Publish release #596
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish release | |
on: | |
workflow_dispatch: | |
inputs: | |
isPreRelease: | |
description: 'Tag created is a pre-release tag' | |
required: true | |
default: 'false' | |
preReleaseSuffix: | |
description: 'The text that will be suffixed to the Git tag. e.g., rc1' | |
required: false | |
default: '' | |
permissions: | |
id-token: write | |
contents: write | |
jobs: | |
publish-release: | |
name: Publish Release | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v3 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '17.0.7' | |
- name: Set version env variable | |
id: version-set | |
run: | | |
SHORT_VERSION=$((grep -w 'version' | cut -d= -f2 | cut -d- -f1) < gradle.properties) | |
DIST_VERSION=$((grep -w 'version' | cut -d= -f2) < gradle.properties | rev | cut --complement -d- -f1 | rev) | |
LANG_VERSION=$((grep -w "ballerinaLangVersion" | cut -d= -f2 | cut -d- -f1 | xargs) < gradle.properties) | |
CODE_NAME=$((grep -w 'codeName' | cut -d= -f2) < gradle.properties) | |
RELEASE_VERSION=$DIST_VERSION | |
TAGGED_VERSION=$RELEASE_VERSION | |
LONG_VERSION=$DIST_VERSION-$CODE_NAME | |
if [ -n "${{ github.event.inputs.preReleaseSuffix }}" ]; then | |
TAGGED_VERSION=$RELEASE_VERSION-${{ github.event.inputs.preReleaseSuffix }} | |
fi | |
echo VERSION=$RELEASE_VERSION >> $GITHUB_ENV | |
echo GIT_TAG=$TAGGED_VERSION >> $GITHUB_ENV | |
echo "::set-output name=version::$RELEASE_VERSION" | |
echo "::set-output name=sversion::$SHORT_VERSION" | |
echo "::set-output name=taggedVersion::$TAGGED_VERSION" | |
echo "::set-output name=longVersion::$LONG_VERSION" | |
echo "::set-output name=langVersion::$LANG_VERSION" | |
- name: Pre release depenency version update | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
run: | | |
echo "Version: ${VERSION}" | |
echo "Tagged Version: ${GIT_TAG}" | |
git config user.name ${{ secrets.BALLERINA_BOT_USERNAME }} | |
git config user.email ${{ secrets.BALLERINA_BOT_EMAIL }} | |
git checkout -b release-${GIT_TAG} | |
- name: Generate UUID | |
run: | | |
UUID=$(uuidgen) | |
perl -pi -e "s/^\s*installerVersion=.*/installerVersion=$UUID/" gradle.properties | |
git config user.name ${{ secrets.BALLERINA_BOT_USERNAME }} | |
git config user.email ${{ secrets.BALLERINA_BOT_EMAIL }} | |
git add gradle.properties | |
git commit -m "Update UUID for installer" | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
- name: Publish artifact | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
packageUser: ${{ secrets.BALLERINA_BOT_USERNAME }} | |
packagePAT: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
devCentralToken: ${{ secrets.BALLERINA_CENTRAL_DEV_ACCESS_TOKEN }} | |
prodCentralToken: ${{ secrets.BALLERINA_CENTRAL_ACCESS_TOKEN }} | |
githubAccessToken: ${{ secrets.GITHUB_TOKEN }} | |
ballerinaBotWorkflow: $ {{ secrets.BALLERINA_BOT_WORKFLOW }} | |
run: | | |
./gradlew build -Pversion=${VERSION} | |
./gradlew release -Prelease.useAutomaticVersion=true -x test | |
- name: Checkout docker repo | |
uses: actions/checkout@v3 | |
with: | |
repository: ballerina-platform/module-ballerina-docker | |
path: module-ballerina-docker | |
- name: Copy zip artifact | |
run: cp ballerina/build/distributions/ballerina-22*.zip module-ballerina-docker/base/docker/ | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USER }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: Build the docker image | |
id: docker_build | |
uses: docker/build-push-action@v2 | |
with: | |
context: module-ballerina-docker/base/docker/ | |
load: true | |
push: false | |
tags: ballerina/ballerina:release-test | |
build-args: | | |
BALLERINA_DIST=ballerina-${{ steps.version-set.outputs.sversion }}.zip | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: 'ballerina/ballerina:release-test' | |
skip-dirs: 'ballerina/runtime/examples' | |
format: 'table' | |
exit-code: '1' | |
timeout: "10m0s" | |
- name: cosign-installer | |
uses: sigstore/[email protected] | |
- name: Set up Node.js | |
uses: actions/setup-node@v2 | |
with: | |
node-version: '14' | |
- name: Install GitHub CLI | |
run: | | |
npm install -g github-cli | |
gh --version | |
- name: Get Markdown file | |
id: file-url | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
gh repo view ballerina-platform/ballerina-dev-website --json url --jq '.clone_url' | |
gh api repos/ballerina-platform/ballerina-dev-website/contents/downloads/verify-ballerina-artifacts.md -H 'Accept: application/vnd.github.v3.raw' > release_notes.md | |
sed -i '1,10d' release_notes.md | |
- name: Retrieve Branch | |
id: retrieve-branch | |
run: | | |
branchName=$(echo ${{ github.ref }} | cut -d'/' -f3) | |
echo "::set-output name=branchName::$branchName" | |
- name: Update Markdown file | |
run: | | |
if ${{ github.event.inputs.isPreRelease }} == 'true'; then | |
echo "" > release_notes.md; | |
else sed -i 's/{{ version }}/${{ steps.version-set.outputs.taggedVersion }}/g' release_notes.md; sed -i 's/{{ branch }}/${{ steps.retrieve-branch.outputs.branchName }}/g' release_notes.md; fi | |
- name: Read release notes from file | |
id: release_notes | |
uses: actions/github-script@v4 | |
with: | |
github-token: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
script: | | |
const fs = require('fs'); | |
const releaseNotes = fs.readFileSync('release_notes.md', 'utf8'); | |
