• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1name: publish-release-artifacts
2
3on:
4  release:
5    types:
6      - published
7
8permissions: read-all
9
10jobs:
11  publish-release-artifacts:
12    permissions:
13      contents: write # to fetch code and upload artifacts
14
15    runs-on: ubuntu-latest
16    if: startsWith(github.ref, 'refs/tags/')
17
18    steps:
19      - name: Checkout
20        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v3
21
22      - name: Archive
23        env:
24          RELEASE_SIGNING_KEY: ${{ secrets.RELEASE_SIGNING_KEY }}
25          RELEASE_SIGNING_KEY_PASSPHRASE: ${{ secrets.RELEASE_SIGNING_KEY_PASSPHRASE }}
26        run: |
27          # compute file name
28          export TAG="$(echo "$GITHUB_REF" | sed -n 's_^refs/tags/__p')"
29          if [ -z "$TAG" ]; then
30            echo "action must be run on a tag. GITHUB_REF is not a tag: $GITHUB_REF"
31            exit 1
32          fi
33          # Attempt to extract "1.2.3" from "v1.2.3" to maintain artifact name backwards compat.
34          # Otherwise, degrade to using full tag.
35          export VERSION="$(echo "$TAG" | sed 's_^v\([0-9]\+\.[0-9]\+\.[0-9]\+\)$_\1_')"
36          export ZSTD_VERSION="zstd-$VERSION"
37
38          # archive
39          git archive $TAG \
40              --prefix $ZSTD_VERSION/ \
41              --format tar \
42              -o $ZSTD_VERSION.tar
43
44          # Do the rest of the work in a sub-dir so we can glob everything we want to publish.
45          mkdir artifacts/
46          mv $ZSTD_VERSION.tar artifacts/
47          cd artifacts/
48
49          # compress
50          zstd -k -19 $ZSTD_VERSION.tar
51          gzip -k  -9 $ZSTD_VERSION.tar
52
53          # we only publish the compressed tarballs
54          rm $ZSTD_VERSION.tar
55
56          # hash
57          sha256sum $ZSTD_VERSION.tar.zst > $ZSTD_VERSION.tar.zst.sha256
58          sha256sum $ZSTD_VERSION.tar.gz  > $ZSTD_VERSION.tar.gz.sha256
59
60          # sign
61          if [ -n "$RELEASE_SIGNING_KEY" ]; then
62            export GPG_BATCH_OPTS="--batch --no-use-agent --pinentry-mode loopback --no-tty --yes"
63            echo "$RELEASE_SIGNING_KEY" | gpg $GPG_BATCH_OPTS --import
64            gpg $GPG_BATCH_OPTS --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.zst.sig $ZSTD_VERSION.tar.zst
65            gpg $GPG_BATCH_OPTS --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.gz.sig  $ZSTD_VERSION.tar.gz
66          fi
67
68      - name: Publish
69        uses: skx/github-action-publish-binaries@b9ca5643b2f1d7371a6cba7f35333f1461bbc703 # tag=release-2.0
70        env:
71          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
72        with:
73          args: artifacts/*
74