-
Notifications
You must be signed in to change notification settings - Fork 0
128 lines (109 loc) · 4.18 KB
/
release.yml
File metadata and controls
128 lines (109 loc) · 4.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
name: Release
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
tag:
description: 'Tag to release (vX.Y.Z)'
required: true
type: string
jobs:
release:
runs-on: windows-latest
permissions:
contents: write
env:
RELEASE_TAG: ${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref_name }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
- name: Prepare signing certificate
shell: pwsh
env:
CLOUDSQLCTL_SIGN_CERT_B64: ${{ secrets.CLOUDSQLCTL_SIGN_CERT_B64 }}
CLOUDSQLCTL_SIGN_PWD: ${{ secrets.CLOUDSQLCTL_SIGN_PWD }}
run: |
if (-not $env:CLOUDSQLCTL_SIGN_CERT_B64) {
Write-Host "Signing cert not provided; skipping signing setup."
exit 0
}
$certPath = Join-Path $env:RUNNER_TEMP "cloudsqlctl-signing.pfx"
[IO.File]::WriteAllBytes($certPath, [Convert]::FromBase64String($env:CLOUDSQLCTL_SIGN_CERT_B64))
"CLOUDSQLCTL_SIGN_CERT=$certPath" | Out-File -FilePath $env:GITHUB_ENV -Append
"CLOUDSQLCTL_SIGN_PWD=$env:CLOUDSQLCTL_SIGN_PWD" | Out-File -FilePath $env:GITHUB_ENV -Append
- name: Use Node.js 22.x
uses: actions/setup-node@v4
with:
node-version: 22.x
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Check Version
run: |
$tag = $env:RELEASE_TAG -replace '^v', ''
$pkg = Get-Content package.json | ConvertFrom-Json
if ($pkg.version -ne $tag) {
Write-Error "Version mismatch: Tag $tag vs Package $($pkg.version)"
exit 1
}
- name: Build
run: npm run build
- name: Package (SEA)
run: npm run package
- name: Install Inno Setup
run: choco install innosetup -y --no-progress
- name: Build Installer
run: npm run installer
- name: Sign artifacts
if: ${{ env.CLOUDSQLCTL_SIGN_CERT != '' }}
shell: pwsh
run: |
powershell -ExecutionPolicy Bypass -File tools/sign-exe.ps1 -ExePath "bin/cloudsqlctl.exe"
powershell -ExecutionPolicy Bypass -File tools/sign-exe.ps1 -ExePath "dist/cloudsqlctl-setup.exe"
- name: Generate Docs
run: npm run docs:generate
- name: Stage Artifacts
run: npm run stage
- name: Verify Artifacts
run: |
if (-not (Test-Path artifacts/cloudsqlctl.exe)) { throw "Missing cloudsqlctl.exe" }
if (-not (Test-Path artifacts/cloudsqlctl-setup.exe)) { throw "Missing cloudsqlctl-setup.exe" }
if (-not (Test-Path artifacts/cloudsqlctl-windows-x64.zip)) { throw "Missing zip bundle" }
if (-not (Test-Path artifacts/SHA256SUMS.txt)) { throw "Missing SHA256SUMS.txt" }
- name: Delete existing release assets (same tag)
shell: pwsh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
$tag = $env:RELEASE_TAG
$headers = @{
Authorization = "Bearer $env:GITHUB_TOKEN"
Accept = "application/vnd.github+json"
}
try {
$release = Invoke-RestMethod -Method Get -Uri "https://api.github.com/repos/$env:GITHUB_REPOSITORY/releases/tags/$tag" -Headers $headers
} catch {
if ($_.Exception.Response.StatusCode.value__ -eq 404) {
Write-Host "No existing release for $tag"
exit 0
}
throw
}
if (-not $release) {
Write-Host "No existing release data for $tag"
exit 0
}
foreach ($asset in $release.assets) {
Write-Host "Deleting asset $($asset.name)"
Invoke-RestMethod -Method Delete -Uri "https://api.github.com/repos/$env:GITHUB_REPOSITORY/releases/assets/$($asset.id)" -Headers $headers
}
- name: Release
uses: softprops/action-gh-release@v2
if: ${{ github.event_name == 'workflow_dispatch' || startsWith(github.ref, 'refs/tags/') }}
with:
tag_name: ${{ env.RELEASE_TAG }}
files: artifacts/*
generate_release_notes: true