Skip to content
Publish packages

fix: revert the major version upgrade in react-router (#2386) #1126

Sign in to view logs

fix: revert the major version upgrade in react-router (#2386)

fix: revert the major version upgrade in react-router (#2386) #1126

Workflow file for this run

.github/workflows/build-packages.yml at a78e614
name: Publish packages
on:
push:
tags:
- 'v**'
- 'nightly'
workflow_dispatch:
inputs:
target_tag:
description: 'The release tag to upload assets to (e.g., v1.0.1 or nightly). Required.'
required: true
type: string
run_binary_packages:
description: 'Run the "publish_binary_packages" job?'
required: true
type: boolean
default: true
jans_branch:
description: 'The --jans-branch to use for the setup script.'
required: true
type: string
default: 'main'
jans_setup_branch:
description: 'The --jans-setup-branch to use for the setup script.'
required: true
type: string
default: 'main'
permissions:
contents: read
jobs:
publish_binary_packages:
if: |
github.repository == 'GluuFederation/flex' &&
(github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.run_binary_packages))
runs-on: ${{ matrix.os }}
permissions:
id-token: write
strategy:
fail-fast: false
matrix:
name: [ubuntu24, ubuntu22, ubuntu20, el8, suse15]
include:
- name: ubuntu24
os: ubuntu-22.04
asset_suffix: ~ubuntu24.04_amd64.deb
build_files: deb/noble
asset_prefix: '_'
asset_path: flex
sign_cmd: cosign sign-blob --yes --output-certificate cert.pem --output-signature sig
python_version: 3.11
- name: ubuntu22
os: ubuntu-22.04
asset_suffix: ~ubuntu22.04_amd64.deb
build_files: deb/jammy
asset_prefix: '_'
asset_path: flex
sign_cmd: cosign sign-blob --yes --output-certificate cert.pem --output-signature sig
python_version: 3.8
- name: ubuntu20
os: ubuntu-22.04
asset_suffix: ~ubuntu20.04_amd64.deb
build_files: deb/focal
asset_prefix: '_'
asset_path: flex
sign_cmd: cosign sign-blob --yes --output-certificate cert.pem --output-signature sig
python_version: 3.8
- name: el8
os: ubuntu-22.04
asset_suffix: .el8.x86_64.rpm
build_files: rpm/el8
asset_prefix: '-'
asset_path: flex/rpmbuild/RPMS/x86_64
sign_cmd: rpm --addsign
python_version: 3.8
- name: suse15
os: ubuntu-22.04
asset_suffix: .suse15.x86_64.rpm
build_files: rpm/suse15
asset_prefix: '-'
asset_path: flex/rpmbuild/RPMS/x86_64
sign_cmd: rpm --addsign
python_version: 3.8
steps:
- name: Harden Runner
uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
path: temp-flex
- name: Getting build dependencies
id: get_dependencies
run: |
mkdir -p flex/flex-src/opt/
cp -rp temp-flex/automation/packaging/${{ matrix.build_files }}/* flex/
cp temp-flex/flex-linux-setup/flex_linux_setup/flex_setup.py flex/flex_setup.py
sudo add-apt-repository -y ppa:deadsnakes/ppa
sudo apt-get update
sudo apt-get install -y python${{ matrix.python_version }}
sudo apt install -y build-essential devscripts debhelper rpm python3-dev python3-requests python3-ruamel.yaml python3-pymysql python3-prompt-toolkit python${{ matrix.python_version }}-distutils libpq-dev python${{ matrix.python_version }}-dev apache2 rsyslog python3-urllib3 python3-certifi postgresql postgresql-contrib
sudo apt install -y dpkg-sig python3-crypto python3-distutils || sudo apt install -y python3-distutils-extra python3-cryptography
sudo cp -r /usr/lib/python3/dist-packages /usr/lib/python${{ matrix.python_version }}/
sudo python${{ matrix.python_version }} -m pip install psycopg2-binary psycopg2 || echo "failed to install psycopg2"
- name: Import GPG key
id: import_gpg
continue-on-error: true
uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
with:
gpg_private_key: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.MOAUTO_GPG_PRIVATE_KEY_PASSPHRASE }}
git_user_signingkey: true
