From b88cb81f824a530a0137c025d3cdb88757f15826 Mon Sep 17 00:00:00 2001 From: XargonWan Date: Tue, 12 Nov 2024 16:56:44 +0900 Subject: [PATCH] Workflow: separating jobs to allow Rekku token to don't expire during the build --- .github/workflows/build_release.yml | 63 ++++++++++++++++------------- 1 file changed, 36 insertions(+), 27 deletions(-) diff --git a/.github/workflows/build_release.yml b/.github/workflows/build_release.yml index 8e66bd6d..96478de0 100644 --- a/.github/workflows/build_release.yml +++ b/.github/workflows/build_release.yml @@ -27,16 +27,10 @@ permissions: contents: write jobs: - # Generate Rekku Token Job - Generate-Rekku-Token: - uses: RetroDECK/components-template/.github/workflows/generate_rekku_token.yml@main - secrets: - REKKU_PRIVATE_KEY: ${{ secrets.REKKU_PRIVATE_KEY }} # Build RetroDECK Job Build_RetroDECK: runs-on: retrodeck-server - needs: Generate-Rekku-Token outputs: tag: ${{ steps.set-outputs.outputs.tag }} release_body: ${{ steps.set-outputs.outputs.release_body }} @@ -114,12 +108,12 @@ jobs: # Generate the tag for a pull request echo "TAG=PR-$source_branch-${{ env.buildid }}" >> $GITHUB_ENV - echo "MAKE_LATEST=false" >> $GITHUB_ENV # Not marked as the latest cooker version if it's a feature branch + echo "MAKE_LATEST=false" >> $GITHUB_OUTPUT # Not marked as the latest cooker version if it's a feature branch else # Generate the tag for non-pull request branches TAG="$MANIFEST_VERSION-${{ env.buildid }}" echo "TAG=$TAG" >> $GITHUB_ENV - echo "MAKE_LATEST=true" >> $GITHUB_ENV + echo "MAKE_LATEST=true" >> $GITHUB_OUTPUT fi # Output the manifest version and generated tag for debugging @@ -132,7 +126,7 @@ jobs: run: "cp ${GITHUB_WORKSPACE}/net.retrodeck.retrodeck.yml ${GITHUB_WORKSPACE}/net.retrodeck.retrodeck.yml.bak" - name: Run pre-build automation tasks - run : "/bin/bash ${GITHUB_WORKSPACE}/automation_tools/pre_build_automation.sh" + run: "/bin/bash ${GITHUB_WORKSPACE}/automation_tools/pre_build_automation.sh" - name: "Adding flatpak portal for automated updates (Cooker only)" if: github.ref != 'refs/heads/main' @@ -234,11 +228,36 @@ jobs: - name: Create Bundle run: "/bin/bash ${GITHUB_WORKSPACE}/automation_tools/flatpak_build_bundle.sh" + # Upload artifacts for other jobs + - name: Upload Build Artifacts + uses: actions/upload-artifact@v4 + with: + name: retrodeck-artifacts + path: | + RetroDECK*.flatpak + RetroDECK*.flatpak.sha + RetroDECK*Artifact.tar.gz + + Generate-Rekku-Token: + uses: RetroDECK/components-template/.github/workflows/generate_rekku_token.yml@main + secrets: + REKKU_PRIVATE_KEY: ${{ secrets.REKKU_PRIVATE_KEY }} + + GitHub-publish: + runs-on: ubuntu-latest + needs: [Generate-Rekku-Token, Build_RetroDECK] + env: + REKKU_TOKEN: ${{ needs.Generate-Rekku-Token.outputs.rekku_token }} + tag: ${{ needs.Build_RetroDECK.outputs.tag }} + release_body: ${{ needs.Build_RetroDECK.outputs.release_body }} + MAKE_LATEST: ${{ needs.Build_RetroDECK.outputs.MAKE_LATEST }} + steps: + # Determine if Target Repository is Main or not, in that case is a Cooker build - name: Determine target repository id: set-repo run: | - if [[ "$GITHUB_REF" == "refs/heads/main" || "$GITHUB_REF" == refs/heads/feat* ]]; then + if [[ "$GITHUB_REF" == "refs/heads/main" ]]; then echo "repo_name=RetroDECK" >> $GITHUB_ENV else echo "repo_name=Cooker" >> $GITHUB_ENV @@ -248,13 +267,13 @@ jobs: - name: Publish release uses: ncipollo/release-action@v1 with: - tag: ${{ steps.set-outputs.outputs.tag }} - name: "RetroDECK ${{ steps.set-outputs.outputs.tag }}" - body: ${{ steps.generate-body.outputs.release_body }} - artifacts: "RetroDECK*.flatpak,RetroDECK*.flatpak.sha,RetroDECK*Artifact.tar.gz" + tag: ${{ env.tag }} + name: "RetroDECK ${{ env.tag }}" + body: ${{ env.release_body }} + artifacts: "*.flatpak,*.flatpak.sha,*Artifact.tar.gz" allowUpdates: true makeLatest: ${{ env.MAKE_LATEST }} - token: ${{ needs.Generate-Rekku-Token.outputs.token }} + token: ${{ env.REKKU_TOKEN }} repo: "${{ env.repo_name }}" continue-on-error: ${{ github.ref != 'refs/heads/main' }} @@ -271,17 +290,7 @@ jobs: git tag "${{ steps.set-outputs.outputs.tag }}" git push origin "${{ steps.set-outputs.outputs.tag }}" env: - GITHUB_TOKEN: ${{ needs.Generate-Rekku-Token.outputs.token }} - - # Upload artifacts for other jobs - - name: Upload Build Artifacts - uses: actions/upload-artifact@v4 - with: - name: retrodeck-artifacts - path: | - RetroDECK*.flatpak - RetroDECK*.flatpak.sha - RetroDECK*Artifact.tar.gz + GITHUB_TOKEN: ${{ env.REKKU_TOKEN }} # As backup we're even publishing the build on our own selfhosted Fogejo instance # Forgejo Publish Job if main branch @@ -291,7 +300,7 @@ jobs: # uses: RetroDECK/components-template/.github/workflows/fogejo_publish_release.yml@main # with: # release_body: ${{ needs.Build_RetroDECK.outputs.release_body }} - # artifacts: "RetroDECK*.flatpak,RetroDECK*.flatpak.sha,RetroDECK*Artifact.tar.gz" + # artifacts: "*.flatpak,*.flatpak.sha,*Artifact.tar.gz" # tag: ${{ needs.Build_RetroDECK.outputs.tag }} # secrets: # FORGEJO_TRIGGER_BUILD_TOKEN: ${{ secrets.FORGEJO_TRIGGER_BUILD_TOKEN }} \ No newline at end of file