Change environment variable used for Snap credentials #90
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy Celeste | |
on: | |
push: | |
branches: | |
- main | |
tags-ignore: | |
- '**' | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
create-release: | |
runs-on: ubuntu-latest | |
if: "!contains(github.event.head_commit.message, 'skip-ci: create-release')" | |
steps: | |
- name: Checkout Git repository | |
uses: actions/checkout@v3 | |
- name: Setup makedeb APT repositories | |
uses: makedeb/setup-makedeb@main | |
with: | |
makedeb-repo: false | |
pbmpr-repo: true | |
- name: Install needed APT packages | |
run: sudo apt-get install just parse-changelog -y | |
- name: Create release | |
run: | | |
version="$(just get-version)" | |
release_notes="$(parse-changelog CHANGELOG.md "${version}")" | |
gh release create "v${version}" --title "v${version}" --target "${GITHUB_SHA}" -n "${release_notes}" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_CUSTOM }} | |
deploy-mpr: | |
runs-on: ubuntu-latest | |
needs: [create-release] | |
if: "!failure() && !contains(github.event.head_commit.message, 'skip-ci: deploy-mpr')" | |
steps: | |
- name: Checkout Git repository | |
uses: actions/checkout@v3 | |
- name: Setup makedeb APT repositories | |
uses: makedeb/setup-makedeb@main | |
- name: Publish MPR package | |
run: | | |
# Install our CI-utils package. | |
curl -Ls "https://shlink.hunterwittenborn.com/ci-utils" | sudo bash - | |
# Set up our SSH config. | |
mkdir "${HOME}/.ssh" | |
echo -e "Host mpr.makedeb.org\n Hostname mpr.makedeb.org\n IdentityFile ${HOME}/.ssh/ssh_key" > "${HOME}/.ssh/config" | |
echo "${SSH_KEY}" > "${HOME}/.ssh/ssh_key" | |
# Set up the MPR's SSH fingerprint in our local config. | |
MPR_SSH_KEY="$(curl 'https://mpr.makedeb.org/api/meta' | jq -r '.ssh_key_fingerprints.ECDSA')" | |
( | |
export SSH_HOST='mpr.makedeb.org' | |
export SSH_EXPECTED_FINGERPRINT="${MPR_SSH_KEY}" | |
export SET_PERMS=true | |
get-ssh-key | |
) | |
# Set up our Git user. | |
git config --global user.name 'Kavplex Bot' | |
git config --global user.email 'kavplex@hunterwittenborn.com' | |
# Clone the MPR repository for Celeste, and update it. | |
cd makedeb/ | |
git clone 'ssh://mpr@mpr.makedeb.org/celeste' | |
cp PKGBUILD celeste/ | |
cd celeste/ | |
makedeb --print-srcinfo | tee .SRCINFO | |
source PKGBUILD | |
git add . | |
git commit -m "Bump version to '${pkgver}-${pkgrel}'" | |
git push | |
env: | |
SSH_KEY: ${{ secrets.SSH_KEY }} | |
deploy-snap: | |
runs-on: ubuntu-latest | |
needs: [create-release] | |
if: "!failure() && !contains(github.event.head_commit.message, 'skip-ci: deploy-snap')" | |
steps: | |
- name: Checkout Git repository | |
uses: actions/checkout@v3 | |
- name: Setup makedeb APT repositories | |
uses: makedeb/setup-makedeb@main | |
with: | |
pbmpr-repo: true | |
- name: Build Celeste Snap | |
uses: snapcore/action-build@v1 | |
id: snapcraft-build | |
with: | |
snapcraft-args: "-v" | |
- name: Upload and release Celeste Snap | |
# Use commit ID to temporarily fix https://github.com/snapcore/action-publish/issues/28. | |
uses: snapcore/action-publish@214b86e5ca036ead1668c79afb81e550e6c54d40 | |
with: | |
snap: ${{ steps.snapcraft-build.outputs.snap }} | |
release: stable | |
env: | |
SNAPCRAFT_STORE_LEGACY_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }} | |
deploy-flathub: | |
runs-on: ubuntu-latest | |
needs: [deploy-snap] | |
if: "!failure() && !contains(github.event.head_commit.message, 'skip-ci: deply-flathub')" | |
steps: | |
- name: Checkout Flathub Celeste Git repository | |
uses: actions/checkout@v3 | |
with: | |
repository: flathub/com.hunterwittenborn.Celeste | |
path: com.hunterwittenborn.Celeste | |
token: ${{ secrets.GH_TOKEN_CUSTOM }} | |
- name: Setup makedeb APT repositories | |
uses: makedeb/setup-makedeb@main | |
- name: Update Flathub package | |
run: | | |
# Set up our Git user. | |
git config --global user.name 'Kavplex Bot' | |
git config --global user.email 'kavplex@hunterwittenborn.com' | |
# Get the current snap revision. | |
snap download celeste | |
snap_revision="$(echo celeste_*.snap | sed -e 's|^celeste_||' -e 's|\.snap$||')" | |
snap_sha256sum="$(sha256sum celeste_*.snap | awk '{print $1}')" | |
# Update the version info for the Flatpak. | |
cd com.hunterwittenborn.Celeste | |
git checkout -b "version/${snap_revision}" | |
sed -i -e "s|a9zAmHVl4doDwIGkptVyA7VI7fMlPPpE_[0-9]*\.snap|a9zAmHVl4doDwIGkptVyA7VI7fMlPPpE_${snap_revision}.snap|" -e "s|sha256: .*|sha256: '${snap_sha256sum}'|" com.hunterwittenborn.Celeste.yml | |
git add . && git commit -m "Update package version" | |
git push --set-upstream origin "version/${snap_revision}" | |
# Create the PR and wait until we can merge it. | |
gh pr create --title "Update package version" --body '' | |
pr_id="$(gh pr list --json headRefName,headRepositoryOwner,number -q ".[] | select((.headRefName==\"version/${snap_revision}\") and .headRepositoryOwner.login==\"flathub\").number")" | |
while true; do | |
comments="$(gh pr view -c)" | |
if echo "${comments}" | grep -q failed; then | |
echo "The build failed! Please investigate manually." | |
exit 1 | |
elif echo "${comments}" | grep -q successful; then | |
# Even after a successful build, we have to wait | |
# a bit longer for Buildbot to allow us to merge. | |
status='BLOCKED' | |
while [[ "${status}" == 'BLOCKED' ]]; do | |
echo 'Waiting for @flathubbot to allow merging...' | |
sleep 1 | |
status="$(gh pr list --json number,mergeStateStatus -q ".[] | select(.number==${pr_id}).mergeStateStatus")" | |
done | |
echo "The build succeeded! Merging the PR..." | |
gh pr merge "${pr_id}" --merge | |
exit | |
fi | |
echo "Waiting for @flathubbot to report status checks..." | |
sleep 1 | |
done | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_CUSTOM }} |