Do not use add-determinism just now #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
branches: [main] | |
tags: v* | |
jobs: | |
build: | |
# Run build on main as well to make sure it's working before we make a release | |
runs-on: ubuntu-latest | |
container: | |
# Fedora 41 ships GNOME 47, i.e. the version we currently support | |
image: docker.io/fedora:41 | |
steps: | |
# TODO: Stip timestamps from ZIP with strip-nondeterminism once 0.4.3 or newer are available in Fedora.cancel-timeout-minutes: | |
# With 0.5.0 we can set timestamps to the date of the current commit: | |
# | |
# env SOURCE_DATE_EPOCH=$(git show --no-patch --format=%ct HEAD) add-determinism dist/*.zip | |
# | |
# With 0.4.3 we need to reset to the minimal ZIP date because add-determinism retains timestamps older than | |
# SOURCE_DATE_EPOCH in this version. We also need to force it to use the JAR handler for ZIP files. | |
# | |
# SOURCE_DATE_EPOCH=(date -d1980-01-01T00:00:00Z +'%s') add-determinism --ignore-extension --handler jar | |
# | |
- name: Install git, gettext, and gnome-shell | |
run: dnf install -y --setopt=install_weak_deps=False git gettext gnome-shell | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: latest | |
cache: "npm" | |
- run: npm ci | |
- run: npm run pack | |
- run: b2sum *.zip > B2SUMS.txt | |
working-directory: dist | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: dist | |
path: "dist/*" | |
attest: | |
runs-on: ubuntu-latest | |
needs: build | |
permissions: | |
id-token: write | |
contents: read | |
attestations: write | |
# Only attest artifacts created for actual releases | |
if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
path: dist | |
name: dist | |
- uses: actions/attest-build-provenance@v1 | |
with: | |
subject-path: dist/* | |
create-release: | |
runs-on: ubuntu-latest | |
needs: build | |
permissions: | |
contents: write | |
# Only create a release on a tag | |
if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# This makes sure we actually get the tag message body down below, | |
# see https://github.com/actions/runner/issues/712 | |
ref: "${{ github.ref }}" | |
- uses: actions/download-artifact@v4 | |
with: | |
path: dist | |
name: dist | |
- run: echo "RELEASE_SUBJECT=$(git tag -ln1 --format='%(contents:subject)' "${GITHUB_REF_NAME}")" >> "$GITHUB_ENV" | |
- run: git tag -ln1 --format='%(contents:body)' "${GITHUB_REF_NAME}" > ${{ github.workspace }}-body.txt | |
- uses: softprops/action-gh-release@v2 | |
with: | |
name: "${{ env.RELEASE_SUBJECT }}" | |
body_path: "${{ github.workspace }}-body.txt" | |
files: "dist/*" | |
fail_on_unmatched_files: true | |
upload-ego: | |
runs-on: ubuntu-latest | |
needs: build | |
# Only upload releases from tags which denote a version, i.e. start with v | |
if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: latest | |
cache: "npm" | |
- run: npm ci | |
- uses: actions/download-artifact@v4 | |
with: | |
path: dist | |
name: dist | |
- run: "npx gsebuild upload --no-interaction -c ./.ego-confirmation.json ./dist/[email protected]" | |
env: | |
EGO_USERNAME: ${{ secrets.EGO_USERNAME }} | |
EGO_PASSWORD: ${{ secrets.EGO_PASSWORD }} |