Merge pull request #411 from sacherjj/ci-publish-update #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: publish-casper-sidecar-deb | |
| permissions: | |
| contents: read | |
| id-token: write | |
| on: | |
| push: | |
| branches: | |
| - "repo-*" | |
| # tags: | |
| # - "v*" | |
| jobs: | |
| publish_deb: | |
| strategy: | |
| matrix: | |
| include: | |
| - os: ubuntu-20.04 | |
| code_name: focal | |
| # - os: ubuntu-22.04 | |
| # code_name: jammy | |
| # - os: ubuntu-24.04 | |
| # code_name: noble | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b #v3.0.2 | |
| - uses: Swatinem/rust-cache@cb2cf0cc7c5198d3364b9630e2c3d457f160790c #v1.4.0 | |
| with: | |
| key: ${{ matrix.code_name }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ACCESS_ROLE_REPO }} | |
| role-session-name: GitHub_to_AWS_via_FederatedOIDC | |
| aws-region: ${{ secrets.AWS_ACCESS_REGION_REPO }} | |
| - name: Install deps | |
| run: | | |
| echo "deb http://repo.aptly.info/ squeeze main" | sudo tee -a /etc/apt/sources.list.d/aptly.list | |
| wget -qO - https://www.aptly.info/pubkey.txt | sudo apt-key add - | |
| sudo apt-get update | |
| sudo apt-get install -y aptly=1.4.0 | |
| aptly config show | |
| - name: update toolchain | |
| run: rustup update nightly | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@c8bb57c57e8df1be8c73ff3d59deab1dbc00e0d1 #v5.1.0 | |
| with: | |
| gpg_private_key: ${{ secrets.APTLY_GPG_KEY }} | |
| passphrase: ${{ secrets.APTLY_GPG_PASS }} | |
| - name: Install cargo deb | |
| run: cargo install cargo-deb | |
| - name: Cargo deb | |
| run: cargo deb --package casper-sidecar --variant ${{ matrix.code_name }} | |
| - name: Upload binaries to repo | |
| env: | |
| # AWS_SECRET_ACCESS_KEY: ${{ secrets.APTLY_SECRET_KEY }} | |
| # AWS_ACCESS_KEY_ID: ${{ secrets.APTLY_ACCESS_KEY }} | |
| PLUGIN_REPO_NAME: ${{ secrets.AWS_BUCKET_REPO }} | |
| PLUGIN_REGION: ${{ secrets.AWS_ACCESS_REGION_REPO }} | |
| PLUGIN_GPG_KEY: ${{ secrets.APTLY_GPG_KEY }} | |
| PLUGIN_GPG_PASS: ${{ secrets.APTLY_GPG_PASS }} | |
| PLUGIN_ACL: 'private' | |
| PLUGIN_PREFIX: 'releases' | |
| PLUGIN_DEB_PATH: './target/debian' | |
| PLUGIN_OS_CODENAME: ${{ matrix.code_name }} | |
| run: ./ci/publish_deb_to_repo.sh | |
| # | |
| # - name: Invalidate cloudfront | |
| # uses: chetan/invalidate-cloudfront-action@c384d5f09592318a77b1e5c0c8d4772317e48b25 #v2.4 | |
| # env: | |
| # DISTRIBUTION: ${{ secrets.APTLY_DIST_ID }} | |
| # PATHS: "/*" | |
| # AWS_REGION: ${{ secrets.APTLY_REGION }} | |
| # AWS_ACCESS_KEY_ID: ${{ secrets.APTLY_ACCESS_KEY }} | |
| # AWS_SECRET_ACCESS_KEY: ${{ secrets.APTLY_SECRET_KEY }} | |
| - name: Invalidate CloudFront cache | |
| run: | | |
| aws cloudfront create-invalidation --distribution-id ${{ secrets.AWS_CLOUDFRONT_REPO }} --paths "/*" |