Deploy to production (Others) #102

Workflow file for this run

.github/workflows/release-others.yml at d35a4be

	name: Deploy to production (Others)
	on:
	workflow_dispatch:
	inputs:
	publish_crate_rust:
	description: "Publish Rust Crate"
	required: true
	type: boolean
	publish_sbom_rust:
	description: "Publish Rust SBOM"
	required: true
	type: boolean
	publish_kotlin:
	description: "Publish Kotlin"
	required: true
	type: boolean
	publish_npm:
	description: "Publish NPM"
	required: true
	type: boolean
	publish_python:
	description: "Publish Python"
	required: true
	type: boolean
	publish_swift:
	description: "Publish Swift"
	required: true
	type: boolean
	publish_dry_run:
	description: "Dry Run Mode"
	required: true
	type: boolean

	jobs:
	deploy:
	environment: publish
	runs-on: ubuntu-22.04
	permissions:
	contents: read
	id-token: write

	steps:
	- uses: actions/checkout@v4

	- name: Check out for Rust release
	uses: actions/checkout@v4
	with:
	path: ./rust-release/

	- name: Check out devolutions/actions
	uses: actions/checkout@v4
	with:
	path: ./.github/workflows
	ref: v1
	repository: Devolutions/actions
	token: ${{ secrets.DEVOLUTIONSBOT_TOKEN }}

	- name: Install toolbox
	uses: ./.github/workflows/toolbox-install
	with:
	github_token: ${{ secrets.DEVOLUTIONSBOT_TOKEN }}

	- name: Download Artifact
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	CI: true
	run: \|
	dv github download-artifact python-wheels-linux . devolutions-crypto
	dv github download-artifact python-wheels-macos . devolutions-crypto
	dv github download-artifact python-wheels-windows . devolutions-crypto
	dv github download-artifact kotlin-jvm . devolutions-crypto
	dv github download-artifact kotlin-android . devolutions-crypto
	dv github download-artifact swift . devolutions-crypto
	dv github download-artifact config.txt . devolutions-crypto

	- name: Download NPM Artifact
	run: dv github download-artifact wasm . devolutions-crypto
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	CI: true

	- name: Extract Artifacts
	run: \|
	7z x python-wheels-linux.zip -o./devolutions-crypto-wheels
	7z x python-wheels-macos.zip -o./devolutions-crypto-wheels
	7z x python-wheels-windows.zip -o./devolutions-crypto-wheels

	7z x wasm.zip -o./devolutions-crypto-npm
	7z x kotlin-jvm.zip -o./devolutions-crypto-maven-jvm
	7z x kotlin-android.zip -o./devolutions-crypto-maven-android
	7z x swift.zip -o./devolutions-crypto-swift
	7z x config.txt.zip

	- name: Read Version
	id: version
	run: \|
	version=$(grep "version" config.txt \| sed -E 's/version = "(.*)"/\1/')
	echo "version=$version" >> $GITHUB_OUTPUT

	version_native=$(cargo pkgid \| cut -d "#" -f2)
	echo "version_native=$version_native" >> $GITHUB_OUTPUT

	- name: Setup git
	run: \|
	git config user.name "devolutionsbot"
	git config user.email "bot@devolutions.net"
	git fetch --all

	- name: Authenticate with crates.io
	if: ${{ inputs.publish_crate_rust }}
	id: auth
	uses: rust-lang/crates-io-auth-action@v1

	- name: Publish Rust Crate
	if: ${{ inputs.publish_crate_rust }}
	working-directory: ./rust-release
	run: \|
	if [ '${{ inputs.publish_dry_run }}' == 'true' ]; then
	cargo publish --dry-run
	else
	cargo publish

	git tag "rust-v${{ steps.version.outputs.version_native }}"
	git push origin "rust-v${{ steps.version.outputs.version_native }}"
	fi
	env:
	CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}

	- name: Publish NPM Bundler
	if: ${{ inputs.publish_npm }}
	working-directory: ./devolutions-crypto-npm/bundler
	run: \|
	if [ '${{ inputs.publish_dry_run }}' == 'true' ]; then
	npm publish --access=public --dry-run
	else
	npm publish --access=public

	git tag "npm-bundler-v${{ steps.version.outputs.version_native }}"
	git push origin "npm-bundler-v${{ steps.version.outputs.version_native }}"
	fi