core.setOutput('notes', releaseNotes); | |
- name: Create release | |
id: create_release | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
tag_name: "v${{ steps.version-set.outputs.taggedVersion }}" | |
release_name: ${{ steps.version-set.outputs.taggedVersion }} | |
body: ${{ steps.release_notes.outputs.notes }} | |
draft: false | |
prerelease: ${{ github.event.inputs.isPreRelease }} | |
- name: Create linux-deb Installer | |
id: run_installers_deb | |
run: | | |
cd installers/linux-deb | |
./build-ballerina-linux-deb-x64.sh -v ${{ steps.version-set.outputs.longVersion }} -p ./../../ballerina/build/distributions | |
echo "Created linux-deb successfully" | |
- name: Sign the linux-deb installer | |
run: | | |
cosign sign-blob installers/linux-deb/target/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sig --yes | |
- name: Verify the linux-deb installer | |
run: | | |
cosign verify-blob installers/linux-deb/target/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com | |
- name: Create linux-rpm Installer | |
id: run_installers_rpm | |
run: | | |
cd installers/linux-rpm | |
./build-ballerina-linux-rpm-x64.sh -v ${{ steps.version-set.outputs.longVersion }} -p ./../../ballerina/build/distributions | |
echo "Created linux-rpm successfully" | |
- name: Sign the linux-rpm installer | |
run: | | |
cosign sign-blob installers/linux-rpm/rpmbuild/RPMS/x86_64/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sig --yes | |
- name: Verify the linux-rpm installer | |
run: | | |
cosign verify-blob installers/linux-rpm/rpmbuild/RPMS/x86_64/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com | |
- name: Generate Hashes | |
run: | | |
openssl dgst -sha256 -out ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sha256 installers/linux-deb/target/ballerina-*-linux-x64.deb | |
openssl dgst -sha256 -out ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sha256 installers/linux-rpm/rpmbuild/RPMS/x86_64/ballerina-*-linux-x64.rpm | |
openssl dgst -sha256 -out ballerina-${{ steps.version-set.outputs.longVersion }}.zip.sha256 ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}.zip | |
openssl dgst -sha256 -out ballerina-${{ steps.version-set.outputs.sversion }}.zip.sha256 ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.sversion }}.zip | |
- name: Sign the zip artifacts | |
run: | | |
cosign sign-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}.zip --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}.sig --yes | |
cosign sign-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.sversion }}.zip --output-certificate ballerina-${{ steps.version-set.outputs.sversion }}.pem --output-signature ballerina-${{ steps.version-set.outputs.sversion }}.sig --yes | |
cosign sign-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos.zip --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-macos.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-macos.sig --yes | |
cosign sign-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.zip --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.sig --yes | |
cosign sign-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-windows.zip --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-windows.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-windows.sig --yes | |
- name: Verify the zip artifacts | |
run: | | |
cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com | |
cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.sversion }}.zip --certificate ballerina-${{ steps.version-set.outputs.sversion }}.pem --signature ballerina-${{ steps.version-set.outputs.sversion }}.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com | |
cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-macos.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-macos.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com | |
cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com | |
cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-windows.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-windows.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-windows.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com | |
- name: Upload zip artifacts | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}.zip | |
asset_path: ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}.zip | |
asset_content_type: application/octet-stream | |
- name: Upload zip artifact's Certificate | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}.pem | |
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}.pem | |
asset_content_type: application/octet-stream | |
- name: Upload zip artifact's Signature | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}.sig | |
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}.sig | |
asset_content_type: application/octet-stream | |
- name: Upload zip without tool artifacts | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.sversion }}.zip | |
asset_path: ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.sversion }}.zip | |
asset_content_type: application/octet-stream | |
- name: Upload zip without tool artifact's Certificate | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.sversion }}.pem | |
asset_path: ./ballerina-${{ steps.version-set.outputs.sversion }}.pem | |
asset_content_type: application/octet-stream | |
- name: Upload zip without tool artifact's Signature | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.sversion }}.sig | |
