Skip to content

CI fixes

CI fixes #36

Workflow file for this run

name: Build GitHub releases
# This is triggered by merging a PR from a branch named release-*. This workflow builds and publishes the release artifacts to
# GitHub. Then it changes the version to *-SNAPSHOT in various Java-related files.
on:
pull_request:
types:
- closed
jobs:
release:
if: github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release-')
runs-on: ubuntu-22.04
needs:
- build-java
- build-cpp
steps:
- uses: actions/checkout@v4
with:
# base_ref will typically be main. We'll need to commit a change to that branch and push it.
ref: ${{ github.base_ref }}
# If we use the default GITHUB_TOKEN then CI won't run after we push our changes. This WORKFLOW_PAT is a personal
# access token with "repo" permissions.
token: ${{ secrets.WORKFLOW_PAT }}
- name: Decrypt PGP key
uses: IronCoreLabs/ironhide-actions/decrypt@v3
with:
keys: ${{ secrets.IRONHIDE_KEYS }}
input: .github/signing-key.asc.iron
- name: Import PGP key
run: gpg --batch --import .github/signing-key.asc
- name: Configure git
run: |
git config --local user.email ops@ironcorelabs.com
git config --local user.name "Leeroy Travis"
- name: Calculate versions from head_ref
id: version
run: |
CURRENT=$(basename ${{ github.head_ref }})
NAME=$(echo ${CURRENT} | sed 's/release-//')
NUMBER=$(echo ${NAME} | sed -E -e 's/[^0-9.]+/./g' -e 's/\.+/./g' -e 's/^\.//' -e 's/\.$//')
NEXT=$(echo ${NUMBER} | awk -F. -v OFS=. '{$NF++;print}')
echo "tag=${NAME}" >> "$GITHUB_OUTPUT"
echo "next=${NEXT}" >> "$GITHUB_OUTPUT"
- name: Create release tag
run: |
git tag ${{ steps.version.outputs.tag }}
git push origin ${{ steps.version.outputs.tag }}
- uses: actions/create-release@v1
id: release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.version.outputs.tag }}
release_name: Version ${{ steps.version.outputs.tag }}
- name: Download java release artifacts from ubuntu-22.04
uses: actions/download-artifact@v3
with:
name: release-ubuntu-22.04
path: release/ubuntu-22.04
- name: Delete artifact
uses: geekyeggo/delete-artifact@v2
with:
name: release-ubuntu-22.04
failOnError: false
- name: Sign java artifact for ubuntu-22.04
run: |
gpg --batch --detach-sign -a release/ubuntu-22.04/libironoxide_java.so
gpg --batch --verify release/ubuntu-22.04/libironoxide_java.so.asc release/ubuntu-22.04/libironoxide_java.so
- name: Upload java lib for ubuntu-22.04
run: gh release upload ${{ steps.version.outputs.tag }} release/ubuntu-22.04/libironoxide_java.so release/ubuntu-22.04/libironoxide_java.so.asc --clobber
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Download java release artifacts from macos-12
uses: actions/download-artifact@v3
with:
name: release-macos-12
path: release/macos-12
- name: Delete artifact
uses: geekyeggo/delete-artifact@v2
with:
name: release-macos-12
failOnError: false
- name: Sign java artifact for macos-12
run: |
gpg --batch --detach-sign -a release/macos-12/libironoxide_java.dylib
gpg --batch --verify release/macos-12/libironoxide_java.dylib.asc release/macos-12/libironoxide_java.dylib
- name: Upload java lib for macos-12
run: gh release upload ${{ steps.version.outputs.tag }} release/macos-12/libironoxide_java.dylib release/macos-12/libironoxide_java.dylib.asc --clobber
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Download iOS release artifacts from build-cpp
uses: actions/download-artifact@v3
with:
name: release-iOS
path: release/release-iOS
- name: Delete artifact
uses: geekyeggo/delete-artifact@v1
with:
name: release-macos-12
failOnError: false
- name: Sign iOS artifact
run: |
gpg --batch --detach-sign -a release/release-iOS/ironoxide-homebrew.tar.gz
gpg --batch --verify release/release-iOS/ironoxide-homebrew.tar.gz.asc release/release-iOS/ironoxide-homebrew.tar.gz
- name: Upload tar for release-iOS
run: gh release upload ${{ steps.version.outputs.tag }} release/release-iOS/ironoxide-homebrew.tar.gz release/release-iOS/ironoxide-homebrew.tar.gz.asc --clobber
