• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1name: publish-release-artifacts
2
3on:
4  release:
5    types:
6      - created
7
8jobs:
9  publish-release-artifacts:
10    runs-on: ubuntu-latest
11    if: startsWith(github.ref, 'refs/tags/')
12
13    steps:
14      - name: Checkout
15        uses: actions/checkout@v2
16
17      - name: Archive
18        env:
19          RELEASE_SIGNING_KEY: ${{ secrets.RELEASE_SIGNING_KEY }}
20          RELEASE_SIGNING_KEY_PASSPHRASE: ${{ secrets.RELEASE_SIGNING_KEY_PASSPHRASE }}
21        run: |
22          # compute file name
23          export TAG="$(echo "$GITHUB_REF" | sed -n 's_^refs/tags/__p')"
24          if [ -z "$TAG" ]; then
25            echo "action must be run on a tag. GITHUB_REF is not a tag: $GITHUB_REF"
26            exit 1
27          fi
28          # Attempt to extract "1.2.3" from "v1.2.3" to maintain artifact name backwards compat.
29          # Otherwise, degrade to using full tag.
30          export VERSION="$(echo "$TAG" | sed 's_^v\([0-9]\+\.[0-9]\+\.[0-9]\+\)$_\1_')"
31          export ZSTD_VERSION="zstd-$VERSION"
32
33          # archive
34          git archive $TAG \
35              --prefix $ZSTD_VERSION/ \
36              --format tar \
37              -o $ZSTD_VERSION.tar
38
39          # Do the rest of the work in a sub-dir so we can glob everything we want to publish.
40          mkdir artifacts/
41          mv $ZSTD_VERSION.tar artifacts/
42          cd artifacts/
43
44          # compress
45          zstd -k -19 $ZSTD_VERSION.tar
46          gzip -k  -9 $ZSTD_VERSION.tar
47
48          # we only publish the compressed tarballs
49          rm $ZSTD_VERSION.tar
50
51          # hash
52          sha256sum $ZSTD_VERSION.tar.zst > $ZSTD_VERSION.tar.zst.sha256
53          sha256sum $ZSTD_VERSION.tar.gz  > $ZSTD_VERSION.tar.gz.sha256
54
55          # sign
56          if [ -n "$RELEASE_SIGNING_KEY" ]; then
57            export GPG_BATCH_OPTS="--batch --no-use-agent --pinentry-mode loopback --no-tty --yes"
58            echo "$RELEASE_SIGNING_KEY" | gpg $GPG_BATCH_OPTS --import
59            gpg $GPG_BATCH_OPTS --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.zst.sig $ZSTD_VERSION.tar.zst
60            gpg $GPG_BATCH_OPTS --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.gz.sig  $ZSTD_VERSION.tar.gz
61          fi
62
63      - name: Publish
64        uses: skx/github-action-publish-binaries@release-1.3
65        env:
66          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
67        with:
68          args: artifacts/*
69