asset_path: ./ballerina-${{ steps.version-set.outputs.sversion }}.sig | |
asset_content_type: application/octet-stream | |
- name: Upload Linux deb Installer | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb | |
asset_path: installers/linux-deb/target/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb | |
asset_content_type: application/octet-stream | |
- name: Upload Linux deb Installer's Certificate | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.pem | |
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.pem | |
asset_content_type: application/octet-stream | |
- name: Upload Linux deb Installer's Signature | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sig | |
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sig | |
asset_content_type: application/octet-stream | |
- name: Upload Linux rpm Installer | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm | |
asset_path: installers/linux-rpm/rpmbuild/RPMS/x86_64/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm | |
asset_content_type: application/octet-stream | |
- name: Upload Linux rpm Installer's Certificate | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.pem | |
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.pem | |
asset_content_type: application/octet-stream | |
- name: Upload Linux rpm Installer's Signature | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sig | |
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sig | |
asset_content_type: application/octet-stream | |
- name: Upload MacOS zip artifacts | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos.zip | |
asset_path: ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos.zip | |
asset_content_type: application/octet-stream | |
- name: Upload MacOS zip artifact's Certificate | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos.pem | |
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-macos.pem | |
asset_content_type: application/octet-stream | |
- name: Upload MacOS zip artifact's Signature | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos.sig | |
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-macos.sig | |
asset_content_type: application/octet-stream | |
- name: Upload MacOS-ARM zip artifacts | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.zip | |
asset_path: ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.zip | |
asset_content_type: application/octet-stream | |
- name: Upload MacOS-ARM zip artifact's Certificate | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.pem | |
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.pem | |
asset_content_type: application/octet-stream | |
- name: Upload MacOS-ARM zip artifact's Signature | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.sig | |
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.sig | |
asset_content_type: application/octet-stream | |
- name: Upload Windows zip artifacts | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-windows.zip | |
asset_path: ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-windows.zip | |
asset_content_type: application/octet-stream | |
- name: Upload Windows zip artifact's Certificate | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-windows.pem | |
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-windows.pem | |
asset_content_type: application/octet-stream | |
- name: Upload Windows zip artifact's Signature | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-windows.sig | |
asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-windows.sig | |
asset_content_type: application/octet-stream | |
- name: Upload Linux deb Hashes | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sha256 | |
asset_path: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sha256 | |
asset_content_type: application/octet-stream | |
- name: Upload Linux rpm Hashes | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sha256 | |
asset_path: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sha256 | |
asset_content_type: application/octet-stream | |
- name: Upload Ballerina zip Hashes | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}.zip.sha256 | |
asset_path: ballerina-${{ steps.version-set.outputs.longVersion }}.zip.sha256 | |
asset_content_type: application/octet-stream | |
- name: Upload ballerina Short Name zip Hashes | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_name: ballerina-${{ steps.version-set.outputs.sversion }}.zip.sha256 | |
asset_path: ballerina-${{ steps.version-set.outputs.sversion }}.zip.sha256 | |
asset_content_type: application/octet-stream | |
- name: Install Ballerina DEB | |
run: sudo dpkg -i installers/linux-deb/target/ballerina-*-linux-x64.deb | |
- name: Update Installer Test Configs | |
run: | | |
DISPLAY_TEXT=${{ steps.version-set.outputs.langVersion }} | |
SWAN_LAKE_LATEST_VERSION="swan-lake-"+$DISPLAY_TEXT | |
perl -pi -e "s/^\s*swan-lake-latest-version-display-text=.*/swan-lake-latest-version-display-text=$DISPLAY_TEXT/" ballerina-test-automation/gradle.properties | |
perl -pi -e "s/^\s*swan-lake-latest-version=.*/swan-lake-latest-version=$SWAN_LAKE_LATEST_VERSION/" ballerina-test-automation/gradle.properties | |
- name: Run Installer Tests | |
working-directory: ./ballerina-test-automation/installer-test | |
run: ./../gradlew build --stacktrace -scan --console=plain --no-daemon -DballerinaInstalled=true | |
