Linux packaging #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Linux packaging | |
on: | |
workflow_call: | |
inputs: | |
groupId: | |
description: "Value from the groupId field in pom.xml. i.e. org.liquibase" | |
required: true | |
type: string | |
artifactId: | |
description: "Value from the artifactId field in pom.xml. i.e. liquibase" | |
required: true | |
type: string | |
version: | |
description: "Value from the version field in pom.xml. i.e 4.23.0" | |
type: string | |
dry_run: | |
description: 'Flag to indicate if the workflow is triggered to create a dry-run release' | |
required: false | |
type: boolean | |
default: false | |
dry_run_zip_url: | |
description: 'URL of the dry-run zip release' | |
required: false | |
type: string | |
dry_run_tar_gz_url: | |
description: 'URL of the dry-run tar.gz release' | |
required: false | |
type: string | |
secrets: | |
GPG_SECRET: | |
description: "GPG_SECRET from the caller workflow" | |
required: true | |
GPG_PASSPHRASE: | |
description: "GPG_PASSPHRASE from the caller workflow" | |
required: true | |
GPG_SECRET_KEY_ID: | |
description: "GPG_SECRET_KEY_ID from the caller workflow" | |
required: true | |
workflow_dispatch: | |
inputs: | |
groupId: | |
description: "Value from the groupId field in pom.xml. i.e. org.liquibase" | |
required: true | |
type: string | |
artifactId: | |
description: "Value from the artifactId field in pom.xml. i.e. liquibase" | |
required: true | |
type: string | |
version: | |
description: "Value from the version field in pom.xml. i.e 4.23.0" | |
type: string | |
dry_run: | |
description: 'Flag to indicate if the workflow is triggered to create a dry-run release' | |
required: false | |
type: boolean | |
default: false | |
dry_run_zip_url: | |
description: 'URL of the dry-run zip release' | |
required: false | |
type: string | |
dry_run_tar_gz_url: | |
description: 'URL of the dry-run tar.gz release' | |
required: false | |
type: string | |
env: | |
MAVEN_VERSION: "3.9.5" | |
jobs: | |
upload_packages: | |
name: Upload ${{ inputs.artifactId }} packages | |
runs-on: ubuntu-22.04 | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: 3.1.4 | |
- name: Get Reusable Files | |
run: | | |
# Under the src folder is where specific packages files live. The GitHub action inputs will modify the universal package-deb-pom.xml to tell the process which assets to use during the packaging step | |
mkdir -p $PWD/.github/src/${{ inputs.artifactId }}/deb/control | |
mkdir -p $PWD/.github/src/${{ inputs.artifactId }}/main/archive | |
curl -o $PWD/.github/src/${{ inputs.artifactId }}/deb/control/control https://raw.githubusercontent.com/liquibase/build-logic/v0.6.3/src/${{ inputs.artifactId }}/deb/control/control | |
curl -o $PWD/.github/src/${{ inputs.artifactId }}/deb/control/postinst https://raw.githubusercontent.com/liquibase/build-logic/v0.6.3/src/${{ inputs.artifactId }}/deb/control/postinst | |
curl -o $PWD/.github/src/${{ inputs.artifactId }}/main/archive/${{ inputs.artifactId }}-env.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.3/src/${{ inputs.artifactId }}/main/archive/${{ inputs.artifactId }}-env.sh | |
curl -o $PWD/.github/package-deb-pom.xml https://raw.githubusercontent.com/liquibase/build-logic/v0.6.3/.github/package-deb-pom.xml | |
curl -o $PWD/.github/sign_artifact.sh https://raw.githubusercontent.com/liquibase/build-logic/v0.6.3/.github/sign_artifact.sh | |
chmod +x $PWD/.github/sign_artifact.sh | |
- name: Import GPG key | |
id: import_gpg | |
uses: crazy-max/ghaction-import-gpg@v6 | |
with: | |
gpg_private_key: ${{ secrets.GPG_SECRET }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.AWS_PROD_GITHUB_OIDC_ROLE_ARN_BUILD_LOGIC }} | |
aws-region: us-east-1 | |
- name: Upload ${{ inputs.artifactId }} rpm package | |
if: ${{ inputs.dry_run == false }} | |
run: | | |
sudo apt-get install -y libcurl4-openssl-dev libbz2-dev libxml2-dev libssl-dev zlib1g-dev pkg-config libglib2.0-dev liblzma-dev libsqlite0-dev libsqlite3-dev librpm-dev libzstd-dev python3 cmake | |
mkdir createrepo_folder | |
cd createrepo_folder | |
git clone https://github.com/rpm-software-management/createrepo_c | |
cd createrepo_c | |
mkdir build | |
cd build | |
cmake .. -DWITH_ZCHUNK=NO -DWITH_LIBMODULEMD=NO | |
make -j | |
cp src/createrepo_c /opt/createrepo | |
cd ../../.. | |
mkdir -p $PWD/yum/noarch | |
aws s3 ls s3://repo.liquibase.com/yum/noarch/ | grep -E '\.rpm$' | awk '{print $4}' | xargs -I {} aws s3 cp s3://repo.liquibase.com/yum/noarch/{} $PWD/yum/noarch | |
/opt/createrepo -dp $PWD/yum/noarch | |
./.github/sign_artifact.sh $PWD/yum/noarch/repodata/repomd.xml | |
aws s3 sync $PWD/yum s3://repo.liquibase.com/yum | |
- name: Ensure s3 bucket public access is enabled | |
run: | | |
aws s3api put-bucket-acl --bucket repo.liquibase.com --grant-read uri=http://acs.amazonaws.com/groups/global/AllUsers | |