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Increment to next -SNAPSHOT version for Java.
run: |
rm -rf release
.github/set-versions.sh -j ${{ steps.version.outputs.next }}-SNAPSHOT
- run: git commit -m "Set next -SNAPSHOT version for Java."
- run: git push
build-java:
if: github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release-')
strategy:
matrix:
os: [ubuntu-22.04, macos-12]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: olafurpg/setup-scala@v14
with:
java-version: 11
# Not installing llvm for Mac because https://stackoverflow.com/a/35753922/107357
- name: Install llvm (ubuntu)
if: startsWith(matrix.os, 'ubuntu')
run: sudo apt-get update && sudo apt-get install -y llvm
- uses: IronCoreLabs/rust-toolchain@v1
- uses: actions-rs/cargo@v1
with:
command: build
args: --release
- name: Upload artifacts for ubuntu-22.04
if: startsWith(matrix.os, 'ubuntu')
uses: actions/upload-artifact@v3
with:
name: release-ubuntu-22.04
path: target/release/libironoxide_java.so
- name: Upload artifacts for macos-12
if: startsWith(matrix.os, 'macos')
uses: actions/upload-artifact@v3
with:
name: release-macos-12
path: target/release/libironoxide_java.dylib
build-cpp:
if: github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release-')
runs-on: macos-12
steps:
- uses: actions/checkout@v4
- uses: IronCoreLabs/rust-toolchain@v1
- name: Setup iOS build
run: |
rustup target add x86_64-apple-ios aarch64-apple-ios
cargo install cargo-lipo
- name: Build for iOS
run: cargo lipo --release -p ironoxide-cpp
- name: Build iOS tar
run: |
( cd cpp/generated && mv sdk headers )
tar -c -f ironoxide-homebrew.tar -C cpp/generated headers
tar -r -f ironoxide-homebrew.tar -C cpp ironoxide.pc.in
tar -r -f ironoxide-homebrew.tar -C target/universal/release libironoxide.a
gzip ironoxide-homebrew.tar
- name: Upload iOS artifact
uses: actions/upload-artifact@v3
with:
name: release-iOS
path: ironoxide-homebrew.tar.gz
# Creates a PR to update homebrew-ironcore, which depends on releases from this repository.
homebrew-ironcore:
if: github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release-')
runs-on: ubuntu-22.04
needs:
- release
steps:
- uses: actions/checkout@v4
with:
# If we use the default GITHUB_TOKEN, it won't run our CI job once we create a PR. The WORKFLOW_PAT is a personal
# access token with "repo" permissions.
token: ${{ secrets.WORKFLOW_PAT }}
repository: IronCoreLabs/homebrew-ironcore
- name: Configure git
run: |
git config --local user.email ops@ironcorelabs.com
git config --local user.name "Leeroy Travis"
- name: Set variables from version and hash
id: vars
run: |
CURRENT=$(basename ${{ github.head_ref }})
NAME=$(echo ${CURRENT} | sed 's/release-//')
ARTIFACT=https://github.com/IronCoreLabs/ironoxide-swig-bindings/releases/download/${NAME}/ironoxide-homebrew.tar.gz
wget -q ${ARTIFACT}
SHA256=$(sha256sum -b ironoxide-homebrew.tar.gz | awk '{print $1}')
echo "tag=${NAME}" >> "$GITHUB_OUTPUT"
echo "pr_branch=ironoxide-swig-bindings-${NAME}" >> "$GITHUB_OUTPUT"
echo "artifact=${ARTIFACT}" >> "$GITHUB_OUTPUT"
echo "sha256=${SHA256}" >> "$GITHUB_OUTPUT"
- name: Edit files for pending release
run: |
sed -i -e 's,^\( *url "\)[^"]*\("\)$,\1${{ steps.vars.outputs.artifact }}\2,' Formula/ironoxide.rb
sed -i -e 's,^\( *sha256 "\)[0-9a-f]*\("\)$,\1${{ steps.vars.outputs.sha256 }}\2,' Formula/ironoxide.rb
- run: git add Formula/ironoxide.rb
- run: git checkout -b ${{ steps.vars.outputs.pr_branch }}
- run: git commit -m "Use new ironoxide-homebrew ${{ steps.vars.outputs.tag }}"
- run: git push origin ${{ steps.vars.outputs.pr_branch }}
- name: Create PR
run: |
curl --silent --show-error --fail -X POST \
-H "Authorization: token ${{ secrets.WORKFLOW_PAT }}" \
-H "Content-Type: application/json" \
--data '{"title": "Use new ironoxide-swig-bindings ${{ steps.vars.outputs.tag }}",
"head": "${{ steps.vars.outputs.pr_branch }}",
"base": "main",
"body": ""
}' \
https://api.github.com/repos/IronCoreLabs/homebrew-ironcore/pulls