1 name: publish-release-artifacts
11 publish-release-artifacts:
13 contents: write # to fetch code and upload artifacts
15 runs-on: ubuntu-latest
16 if: startsWith(github.ref, 'refs/tags/')
20 uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # tag=v3
24 RELEASE_SIGNING_KEY: ${{ secrets.RELEASE_SIGNING_KEY }}
25 RELEASE_SIGNING_KEY_PASSPHRASE: ${{ secrets.RELEASE_SIGNING_KEY_PASSPHRASE }}
28 export TAG="$(echo "$GITHUB_REF" | sed -n 's_^refs/tags/__p')"
29 if [ -z "$TAG" ]; then
30 echo "action must be run on a tag. GITHUB_REF is not a tag: $GITHUB_REF"
33 # Attempt to extract "1.2.3" from "v1.2.3" to maintain artifact name backwards compat.
34 # Otherwise, degrade to using full tag.
35 export VERSION="$(echo "$TAG" | sed 's_^v\([0-9]\+\.[0-9]\+\.[0-9]\+\)$_\1_')"
36 export ZSTD_VERSION="zstd-$VERSION"
40 --prefix $ZSTD_VERSION/ \
44 # Do the rest of the work in a sub-dir so we can glob everything we want to publish.
46 mv $ZSTD_VERSION.tar artifacts/
50 zstd -k -19 $ZSTD_VERSION.tar
51 gzip -k -9 $ZSTD_VERSION.tar
53 # we only publish the compressed tarballs
57 sha256sum $ZSTD_VERSION.tar.zst > $ZSTD_VERSION.tar.zst.sha256
58 sha256sum $ZSTD_VERSION.tar.gz > $ZSTD_VERSION.tar.gz.sha256
61 if [ -n "$RELEASE_SIGNING_KEY" ]; then
62 export GPG_BATCH_OPTS="--batch --no-use-agent --pinentry-mode loopback --no-tty --yes"
63 echo "$RELEASE_SIGNING_KEY" | gpg $GPG_BATCH_OPTS --import
64 gpg $GPG_BATCH_OPTS --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.zst.sig $ZSTD_VERSION.tar.zst
65 gpg $GPG_BATCH_OPTS --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.gz.sig $ZSTD_VERSION.tar.gz
69 uses: skx/github-action-publish-binaries@b9ca5643b2f1d7371a6cba7f35333f1461bbc703 # tag=release-2.0
71 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}