Merge #4280 ci: Bumping Signing request tag #835
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy CKAN + NetKAN | |
on: | |
push: | |
branches: | |
- master | |
workflow_dispatch: | |
repository_dispatch: | |
types: | |
- deploy | |
concurrency: deploy | |
env: | |
AWS_S3_BUCKET: ksp-ckan | |
jobs: | |
sign-assets: | |
uses: ./.github/workflows/sign.yml | |
secrets: inherit | |
check-dev-build: | |
runs-on: ubuntu-latest | |
outputs: | |
dev-build: ${{ steps.check-version.outputs.dev-build }} | |
if: github.event_name != 'repository_dispatch' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Treat as dev build if final piece of version is odd | |
id: check-version | |
shell: bash | |
run: | | |
VERSION=$(egrep '^\s*\#\#\s+v.*$' CHANGELOG.md | head -1 | sed -e 's/^\s*\#\#\s\+v//' -e 's/-.*$//') | |
if [[ $VERSION =~ [13579]$ ]] | |
then | |
echo 'dev-build=true' >> $GITHUB_OUTPUT | |
fi | |
upload-release-s3: | |
needs: | |
- sign-assets | |
if: github.event_name != 'repository_dispatch' | |
runs-on: ubuntu-latest | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- uses: actions/checkout@v4 | |
- name: Download repack artifact to get netkan.exe | |
uses: actions/download-artifact@v4 | |
with: | |
name: Release-repack-unsigned | |
path: _build/repack | |
- name: Download signed artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: signed | |
path: _build/signed | |
- name: Put signed exes into repack path | |
run: | | |
mkdir -p _build/repack/Release | |
cp _build/signed/*.exe _build/repack/Release | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: 3.11 | |
- name: Create a version.json file for dev builds on S3 | |
shell: bash | |
run: | | |
export PIP_ROOT_USER_ACTION=ignore | |
pip install gitpython | |
git config --global --add safe.directory '*' | |
python bin/version_info.py > _build/repack/Release/version.json | |
- name: Push ckan.exe, AutoUpdater.exe, netkan.exe, and version.json to S3 | |
run: aws s3 sync _build/repack/Release s3://${AWS_S3_BUCKET} --follow-symlinks | |
upload-dmg: | |
needs: | |
- check-dev-build | |
- sign-assets | |
runs-on: ubuntu-latest | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
if: github.event_name != 'repository_dispatch' && needs.check-dev-build.outputs.dev-build | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Install OSX build dependencies | |
run: sudo apt-get install -y libplist-utils xorriso | |
- uses: actions/checkout@v4 | |
- name: Download repack artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: Release-repack-unsigned | |
path: _build/repack/ | |
- name: Build dmg | |
run: ./build osx --configuration=Release --exclusive | |
- name: Push dmg to S3 | |
run: aws s3 cp _build/osx/CKAN.dmg s3://${AWS_S3_BUCKET} --follow-symlinks | |
upload-deb: | |
needs: | |
- check-dev-build | |
- sign-assets | |
runs-on: ubuntu-latest | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
if: github.event_name != 'repository_dispatch' && needs.check-dev-build.outputs.dev-build | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- uses: actions/checkout@v4 | |
- name: Download signed artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: signed | |
path: _build/signed | |
- name: Put signed exe into repack path | |
run: | | |
mkdir -p _build/repack/Release | |
cp _build/signed/ckan.exe _build/repack/Release | |
- name: Build deb | |
env: | |
CODENAME: nightly | |
run: ./build deb --configuration=Release --exclusive | |
- name: Import GPG key | |
env: | |
DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} | |
run: | | |
echo "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import | |
gpg --list-secret-keys --keyid-format LONG | |
if: ${{ env.DEBIAN_PRIVATE_KEY }} | |
- name: Sign deb release | |
env: | |
CODENAME: nightly | |
DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} | |
run: ./build deb-sign --configuration=Release --exclusive | |
if: ${{ env.DEBIAN_PRIVATE_KEY }} | |
- name: Push deb to S3 | |
run: aws s3 sync _build/deb/apt-repo-root s3://${AWS_S3_BUCKET}/deb --follow-symlinks | |
- name: Push nightly APT repo to S3 | |
run: aws s3 sync _build/deb/apt-repo-dist s3://${AWS_S3_BUCKET}/deb/dists/nightly --follow-symlinks | |
- name: CKAN-ModInstaller repo dispatch | |
env: | |
REPO_ACCESS_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }} | |
if: env.REPO_ACCESS_TOKEN | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
repository: KSP-CKAN/CKAN-ModInstaller | |
event-type: deploy | |
token: ${{ secrets.REPO_ACCESS_TOKEN }} | |
upload-rpm: | |
needs: | |
- check-dev-build | |
- sign-assets | |
runs-on: ubuntu-latest | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
if: github.event_name != 'repository_dispatch' && needs.check-dev-build.outputs.dev-build | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- uses: actions/checkout@v4 | |
- name: Install rpm build dependencies | |
run: sudo apt-get install -y createrepo-c | |
- name: Download signed artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: signed | |
path: _build/signed | |
- name: Put signed exe into repack path | |
run: | | |
mkdir -p _build/repack/Release | |
cp _build/signed/ckan.exe _build/repack/Release | |
- name: Build rpm | |
run: ./build rpm --configuration=Release --exclusive | |
- name: Import GPG key | |
env: | |
DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} | |
run: | | |
echo "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import | |
gpg --list-secret-keys --keyid-format LONG | |
if: ${{ env.DEBIAN_PRIVATE_KEY }} | |
- name: Build nightly RPM repo | |
env: | |
CODENAME: nightly | |
DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }} | |
run: ./build rpm-repo --configuration=Release --exclusive | |
if: ${{ env.DEBIAN_PRIVATE_KEY }} | |
- name: Push nightly PRM repo to S3 | |
run: aws s3 sync _build/rpm/repo s3://${AWS_S3_BUCKET}/rpm/nightly --follow-symlinks | |
upload-inflator: | |
needs: | |
- sign-assets | |
if: github.event_name != 'repository_dispatch' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Download Inflator image artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: inflator-image | |
path: /tmp | |
- name: Load Inflator image | |
run: docker load --input /tmp/inflator-image.tar | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Push Inflator image to Docker Hub | |
run: docker push kspckan/inflator:latest | |
- name: Redeploy Inflator containers | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: us-west-2 | |
shell: bash | |
run: | | |
docker image pull -q kspckan/netkan | |
for CONTAINER in InflatorKsp InflatorKsp2 | |
do | |
docker run -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_DEFAULT_REGION kspckan/netkan redeploy-service --cluster NetKANCluster --service-name $CONTAINER & | |
done | |
wait | |
upload-metadata-tester: | |
needs: | |
- sign-assets | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download repack artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: Release-repack-unsigned | |
path: _build/repack/ | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Generate metadata tester Docker image and publish to Hub | |
uses: docker/build-push-action@v5 | |
with: | |
file: Dockerfile.metadata | |
context: _build/repack/Release | |
tags: kspckan/metadata | |
push: true | |
notify-discord: | |
needs: | |
- sign-assets | |
- upload-release-s3 | |
- upload-dmg | |
- upload-deb | |
- upload-rpm | |
- upload-inflator | |
- upload-metadata-tester | |
if: always() | |
uses: ./.github/workflows/notify.yml | |
with: | |
name: ${{ github.workflow }} | |
success: ${{ !contains(needs.*.result, 'failure') }} | |
secrets: inherit |