Skip to content

Merge #4280 ci: Bumping Signing request tag #835

Merge #4280 ci: Bumping Signing request tag

Merge #4280 ci: Bumping Signing request tag #835

Workflow file for this run

name: Deploy CKAN + NetKAN
on:
push:
branches:
- master
workflow_dispatch:
repository_dispatch:
types:
- deploy
concurrency: deploy
env:
AWS_S3_BUCKET: ksp-ckan
jobs:
sign-assets:
uses: ./.github/workflows/sign.yml
secrets: inherit
check-dev-build:
runs-on: ubuntu-latest
outputs:
dev-build: ${{ steps.check-version.outputs.dev-build }}
if: github.event_name != 'repository_dispatch'
steps:
- uses: actions/checkout@v4
- name: Treat as dev build if final piece of version is odd
id: check-version
shell: bash
run: |
VERSION=$(egrep '^\s*\#\#\s+v.*$' CHANGELOG.md | head -1 | sed -e 's/^\s*\#\#\s\+v//' -e 's/-.*$//')
if [[ $VERSION =~ [13579]$ ]]
then
echo 'dev-build=true' >> $GITHUB_OUTPUT
fi
upload-release-s3:
needs:
- sign-assets
if: github.event_name != 'repository_dispatch'
runs-on: ubuntu-latest
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- uses: actions/checkout@v4
- name: Download repack artifact to get netkan.exe
uses: actions/download-artifact@v4
with:
name: Release-repack-unsigned
path: _build/repack
- name: Download signed artifact
uses: actions/download-artifact@v4
with:
name: signed
path: _build/signed
- name: Put signed exes into repack path
run: |
mkdir -p _build/repack/Release
cp _build/signed/*.exe _build/repack/Release
- uses: actions/setup-python@v5
with:
python-version: 3.11
- name: Create a version.json file for dev builds on S3
shell: bash
run: |
export PIP_ROOT_USER_ACTION=ignore
pip install gitpython
git config --global --add safe.directory '*'
python bin/version_info.py > _build/repack/Release/version.json
- name: Push ckan.exe, AutoUpdater.exe, netkan.exe, and version.json to S3
run: aws s3 sync _build/repack/Release s3://${AWS_S3_BUCKET} --follow-symlinks
upload-dmg:
needs:
- check-dev-build
- sign-assets
runs-on: ubuntu-latest
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
if: github.event_name != 'repository_dispatch' && needs.check-dev-build.outputs.dev-build
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Install OSX build dependencies
run: sudo apt-get install -y libplist-utils xorriso
- uses: actions/checkout@v4
- name: Download repack artifact
uses: actions/download-artifact@v4
with:
name: Release-repack-unsigned
path: _build/repack/
- name: Build dmg
run: ./build osx --configuration=Release --exclusive
- name: Push dmg to S3
run: aws s3 cp _build/osx/CKAN.dmg s3://${AWS_S3_BUCKET} --follow-symlinks
upload-deb:
needs:
- check-dev-build
- sign-assets
runs-on: ubuntu-latest
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
if: github.event_name != 'repository_dispatch' && needs.check-dev-build.outputs.dev-build
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- uses: actions/checkout@v4
- name: Download signed artifact
uses: actions/download-artifact@v4
with:
name: signed
path: _build/signed
- name: Put signed exe into repack path
run: |
mkdir -p _build/repack/Release
cp _build/signed/ckan.exe _build/repack/Release
- name: Build deb
env:
CODENAME: nightly
run: ./build deb --configuration=Release --exclusive
- name: Import GPG key
env:
DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }}
run: |
echo "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
if: ${{ env.DEBIAN_PRIVATE_KEY }}
- name: Sign deb release
env:
CODENAME: nightly
DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }}
run: ./build deb-sign --configuration=Release --exclusive
if: ${{ env.DEBIAN_PRIVATE_KEY }}
- name: Push deb to S3
run: aws s3 sync _build/deb/apt-repo-root s3://${AWS_S3_BUCKET}/deb --follow-symlinks
- name: Push nightly APT repo to S3
run: aws s3 sync _build/deb/apt-repo-dist s3://${AWS_S3_BUCKET}/deb/dists/nightly --follow-symlinks
- name: CKAN-ModInstaller repo dispatch
env:
REPO_ACCESS_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }}
if: env.REPO_ACCESS_TOKEN
uses: peter-evans/repository-dispatch@v3
with:
repository: KSP-CKAN/CKAN-ModInstaller
event-type: deploy
token: ${{ secrets.REPO_ACCESS_TOKEN }}
upload-rpm:
needs:
- check-dev-build
- sign-assets
runs-on: ubuntu-latest
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
if: github.event_name != 'repository_dispatch' && needs.check-dev-build.outputs.dev-build
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- uses: actions/checkout@v4
- name: Install rpm build dependencies
run: sudo apt-get install -y createrepo-c
- name: Download signed artifact
uses: actions/download-artifact@v4
with:
name: signed
path: _build/signed
- name: Put signed exe into repack path
run: |
mkdir -p _build/repack/Release
cp _build/signed/ckan.exe _build/repack/Release
- name: Build rpm
run: ./build rpm --configuration=Release --exclusive
- name: Import GPG key
env:
DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }}
run: |
echo "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
if: ${{ env.DEBIAN_PRIVATE_KEY }}
- name: Build nightly RPM repo
env:
CODENAME: nightly
DEBIAN_PRIVATE_KEY: ${{ secrets.DEBIAN_PRIVATE_KEY }}
run: ./build rpm-repo --configuration=Release --exclusive
if: ${{ env.DEBIAN_PRIVATE_KEY }}
- name: Push nightly PRM repo to S3
run: aws s3 sync _build/rpm/repo s3://${AWS_S3_BUCKET}/rpm/nightly --follow-symlinks
upload-inflator:
needs:
- sign-assets
if: github.event_name != 'repository_dispatch'
runs-on: ubuntu-latest
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Download Inflator image artifact
uses: actions/download-artifact@v4
with:
name: inflator-image
path: /tmp
- name: Load Inflator image
run: docker load --input /tmp/inflator-image.tar
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Push Inflator image to Docker Hub
run: docker push kspckan/inflator:latest
- name: Redeploy Inflator containers
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-west-2
shell: bash
run: |
docker image pull -q kspckan/netkan
for CONTAINER in InflatorKsp InflatorKsp2
do
docker run -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_DEFAULT_REGION kspckan/netkan redeploy-service --cluster NetKANCluster --service-name $CONTAINER &
done
wait
upload-metadata-tester:
needs:
- sign-assets
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download repack artifact
uses: actions/download-artifact@v4
with:
name: Release-repack-unsigned
path: _build/repack/
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Generate metadata tester Docker image and publish to Hub
uses: docker/build-push-action@v5
with:
file: Dockerfile.metadata
context: _build/repack/Release
tags: kspckan/metadata
push: true
notify-discord:
needs:
- sign-assets
- upload-release-s3
- upload-dmg
- upload-deb
- upload-rpm
- upload-inflator
- upload-metadata-tester
if: always()
uses: ./.github/workflows/notify.yml
with:
name: ${{ github.workflow }}
success: ${{ !contains(needs.*.result, 'failure') }}
secrets: inherit