DriverStoreExplorer/.github/workflows/release.yml at master · lostindark/DriverStoreExplorer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Release

on:
  workflow_dispatch:
    inputs:
      version:
        description: 'Version to release (e.g. 1.0.0)'
        required: true
        type: string

permissions:
  contents: write
  actions: write

env:
  SIGNPATH_ORG_ID: 'c9bd44ce-a067-4f9a-9135-468d00ed0b13'
  SIGNPATH_PROJECT_SLUG: 'DriverStoreExplorer'
  SIGNPATH_SIGNING_POLICY_SLUG: 'release-signing'

jobs:
  release:
    runs-on: windows-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v5

      - name: Download CI artifact
        shell: pwsh
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          $name = "DriverStoreExplorer-v${{ inputs.version }}-unsigned"
          $resp = gh api "repos/${{ github.repository }}/actions/artifacts?name=$name&per_page=1" | ConvertFrom-Json
          if ($resp.total_count -eq 0) { throw "Artifact '$name' not found from CI" }
          $id = $resp.artifacts[0].id
          Write-Host "Found artifact ID: $id"
          gh api "repos/${{ github.repository }}/actions/artifacts/$id/zip" > artifact.zip
          Expand-Archive artifact.zip -DestinationPath ci-build
          Remove-Item artifact.zip

      - name: Upload unsigned artifact for SignPath
        id: upload-unsigned
        uses: actions/upload-artifact@v7
        with:
          name: DriverStoreExplorer-v${{ inputs.version }}-unsigned
          path: ci-build/

      - name: Submit signing request to SignPath
        id: signpath
        uses: signpath/github-action-submit-signing-request@v1
        with:
          api-token: ${{ secrets.SIGNPATH_API_TOKEN }}
          organization-id: ${{ env.SIGNPATH_ORG_ID }}
          project-slug: ${{ env.SIGNPATH_PROJECT_SLUG }}
          signing-policy-slug: ${{ env.SIGNPATH_SIGNING_POLICY_SLUG }}
          github-artifact-id: ${{ steps.upload-unsigned.outputs.artifact-id }}
          wait-for-completion: true
          wait-for-completion-timeout-in-seconds: 3600
          output-artifact-directory: signed-artifact

      - name: Create release archive
        shell: pwsh
        run: |
          Compress-Archive -Path signed-artifact/* -DestinationPath "DriverStoreExplorer-v${{ inputs.version }}.zip"

      - name: Generate release highlights
        shell: pwsh
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          $version = "v${{ inputs.version }}"
          $dispatchTime = (Get-Date).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
          gh workflow run release-highlights.lock.yml -f version="$version"
          Start-Sleep -Seconds 10

          # Find the triggered run created after dispatch time
          $runId = $null
          for ($i = 0; $i -lt 60; $i++) {
            $runs = gh api "repos/${{ github.repository }}/actions/workflows/release-highlights.lock.yml/runs?event=workflow_dispatch&created=%3E%3D$dispatchTime&per_page=5" | ConvertFrom-Json
            if ($runs.workflow_runs.Count -gt 0) {
              $runId = $runs.workflow_runs[0].id
              Write-Host "Found matching run: $runId (status: $($runs.workflow_runs[0].status))"
              break
            }
            Start-Sleep -Seconds 5
          }
          if (-not $runId) {
            Write-Host "::warning::Could not find release highlights run after 5 minutes, skipping"
            exit 0
          }

          Write-Host "Waiting for release highlights run $runId..."
          for ($i = 0; $i -lt 20; $i++) {
            Start-Sleep -Seconds 30
            $status = (gh run view $runId --json status,conclusion | ConvertFrom-Json)
            Write-Host "  Status: $($status.status)"
            if ($status.status -eq "completed") { break }
          }

          if ($status.status -ne "completed") {
            Write-Host "::warning::Release highlights timed out after 10 minutes, skipping"
            exit 0
          }

          if ($status.conclusion -ne "success") {
            Write-Host "::warning::Release highlights finished with conclusion: $($status.conclusion)"
            exit 0
          }

          # Download the agent artifact which contains release-highlights.md
          $downloadOutput = gh run download $runId -n agent -D highlights-output 2>&1
          if ($LASTEXITCODE -ne 0) {
            Write-Host "::warning::Failed to download agent artifact: $downloadOutput"
          } elseif (Test-Path highlights-output/agent/release-highlights.md) {
            Write-Host "Release highlights downloaded"
          } else {
            Write-Host "::warning::Agent artifact downloaded but highlights file not found"
          }

      - name: Create GitHub release
        shell: pwsh
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          $args = @(
            "v${{ inputs.version }}"
            "DriverStoreExplorer-v${{ inputs.version }}.zip"
            "--title", "DriverStore Explorer v${{ inputs.version }}"
            "--draft"
          )
          if (Test-Path highlights-output/agent/release-highlights.md) {
            $args += "--notes-file"
            $args += "highlights-output/agent/release-highlights.md"
          } else {
            $args += "--generate-notes"
          }
          gh release create @args