136 lines
5.7 KiB
YAML
136 lines
5.7 KiB
YAML
name: Build and sign plugin with marketplace json formation
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
go_version:
|
|
required: false
|
|
description: 'GO version'
|
|
go_cache:
|
|
required: false
|
|
description: 'For direct disable go-cache if needed'
|
|
node_version:
|
|
required: false
|
|
description: 'Node.js version'
|
|
vault_secrets_base_path:
|
|
required: true
|
|
description: 'Base vault secret path'
|
|
artifacts_url:
|
|
required: true
|
|
description: 'Artifacts URL'
|
|
artifacts_repository:
|
|
required: true
|
|
description: 'Artifacts repository'
|
|
secrets:
|
|
VAULT_ROLE_ID:
|
|
required: true
|
|
VAULT_SECRET_ID:
|
|
required: true
|
|
|
|
jobs:
|
|
release:
|
|
name: release
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: ci/checkout-repo
|
|
uses: actions/checkout@v3
|
|
|
|
- id: publish-secrets
|
|
name: ci/publish-secrets
|
|
uses: https://github.com/hashicorp/vault-action@v2
|
|
with:
|
|
url: https://vault.wilix.dev
|
|
method: approle
|
|
roleId: ${{ secrets.VAULT_ROLE_ID }}
|
|
secretId: ${{ secrets.VAULT_SECRET_ID }}
|
|
secrets: |
|
|
${{ inputs.vault_secrets_base_path }} ARTIFACTS_USERNAME ;
|
|
${{ inputs.vault_secrets_base_path }} ARTIFACTS_PASSWORD ;
|
|
|
|
- id: key
|
|
name: ci/key
|
|
uses: https://github.com/hashicorp/vault-action@v2
|
|
with:
|
|
url: https://vault.wilix.dev
|
|
method: approle
|
|
roleId: ${{ secrets.VAULT_ROLE_ID }}
|
|
secretId: ${{ secrets.VAULT_SECRET_ID }}
|
|
secrets: |
|
|
${{ inputs.vault_secrets_base_path }} SIGN_PRIVATE_KEY_EXPORTED ;
|
|
${{ inputs.vault_secrets_base_path }} SIGN_PRIVATE_KEY_ID ;
|
|
${{ inputs.vault_secrets_base_path }} SIGN_PRIVATE_KEY_PASSPHRASE ;
|
|
|
|
- id: plugin-meta
|
|
name: ci/plugin-meta
|
|
shell: bash
|
|
run: |
|
|
apt-get update
|
|
apt-get install -y jq
|
|
echo "PLUGIN=$(jq -r '.id + "-" + .version + ".tar.gz"' plugin.json)" >> "$GITHUB_OUTPUT"
|
|
echo "PLUGIN_ID=$(jq -r '.id' plugin.json)" >> "$GITHUB_OUTPUT"
|
|
echo "PLUGIN_VERSION=$(jq -r '.version' plugin.json)" >> "$GITHUB_OUTPUT"
|
|
echo "ENTERPRISE=$(jq -r '.props.enterprise == true' plugin.json)" >> "$GITHUB_OUTPUT"
|
|
echo "BETA=$(jq -r '.version | contains("SNAPSHOT")' plugin.json)" >> "$GITHUB_OUTPUT"
|
|
echo "EXPERIMENTAL=$(jq -r '.props.experimental == true' plugin.json)" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: ci/plugin-build
|
|
uses: https://git.wilix.dev/wilix-infra/actions/.gitea/actions/plugin/build@master
|
|
with:
|
|
go_version: ${{ inputs.go_version }}
|
|
go_cache: ${{ inputs.go_cache }}
|
|
node_version: ${{ inputs.node_version }}
|
|
|
|
- name: ci/plugin-sign
|
|
uses: https://git.wilix.dev/wilix-infra/actions/.gitea/actions/file-sign@master
