Skip to content
Create Shim Packages and Dispatch to Downstream Repositories

8.24.0 #85

Sign in to view logs

8.24.0

8.24.0 #85

Workflow file for this run

.github/workflows/release.yml at c45d49b
name: "Create Shim Packages and Dispatch to Downstream Repositories"
on:
release:
types: [released]
workflow_dispatch:
inputs:
version:
description: 'Version that should be released'
required: true
default: '1.2.3'
jobs:
build-mondoo-payloads:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Version from Workflow Dispatch
if: github.event_name == 'workflow_dispatch'
run: |
echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
- name: Version from Release Tag
if: github.event_name == 'release'
run: |
echo "VERSION=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
- name: Verify valid version
id: version
run: |
if [[ ! $VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Invalid version: $VERSION"
exit 1
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Create destination folder
run: |
cd helper
mkdir packages
cp mondoo.sh packages/
cp mondoo.ps1 packages/
- name: Install RPM tools
run: |
sudo apt update && sudo apt install -y rpm gpg
- name: Authenticate with GCloud
uses: 'google-github-actions/auth@v1'
with:
credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
- name: Setup GCloud SDK
uses: 'google-github-actions/setup-gcloud@v1'
- name: Download Signing Keys
env:
KEY_PATH: ${{ runner.temp }}
run: |
gcloud --project=mondoo-base-infra secrets versions access latest --secret=gpg-package-signing-cert-public-2023 --out-file=${KEY_PATH}/public.gpg
gpg --import ${KEY_PATH}/public.gpg
gcloud --project=mondoo-base-infra secrets versions access latest --secret=gpg-package-signing-cert-private-2023 --out-file=${KEY_PATH}/private.gpg
gpg --import --allow-secret-key-import ${KEY_PATH}/private.gpg
- name: Check GPG Keys
run: |
gpg --list-keys
gpg --list-secret-keys
- name: Build Packages
run: |
cd helper && make
- name: Sign RPMs
run: |
cd helper/
rpmsign --define='%_gpg_name Mondoo Inc' --addsign ./packages/*rpm
- name: Generate Checksums
run: |
cd helper/packages
sha256sum *linux* > checksums.linux.txt
sha256sum *windows* > checksums.windows.txt
sha256sum *darwin* > checksums.macos.txt
- name: Upload files to releases.mondoo.com
run: |
gsutil cp -r helper/packages/* gs://releases-us.mondoo.io/mondoo/${VERSION}/
- name: Upload files to Github Release Page
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ steps.version.outputs.version }}
files: helper/packages/*
- name: Reindex folder on releaser.mondoo.com
uses: peter-evans/repository-dispatch@v2
with:
token: ${{ secrets.REPO_API_TOKEN }}
repository: "mondoohq/releasr"
event-type: reindex
client-payload: '{
"reindex-path": "mondoo/${{ steps.version.outputs.version }}",
"bucket": "releases-us.mondoo.io"
}'
- name: Create Artifacts
uses: actions/upload-artifact@v3
with:
name: mondoo-${{ steps.version.outputs.version }}
path: helper/packages/
retention-days: 7
update-downstream:
runs-on: ubuntu-latest
needs: build-mondoo-payloads
## Matrix task, repeats steps for each repo
strategy:
matrix:
repo: ["mondoohq/archlinux-package", "mondoohq/mac-pkg", "mondoohq/chocolatey", "mondoohq/msi-builder", "mondoohq/repobuilder"]
steps:
- uses: actions/checkout@v3
- name: Repository Dispatch (Workflow Dispatch)
uses: peter-evans/repository-dispatch@v2
if: github.event_name == 'workflow_dispatch'
with:
token: ${{ secrets.REPO_API_TOKEN }}
repository: ${{ matrix.repo }}
event-type: update
client-payload: '{"version": "${{ github.event.inputs.version }}"}'
- name: Repository Dispatch (Release)
uses: peter-evans/repository-dispatch@v2
if: github.event_name == 'release'
with:
token: ${{ secrets.REPO_API_TOKEN }}
repository: ${{ matrix.repo }}
event-type: update
client-payload: '{"version": "${{ github.event.release.tag_name }}"}'