diff --git a/.github/workflows/azure-upload.yml b/.github/workflows/azure-upload.yml new file mode 100644 index 0000000000..002acda5a5 --- /dev/null +++ b/.github/workflows/azure-upload.yml @@ -0,0 +1,76 @@ +name: Azure Upload + +on: + workflow_dispatch: + +permissions: + contents: read + +jobs: + azure-upload: + permissions: + contents: write + name: Azure Upload Release + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + with: + fetch-depth: 0 + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version-file: 'go.mod' + - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + - run: npm install semver@7.6.2 + - name: Setup build environment + run: | + if [ "${{ env.ACT }}" = "true" ]; then + SUDO_CMD="" + else + SUDO_CMD="sudo" + fi + $SUDO_CMD apt-get update + $SUDO_CMD apt-get install -y gpgv1 monkeysphere jq make git + go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.35.3 + - name: Set Environment Variables + run: | + echo "${{steps.release.outputs.result}}" + echo "VERSION=$(echo '${{steps.release.outputs.result}}' | jq -r '.version')" >> $GITHUB_ENV + echo "RELEASE_ID=$(echo '${{steps.release.outputs.result}}' | jq -r '.release_id')" >> $GITHUB_ENV + echo "RELEASE_UPLOAD_URL=$(echo '${{steps.release.outputs.result}}' | jq -r '.release_upload_url')" >> $GITHUB_ENV + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + - name: Build Docker Image + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + file: scripts/packages/packager/Dockerfile + tags: build-signed-packager:1.0.0 + context: '.' + push: false + load: true + no-cache: true + build-args: | + package_type=signed-package + - name: Build Packages + env: + INDIGO_GPG_AGENT: ${{ secrets.INDIGO_GPG_AGENT }} + NFPM_SIGNING_KEY_FILE: .key.asc + run: | + echo "$INDIGO_GPG_AGENT" | base64 --decode > .key.asc + make clean package + - name: Azure Login + uses: azure/login@6b2456866fc08b011acb422a92a4aa20e2c4de32 # v2.1.0 + with: + creds: ${{ secrets.AZURE_CREDENTIALS }} + - name: Azure Upload Release Packages + uses: azure/CLI@965c8d7571d2231a54e321ddd07f7b10317f34d9 # v2.0.0 + with: + inlineScript: | + for i in ./build/azure/packages/nginx-agent*; do + az storage blob upload --auth-mode=login -f "$i" -c ${{ secrets.AZURE_CONTAINER_NAME }} \ + --account-name ${{ secrets.AZURE_ACCOUNT_NAME }} --overwrite -n nginx-agent/${GITHUB_REF##*/}/${i##*/} + done + - name: Azure Logout + run: | + az logout + if: always() +