Skip to content
Release Version

Update release.yml #111

Sign in to view logs

Update release.yml

Update release.yml #111

Workflow file for this run

.github/workflows/release.yml at 363887d
name: Release Version
on:
push:
branches: [main]
# paths-ignore:
# - ".github/**"
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
attestations: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: main
- name: Set up Python 3
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: |
3.12
check-latest: true
allow-prereleases: true
- name: Get Version
id: version
shell: bash
run: |
version="$(python3 ./.github/actions/get_version.py)"
echo "version=$version" >> $GITHUB_OUTPUT
- name: Is Tag exists
uses: mukunku/tag-exists-action@bdad1eaa119ce71b150b952c97351c75025c06a9 # v1.6.0
id: checkTag
with:
tag: ${{ steps.version.outputs.version }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: steps.checkTag.outputs.exists == 'false'
name: Check Tag
id: check-tag
run: |
if [[ "${{ steps.version.outputs.version }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "match=true" >> $GITHUB_OUTPUT
fi
- name: ZIP Component Dir
if: steps.checkTag.outputs.exists == 'false'
run: |
cd ${{ github.workspace }}/custom_components/ipv64
zip -r ipv64.zip ./
- name: Generate artifact attestation
if: steps.checkTag.outputs.exists == 'false'
uses: actions/attest-build-provenance@v2
with:
subject-path: ${{ github.workspace }}/custom_components/ipv64/ipv64.zip
- name: Import GPG key
if: steps.checkTag.outputs.exists == 'false'
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
mkdir -p ~/.gnupg
chmod 700 ~/.gnupg
echo "$GPG_PRIVATE_KEY" | gpg --batch --import
echo "use-agent" > ~/.gnupg/gpg.conf
echo "allow-loopback-pinentry" >> ~/.gnupg/gpg.conf
gpg --list-keys
- name: Debug Passphrase
if: steps.checkTag.outputs.exists == 'false'
run: |
if [ -z "$PASSPHRASE" ]; then
echo "Passphrase is empty!"
exit 1
else
echo "Passphrase is set."
fi
env:
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Sign ZIP file
if: steps.checkTag.outputs.exists == 'false'
env:
PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
run: |
gpg --detach-sign --batch --yes --pinentry-mode loopback --passphrase "$PASSPHRASE" \
-o ${{ github.workspace }}/custom_components/ipv64/ipv64.zip.asc \
${{ github.workspace }}/custom_components/ipv64/ipv64.zip
- name: Upload zip to release
if: steps.checkTag.outputs.exists == 'false'
uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ${{ github.workspace }}/custom_components/ipv64/ipv64.zip
asset_name: ipv64.zip
tag: ${{ steps.version.outputs.version }}
overwrite: true
- name: Upload zip to release
if: steps.checkTag.outputs.exists == 'false'
uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: ${{ github.workspace }}/custom_components/ipv64/ipv64.zip.asc
asset_name: ipv64.zip.asc
tag: ${{ steps.version.outputs.version }}
overwrite: true
- name: Create Release
if: steps.checkTag.outputs.exists == 'false'
uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9
with:
tag_name: ${{ steps.version.outputs.version }}
name: v${{ steps.version.outputs.version }}
draft: false
prerelease: false
token: ${{ secrets.GITHUB_TOKEN }}
generate_release_notes: true
# - name: Upload zip to release
# if: steps.checkTag.outputs.exists == 'false'
# uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
# with:
# files: ${{ github.workspace }}/custom_components/ipv64/ipv64.zip
# token: ${{ secrets.GITHUB_TOKEN }}
# tag_name: ${{ steps.version.outputs.version }}
# generate_release_notes: true