From 150f4f7ef93e048716d7819019b19b751844c590 Mon Sep 17 00:00:00 2001 From: Miranlfk Date: Sat, 1 Jul 2023 13:00:24 +0530 Subject: [PATCH 1/4] Update publish release and sign installers yml --- .github/workflows/publish-release.yml | 32 ++++++++++--------- .github/workflows/sign-installers.yml | 45 +++++++++++++-------------- 2 files changed, 39 insertions(+), 38 deletions(-) diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index c3a1ac8405..c4ecbec8e5 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -73,7 +73,7 @@ jobs: devCentralToken: ${{ secrets.BALLERINA_DEV_CENTRAL_ACCESS_TOKEN }} ballerinaBotWorkflow: $ {{ secrets.BALLERINA_BOT_WORKFLOW }} run: | - ./gradlew build -Pversion=${VERSION} + ./gradlew build -Pversion=${VERSION} --exclude-task project-api-tests:test ./gradlew release -Prelease.useAutomaticVersion=true -x test - name: Checkout docker repo uses: actions/checkout@v2 @@ -124,11 +124,14 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} run: | - gh repo view ballerina-platform/ballerina-dev-website --json url --jq '.clone_url' - gh api repos/ballerina-platform/ballerina-dev-website/contents/downloads/verification-notes/release-artfiacts-verification.md -H 'Accept: application/vnd.github.v3.raw' > release_notes.md + gh repo view ballerina-platform/ballerina-dev-website -b release-2201.7.0 --json url --jq '.clone_url' + gh api repos/ballerina-platform/ballerina-dev-website/contents/downloads/release-artifacts-verification.md?ref=release-2201.7.0 -H 'Accept: application/vnd.github.v3.raw' > release_notes.md - name: Update Markdown file run: | - sed -i 's/{{ version }}/${{ steps.version-set.outputs.taggedVersion }}/g' release_notes.md + branchName=$(echo ${{ github.ref }} | cut -d'/' -f3) + if ${{ github.event.inputs.isPreRelease }} == 'true'; then + echo "" > release_notes.md; + else sed -i 's/{{ version }}/${{ steps.version-set.outputs.taggedVersion }}/g' release_notes.md; sed -i 's/{{ branch }}/$branchName/g' release_notes.md; fi - name: Read release notes from file id: release_notes uses: actions/github-script@v4 @@ -160,7 +163,7 @@ jobs: cosign sign-blob installers/linux-deb/target/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sig --yes - name: Verify the linux-deb installer run: | - cosign verify-blob installers/linux-deb/target/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@refs/heads/master --certificate-oidc-issuer=https://token.actions.githubusercontent.com + cosign verify-blob installers/linux-deb/target/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com - name: Create linux-rpm Installer id: run_installers_rpm run: | @@ -172,7 +175,7 @@ jobs: cosign sign-blob installers/linux-rpm/rpmbuild/RPMS/x86_64/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sig --yes - name: Verify the linux-rpm installer run: | - cosign verify-blob installers/linux-rpm/rpmbuild/RPMS/x86_64/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@refs/heads/master --certificate-oidc-issuer=https://token.actions.githubusercontent.com + cosign verify-blob installers/linux-rpm/rpmbuild/RPMS/x86_64/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com - name: Generate Hashes run: | openssl dgst -sha256 -out ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sha256 installers/linux-deb/target/ballerina-*-linux-x64.deb @@ -188,11 +191,11 @@ jobs: cosign sign-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-windows.zip --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-windows.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-windows.sig --yes - name: Verify the zip artifacts run: | - cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@refs/heads/master --certificate-oidc-issuer=https://token.actions.githubusercontent.com - cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.sversion }}.zip --certificate ballerina-${{ steps.version-set.outputs.sversion }}.pem --signature ballerina-${{ steps.version-set.outputs.sversion }}.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@refs/heads/master --certificate-oidc-issuer=https://token.actions.githubusercontent.com - cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-macos.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-macos.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@refs/heads/master --certificate-oidc-issuer=https://token.actions.githubusercontent.com - cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@refs/heads/master --certificate-oidc-issuer=https://token.actions.githubusercontent.com - cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-windows.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-windows.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-windows.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@refs/heads/master --certificate-oidc-issuer=https://token.actions.githubusercontent.com + cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com + cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.sversion }}.zip --certificate ballerina-${{ steps.version-set.outputs.sversion }}.pem --signature ballerina-${{ steps.version-set.outputs.sversion }}.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com + cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-macos.