name: bottle on: workflow_call: inputs: new-version: type: boolean required: false default: false platform: required: true type: string projects: required: false type: string outputs: pr: description: "The PR number" value: ${{ jobs.bottle.outputs.pr }} qa-required: description: "Whether QA is required" value: ${{ jobs.upload.outputs.qa-required }} jobs: get-platform: runs-on: ubuntu-latest outputs: os: ${{ steps.platform.outputs.os }} cache-set: ${{ steps.platform.outputs.cache-set }} available: ${{ steps.platform.outputs.available }} steps: - uses: teaxyz/brewkit/actions/get-platform@v0 id: platform with: platform: ${{ inputs.platform }} projects: ${{ inputs.projects }} bottle: needs: [get-platform] if: ${{ !inputs.new-version || needs.get-platform.outputs.available != '' }} runs-on: ${{ fromJson(needs.get-platform.outputs.os) }} outputs: srcs: ${{ env.srcs }} built: ${{ env.built }} pr: ${{ env.PR }} steps: - uses: teaxyz/brewkit/actions/setup-brewkit@v0 id: tea timeout-minutes: 10 - uses: actions/download-artifact@v3 if: ${{ inputs.new-version }} with: name: ${{ inputs.platform }} - uses: teaxyz/brewkit/actions/fetch-pr-artifacts@v0 if: ${{ !inputs.new-version }} with: platform: ${{ inputs.platform }} token: ${{ github.token }} AWS_S3_BUCKET: ${{ secrets.AWS_S3_CACHE }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - name: clean destination # Note: needed when changing a directory to a symlink, for example in # https://github.com/teaxyz/pantry/pull/435 run: | tar tzf $GITHUB_WORKSPACE/artifacts.tgz | \ awk '{ print length, $0 }' | \ sort -n -s -r | \ cut -d" " -f2- | \ xargs rm -rf working-directory: ${{ steps.tea.outputs.prefix }} - run: tar xzvf $GITHUB_WORKSPACE/artifacts.tgz working-directory: ${{ steps.tea.outputs.prefix }} - run: | for file in built srcs; do echo "$file=$(cat $file)" >>$GITHUB_ENV done working-directory: ${{ steps.tea.outputs.prefix }} - run: | tea +gnupg.org gpg-agent --daemon || true echo $GPG_PRIVATE_KEY | \ base64 -d | \ tea +gnupg.org gpg --import --batch --yes env: GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - uses: teaxyz/brewkit/actions/bottle@v0 id: bottle-xz with: built: ${{ env.built }} compression: xz gpg-key-id: ${{ secrets.GPG_KEY_ID }} - uses: teaxyz/brewkit/actions/bottle@v0 id: bottle-gz with: built: ${{ env.built }} compression: gz gpg-key-id: ${{ secrets.GPG_KEY_ID }} - run: | echo ${{ steps.bottle-gz.outputs.bottles }} ${{ steps.bottle-xz.outputs.bottles }} >bottles echo ${{ steps.bottle-gz.outputs.checksums }} ${{ steps.bottle-xz.outputs.checksums }} >checksums echo ${{ steps.bottle-gz.outputs.signatures }} ${{ steps.bottle-xz.outputs.signatures }} >signatures SRCS=$(echo $srcs | tr -d '~') tar cf $GITHUB_WORKSPACE/artifacts.tar \ $SRCS \ ${{ steps.bottle-gz.outputs.bottles }} \ ${{ steps.bottle-xz.outputs.bottles }} \ bottles checksums signatures working-directory: ${{ steps.tea.outputs.prefix }} - name: upload artifacts uses: actions/upload-artifact@v3 with: name: ${{ inputs.platform }}-bottles path: artifacts.tar if-no-files-found: error upload: needs: [get-platform, bottle] if: ${{ !inputs.new-version || needs.get-platform.outputs.available != '' }} runs-on: ubuntu-latest outputs: qa-required: ${{ steps.upload.outputs.qa-required }} steps: - uses: teaxyz/brewkit/actions/setup-brewkit@v0 with: prefix: ${{ github.workspace }}/.tea timeout-minutes: 10 - uses: actions/download-artifact@v3 with: name: ${{ inputs.platform }}-bottles - run: | tar xvf artifacts.tar for file in bottles checksums signatures; do echo "$file=$(cat $file)" >>$GITHUB_ENV done - uses: teaxyz/brewkit/actions/upload@v0 id: upload with: qa: ${{ inputs.new-version }} pkgs: ${{ needs.bottle.outputs.built }} ${{ needs.bottle.outputs.built }} srcs: ${{ needs.bottle.outputs.srcs }} ${{ needs.bottle.outputs.srcs }} bottles: ${{ env.bottles }} checksums: ${{ env.checksums }} signatures: ${{ env.signatures }} AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} AWS_S3_STAGING_BUCKET: ${{ secrets.AWS_S3_CACHE }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - uses: chetan/invalidate-cloudfront-action@v2 if: ${{ steps.upload.outputs.cf-invalidation-paths != '' }} env: PATHS: ${{ steps.upload.outputs.cf-invalidation-paths }} DISTRIBUTION: ${{ secrets.AWS_CF_DISTRIBUTION_ID }} AWS_REGION: us-east-1 AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}