env: | |
TEST_MODE_ACTIVE: true | |
- name: Post release PR | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
run: | | |
curl -fsSL https://github.com/github/hub/raw/master/script/get | bash -s 2.14.1 | |
bin/hub pull-request -m "[Automated] Sync master after "$VERSION" release" | |
outputs: | |
project-version: ${{ steps.version-set.outputs.longVersion }} | |
upload-asset-url: ${{ steps.create_release.outputs.upload_url }} | |
release-version: ${{ steps.version-set.outputs.taggedVersion }} | |
lang-version: ${{ steps.version-set.outputs.langVersion }} | |
macos-installer-build: | |
name: MacOS Installer Build | |
needs: publish-release | |
runs-on: macos-latest | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v2 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v2 | |
with: | |
distribution: 'temurin' | |
java-version: '17.0.7' | |
- name: Download MacOS Intaller Zip | |
run: | | |
wget https://github.com/ballerina-platform/ballerina-distribution/releases/download/v${{ needs.publish-release.outputs.release-version }}/ballerina-${{ needs.publish-release.outputs.project-version }}-macos.zip | |
- name: cosign-installer | |
uses: sigstore/[email protected] | |
- name: Create macos-pkg Installer | |
id: run_installers_pkg | |
run: | | |
cd installers/mac | |
./build-ballerina-macos-x64.sh -v ${{ needs.publish-release.outputs.project-version }} -p ./../../ | |
echo "Created macos-pkg successfully" | |
- name: Sign the MacOS installer | |
run: | | |
cosign sign-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg --output-certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.pem --output-signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sig --yes | |
- name: Verify the MacOS installer | |
run: | | |
cosign verify-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg --certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.pem --signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com | |
- name: Generate Hashes | |
run: | | |
openssl dgst -sha256 -out ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sha256 installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg | |
- name: Upload MacOS pkg Hashes | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }} | |
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sha256 | |
asset_path: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sha256 | |
asset_content_type: application/octet-stream | |
- name: Upload MacOS pkg Installer | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }} | |
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg | |
asset_path: installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg | |
asset_content_type: application/octet-stream | |
- name: Upload MacOS installer's Certificate | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }} | |
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.pem | |
asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.pem | |
asset_content_type: application/octet-stream | |
- name: Upload MacOS installer's Signature | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }} | |
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sig | |
asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sig | |
asset_content_type: application/octet-stream | |
- name: Install Ballerina PKG | |
run: sudo installer -pkg installers/mac/target/pkg/ballerina-*-macos-x64.pkg -target / | |
- name: Update Installer Test Configs | |
run: | | |
DISPLAY_TEXT=${{ needs.publish-release.outputs.lang-version }} | |
SWAN_LAKE_LATEST_VERSION="swan-lake-"+$DISPLAY_TEXT | |
perl -pi -e "s/^\s*swan-lake-latest-version-display-text=.*/swan-lake-latest-version-display-text=$DISPLAY_TEXT/" ballerina-test-automation/gradle.properties | |
perl -pi -e "s/^\s*swan-lake-latest-version=.*/swan-lake-latest-version=$SWAN_LAKE_LATEST_VERSION/" ballerina-test-automation/gradle.properties | |
- name: Run Installer Tests | |
working-directory: ./ballerina-test-automation/installer-test | |
run: ./../gradlew build --stacktrace -scan --console=plain --no-daemon -DballerinaInstalled=true | |
env: | |
TEST_MODE_ACTIVE: true | |
- name: Download MacOS-ARM Intaller Zip | |
run: | | |
wget https://github.com/ballerina-platform/ballerina-distribution/releases/download/v${{ needs.publish-release.outputs.release-version }}/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm.zip | |
- name: Create macos-arm-pkg Installer | |
id: run_installers_arm_pkg | |
run: | | |
cd installers/mac | |
./build-ballerina-macos-x64.sh -v ${{ needs.publish-release.outputs.project-version }} -p ./../../ -a arm | |
echo "Created macos-arm-pkg successfully" | |
- name: Sign the MacOS-ARM installer | |
run: | | |
cosign sign-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg --output-certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.pem --output-signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sig --yes | |
- name: Verify the MacOS-ARM installer | |
run: | | |
cosign verify-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg --certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.pem --signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com | |
- name: Generate Hashes | |
run: | | |
openssl dgst -sha256 -out ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sha256 installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg | |