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-macos.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com + cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com + cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-windows.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-windows.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-windows.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com - name: Upload zip artifacts uses: actions/upload-release-asset@v1 env: @@ -459,7 +462,7 @@ jobs: cosign sign-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg --output-certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.pem --output-signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sig --yes - name: Verify the MacOS installer run: | - cosign verify-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg --certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.pem --signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@refs/heads/master --certificate-oidc-issuer=https://token.actions.githubusercontent.com + cosign verify-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg --certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.pem --signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com - name: Generate Hashes run: | openssl dgst -sha256 -out ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sha256 installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg @@ -513,7 +516,7 @@ jobs: cosign sign-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg --output-certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.pem --output-signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sig --yes - name: Verify the MacOS-ARM installer run: | - cosign verify-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg --certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.pem --signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@refs/heads/master --certificate-oidc-issuer=https://token.actions.githubusercontent.com + cosign verify-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg --certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.pem --signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com - name: Generate Hashes run: | openssl dgst -sha256 -out ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sha256 installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg @@ -593,7 +596,7 @@ jobs: cosign sign-blob w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi --output-certificate ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.pem --output-signature ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sig --yes - name: Verify the Windows installer run: | - cosign verify-blob w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi --certificate ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.pem --signature ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@refs/heads/master --certificate-oidc-issuer=https://token.actions.githubusercontent.com + cosign verify-blob w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi --certificate ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.pem --signature ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com - name: Generate Hashes run: | openssl dgst -sha256 -out ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sha256 w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi @@ -641,3 +644,4 @@ jobs: run: | $env:Path += ";C:\Program Files\Ballerina\bin" .\..\gradlew build --stacktrace -scan --console=plain --no-daemon -DballerinaInstalled=true + \ No newline at end of file diff --git a/.github/workflows/sign-installers.yml b/.github/workflows/sign-installers.yml index 615a8ba1a6..505561a6c0 100644 --- a/.github/workflows/sign-installers.yml +++ b/.github/workflows/sign-installers.yml @@ -2,6 +2,11 @@ name: Sign release artifacts on: workflow_dispatch: + inputs: + versionName: + description: 'Specify the Version name eg: 2201.6.0' + required: true + default: '' permissions: id-token: write @@ -23,52 +28,44 @@ jobs: - name: Install GitHub CLI run: | npm install -g github-cli - - name: Retrieve Git Tag - id: retrieve-tag - env: - GH_TOKEN : ${{ secrets.BALLERINA_BOT_TOKEN }} - run: | - release=$(gh release view --json tagName -R ballerina-platform/ballerina-distribution --jq '.tagName' | sed 's/^v//') - echo "::set-output name=tag::$release" - tag=$(gh release view --json tagName -R ballerina-platform/ballerina-distribution --jq '.tagName') - echo "::set-output name=release::$tag" - name: Retrieve MacOS Installer run: | - wget https://github.com/ballerina-platform/ballerina-distribution/releases/download/v${{ steps.retrieve-tag.outputs.tag }}/ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-x64.pkg + wget https://github.com/ballerina-platform/ballerina-distribution/releases/download/v${{ github.event.inputs.versionName }}/ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-x64.pkg - name: Sign the MacOS Installer run: | - cosign sign-blob ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-x64.pkg --output-certificate ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-x64.pkg.pem --output-signature ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-x64.pkg.sig --yes + cosign sign-blob ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-x64.pkg --output-certificate ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-x64.pkg.pem --output-signature ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-x64.pkg.sig --yes - name: Verify the MacOS Installer run: | - cosign verify-blob ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-x64.pkg --certificate ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-x64.pkg.pem --signature ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-x64.pkg.