name: Build and sign plugin with marketplace json formation on: workflow_call: inputs: go_version: required: false description: 'GO version' node_version: required: false description: 'Node.js version' vault_secrets_base_path: required: true description: 'Базовый путь для секретов проекта в vault' artifacts_url: required: true description: 'Artifacts URL' artifacts_repository: required: true description: 'Artifacts repository' secrets: VAULT_ROLE_ID: required: true VAULT_SECRET_ID: required: true jobs: release: name: release runs-on: ubuntu-22.04 steps: - name: ci/checkout-repo uses: actions/checkout@v3 - id: publish-secrets name: ci/publish-secrets uses: https://github.com/hashicorp/vault-action@v2 with: url: https://vault.wilix.dev method: approle roleId: ${{ secrets.VAULT_ROLE_ID }} secretId: ${{ secrets.VAULT_SECRET_ID }} secrets: | ${{ inputs.vault_secrets_base_path }} ARTIFACTS_USERNAME ; ${{ inputs.vault_secrets_base_path }} ARTIFACTS_PASSWORD ; - id: key name: ci/key uses: https://github.com/hashicorp/vault-action@v2 with: url: https://vault.wilix.dev method: approle roleId: ${{ secrets.VAULT_ROLE_ID }} secretId: ${{ secrets.VAULT_SECRET_ID }} secrets: | ${{ inputs.vault_secrets_base_path }} SIGN_PRIVATE_KEY_EXPORTED ; ${{ inputs.vault_secrets_base_path }} SIGN_PRIVATE_KEY_ID ; ${{ inputs.vault_secrets_base_path }} SIGN_PRIVATE_KEY_PASSPHRASE ; - id: plugin-meta name: ci/plugin-meta shell: bash run: | apt-get update apt-get install -y jq echo "PLUGIN=$(jq -r '.id + "-" + .version + ".tar.gz"' plugin.json)" >> "$GITHUB_OUTPUT" echo "PLUGIN_ID=$(jq -r '.id' plugin.json)" >> "$GITHUB_OUTPUT" echo "PLUGIN_VERSION=$(jq -r '.version' plugin.json)" >> "$GITHUB_OUTPUT" echo "ENTERPRISE=$(jq -r '.props.enterprise == true' plugin.json)" >> "$GITHUB_OUTPUT" echo "BETA=$(jq -r '.version | contains("SNAPSHOT")' plugin.json)" >> "$GITHUB_OUTPUT" echo "EXPERIMENTAL=$(jq -r '.props.experimental == true' plugin.json)" >> "$GITHUB_OUTPUT" - name: ci/plugin-build uses: https://git.wilix.dev/wilix-infra/actions/.gitea/actions/plugin/build@master with: go_version: ${{ inputs.go_version }} node_version: ${{ inputs.node_version }} - name: ci/plugin-sign uses: https://git.wilix.dev/wilix-infra/actions/.gitea/actions/file-sign@master with: private_key: ${{ steps.key.outputs.SIGN_PRIVATE_KEY_EXPORTED }} private_key_id: ${{ steps.key.outputs.SIGN_PRIVATE_KEY_ID }} private_key_passphrase: ${{ steps.key.outputs.SIGN_PRIVATE_KEY_PASSPHRASE }} filepath: ${{ gitea.workspace }}/dist/${{ steps.plugin-meta.outputs.PLUGIN }} - name: ci/push-plugin uses: sonatype-nexus-community/nexus-repo-github-action@master with: serverUrl: ${{ inputs.artifacts_url }} username: ${{ steps.publish-secrets.outputs.ARTIFACTS_USERNAME }} password: ${{ steps.publish-secrets.outputs.ARTIFACTS_PASSWORD }} format: raw repository: ${{ inputs.artifacts_repository }} coordinates: directory=plugins/${{ steps.plugin-meta.outputs.PLUGIN_ID }}/${{ steps.plugin-meta.outputs.PLUGIN_VERSION }} assets: filename=${{ steps.plugin-meta.outputs.PLUGIN }} filename: dist/${{ steps.plugin-meta.outputs.PLUGIN }} - name: ci/push-plugin-sign uses: sonatype-nexus-community/nexus-repo-github-action@master with: serverUrl: ${{ inputs.artifacts_url }} username: ${{ steps.publish-secrets.outputs.ARTIFACTS_USERNAME }} password: ${{ steps.publish-secrets.outputs.ARTIFACTS_PASSWORD }} format: raw repository: ${{ inputs.artifacts_repository }} coordinates: directory=plugins/${{ steps.plugin-meta.outputs.PLUGIN_ID }}/${{ steps.plugin-meta.outputs.PLUGIN_VERSION }} assets: filename=${{ steps.plugin-meta.outputs.PLUGIN }}.sig filename: dist/${{ steps.plugin-meta.outputs.PLUGIN }}.sig - name: ci/plugin-json uses: https://git.wilix.dev/wilix-infra/actions/.gitea/actions/plugin/json@master with: plugin_id: ${{ steps.plugin-meta.outputs.PLUGIN_ID }} plugin_version: ${{ steps.plugin-meta.outputs.PLUGIN_VERSION }} enterprise: ${{ steps.plugin-meta.outputs.ENTERPRISE }} beta: ${{ steps.plugin-meta.outputs.BETA }} experimental: ${{ steps.plugin-meta.outputs.EXPERIMENTAL }} artifacts_url: ${{ inputs.artifacts_url }} artifacts_repository: ${{ inputs.artifacts_repository }} - name: ci/push-plugin-json uses: sonatype-nexus-community/nexus-repo-github-action@master with: serverUrl: ${{ inputs.artifacts_url }} username: ${{ steps.publish-secrets.outputs.ARTIFACTS_USERNAME }} password: ${{ steps.publish-secrets.outputs.ARTIFACTS_PASSWORD }} format: raw repository: ${{ inputs.artifacts_repository }} coordinates: directory=plugins/${{ steps.plugin-meta.outputs.PLUGIN_ID }}/${{ steps.plugin-meta.outputs.PLUGIN_VERSION }} assets: filename=${{ steps.plugin-meta.outputs.PLUGIN }}.json filename: dist/${{ steps.plugin-meta.outputs.PLUGIN }}.json