- name: Upload MacOS-ARM pkg Hashes | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }} | |
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sha256 | |
asset_path: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sha256 | |
asset_content_type: application/octet-stream | |
- name: Upload MacOS-ARM pkg Installer | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }} | |
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg | |
asset_path: installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg | |
asset_content_type: application/octet-stream | |
- name: Upload MacOS-ARM installer's Certificate | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }} | |
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.pem | |
asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.pem | |
asset_content_type: application/octet-stream | |
- name: Upload MacOS-ARM installer's Signature | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }} | |
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sig | |
asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sig | |
asset_content_type: application/octet-stream | |
windows-installer-build: | |
name: Windows Installer Build | |
needs: publish-release | |
runs-on: windows-latest | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v2 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v2 | |
with: | |
distribution: 'temurin' | |
java-version: '17.0.7' | |
- uses: actions/setup-dotnet@v1 | |
with: | |
dotnet-version: '2.1.x' | |
- name: Install GUID Generator | |
run: dotnet tool install -g dotnet-guid --version 0.5.2 | |
- name: Set up Wix toolkit | |
run: echo "${WIX}bin" >> $GITHUB_PATH | |
shell: bash | |
- name: Set cosign-installer | |
uses: sigstore/[email protected] | |
- name: Download Windows Installer Zip | |
run: | | |
echo default login ${{ secrets.BALLERINA_BOT_USERNAME }} password ${{ secrets.BALLERINA_BOT_TOKEN }} >> _netrc | |
curl --netrc-file _netrc -L -o ballerina-${{ needs.publish-release.outputs.project-version }}-windows.zip https://github.com/ballerina-platform/ballerina-distribution/releases/download/v${{ needs.publish-release.outputs.release-version }}/ballerina-${{ needs.publish-release.outputs.project-version }}-windows.zip | |
- name: Create windows-msi Installer | |
id: run_installers_msi | |
run: | | |
move installers\windows .\ | |
ren windows w | |
cd w | |
.\build-ballerina-windows-x64.bat --version ${{ needs.publish-release.outputs.project-version }} --path .\..\ | |
- name: Sign the Windows installer | |
run: | | |
cosign sign-blob w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi --output-certificate ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.pem --output-signature ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sig --yes | |
- name: Verify the Windows installer | |
run: | | |
cosign verify-blob w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi --certificate ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.pem --signature ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com | |
- name: Generate Hashes | |
run: | | |
openssl dgst -sha256 -out ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sha256 w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi | |
- name: Upload Windows msi Hashes | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }} | |
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sha256 | |
asset_path: ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sha256 | |
asset_content_type: application/octet-stream | |
- name: Upload Windows msi Installer | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }} | |
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi | |
asset_path: w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi | |
asset_content_type: application/octet-stream | |
- name: Upload Windows installer's Certificate | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }} | |
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.pem | |
asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.pem | |
asset_content_type: application/octet-stream | |
- name: Upload Windows installer's Signature | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }} | |
with: | |
upload_url: ${{ needs.publish-release.outputs.upload-asset-url }} | |
asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sig | |
asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sig | |
asset_content_type: application/octet-stream | |
- name: Install Ballerina msi | |
run: msiexec /i w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi /quiet /qr | |
shell: cmd | |
- name: Update Installer Test Configs | |
run: | | |
set DISPLAY_TEXT=${{ needs.publish-release.outputs.lang-version }} | |
set SWAN_LAKE_LATEST_VERSION=swan-lake-%DISPLAY_TEXT% | |
perl -pi -e "s/^\s*swan-lake-latest-version-display-text=.*/swan-lake-latest-version-display-text=%DISPLAY_TEXT%/" ballerina-test-automation/gradle.properties | |
perl -pi -e "s/^\s*swan-lake-latest-version=.*/swan-lake-latest-version=%SWAN_LAKE_LATEST_VERSION%/" ballerina-test-automation/gradle.properties | |
shell: cmd | |
- name: Run Installer Tests | |
working-directory: .\ballerina-test-automation\installer-test | |
run: | | |
$env:Path += ";C:\Program Files\Ballerina\bin" | |
.\..\gradlew build --stacktrace -scan --console=plain --no-daemon -DballerinaInstalled=true |