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/sign-installers.yml@refs/heads/master --certificate-oidc-issuer=https://token.actions.githubusercontent.com + cosign verify-blob ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-x64.pkg --certificate ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-x64.pkg.pem --signature ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-x64.pkg.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/sign-installers.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com - name: Retrieve MacOS-ARM Installer run: | - wget https://github.com/ballerina-platform/ballerina-distribution/releases/download/v${{ steps.retrieve-tag.outputs.tag }}/ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-arm-x64.pkg + wget https://github.com/ballerina-platform/ballerina-distribution/releases/download/v${{ github.event.inputs.versionName }}/ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-arm-x64.pkg - name: Sign the MacOS-ARM Installer run: | - cosign sign-blob ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-arm-x64.pkg --output-certificate ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-arm-x64.pkg.pem --output-signature ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-arm-x64.pkg.sig --yes + cosign sign-blob ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-arm-x64.pkg --output-certificate ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-arm-x64.pkg.pem --output-signature ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-arm-x64.pkg.sig --yes - name: Verify the MacOS-ARM Installer run: | - cosign verify-blob ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-arm-x64.pkg --certificate ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-arm-x64.pkg.pem --signature ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-arm-x64.pkg.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/sign-installers.yml@refs/heads/master --certificate-oidc-issuer=https://token.actions.githubusercontent.com + cosign verify-blob ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-arm-x64.pkg --certificate ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-arm-x64.pkg.pem --signature ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-arm-x64.pkg.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/sign-installers.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com - name: Retrieve Windows Installer run: | - wget https://github.com/ballerina-platform/ballerina-distribution/releases/download/v${{ steps.retrieve-tag.outputs.tag }}/ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-windows-x64.msi + wget https://github.com/ballerina-platform/ballerina-distribution/releases/download/v${{ github.event.inputs.versionName }}/ballerina-${{ github.event.inputs.versionName }}-swan-lake-windows-x64.msi - name: Sign the Windows Installer run: | - cosign sign-blob ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-windows-x64.msi --output-certificate ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-windows-x64.msi.pem --output-signature ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-windows-x64.msi.sig --yes + cosign sign-blob ballerina-${{ github.event.inputs.versionName }}-swan-lake-windows-x64.msi --output-certificate ballerina-${{ github.event.inputs.versionName }}-swan-lake-windows-x64.msi.pem --output-signature ballerina-${{ github.event.inputs.versionName }}-swan-lake-windows-x64.msi.sig --yes - name: Verify the Windows Installer run: | - cosign verify-blob ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-windows-x64.msi --certificate ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-windows-x64.msi.pem --signature ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-windows-x64.msi.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/sign-installers.yml@refs/heads/master --certificate-oidc-issuer=https://token.actions.githubusercontent.com + cosign verify-blob ballerina-${{ github.event.inputs.versionName }}-swan-lake-windows-x64.msi --certificate ballerina-${{ github.event.inputs.versionName }}-swan-lake-windows-x64.msi.pem --signature ballerina-${{ github.event.inputs.versionName }}-swan-lake-windows-x64.msi.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/sign-installers.