	- name: Publish NPM Web
	if: ${{ inputs.publish_npm }}
	working-directory: ./devolutions-crypto-npm/web
	run: \|
	if [ '${{ inputs.publish_dry_run }}' == 'true' ]; then
	npm publish --access=public --dry-run
	else
	npm publish --access=public

	git tag "npm-web-v${{ steps.version.outputs.version_native }}"
	git push origin "npm-web-v${{ steps.version.outputs.version_native }}"
	fi

	- name: Update Artifactory Cache
	if: ${{ inputs.publish_npm && !inputs.publish_dry_run }}
	run: gh workflow run update-artifactory-cache.yml --repo Devolutions/scheduled-tasks --field package_name="devolutions-crypto"
	env:
	GH_TOKEN: ${{ secrets.DEVOLUTIONSBOT_WRITE_TOKEN }}

	- name: Publish Python to TestPyPI (Dry Run)
	if: ${{ inputs.publish_python && inputs.publish_dry_run }}
	uses: pypa/gh-action-pypi-publish@release/v1
	with:
	repository-url: https://test.pypi.org/legacy/
	packages-dir: ./devolutions-crypto-wheels/
	verbose: true

	- name: Publish Python to PyPI
	if: ${{ inputs.publish_python && !inputs.publish_dry_run }}
	uses: pypa/gh-action-pypi-publish@release/v1
	with:
	packages-dir: ./devolutions-crypto-wheels/

	- name: Tag Python Release
	if: ${{ inputs.publish_python && !inputs.publish_dry_run }}
	run: \|
	git tag "python-v${{ steps.version.outputs.version_native }}"
	git push origin "python-v${{ steps.version.outputs.version_native }}"

	- name: Publish Kotlin to Cloudsmith
	if: ${{ inputs.publish_kotlin && !inputs.publish_dry_run }}
	run: \|
	pip install --upgrade cloudsmith-cli

	cloudsmith push maven devolutions/maven-public devolutions-crypto-maven-jvm/libs/lib.jar \
	--pom-file=devolutions-crypto-maven-jvm/publications/maven/pom-default.xml

	cloudsmith push maven devolutions/maven-public devolutions-crypto-maven-android/outputs/aar/lib.aar \
	--pom-file=devolutions-crypto-maven-android/publications/mavenAndroid/pom-default.xml

	git tag "kotlin-v${{ steps.version.outputs.version }}"
	git push origin "kotlin-v${{ steps.version.outputs.version }}"
	env:
	CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}

	- name: Publish Swift Artifact to a new orphan branch
	if: ${{ inputs.publish_swift && !inputs.publish_dry_run }}
	run: \|
	git fetch --all

	git checkout --orphan "release/swift-v${{ steps.version.outputs.version }}"

	git rm -r --cached .

	cd devolutions-crypto-swift
	files=(*)
	cd ..
	mv devolutions-crypto-swift/* .

	for file in "${files[@]}"; do
	git add "$file"
	done
	git add LICENSE-MIT

	git commit -m "Set up release branch with Swift artifact"
	git push origin "release/swift-v${{ steps.version.outputs.version }}"

	git tag "swift-v${{ steps.version.outputs.version }}"
	git push origin "swift-v${{ steps.version.outputs.version }}"
	env:
	GITHUB_TOKEN: ${{ github.token }}

	- name: Delete Swift branch
	if: ${{ inputs.publish_swift && !inputs.publish_dry_run }}
	run: \|
	git fetch
	git reset --hard HEAD
	git clean -fdx
	git switch master
	git push origin --delete release/swift-v${{ steps.version.outputs.version }}

	- name: Generate Rust SBOM
	if: ${{ inputs.publish_sbom_rust }}
	uses: ./.github/workflows/cyclonedx-rust-generate
	with:
	path: .

	- name: Save BOM
	if: ${{ inputs.publish_sbom_rust }}
	uses: actions/upload-artifact@v4.3.6
	with:
	name: bom_devolutions_crypto_rust.xml
	path: ./bom.xml

	- name: Upload SBOM
	if: ${{ inputs.publish_sbom_rust }}
	uses: ./.github/workflows/dtrack-upload-sbom
	with:
	api_key: ${{ secrets.DTRACK_AUTOMATION_API_KEY }}
	autocreate: 'true'
	bom_filename: devolutions-crypto/bom.xml
	project_name: 'devolutions-crypto'
	project_version: ${{ github.event.inputs.version }}
	server_hostname: 'dtrack-api.devolutions.com'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Deploy to production (Others) #102

Workflow file

Deploy to production (Others) #102

Uh oh!

Workflow file for this run