build: Sign aggregate release artifact from Github. #35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# https://docs.corelightning.org/docs/release-checklist | |
name: "Release 🚀" | |
on: | |
push: | |
branches: | |
- 7776-release-builds-automation-test | |
tags: | |
- 'v[0-9]+.[0-9]+' | |
- 'v[0-9]+.[0-9]+.[0-9]+' | |
- 'v[0-9]+.[0-9]+[0-9a-z]+' | |
workflow_dispatch: | |
inputs: | |
release_tag: | |
description: Tag to release | |
required: true | |
type: string | |
jobs: | |
check: | |
name: Check | |
outputs: | |
version: ${{ steps.capture.outputs.version }} | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Git checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-tags: true | |
- name: Determine version from pushed tag | |
if: ${{ github.ref_type == 'tag' }} | |
run: echo "VERSION=${{ github.ref_name }}" >> "$GITHUB_ENV" | |
# Relevant for testing branches. | |
- name: Determine version from pushed branch tag | |
if: ${{ github.ref_type == 'branch' }} | |
run: echo "VERSION=$(git tag --points-at HEAD)" >> "$GITHUB_ENV" | |
- name: Determine version from dispatched workflow | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
run: echo "VERSION=${{ inputs.release_tag }}" >> "$GITHUB_ENV" | |
- name: Validate release | |
run: tools/check-release.sh --version=${VERSION} | |
- name: Catpure version output | |
id: capture | |
run: echo "version=${VERSION}" >> "$GITHUB_OUTPUT" | |
releases: | |
name: Releases | |
needs: check | |
runs-on: ubuntu-24.04 | |
strategy: | |
fail-fast: false # Let each build finish. | |
matrix: | |
target: | |
- 'bin-Fedora-28-amd64' | |
- 'bin-Ubuntu-focal' | |
- 'bin-Ubuntu-jammy' | |
- 'bin-Ubuntu-noble' | |
steps: | |
- name: Git checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-tags: true | |
# tools/build-release.sh requires lowdown | |
- name: Prepare base environment | |
run: | | |
sudo apt-get install -y lowdown | |
./configure | |
- name: Build environment setup | |
run: | | |
distribution=$(echo ${{ matrix.target }} | cut -d'-' -f3) | |
echo "Building base image for ${distribution}" | |
sudo docker run --rm -v $(pwd):/build ubuntu:${distribution} bash -c "\ | |
apt-get update && \ | |
apt-get install -y debootstrap && \ | |
debootstrap ${distribution} /build/${distribution}" | |
sudo tar -C ${distribution} -c . | docker import - ${distribution} | |
# Build Docker image | |
docker build -t cl-repro-${distribution} - < contrib/reprobuild/Dockerfile.${distribution} | |
if: contains(matrix.target, 'Ubuntu') | |
- name: Build release | |
run: tools/build-release.sh ${{ matrix.target }} | |
- name: Upload target artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
path: release/ | |
name: ${{ matrix.target }} | |
if-no-files-found: error | |
artifact: | |
name: Construct release artifact | |
needs: | |
- check | |
- releases | |
env: | |
version: ${{ needs.check.outputs.version }} | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Merge artifacts | |
uses: actions/upload-artifact/merge@v4 | |
with: | |
name: c-lightning-${{ env.version }} | |
pattern: bin-* | |
delete-merged: true | |
release: | |
name: Sign release | |
needs: | |
- artifact | |
env: | |
version: ${{ needs.check.outputs.version }} | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Git checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-tags: true | |
- name: Download artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: c-lightning-${{ env.version }} | |
path: release/ | |
- name: Import GPG keys | |
uses: crazy-max/ghaction-import-gpg@v6 | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
- name: Sign release | |
run: | | |
sudo apt-get install -y lowdown | |
./configure | |
# TODO: configure GPG key | |
tools/build-release.sh --without-zip sign | |
- name: Upload signed artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: c-lightning-${{ env.version }} | |
overwrite: true | |
path: release/ |