From 91638dfb1d50fb965906f52f7acf7e7cd7aac83f Mon Sep 17 00:00:00 2001 From: matte22 Date: Wed, 28 Feb 2024 13:03:39 -0500 Subject: [PATCH] testing failure --- .github/workflows/build-binary-artifacts.yml | 34 ++++++++++++-------- build.sh | 24 +++++++++++--- 2 files changed, 39 insertions(+), 19 deletions(-) diff --git a/.github/workflows/build-binary-artifacts.yml b/.github/workflows/build-binary-artifacts.yml index 8528f70..5d3d885 100644 --- a/.github/workflows/build-binary-artifacts.yml +++ b/.github/workflows/build-binary-artifacts.yml @@ -1,3 +1,15 @@ +# Modify build script + +# attempt to sign the artifacts after they are built in the workflow +# if the signings fails then emit a warning and still upload only the binaries but exit with a non-zero status code +# if the signing is successful then import the public key and verify the signatures +# if the verification fails then emit a warning and exit with a non-zero status code +# if the verification is successful then emit a success message and upload the singing file and the signed artifacts + +#signing_key="nuwcdivnpt-bot@users.noreply.github.com" +#[[ $1 == "--sign" ]] && gpg --default-key $signing_key --armor --detach-sig $windows_archive +#[[ $1 == "--sign" ]] && gpg --default-key $signing_key --armor --detach-sig $linux_archive + name: Build Binary Artifacts on: workflow_dispatch: @@ -5,10 +17,10 @@ on: branches: - main paths: - - 'lib/**' - - 'index.js' - - 'build.sh' - - '.github/workflows/build-binary-artifacts.yml' + - "lib/**" + - "index.js" + - "build.sh" + - ".github/workflows/build-binary-artifacts.yml" jobs: build-binary-artifacts-and-sign: name: Build binary artifacts, sign, export @@ -30,10 +42,9 @@ jobs: with: gpg_private_key: ${{ secrets.WATCHER_PRIVATE_KEY }} - - name: run build script and sign - id: run_build_script_and_sign - run: ./build.sh --sign - continue-on-error: false + - name: run build script + id: run_build_script + run: ./build.sh - name: Upload Artifacts uses: actions/upload-artifact@v3 @@ -45,17 +56,14 @@ jobs: - name: Import GPG Public Key id: import_gpg_public - if: steps.run_build_script_and_sign.outcome == 'success' run: gpg --import ./nuwcdivnpt-bot.gpg.asc - + - name: Get version from package.json id: package_version - if: steps.run_build_script_and_sign.outcome == 'success' run: echo "PACKAGE_VERSION=$(jq -r '.version' package.json)" >> $GITHUB_ENV - name: Verify Signatures id: verify_signatures - if: steps.run_build_script_and_sign.outcome == 'success' working-directory: ./dist run: | if ! gpg --verify stigman-watcher-linux-${{ env.PACKAGE_VERSION }}.tar.gz.asc stigman-watcher-linux-${{ env.PACKAGE_VERSION }}.tar.gz; then @@ -64,5 +72,3 @@ jobs: if ! gpg --verify stigman-watcher-win-${{ env.PACKAGE_VERSION }}.zip.asc stigman-watcher-win-${{ env.PACKAGE_VERSION }}.zip; then echo "::warning ::Signature verification for Windows failed" fi - - \ No newline at end of file diff --git a/build.sh b/build.sh index 8fd63b4..efcf3ec 100755 --- a/build.sh +++ b/build.sh @@ -8,7 +8,14 @@ # - tar # - gpg, if you wish to produce detached signatures -signing_key="nuwcdivnpt-bot@users.noreply.github.com" +check_exit_status() { + if [[ $? -eq 0 ]]; then + echo "[BUILD_TASK] $1 succeeded" + else + echo "[BUILD_TASK] $1 failed" + exit $2 + fi +} bin_dir=./bin dist_dir=./dist @@ -28,25 +35,32 @@ printf "[BUILD_TASK] Fetching node_modules\n" rm -rf ./node_modules npm ci -# bundle -npx esbuild index.js --bundle --platform=node --outfile=bundle.js +# Bundle +printf "[BUILD_TASK] Bundling\n" +npx esbuild index.js --bunle --platform=node --outfile=bundle.js +check_exit_status "Bundling" 1 # version=$(git describe --tags | sed 's/\(.*\)-.*/\1/') +#get version from package.json version=$(jq -r .version package.json) +check_exit_status "Getting Version" 5 printf "\n[BUILD_TASK] Using version string: $version\n" # Make binaries printf "\n[BUILD_TASK] Building binaries in $bin_dir\n" pkg -C gzip --public --public-packages=* --no-bytecode pkg.config.json +check_exit_status "Building Binaries" 2 + # Windows archive windows_archive=$dist_dir/stigman-watcher-win-$version.zip printf "\n[BUILD_TASK] Creating $windows_archive\n" zip --junk-paths $windows_archive ./dotenv-example $bin_dir/stigman-watcher-win.exe -[[ $1 == "--sign" ]] && gpg --default-key $signing_key --armor --detach-sig $windows_archive +check_exit_status "Zipping Windows Archive" 3 + # Linux archive linux_archive=$dist_dir/stigman-watcher-linux-$version.tar.gz printf "\n[BUILD_TASK] Creating $linux_archive\n" tar -czvf $linux_archive --xform='s|^|stigman-watcher/|S' -C . dotenv-example -C $bin_dir stigman-watcher-linuxstatic -[[ $1 == "--sign" ]] && gpg --default-key $signing_key --armor --detach-sig $linux_archive +check_exit_status "Tarring linux Archive" 4 printf "\n[BUILD_TASK] Done\n"