godon-cli/.github/workflows/release.yml at main · godon-dev/godon-cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: release_godon_cli

on:
  release:
    types: [published]

permissions:
  contents: write

jobs:
  validate-release:
    runs-on: ubuntu-latest

    steps:
    - name: Validate release tag
      run: |
        # Extract version from release tag
        VERSION="${{ github.ref_name }}"

        # If ref_name contains refs/tags/, extract just the tag
        if [[ "$VERSION" == refs/tags/* ]]; then
          VERSION=${VERSION#refs/tags/}
        fi

        echo "Release version: $VERSION"

        # Simple validation using case statement for better compatibility
        case "$VERSION" in
          [0-9]*\.[0-9]*\.[0-9]*)
            echo "✅ Version format looks valid"
            ;;
          [0-9]*\.[0-9]*\.[0-9]*-[a-zA-Z0-9.-]*)
            echo "✅ Version format with pre-release looks valid"
            ;;
          *)
            echo "❌ Error: Release tag must be in semantic versioning format (e.g., 1.0.0, 2.1.3, 1.0.0-alpha.1)"
            echo "Got: '$VERSION'"
            exit 1
            ;;
        esac

  calculate-and-upload-hashes:
    runs-on: ubuntu-latest
    needs: validate-release
    if: success()

    steps:
    - name: Wait for release assets to be available
      run: |
        echo "Waiting for GitHub to generate source archives..."
        sleep 30

    - name: Download release assets
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        RELEASE_TAG: ${{ github.ref_name }}
      run: |
        # Extract version from release tag
        VERSION="$RELEASE_TAG"
        if [[ "$VERSION" == refs/tags/* ]]; then
          VERSION=${VERSION#refs/tags/}
        fi

        echo "Processing release: $VERSION"

        # Create downloads directory
        mkdir -p downloads

        # Get release info and download default source archives
        RELEASE_API_URL="https://api.github.com/repos/${{ github.repository }}/releases/tags/$VERSION"

        echo "Fetching release info from: $RELEASE_API_URL"

        # Get the upload URL for the release
        UPLOAD_URL=$(curl -s -H "Authorization: token $GITHUB_TOKEN" "$RELEASE_API_URL" | jq -r '.upload_url')

        # Download the default source archives (tarball and zipball)
        TARBALL_URL="https://github.com/${{ github.repository }}/archive/refs/tags/$VERSION.tar.gz"
        ZIPBALL_URL="https://github.com/${{ github.repository }}/archive/refs/tags/$VERSION.zip"

        echo "Downloading source archives..."
        wget -O "downloads/${{ github.event.repository.name }}-$VERSION.tar.gz" "$TARBALL_URL"
        wget -O "downloads/${{ github.event.repository.name }}-$VERSION.zip" "$ZIPBALL_URL"

        echo "Downloaded files:"
        ls -la downloads/

    - name: Calculate hashes
      run: |
        cd downloads

        # Calculate SHA256 and SHA512 for each archive
        for file in *.tar.gz *.zip; do
          if [[ -f "$file" ]]; then
            echo "Calculating hashes for $file..."

            # SHA256
            sha256sum "$file" > "${file}.sha256"
            echo "SHA256(${file}) = $(sha256sum "$file" | cut -d' ' -f1)"

            # SHA512
            sha512sum "$file" > "${file}.sha512"
            echo "SHA512(${file}) = $(sha512sum "$file" | cut -d' ' -f1)"
          fi
        done

        echo "Generated hash files:"
        ls -la *.sha256 *.sha512

    - name: Upload hash files to release
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        RELEASE_TAG: ${{ github.ref_name }}
      run: |
        # Extract version from release tag
        VERSION="$RELEASE_TAG"
        if [[ "$VERSION" == refs/tags/* ]]; then
          VERSION=${VERSION#refs/tags/}
        fi

        # Get release ID
        RELEASE_API_URL="https://api.github.com/repos/${{ github.repository }}/releases/tags/$VERSION"
        UPLOAD_URL=$(curl -s -H "Authorization: token $GITHUB_TOKEN" "$RELEASE_API_URL" | jq -r '.upload_url' | sed 's/{?name,label}//')

        echo "Uploading hash files to release..."

        # Upload each hash file
        cd downloads
        for hash_file in *.sha256 *.sha512; do
          if [[ -f "$hash_file" ]]; then
            echo "Uploading $hash_file..."

            curl -X POST \
              -H "Authorization: token $GITHUB_TOKEN" \
              -H "Content-Type: application/octet-stream" \
              --data-binary @"$hash_file" \
              "${UPLOAD_URL}?name=${hash_file}"

            echo "Uploaded $hash_file successfully"
          fi
        done

        echo "All hash files uploaded to release"