Skip to content

build: Sign aggregate release artifact from Github. #39

build: Sign aggregate release artifact from Github.

build: Sign aggregate release artifact from Github. #39

Workflow file for this run

---
# https://docs.corelightning.org/docs/release-checklist
name: "Release 🚀"
on:
push:
branches:
- 7776-release-builds-automation-test
tags:
- 'v[0-9]+.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+'
- 'v[0-9]+.[0-9]+[0-9a-z]+'
workflow_dispatch:
inputs:
release_tag:
description: Tag to release
required: true
type: string
jobs:
check:
name: Check
outputs:
version: ${{ steps.capture.outputs.version }}
runs-on: ubuntu-24.04
steps:
- name: Git checkout
uses: actions/checkout@v4
with:
fetch-tags: true
- name: Determine version from pushed tag
if: ${{ github.ref_type == 'tag' }}
run: echo "VERSION=${{ github.ref_name }}" >> "$GITHUB_ENV"
# Relevant for testing branches.
- name: Determine version from pushed branch tag
if: ${{ github.ref_type == 'branch' }}
run: echo "VERSION=$(git tag --points-at HEAD)" >> "$GITHUB_ENV"
- name: Determine version from dispatched workflow
if: ${{ github.event_name == 'workflow_dispatch' }}
run: echo "VERSION=${{ inputs.release_tag }}" >> "$GITHUB_ENV"
- name: Validate release
run: tools/check-release.sh --version=${VERSION}
- name: Catpure version output
id: capture
run: echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
releases:
name: Releases
needs: check
runs-on: ubuntu-24.04
strategy:
fail-fast: false # Let each build finish.
matrix:
target:
- 'bin-Fedora-28-amd64'
- 'bin-Ubuntu-focal'
- 'bin-Ubuntu-jammy'
- 'bin-Ubuntu-noble'
steps:
- name: Git checkout
uses: actions/checkout@v4
with:
fetch-tags: true
# tools/build-release.sh requires lowdown
- name: Prepare base environment
run: |
sudo apt-get install -y lowdown
./configure
- name: Build environment setup
run: |
distribution=$(echo ${{ matrix.target }} | cut -d'-' -f3)
echo "Building base image for ${distribution}"
sudo docker run --rm -v $(pwd):/build ubuntu:${distribution} bash -c "\
apt-get update && \
apt-get install -y debootstrap && \
debootstrap ${distribution} /build/${distribution}"
sudo tar -C ${distribution} -c . | docker import - ${distribution}
# Build Docker image
docker build -t cl-repro-${distribution} - < contrib/reprobuild/Dockerfile.${distribution}
if: contains(matrix.target, 'Ubuntu')
- name: Build release
run: tools/build-release.sh ${{ matrix.target }}
- name: Upload target artifacts
uses: actions/upload-artifact@v4
with:
path: release/
name: ${{ matrix.target }}
if-no-files-found: error
artifact:
name: Construct release artifact
needs:
- check
- releases
env:
version: ${{ needs.check.outputs.version }}
runs-on: ubuntu-24.04
steps:
- name: Merge artifacts
uses: actions/upload-artifact/merge@v4
with:
name: c-lightning-${{ env.version }}
pattern: bin-*
delete-merged: true
release:
name: Sign release
needs:
- check
- artifact
env:
version: ${{ needs.check.outputs.version }}
runs-on: ubuntu-24.04
steps:
- name: Git checkout
uses: actions/checkout@v4
with:
fetch-tags: true
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: c-lightning-${{ env.version }}
path: release/
- name: Import GPG keys
id: gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
trust_level: 5
- name: Set default GPG key
run: |
gpg -K
gpg --list-secret-keys
echo "default-key ${{ steps.gpg.outputs.keyid }}" >> ~/.gnupg/gpg.conf
cat ~/.gnupg/gpg.conf
- name: Sign release
run: |
sudo apt-get install -y lowdown
./configure
# TODO: configure GPG key
tools/build-release.sh --without-zip sign
- name: Upload signed artifact
uses: actions/upload-artifact@v4
with:
name: c-lightning-${{ env.version }}
overwrite: true
path: release/