[pcsx_rearmed.git] / deps / libchdr / deps / zstd-1.5.5 / .github / workflows / publish-release-artifacts.yml

name: publish-release-artifacts

on:
  release:
    types:
      - published

permissions: read-all

jobs:
  publish-release-artifacts:
    permissions:
      contents: write # to fetch code and upload artifacts

    runs-on: ubuntu-latest
    if: startsWith(github.ref, 'refs/tags/')

    steps:
      - name: Checkout
        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # tag=v3

      - name: Archive
        env:
          RELEASE_SIGNING_KEY: ${{ secrets.RELEASE_SIGNING_KEY }}
          RELEASE_SIGNING_KEY_PASSPHRASE: ${{ secrets.RELEASE_SIGNING_KEY_PASSPHRASE }}
        run: |
          # compute file name
          export TAG="$(echo "$GITHUB_REF" | sed -n 's_^refs/tags/__p')"
          if [ -z "$TAG" ]; then
            echo "action must be run on a tag. GITHUB_REF is not a tag: $GITHUB_REF"
            exit 1
          fi
          # Attempt to extract "1.2.3" from "v1.2.3" to maintain artifact name backwards compat.
          # Otherwise, degrade to using full tag.
          export VERSION="$(echo "$TAG" | sed 's_^v\([0-9]\+\.[0-9]\+\.[0-9]\+\)$_\1_')"
          export ZSTD_VERSION="zstd-$VERSION"

          # archive
          git archive $TAG \
              --prefix $ZSTD_VERSION/ \
              --format tar \
              -o $ZSTD_VERSION.tar

          # Do the rest of the work in a sub-dir so we can glob everything we want to publish.
          mkdir artifacts/
          mv $ZSTD_VERSION.tar artifacts/
          cd artifacts/

          # compress
          zstd -k -19 $ZSTD_VERSION.tar
          gzip -k  -9 $ZSTD_VERSION.tar

          # we only publish the compressed tarballs
          rm $ZSTD_VERSION.tar

          # hash
          sha256sum $ZSTD_VERSION.tar.zst > $ZSTD_VERSION.tar.zst.sha256
          sha256sum $ZSTD_VERSION.tar.gz  > $ZSTD_VERSION.tar.gz.sha256

          # sign
          if [ -n "$RELEASE_SIGNING_KEY" ]; then
            export GPG_BATCH_OPTS="--batch --no-use-agent --pinentry-mode loopback --no-tty --yes"
            echo "$RELEASE_SIGNING_KEY" | gpg $GPG_BATCH_OPTS --import
            gpg $GPG_BATCH_OPTS --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.zst.sig $ZSTD_VERSION.tar.zst
            gpg $GPG_BATCH_OPTS --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.gz.sig  $ZSTD_VERSION.tar.gz
          fi

      - name: Publish
        uses: skx/github-action-publish-binaries@b9ca5643b2f1d7371a6cba7f35333f1461bbc703 # tag=release-2.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          args: artifacts/*
Commit	Line	Data
648db22b	1	name: publish-release-artifacts
	2
	3	on:
	4	release:
	5	types:
	6	- published
	7
	8	permissions: read-all
	9
	10	jobs:
	11	publish-release-artifacts:
	12	permissions:
	13	contents: write # to fetch code and upload artifacts
	14
	15	runs-on: ubuntu-latest
	16	if: startsWith(github.ref, 'refs/tags/')
	17
	18	steps:
	19	- name: Checkout
	20	uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # tag=v3
	21
	22	- name: Archive
	23	env:
	24	RELEASE_SIGNING_KEY: ${{ secrets.RELEASE_SIGNING_KEY }}
	25	RELEASE_SIGNING_KEY_PASSPHRASE: ${{ secrets.RELEASE_SIGNING_KEY_PASSPHRASE }}
	26	run: \|
	27	# compute file name
	28	export TAG="$(echo "$GITHUB_REF" \| sed -n 's_^refs/tags/__p')"
	29	if [ -z "$TAG" ]; then
	30	echo "action must be run on a tag. GITHUB_REF is not a tag: $GITHUB_REF"
	31	exit 1
	32	fi
	33	# Attempt to extract "1.2.3" from "v1.2.3" to maintain artifact name backwards compat.
	34	# Otherwise, degrade to using full tag.
	35	export VERSION="$(echo "$TAG" \| sed 's_^v\([0-9]\+\.[0-9]\+\.[0-9]\+\)$_\1_')"
	36	export ZSTD_VERSION="zstd-$VERSION"
	37
	38	# archive
	39	git archive $TAG \
	40	--prefix $ZSTD_VERSION/ \
	41	--format tar \
	42	-o $ZSTD_VERSION.tar
	43
	44	# Do the rest of the work in a sub-dir so we can glob everything we want to publish.
	45	mkdir artifacts/
	46	mv $ZSTD_VERSION.tar artifacts/
	47	cd artifacts/
	48
	49	# compress
	50	zstd -k -19 $ZSTD_VERSION.tar
	51	gzip -k -9 $ZSTD_VERSION.tar
	52
	53	# we only publish the compressed tarballs
	54	rm $ZSTD_VERSION.tar
	55
	56	# hash
	57	sha256sum $ZSTD_VERSION.tar.zst > $ZSTD_VERSION.tar.zst.sha256
	58	sha256sum $ZSTD_VERSION.tar.gz > $ZSTD_VERSION.tar.gz.sha256
	59
	60	# sign
	61	if [ -n "$RELEASE_SIGNING_KEY" ]; then
	62	export GPG_BATCH_OPTS="--batch --no-use-agent --pinentry-mode loopback --no-tty --yes"
	63	echo "$RELEASE_SIGNING_KEY" \| gpg $GPG_BATCH_OPTS --import
	64	gpg $GPG_BATCH_OPTS --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.zst.sig $ZSTD_VERSION.tar.zst
65	gpg $GPG_BATCH_OPTS --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.gz.sig $ZSTD_VERSION.tar.gz
66	fi
67
68	- name: Publish
69	uses: skx/github-action-publish-binaries@b9ca5643b2f1d7371a6cba7f35333f1461bbc703 # tag=release-2.0
70	env:
71	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
72	with:
73	args: artifacts/*