Skip to content

Update release.yaml #78

Update release.yaml

Update release.yaml #78

Workflow file for this run

name: Release Version
on:
push:
branches: [main]
# paths-ignore:
# - ".github/**"
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
attestations: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: main
- name: Set up Python 3
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: |
3.12
check-latest: true
cache: "pip" # caching pip dependencies
- name: Install dependencies
env:
PHONENUMBER: ${{ secrets.PHONENUMBER }}
PASSWORD: ${{ secrets.PASSWORD }}
run: |
python -m pip install --upgrade pip
pip install pyxplora_api==1.0.24 -U
python ./.github/actions/update_readme.py
- name: Get Version
id: version
shell: bash
run: |
version="$(python3 ./.github/actions/get_version.py)"
echo "version=$version" >> $GITHUB_OUTPUT
- name: Is Tag exists
uses: mukunku/tag-exists-action@bdad1eaa119ce71b150b952c97351c75025c06a9
id: checkTag
with:
tag: ${{ steps.version.outputs.version }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: steps.checkTag.outputs.exists == 'false'
name: Check Tag
id: check-tag
run: |
if [[ "${{ steps.version.outputs.version }}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "match=true" >> $GITHUB_OUTPUT
fi
- name: ZIP Component Dir
if: steps.checkTag.outputs.exists == 'false'
run: |
cd ${{ github.workspace }}/custom_components/xplora_watch
zip -r xplora_watch.zip ./
- name: Generate artifact attestation
if: steps.checkTag.outputs.exists == 'false'
id: attestation
uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
with:
subject-path: ${{ github.workspace }}/custom_components/xplora_watch/xplora_watch.zip
- name: Debug attestation output
if: steps.checkTag.outputs.exists == 'false'
run: |
echo "Bundle path: ${{ steps.attestation.outputs.bundle-path }}"
ls -l "${{ steps.attestation.outputs.bundle-path }}"
- name: Copy attestation
if: steps.checkTag.outputs.exists == 'false'
run: |
cp "${{ steps.attestation.outputs.bundle-path }}" ${{ github.workspace }}/custom_components/xplora_watch/xplora_watch.zip.intoto.jsonl
- name: Import GPG key
if: steps.checkTag.outputs.exists == 'false'
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
mkdir -p ~/.gnupg
chmod 700 ~/.gnupg
echo "$GPG_PRIVATE_KEY" | gpg --batch --import
echo "use-agent" > ~/.gnupg/gpg.conf
echo "allow-loopback-pinentry" >> ~/.gnupg/gpg.conf
gpg --list-keys
- name: Debug Passphrase
if: steps.checkTag.outputs.exists == 'false'
run: |
if [ -z "$PASSPHRASE" ]; then
echo "Passphrase is empty!"
exit 1
else
echo "Passphrase is set."
fi
env:
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Sign ZIP file
if: steps.checkTag.outputs.exists == 'false'
env:
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
gpg --detach-sign --batch --yes --pinentry-mode loopback --passphrase "$PASSPHRASE" \
-o ${{ github.workspace }}/custom_components/xplora_watch/xplora_watch.zip.asc \
${{ github.workspace }}/custom_components/xplora_watch/xplora_watch.zip
- name: Upload zip to release
if: steps.checkTag.outputs.exists == 'false'
uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ${{ github.workspace }}/custom_components/xplora_watch/xplora_watch.zip
asset_name: xplora_watch.zip
tag: ${{ steps.version.outputs.version }}
overwrite: true
- name: Upload zip to release
if: steps.checkTag.outputs.exists == 'false'
uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ${{ github.workspace }}/custom_components/xplora_watch/xplora_watch.zip.asc
asset_name: xplora_watch.zip.asc
tag: ${{ steps.version.outputs.version }}
overwrite: true
- name: Upload zip to release
if: steps.checkTag.outputs.exists == 'false'
uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ${{ github.workspace }}/custom_components/xplora_watch/xplora_watch.zip.intoto.jsonl
asset_name: xplora_watch.zip.intoto.jsonl
tag: ${{ steps.version.outputs.version }}
overwrite: true
- name: Create Release
if: steps.checkTag.outputs.exists == 'false'
uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
with:
tag_name: ${{ steps.version.outputs.version }}
name: ${{ steps.version.outputs.version }}
draft: false
prerelease: false
token: ${{ secrets.GITHUB_TOKEN }}
generate_release_notes: true