-
Notifications
You must be signed in to change notification settings - Fork 0
131 lines (112 loc) · 4.38 KB
/
release.yml
File metadata and controls
131 lines (112 loc) · 4.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: Release
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
tag:
description: 'Tag to release (vX.Y.Z)'
required: true
type: string
jobs:
release:
runs-on: windows-latest
permissions:
contents: write
env:
RELEASE_TAG: ${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref_name }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ env.RELEASE_TAG }}
- name: Prepare signing certificate
id: prepare_signing
shell: pwsh
env:
CLOUDSQLCTL_SIGN_CERT_B64: ${{ secrets['CLOUDSQLCTL_SIGN_CERT_B64'] }}
CLOUDSQLCTL_SIGN_PWD: ${{ secrets['CLOUDSQLCTL_SIGN_PWD'] }}
run: |
if (-not $env:CLOUDSQLCTL_SIGN_CERT_B64) {
Write-Host "Signing cert not provided; skipping signing setup."
"sign_enabled=false" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
exit 0
}
$certPath = Join-Path $env:RUNNER_TEMP "cloudsqlctl-signing.pfx"
[IO.File]::WriteAllBytes($certPath, [Convert]::FromBase64String($env:CLOUDSQLCTL_SIGN_CERT_B64))
"CLOUDSQLCTL_SIGN_CERT=$certPath" | Out-File -FilePath $env:GITHUB_ENV -Append
"CLOUDSQLCTL_SIGN_PWD=$env:CLOUDSQLCTL_SIGN_PWD" | Out-File -FilePath $env:GITHUB_ENV -Append
"sign_enabled=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
- name: Use Node.js 22.x
uses: actions/setup-node@v4
with:
node-version: 22.x
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Check Version
run: |
$tag = $env:RELEASE_TAG -replace '^v', ''
$pkg = Get-Content package.json | ConvertFrom-Json
if ($pkg.version -ne $tag) {
Write-Error "Version mismatch: Tag $tag vs Package $($pkg.version)"
exit 1
}
- name: Build
run: npm run build
- name: Package (SEA)
run: npm run package
- name: Install Inno Setup
run: choco install innosetup -y --no-progress
- name: Build Installer
run: npm run installer
- name: Sign artifacts
if: steps.prepare_signing.outputs.sign_enabled == 'true'
shell: pwsh
run: |
powershell -ExecutionPolicy Bypass -File tools/sign-exe.ps1 -ExePath "bin/cloudsqlctl.exe"
powershell -ExecutionPolicy Bypass -File tools/sign-exe.ps1 -ExePath "dist/cloudsqlctl-setup.exe"
- name: Generate Docs
run: npm run docs:generate
- name: Stage Artifacts
run: npm run stage
- name: Verify Artifacts
run: |
if (-not (Test-Path artifacts/cloudsqlctl.exe)) { throw "Missing cloudsqlctl.exe" }
if (-not (Test-Path artifacts/cloudsqlctl-setup.exe)) { throw "Missing cloudsqlctl-setup.exe" }
if (-not (Test-Path artifacts/cloudsqlctl-windows-x64.zip)) { throw "Missing zip bundle" }
if (-not (Test-Path artifacts/SHA256SUMS.txt)) { throw "Missing SHA256SUMS.txt" }
- name: Delete existing release assets (same tag)
shell: pwsh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
$tag = $env:RELEASE_TAG
$headers = @{
Authorization = "Bearer $env:GITHUB_TOKEN"
Accept = "application/vnd.github+json"
}
try {
$release = Invoke-RestMethod -Method Get -Uri "https://api.github.com/repos/$env:GITHUB_REPOSITORY/releases/tags/$tag" -Headers $headers
} catch {
if ($_.Exception.Response.StatusCode.value__ -eq 404) {
Write-Host "No existing release for $tag"
exit 0
}
throw
}
if (-not $release) {
Write-Host "No existing release data for $tag"
exit 0
}
foreach ($asset in $release.assets) {
Write-Host "Deleting asset $($asset.name)"
Invoke-RestMethod -Method Delete -Uri "https://api.github.com/repos/$env:GITHUB_REPOSITORY/releases/assets/$($asset.id)" -Headers $headers
}
- name: Release
uses: softprops/action-gh-release@v2
if: ${{ github.event_name == 'workflow_dispatch' || startsWith(github.ref, 'refs/tags/') }}
with:
tag_name: ${{ env.RELEASE_TAG }}
files: artifacts/*
generate_release_notes: true