deps/libchdr/deps/zstd-1.5.5/.github/workflows/publish-release-artifacts.yml

   1 name: publish-release-artifacts
   2
   3 on:
   4   release:
   5     types:
   6       - published
   7
   8 permissions: read-all
   9
  10 jobs:
  11   publish-release-artifacts:
  12     permissions:
  13       contents: write # to fetch code and upload artifacts
  14
  15     runs-on: ubuntu-latest
  16     if: startsWith(github.ref, 'refs/tags/')
  17
  18     steps:
  19       - name: Checkout
  20         uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # tag=v3
  21
  22       - name: Archive
  23         env:
  24           RELEASE_SIGNING_KEY: ${{ secrets.RELEASE_SIGNING_KEY }}
  25           RELEASE_SIGNING_KEY_PASSPHRASE: ${{ secrets.RELEASE_SIGNING_KEY_PASSPHRASE }}
  26         run: |
  27           # compute file name
  28           export TAG="$(echo "$GITHUB_REF" | sed -n 's_^refs/tags/__p')"
  29           if [ -z "$TAG" ]; then
  30             echo "action must be run on a tag. GITHUB_REF is not a tag: $GITHUB_REF"
  31             exit 1
  32           fi
  33           # Attempt to extract "1.2.3" from "v1.2.3" to maintain artifact name backwards compat.
  34           # Otherwise, degrade to using full tag.
  35           export VERSION="$(echo "$TAG" | sed 's_^v\([0-9]\+\.[0-9]\+\.[0-9]\+\)$_\1_')"
  36           export ZSTD_VERSION="zstd-$VERSION"
  37
  38           # archive
  39           git archive $TAG \
  40               --prefix $ZSTD_VERSION/ \
  41               --format tar \
  42               -o $ZSTD_VERSION.tar
  43
  44           # Do the rest of the work in a sub-dir so we can glob everything we want to publish.
  45           mkdir artifacts/
  46           mv $ZSTD_VERSION.tar artifacts/
  47           cd artifacts/
  48
  49           # compress
  50           zstd -k -19 $ZSTD_VERSION.tar
  51           gzip -k  -9 $ZSTD_VERSION.tar
  52
  53           # we only publish the compressed tarballs
  54           rm $ZSTD_VERSION.tar
  55
  56           # hash
  57           sha256sum $ZSTD_VERSION.tar.zst > $ZSTD_VERSION.tar.zst.sha256
  58           sha256sum $ZSTD_VERSION.tar.gz  > $ZSTD_VERSION.tar.gz.sha256
  59
  60           # sign
  61           if [ -n "$RELEASE_SIGNING_KEY" ]; then
  62             export GPG_BATCH_OPTS="--batch --no-use-agent --pinentry-mode loopback --no-tty --yes"
  63             echo "$RELEASE_SIGNING_KEY" | gpg $GPG_BATCH_OPTS --import
  64             gpg $GPG_BATCH_OPTS --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.zst.sig $ZSTD_VERSION.tar.zst
  65             gpg $GPG_BATCH_OPTS --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.gz.sig  $ZSTD_VERSION.tar.gz
  66           fi
  67
  68       - name: Publish
  69         uses: skx/github-action-publish-binaries@b9ca5643b2f1d7371a6cba7f35333f1461bbc703 # tag=release-2.0
  70         env:
  71           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  72         with:
  73           args: artifacts/*