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com - name: Upload Installers' Verification Files env: GH_TOKEN : ${{ secrets.BALLERINA_BOT_TOKEN }} run: | - gh release upload ${{ steps.retrieve-tag.outputs.release }} ./ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-x64.pkg.pem --clobber - gh release upload ${{ steps.retrieve-tag.outputs.release }} ./ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-x64.pkg.sig --clobber - gh release upload ${{ steps.retrieve-tag.outputs.release }} ./ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-arm-x64.pkg.pem --clobber - gh release upload ${{ steps.retrieve-tag.outputs.release }} ./ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-macos-arm-x64.pkg.sig --clobber - gh release upload ${{ steps.retrieve-tag.outputs.release }} ./ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-windows-x64.msi.pem --clobber - gh release upload ${{ steps.retrieve-tag.outputs.release }} ./ballerina-${{ steps.retrieve-tag.outputs.tag }}-swan-lake-windows-x64.msi.sig --clobber \ No newline at end of file + gh release upload v${{ github.event.inputs.versionName }} ./ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-x64.pkg.pem --clobber + gh release upload v${{ github.event.inputs.versionName }} ./ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-x64.pkg.sig --clobber + gh release upload v${{ github.event.inputs.versionName }} ./ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-arm-x64.pkg.pem --clobber + gh release upload v${{ github.event.inputs.versionName }} ./ballerina-${{ github.event.inputs.versionName }}-swan-lake-macos-arm-x64.pkg.sig --clobber + gh release upload v${{ github.event.inputs.versionName }} ./ballerina-${{ github.event.inputs.versionName }}-swan-lake-windows-x64.msi.pem --clobber + gh release upload v${{ github.event.inputs.versionName }} ./ballerina-${{ github.event.inputs.versionName }}-swan-lake-windows-x64.msi.sig --clobber + \ No newline at end of file From bc3cf363c07c4fed25531b851fa962fde0cae018 Mon Sep 17 00:00:00 2001 From: Miran Kurukulasuriya Date: Wed, 5 Jul 2023 10:44:42 +0530 Subject: [PATCH 2/4] Remove branch ref in Md file retrieval --- .github/workflows/publish-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index c4ecbec8e5..c0af3306ed 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -124,8 +124,8 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} run: | - gh repo view ballerina-platform/ballerina-dev-website -b release-2201.7.0 --json url --jq '.clone_url' - gh api repos/ballerina-platform/ballerina-dev-website/contents/downloads/release-artifacts-verification.md?ref=release-2201.7.0 -H 'Accept: application/vnd.github.v3.raw' > release_notes.md + gh repo view ballerina-platform/ballerina-dev-website --json url --jq '.clone_url' + gh api repos/ballerina-platform/ballerina-dev-website/contents/downloads/release-artifacts-verification.md -H 'Accept: application/vnd.github.v3.raw' > release_notes.md - name: Update Markdown file run: | branchName=$(echo ${{ github.ref }} | cut -d'/' -f3) From ff9302a7b955a329990d2a2847314347f52ef515 Mon Sep 17 00:00:00 2001 From: Miran Kurukulasuriya Date: Thu, 6 Jul 2023 14:54:30 +0530 Subject: [PATCH 3/4] Fix branch name error, clean md file for release --- .github/workflows/publish-release.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index c0af3306ed..2da1a8a2ee 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -122,16 +122,21 @@ jobs: - name: Get Markdown file id: file-url env: - GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh repo view ballerina-platform/ballerina-dev-website --json url --jq '.clone_url' - gh api repos/ballerina-platform/ballerina-dev-website/contents/downloads/release-artifacts-verification.md -H 'Accept: application/vnd.github.v3.raw' > release_notes.md - - name: Update Markdown file + gh api repos/ballerina-platform/ballerina-dev-website/contents/downloads/verify-ballerina-artifacts.md -H 'Accept: application/vnd.github.v3.raw' > release_notes.md + sed -i '1,10d' release_notes.md + - name: Retrieve Branch + id: retrieve-branch run: | branchName=$(echo ${{ github.ref }} | cut -d'/' -f3) + echo "::set-output name=branchName::$branchName" + - name: Update Markdown file + run: | if ${{ github.event.inputs.isPreRelease }} == 'true'; then echo "" > release_notes.md; - else sed -i 's/{{ version }}/${{ steps.version-set.outputs.taggedVersion }}/g' release_notes.md; sed -i 's/{{ branch }}/$branchName/g' release_notes.md; fi + else sed -i 's/{{ version }}/${{ steps.version-set.outputs.taggedVersion }}/g' release_notes.md; sed -i 's/{{ branch }}/${{ steps.retrieve-branch.outputs.branchName }}/g' release_notes.md; fi - name: Read release notes from file id: release_notes uses: actions/github-script@v4 From 8003098238575f06a00b4970f62fe0e4bd295660 Mon Sep 17 00:00:00 2001 From: Miran Kurukulasuriya Date: Sat, 29 Jul 2023 16:45:57 +0530 Subject: [PATCH 4/4] Remove exclude flags in gradle build --- .github/workflows/publish-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 2da1a8a2ee..3f3a27f72b 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -73,7 +73,7 @@ jobs: devCentralToken: ${{ secrets.BALLERINA_DEV_CENTRAL_ACCESS_TOKEN }} ballerinaBotWorkflow: $ {{ secrets.BALLERINA_BOT_WORKFLOW }} run: | - ./gradlew build -Pversion=${VERSION} --exclude-task project-api-tests:test + ./gradlew build -Pversion=${VERSION} ./gradlew release -Prelease.useAutomaticVersion=true -x test - name: Checkout docker repo uses: actions/checkout@v2