputs.package_type }}
publish-package:
runs-on: ubuntu-latest
needs: [fetch-artifacts-from-s3]
environment: release
env:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_REPO_PATH: "${{ inputs.aws_repo_base_path }}/${{ inputs.package_type }}"
LOCAL_REPO_PATH: ${{ github.workspace }}/${{ inputs.package_type }}
NODE_VERSION: ${{ needs.fetch-artifacts-from-s3.outputs.NODE_VERSION }}
steps:
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y python3-pip reprepro rpm createrepo-c
python3 -m pip install --user awscli "pgpkms @ git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151"
# Ensure ~/.local/bin is in PATH right now and for later steps
export PATH=$HOME/.local/bin:$PATH
echo "$HOME/.local/bin" >> $GITHUB_PATH
# Export to GITHUB_ENV (this time they wont be empty)
echo "PGPKMS_REPREPRO_PATH=$(which pgpkms-reprepro)" >> $GITHUB_ENV
echo "PGPKMS_RPMSIGN_PATH=$(which pgpkms-rpmsign)" >> $GITHUB_ENV
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Download artifacts from previous job
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: release-artifacts-${{ inputs.package_type }}
path: release-artifacts
- name: Setup local deb repo config
if: ${{ inputs.package_type == 'deb' }}
run: |
sed -i "s|^SignWith:.*|SignWith: ! ${PGPKMS_REPREPRO_PATH}|" ${{ github.workspace }}/.github/scripts/release/distributions
mkdir -p "$LOCAL_REPO_PATH/conf"
cp ${{ github.workspace }}/.github/scripts/release/distributions "$LOCAL_REPO_PATH/conf/distributions"
- name: Sync local repo
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
run: |
# --- Sync Local Repo from S3 ---
mkdir -p "$LOCAL_REPO_PATH"
if [[ "${{ inputs.package_type }}" == "deb" ]]; then
aws s3 sync "$AWS_REPO_PATH/db" "$LOCAL_REPO_PATH/db" || true
aws s3 sync "$AWS_REPO_PATH/pool" "$LOCAL_REPO_PATH/pool" || true
aws s3 sync "$AWS_REPO_PATH/dists" "$LOCAL_REPO_PATH/dists" || true
elif [[ "${{ inputs.package_type }}" == "rpm" ]]; then
aws s3 sync "$AWS_REPO_PATH" "$LOCAL_REPO_PATH" || true
fi
- name: Add packages to local repo, sign, and update metadata
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
# --- Add Package to Repo and Sign ---
if [[ "${{ inputs.package_type }}" == "deb" ]]; then
debname=$(find release-artifacts/ -name 'pezkuwi_*.deb' | head -n 1)
reprepro -b "$LOCAL_REPO_PATH" includedeb "${{ inputs.distribution }}" "$debname"
elif [[ "${{ inputs.package_type }}" == "rpm" ]]; then
rpmname=$(find release-artifacts/ -name 'pezkuwi-*.rpm' | head -n 1)
echo "Signing package with pgpkms (via AWS KMS)..."
chmod +x .github/scripts/release/pgpkms-gpg-wrapper.sh
cp .github/scripts/release/rpmmacros $HOME/.rpmmacros
echo "Dumping rpm gpg-related macros..."
rpm --showrc | grep gpg || true
echo "Contents of .rpmmacros:"
cat $HOME/.rpmmacros
rpm --addsign "$rpmname"
echo "Copying signed package to local repo..."
cp "$rpmname" "$LOCAL_REPO_PATH/"
echo "Updating repository metadata..."
createrepo_c --update "$LOCAL_REPO_PATH"
fi
- name: Upload updated repo to S3
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
run: |
aws s3 sync "$LOCAL_REPO_PATH" "$AWS_REPO_PATH" --acl public-read
aws cloudfront create-invalidation --distribution-id ${{ inputs.cloudfront_distribution_id }} --paths '/${{ inputs.package_type }}/*'
Reference in New Issue View Git Blame Copy Permalink