From 6a3fd591a97b08ccd21b4543d0917a23cd380e1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20=C5=A0tamcar?= Date: Wed, 9 Oct 2024 17:19:34 +0200 Subject: [PATCH] Update all usages of artifacts in jobs --- .github/workflows/native.yaml | 97 +++++++++++++++++++++++------------ 1 file changed, 65 insertions(+), 32 deletions(-) diff --git a/.github/workflows/native.yaml b/.github/workflows/native.yaml index dbebd5a9..57094b32 100644 --- a/.github/workflows/native.yaml +++ b/.github/workflows/native.yaml @@ -315,7 +315,7 @@ jobs: if: matrix.target == 'x86_64-unknown-linux-gnu' uses: actions/upload-artifact@v4 with: - name: build-shell-completions + name: build-artifacts-shell-completions path: native/target/completions.zip compression-level: 0 @@ -323,7 +323,7 @@ jobs: if: matrix.os == 'ubuntu-latest' uses: actions/upload-artifact@v4 with: - name: build-linux-deb-${{ steps.target.outputs.target }} + name: build-artifacts-linux-deb-${{ steps.target.outputs.target }} path: native/target/debian/*.deb compression-level: 0 @@ -331,7 +331,7 @@ jobs: if: matrix.os == 'ubuntu-latest' uses: actions/upload-artifact@v4 with: - name: build-linux-rpm-${{ steps.target.outputs.target }} + name: build-artifacts-linux-rpm-${{ steps.target.outputs.target }} path: native/target/rpm/*.rpm compression-level: 0 @@ -340,7 +340,7 @@ jobs: if: matrix.os == 'windows-latest' && matrix.portable != true uses: actions/upload-artifact@v4 with: - name: unsigned-windows-msi-${{ steps.target.outputs.target }} + name: unsigned-artifacts-windows-msi-${{ steps.target.outputs.target }} path: native/target/wix/*.msi compression-level: 0 @@ -349,15 +349,15 @@ jobs: if: matrix.os == 'windows-latest' && matrix.portable == true uses: actions/upload-artifact@v4 with: - name: unsigned-windows-paf-${{ steps.target.outputs.target }} + name: unsigned-artifacts-windows-paf-${{ steps.target.outputs.target }} path: native/target/paf/*.paf.exe compression-level: 0 - - name: Sign MSI (Windows) - # if: startsWith(github.ref, 'refs/tags/v') + - name: Sign MSI with SignPath (Windows) + if: matrix.os == 'windows-latest' && matrix.portable != true # && startsWith(github.ref, 'refs/tags/v') uses: signpath/github-action-submit-signing-request@v1 with: - api-token: ${{ secrets.SIGNPATH_API_TOKEN }} + api-token: ${{ secrets.SIGNPATH_TOKEN }} organization-id: ${{ vars.SIGNPATH_ORGANIZATION_ID }} project-slug: ${{ vars.SIGNPATH_PROJECT_SLUG }} signing-policy-slug: ${{ vars.SIGNPATH_POLICY_SLUG }} @@ -365,11 +365,11 @@ jobs: artifact-configuration-slug: installer output-artifact-directory: signed/msi - - name: Sign PAF (Windows) - # if: startsWith(github.ref, 'refs/tags/v') + - name: Sign PAF with SignPath (Windows) + if: matrix.os == 'windows-latest' && matrix.portable == true # && startsWith(github.ref, 'refs/tags/v') uses: signpath/github-action-submit-signing-request@v1 with: - api-token: ${{ secrets.SIGNPATH_API_TOKEN }} + api-token: ${{ secrets.SIGNPATH_TOKEN }} organization-id: ${{ vars.SIGNPATH_ORGANIZATION_ID }} project-slug: ${{ vars.SIGNPATH_PROJECT_SLUG }} signing-policy-slug: ${{ vars.SIGNPATH_POLICY_SLUG }} @@ -381,7 +381,7 @@ jobs: if: matrix.os == 'windows-latest' && matrix.portable != true # && startsWith(github.ref, 'refs/tags/v') uses: actions/upload-artifact@v4 with: - name: build-windows-msi-${{ steps.target.outputs.target }} + name: build-artifacts-windows-msi-${{ steps.target.outputs.target }} path: signed/msi/*.msi compression-level: 0 @@ -389,7 +389,7 @@ jobs: if: matrix.os == 'windows-latest' && matrix.portable == true # && startsWith(github.ref, 'refs/tags/v') uses: actions/upload-artifact@v4 with: - name: build-windows-paf-${{ steps.target.outputs.target }} + name: build-artifacts-windows-paf-${{ steps.target.outputs.target }} path: signed/paf/*.paf.exe compression-level: 0 @@ -411,6 +411,10 @@ jobs: if: startsWith(github.ref, 'refs/tags/v') runs-on: ubuntu-latest + permissions: + actions: read + contents: write + needs: - clippy - rustfmt @@ -418,18 +422,22 @@ jobs: steps: - name: Download artifacts - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 + with: + pattern: build-artifact-* + path: artifacts + merge-multiple: true - name: Upload artifacts to GitHub Release uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 with: fail_on_unmatched_files: true files: | - artifact/completions.zip - artifact/debian/*.deb - artifact/rpm/*.rpm - artifact/wix/*.msi - artifact/paf/*.paf.exe + artifacts/completions.zip + artifacts/*.deb + artifacts/*.rpm + artifacts/*.msi + artifacts/*.paf.exe env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -438,6 +446,10 @@ jobs: if: startsWith(github.ref, 'refs/tags/v') runs-on: ubuntu-latest + permissions: + actions: read + contents: read + needs: - clippy - rustfmt @@ -445,7 +457,11 @@ jobs: steps: - name: Download artifacts - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 + with: + pattern: build-artifact-linux-* + path: artifacts + merge-multiple: true - name: Install packagecloud.io CLI run: sudo gem install package_cloud @@ -454,8 +470,8 @@ jobs: env: PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} run: | - package_cloud push filips/FirefoxPWA/any/any artifact/debian/*.deb - package_cloud push filips/FirefoxPWA/rpm_any/rpm_any artifact/rpm/*.rpm + package_cloud push filips/FirefoxPWA/any/any artifacts/*.deb + package_cloud push filips/FirefoxPWA/rpm_any/rpm_any artifacts/*.rpm release-aur: name: Release on Arch User Repository @@ -463,6 +479,9 @@ jobs: runs-on: ubuntu-latest container: archlinux + permissions: + contents: read + needs: - release-github @@ -502,8 +521,8 @@ jobs: pkgbuild: ./native/packages/aur/firefox-pwa/PKGBUILD assets: ./native/packages/aur/firefox-pwa/** commit_message: Update to ${{ env.VERSION }} - commit_username: ${{ secrets.AUR_USERNAME }} - commit_email: ${{ secrets.AUR_EMAIL }} + commit_username: ${{ vars.AUR_USERNAME }} + commit_email: ${{ vars.AUR_EMAIL }} ssh_private_key: ${{ secrets.AUR_PRIVATE_KEY }} ssh_keyscan_types: rsa,ecdsa,ed25519 @@ -514,8 +533,8 @@ jobs: pkgbuild: ./native/packages/aur/firefox-pwa-bin/PKGBUILD assets: ./native/packages/aur/firefox-pwa-bin/** commit_message: Update to ${{ env.VERSION }} - commit_username: ${{ secrets.AUR_USERNAME }} - commit_email: ${{ secrets.AUR_EMAIL }} + commit_username: ${{ vars.AUR_USERNAME }} + commit_email: ${{ vars.AUR_EMAIL }} ssh_private_key: ${{ secrets.AUR_PRIVATE_KEY }} ssh_keyscan_types: rsa,ecdsa,ed25519 @@ -525,6 +544,9 @@ jobs: runs-on: ubuntu-latest container: ghcr.io/filips123/gentoo-pycargoebuild + permissions: + contents: read + needs: - release-github @@ -554,8 +576,8 @@ jobs: - name: Prepare Git user working-directory: tmp/guru run: | - git config --local user.name "${{ secrets.GENTOO_USERNAME }}" - git config --local user.email "${{ secrets.GENTOO_EMAIL }}" + git config --local user.name "${{ vars.GENTOO_USERNAME }}" + git config --local user.email "${{ vars.GENTOO_EMAIL }}" git config --local user.signingkey "${{ secrets.GENTOO_KEY_ID }}" - name: Prepare Git settings @@ -609,6 +631,9 @@ jobs: if: startsWith(github.ref, 'refs/tags/v') runs-on: windows-latest + permissions: + contents: read + needs: - release-github @@ -619,8 +644,8 @@ jobs: - name: Prepare Git user run: | - git config --global user.name "${{ secrets.GH_USERNAME }}" - git config --global user.email "${{ secrets.GH_EMAIL }}" + git config --global user.name "${{ vars.WINGET_USERNAME }}" + git config --global user.email "${{ vars.WINGET_EMAIL }}" - name: Update and release package manifest run: | @@ -634,6 +659,10 @@ jobs: if: startsWith(github.ref, 'refs/tags/v') runs-on: windows-latest + permissions: + actions: read + contents: read + needs: - release-github @@ -642,12 +671,16 @@ jobs: uses: actions/checkout@v4 - name: Download artifacts - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 + with: + pattern: build-artifact-windows-msi-* + path: artifacts + merge-multiple: true - name: Calculate version and installer checksums run: | echo "::group::Copying installers to the package" - cp -R artifact/wix/*.msi native/packages/choco/tools/ + cp -R artifacts/*.msi native/packages/choco/tools/ echo "::endgroup::" echo "::group::Setting the package version"