git_commit_gpgsign: true
- name: List keys
id: list_keys
run: gpg -K
- name: Get latest tag
id: previoustag
run: |
if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
TAG_NAME="${{ inputs.target_tag }}"
else
TAG_NAME=$(echo "${{ github.event.ref }}" | cut -d '/' -f 3)
fi
echo "tag=${TAG_NAME}" >> $GITHUB_OUTPUT
if [[ "${TAG_NAME}" == "nightly" ]]; then
echo "version=0.0.0-nightly" >> $GITHUB_OUTPUT
else
echo "version=$(echo "${TAG_NAME}" | sed 's/^v//')-stable" >> $GITHUB_OUTPUT
fi
echo "PACKAGE_PREFIX=flex" >> ${GITHUB_ENV}
- name: Set Branch Parameters
id: set_branches
run: |
if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
echo "Using manual inputs for branches"
echo "JANS_BRANCH=${{ inputs.jans_branch }}" >> $GITHUB_ENV
echo "JANS_SETUP_BRANCH=${{ inputs.jans_setup_branch }}" >> $GITHUB_ENV
else
echo "Deriving branches from release tag"
TAG_NAME=$(echo "${{ github.event.ref }}" | cut -d '/' -f 3)
if [[ "${TAG_NAME}" == "nightly" ]]; then
JANS_BRANCH="nightly"
JANS_SETUP_BRANCH="nightly"
else
VERSION_ONLY=$(echo "${TAG_NAME}" | sed 's/^v//')
MAJOR=$(echo "${VERSION_ONLY}" | cut -d '.' -f 1)
REST_OF_VERSION=$(echo "${VERSION_ONLY}" | cut -d '.' -f 2-)
if [[ "$MAJOR" =~ ^[0-9]+$ ]]; then
NEW_MAJOR=$((MAJOR - 4))
NEW_TAG="v${NEW_MAJOR}.${REST_OF_VERSION}"
JANS_BRANCH="${NEW_TAG}"
JANS_SETUP_BRANCH="${NEW_TAG}"
else
# Fallback in case tag is not in the expected format
JANS_BRANCH="${TAG_NAME}"
JANS_SETUP_BRANCH="${TAG_NAME}"
fi
fi
echo "JANS_BRANCH=${JANS_BRANCH}" >> $GITHUB_ENV
echo "JANS_SETUP_BRANCH=${JANS_SETUP_BRANCH}" >> $GITHUB_ENV
fi
- name: Print Version and tag
run: |
echo "Version: ${{ steps.previoustag.outputs.version }}"
echo "Tag: ${{ steps.previoustag.outputs.tag }}"
echo "Jans Branch: ${{ env.JANS_BRANCH }}"
echo "Jans Setup Branch: ${{ env.JANS_SETUP_BRANCH }}"
- name: Running install and build
id: run_build
run: |
cd flex/
sudo python${{ matrix.python_version }} flex_setup.py --jans-branch="${{ env.JANS_BRANCH }}" --jans-setup-branch="${{ env.JANS_SETUP_BRANCH }}" -download-exit -yes --keep-downloads --keep-setup -force-download
cp -r /opt/dist flex-src/opt/
cp -r /opt/jans flex-src/opt/
touch flex-src/opt/jans/jans-setup/package
rm -rf install.py install jans-cli
rm -rf flex-src/opt/jans/jans-setup/logs/setup.log
rm -rf flex-src/opt/jans/jans-setup/logs/setup_error.log
sed -i "s/%VERSION%/${{ steps.previoustag.outputs.version }}/g" run-build.sh
cat run-build.sh
sudo ./run-build.sh
- name: Install Cosign
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
- name: Sign package
id: sign_package
run : |
ls ${{github.workspace}}/${{ matrix.asset_path }}
sudo mv ${{github.workspace}}/${{ matrix.asset_path }}/flex* ${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }} || echo "no need to rename"
echo '%_gpg_name moauto (automation) <[email protected]>' >> ~/.rpmmacros
${{ matrix.sign_cmd }} ${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
gpg --armor --detach-sign ${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
ls ${{github.workspace}}/${{ matrix.asset_path }}
- name: Create checksum
id: create_checksum
run: |
cd flex/
sed -i "s/%VERSION%/${{ steps.previoustag.outputs.version }}/g" checksum.sh
sudo ./checksum.sh
ls ${{github.workspace}}/${{ matrix.asset_path }}
- name: Upload assets to release
env:
GH_TOKEN: ${{ secrets.MOWORKFLOWTOKEN }}
run: |
gh release upload ${{ steps.previoustag.outputs.tag }} \
${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }} \
${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.sha256sum \
${{github.workspace}}/${{ matrix.asset_path }}/flex${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}.asc \
--repo ${{ github.repository }} \
--clobber