-
Notifications
You must be signed in to change notification settings - Fork 2.4k
156 lines (153 loc) · 6.49 KB
/
upload-win-installer.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
name: Upload Windows Installer
on:
workflow_dispatch:
inputs:
version:
description: 'Release version to build and upload (e.g. "v9.8.7")'
required: true
dryrun:
description: 'Perform all the steps except uploading to the release page'
required: true
default: "true" # 'choice' type requires string value
type: choice
options:
- "true" # Must be quoted string, boolean value not supported.
- "false"
permissions:
contents: write
jobs:
build:
runs-on: windows-latest
env:
FETCH_BASE_URL: ${{ github.server_url }}/${{ github.repository }}
steps:
- name: Consolidate dryrun setting to always be true or false
id: actual_dryrun
run: |
# The 'release' trigger will not have a 'dryrun' input set. Handle
# this case in a readable/maintainable way.
$inputs_dryrun = "${{ inputs.dryrun }}"
if ($inputs_dryrun.Length -lt 1) {
Write-Output "dryrun=false" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
} else {
Write-Output "dryrun=${{ inputs.dryrun }}" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
}
- name: Dry Run Status
run: |
Write-Output "::notice::This workflow execution will be a dry-run: ${{ steps.actual_dryrun.outputs.dryrun }}"
- name: Determine version
id: getversion
run: |
$version = "${{ inputs.version }}"
if ($version.Length -lt 1) {
$version = "${{ github.event.release.tag_name }}"
if ($version.Length -lt 1) {
Write-Host "::error::Could not determine version!"
Exit 1
}
}
Write-Output "version=$version" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
# Note this purposefully checks out the same branch the action runs in, as the
# installer build script is designed to support older releases (uses the archives
# on the release tag).
- uses: actions/checkout@v4
# This step is super-duper critical for the built/signed windows installer .exe file.
# It ensures the referenced $version github release page does NOT already contain
# this file. Windows assigns a UUID to the installer at build time, it's assumed
# by windows that one release version == one UUID (always). Breaking this assumption
# has some rather nasty side-effects in windows, such as possibly breaking 'uninstall'
# functionality. For dry-runs, the .exe is saved in the workflow artifacts for a human
# to judge w/n (i.e. in some extreme case) it should be uploaded to the release page.
- name: Check
id: check
run: |
Push-Location contrib\win-installer
.\check.ps1 ${{steps.getversion.outputs.version}}
$code = $LASTEXITCODE
if ($code -eq 2) {
Write-Output "already-exists=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
Pop-Location
Exit 0
}
Write-Output "upload_asset_name=$env:UPLOAD_ASSET_NAME" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
Pop-Location
Exit $code
# The podman release process requires a cross-compile of the windows binaries be uploaded to
# the release page as a hard-coded filename. If non-existent, this workflow will fail in
# non-obvious ways with a non-obvious error message. Address that here.
- name: Confirm upload_asset_name is non-empty
if: steps.check.outputs.upload_asset_name == ''
run: |
Write-Output "::error::check.ps1 script failed to find manually uploaded podman-remote-release-windows_amd64.zip github release asset for version ${{steps.getversion.outputs.version}}."
Exit 1
- name: Set up Go
uses: actions/setup-go@v5
# N/B: already-exists may be an empty-string or "false", handle both cases.
if: steps.check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true'
with:
go-version: stable
- name: Set up WiX
run: dotnet tool install --global wix
- name: Setup Signature Tooling
if: steps.Check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true'
run: |
dotnet tool install --global AzureSignTool --version 3.0.0
echo "CERT_NAME=${{secrets.AZ_CERT_NAME}}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "VAULT_ID=${{secrets.AZ_VAULT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "APP_ID=${{secrets.AZ_APP_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "TENANT_ID=${{secrets.AZ_TENANT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append
echo "CLIENT_SECRET=${{secrets.AZ_CLIENT_SECRET}}" | Out-File -FilePath $env:GITHUB_ENV -Append
- name: Pandoc Setup
uses: r-lib/actions/setup-pandoc@v2
with:
pandoc-version: '3.1.11'
- name: Build
id: build
if: steps.check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true'
run: |
Push-Location contrib\win-installer
.\build.ps1 ${{steps.getversion.outputs.version}} prod
$code = $LASTEXITCODE
if ($code -eq 2) {
Write-Output "artifact-missing=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
Pop-Location
Exit 0
}
Pop-Location
Exit $code
- name: Artifact
if: steps.check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true'
uses: actions/upload-artifact@v4
with:
name: installer
path: |
${{ steps.check.outputs.upload_asset_name }}
.\contrib\win-installer\shasums
- name: Upload
if: >-
steps.actual_dryrun.outputs.dryrun == 'false' &&
steps.check.outputs.already-exists != 'true' &&
steps.build.outputs.artifact-missing != 'true'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
Push-Location contrib\win-installer
$version = "${{ steps.getversion.outputs.version }}"
if ($version[0] -ne "v") {
$version = "v$version"
}
gh release upload $version ${{ steps.check.outputs.upload_asset_name }}
if ($LASTEXITCODE -ne 0) {
.\check.ps1 $version
if ($LASTEXITCODE -eq 2) {
Write-Host "Another job uploaded before us, skipping"
Pop-Location
Exit 0
}
Pop-Location
Exit 1
}
if (Test-Path -Path shasums) {
gh release upload --clobber $version shasums
}
Pop-Location