uffd/.github/workflows/build.yml at main · emfcamp/uffd · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
on: push

jobs:
  build:
    name: Build deb
    strategy:
      fail-fast: false
      matrix:
        debian_release:
          - trixie
    env:
      GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
      KEY_ID: ${{ secrets.KEY_ID }}
    runs-on: ubuntu-latest
    container:
      image: debian:${{ matrix.debian_release }}
    steps:
      - name: Setup
        run: |
          export DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8
          apt-get update
          apt-get install -y \
            build-essential \
            locales \
            git \
            nodejs \
            python3-git \
            gnupg \
            debsigs
          localedef -i en_GB -c -f UTF-8 -A /usr/share/locale/locale.alias en_GB.UTF-8
      - name: Checkout
        # This comes after "setup" since we might need nodejs...
        uses: actions/checkout@v5
        with:
          fetch-depth: 0  # we need tags as well
      - name: Setup for build
        run: |
          export DEBIAN_FRONTEND=noninteractive LANG=en_GB.UTF-8
          git config --global --add safe.directory $PWD
          apt-get build-dep -y .
          ./debian/create_changelog.py uffd > debian/changelog
      - name: Perform build
        run: |
          export DEBIAN_FRONTEND=noninteractive LANG=en_GB.UTF-8
          git config --global --add safe.directory $PWD
          export PACKAGE_VERSION="$(git describe | sed -E -n -e 's/^v([0-9.]*)(\+emf[0-9.]*)?$/\1/p' -e 's/^v([0-9.]*(\+emf[0-9.]*)?)-([0-9]*)-g([0-9a-z]*)$/\1.dev+git.\4/p' | grep .)"
          export PYBUILD_INSTALL_ARGS="--install-lib=/usr/share/uffd/ --install-scripts=/usr/share/uffd/"
          export DEB_BUILD_OPTIONS=nocheck
          dpkg-buildpackage -us -uc
      - name: Verify artifacts
        run: |
          export DEBIAN_FRONTEND=noninteractive LANG=en_GB.UTF-8
          mkdir out/
          mv ../*.deb out/
          for f in out/*.deb; do
            mv -v "$f" "${f%%.deb}.${{ matrix.debian_release }}.deb"
          done
          dpkg-deb -I out/*.deb
          dpkg-deb -c out/*.deb
      - name: Sign artifacts
        if: ${{ env.GPG_PRIVATE_KEY != '' && env.KEY_ID != '' }}
        run: |
          echo "$GPG_PRIVATE_KEY" | gpg --batch --import
          echo "$KEY_ID:6:" |  gpg --batch --import-ownertrust --pinentry-mode=loopback
          debsigs -v --gpgopts="--batch --no-tty --pinentry-mode=loopback" --sign=origin --default-key="$KEY_ID" out/*.deb
      - name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          name: deb-${{ matrix.debian_release }}
          path: out/
  release:
    name: Release
    needs: [build]
    permissions:
      actions: read
      contents: write
    if: ${{ github.ref_type == 'tag' }}
    runs-on: ubuntu-latest
    steps:
      - name: Download artifacts
        uses: actions/download-artifact@v5
        with:
          pattern: deb-*
          merge-multiple: true
      - name: Release
        uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8  # v2.3.2
        with:
          files: "*.deb"
          generate_release_notes: true