|
|
with:
|
|
private_key: ${{ steps.key.outputs.SIGN_PRIVATE_KEY_EXPORTED }}
|
|
private_key_id: ${{ steps.key.outputs.SIGN_PRIVATE_KEY_ID }}
|
|
private_key_passphrase: ${{ steps.key.outputs.SIGN_PRIVATE_KEY_PASSPHRASE }}
|
|
filepath: ${{ gitea.workspace }}/dist/${{ steps.plugin-meta.outputs.PLUGIN }}
|
|
|
|
- name: ci/push-plugin
|
|
uses: sonatype-nexus-community/nexus-repo-github-action@master
|
|
with:
|
|
serverUrl: ${{ inputs.artifacts_url }}
|
|
username: ${{ steps.publish-secrets.outputs.ARTIFACTS_USERNAME }}
|
|
password: ${{ steps.publish-secrets.outputs.ARTIFACTS_PASSWORD }}
|
|
format: raw
|
|
repository: ${{ inputs.artifacts_repository }}
|
|
coordinates: directory=plugins/${{ steps.plugin-meta.outputs.PLUGIN_ID }}/${{ steps.plugin-meta.outputs.PLUGIN_VERSION }}
|
|
assets: filename=${{ steps.plugin-meta.outputs.PLUGIN }}
|
|
filename: dist/${{ steps.plugin-meta.outputs.PLUGIN }}
|
|
|
|
- name: ci/push-plugin-sign
|
|
uses: sonatype-nexus-community/nexus-repo-github-action@master
|
|
with:
|
|
serverUrl: ${{ inputs.artifacts_url }}
|
|
username: ${{ steps.publish-secrets.outputs.ARTIFACTS_USERNAME }}
|
|
password: ${{ steps.publish-secrets.outputs.ARTIFACTS_PASSWORD }}
|
|
format: raw
|
|
repository: ${{ inputs.artifacts_repository }}
|
|
coordinates: directory=plugins/${{ steps.plugin-meta.outputs.PLUGIN_ID }}/${{ steps.plugin-meta.outputs.PLUGIN_VERSION }}
|
|
assets: filename=${{ steps.plugin-meta.outputs.PLUGIN }}.sig
|
|
filename: dist/${{ steps.plugin-meta.outputs.PLUGIN }}.sig
|
|
|
|
- name: ci/plugin-json
|
|
uses: https://git.wilix.dev/wilix-infra/actions/.gitea/actions/plugin/json@master
|
|
with:
|
|
plugin_id: ${{ steps.plugin-meta.outputs.PLUGIN_ID }}
|
|
plugin_version: ${{ steps.plugin-meta.outputs.PLUGIN_VERSION }}
|
|
enterprise: ${{ steps.plugin-meta.outputs.ENTERPRISE }}
|
|
beta: ${{ steps.plugin-meta.outputs.BETA }}
|
|
experimental: ${{ steps.plugin-meta.outputs.EXPERIMENTAL }}
|
|
artifacts_url: ${{ inputs.artifacts_url }}
|
|
artifacts_repository: ${{ inputs.artifacts_repository }}
|
|
|
|
- name: ci/push-plugin-json
|
|
uses: sonatype-nexus-community/nexus-repo-github-action@master
|
|
with:
|
|
serverUrl: ${{ inputs.artifacts_url }}
|
|
username: ${{ steps.publish-secrets.outputs.ARTIFACTS_USERNAME }}
|
|
password: ${{ steps.publish-secrets.outputs.ARTIFACTS_PASSWORD }}
|
|
format: raw
|
|
repository: ${{ inputs.artifacts_repository }}
|
|
coordinates: directory=plugins/${{ steps.plugin-meta.outputs.PLUGIN_ID }}/${{ steps.plugin-meta.outputs.PLUGIN_VERSION }}
|
|
assets: filename=${{ steps.plugin-meta.outputs.PLUGIN }}.json
|
|
filename: dist/${{ steps.plugin-meta.outputs.PLUGIN }}.json
|