rolling-release #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: rolling-release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: the tag to use | |
| required: true | |
| type: string | |
| permissions: | |
| contents: write | |
| id-token: write # for Cosign keyless | |
| jobs: | |
| build-linux-x86: | |
| uses: ./.github/workflows/build-test-core-x86.yml | |
| build-linux-aarch64: | |
| uses: ./.github/workflows/build-test-core-aarch64.yml | |
| build-osx-arm64: | |
| uses: ./.github/workflows/build-test-osx.yml | |
| build-osx-x86: | |
| uses: ./.github/workflows/build-test-osx.yml | |
| with: | |
| arch: x86_64 | |
| build-windows-x86: | |
| uses: ./.github/workflows/build-test-windows-x86.yml | |
| build-manylinux-binary-x86: | |
| needs: build-linux-x86 | |
| uses: ./.github/workflows/build-manylinux-binary.yml | |
| build-manylinux-binary-aarch64: | |
| needs: build-linux-aarch64 | |
| uses: ./.github/workflows/build-manylinux-binary.yml | |
| with: | |
| arch: aarch64 | |
| build-musllinux-binary-x86: | |
| needs: build-linux-x86 | |
| uses: ./.github/workflows/build-musllinux-binary.yml | |
| build-musllinux-binary-aarch64: | |
| needs: build-linux-aarch64 | |
| uses: ./.github/workflows/build-musllinux-binary.yml | |
| with: | |
| arch: aarch64 | |
| build-osx-binary-arm64: | |
| needs: build-osx-arm64 | |
| uses: ./.github/workflows/build-osx-binary.yml | |
| build-osx-binary-x86: | |
| needs: build-osx-x86 | |
| uses: ./.github/workflows/build-osx-binary.yml | |
| with: | |
| arch: x86_64 | |
| build-windows-binary-x86: | |
| needs: build-windows-x86 | |
| uses: ./.github/workflows/build-windows-binary-x86.yml | |
| release: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-linux-x86 # redundant | |
| - build-linux-aarch64 # redundant | |
| - build-manylinux-binary-x86 | |
| - build-manylinux-binary-aarch64 | |
| - build-musllinux-binary-x86 | |
| - build-musllinux-binary-aarch64 | |
| - build-osx-arm64 # redundant | |
| - build-osx-binary-arm64 | |
| - build-osx-x86 # redundant | |
| - build-osx-binary-x86 | |
| - build-windows-x86 # redundant | |
| - build-windows-binary-x86 | |
| steps: | |
| - name: Download All Artifacts | |
| uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4 | |
| with: | |
| # merge-multiple: true | |
| path: artifacts/ | |
| - name: Display structure of downloaded files | |
| run: ls -R | |
| - name: Prepare wheels and binaries | |
| run: | | |
| pushd artifacts/ | |
| unzip -j ./manylinux-x86-wheel/dist.zip "*.whl" | |
| unzip -j ./osx-arm64-wheel/dist.zip "*.whl" | |
| unzip ./opengrep_manylinux_binary_x86_64/opengrep.zip -d ./opengrep_manylinux_binary_x86_64 | |
| pushd opengrep_manylinux_binary_x86_64; mv opengrep opengrep_manylinux_x86; popd | |
| ls -l opengrep_manylinux_binary_x86_64 | |
| unzip ./opengrep_manylinux_binary_aarch64/opengrep.zip -d ./opengrep_manylinux_binary_aarch64 | |
| pushd opengrep_manylinux_binary_aarch64; mv opengrep opengrep_manylinux_aarch64; popd | |
| ls -l opengrep_manylinux_binary_aarch64 | |
| unzip ./opengrep_musllinux_binary_x86_64/opengrep.zip -d ./opengrep_musllinux_binary_x86_64 | |
| pushd opengrep_musllinux_binary_x86_64; mv opengrep opengrep_musllinux_x86; popd | |
| ls -l opengrep_musllinux_binary_x86_64 | |
| unzip ./opengrep_musllinux_binary_aarch64/opengrep.zip -d ./opengrep_musllinux_binary_aarch64 | |
| pushd opengrep_musllinux_binary_aarch64; mv opengrep opengrep_musllinux_aarch64; popd | |
| ls -l opengrep_musllinux_binary_aarch64 | |
| unzip ./opengrep_osx_binary_arm64/opengrep.zip -d ./opengrep_osx_binary_arm64 | |
| pushd opengrep_osx_binary_arm64; mv opengrep opengrep_osx_arm64; popd | |
| ls -l opengrep_osx_binary_arm64 | |
| unzip ./opengrep_osx_binary_x86/opengrep.zip -d ./opengrep_osx_binary_x86 | |
| pushd opengrep_osx_binary_x86; mv opengrep opengrep_osx_x86; popd | |
| ls -l opengrep_osx_binary_x86 | |
| pushd opengrep_windows_binary_x86; mv opengrep.exe opengrep_windows_x86.exe; popd | |
| popd | |
| - name: Install Cosign | |
| uses: sigstore/cosign-installer@v3 | |
| - name: Sign all binaries in artifacts | |
| run: | | |
| files_to_sign=( | |
| artifacts/opengrep_manylinux_binary_x86_64/opengrep_manylinux_x86 | |
| artifacts/opengrep_manylinux_binary_aarch64/opengrep_manylinux_aarch64 | |
| artifacts/opengrep_musllinux_binary_x86_64/opengrep_musllinux_x86 | |
| artifacts/opengrep_musllinux_binary_aarch64/opengrep_musllinux_aarch64 | |
| artifacts/opengrep_osx_binary_arm64/opengrep_osx_arm64 | |
| artifacts/opengrep_osx_binary_x86/opengrep_osx_x86 | |
| artifacts/opengrep_windows_binary_x86/opengrep_windows_x86.exe) | |
| for bin in "${files_to_sign[@]}"; do | |
| echo "Signing $bin..." | |
| cosign sign-blob \ | |
| --yes \ | |
| --output-signature "$bin.sig" \ | |
| --output-certificate "$bin.cert" \ | |
| "$bin" | |
| done | |
| - name: Create or Update Rolling Release | |
| uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2 | |
| with: | |
| tag_name: ${{ inputs.tag }} | |
| name: Release from `${{ github.ref_name }}` | |
| draft: true | |
| prerelease: true | |
| generate_release_notes: true | |
| files: | | |
| artifacts/opengrep_manylinux_binary_x86_64/opengrep_manylinux_x86 | |
| artifacts/opengrep_manylinux_binary_x86_64/opengrep_manylinux_x86.cert | |
| artifacts/opengrep_manylinux_binary_x86_64/opengrep_manylinux_x86.sig | |
| artifacts/opengrep_manylinux_binary_aarch64/opengrep_manylinux_aarch64 | |
| artifacts/opengrep_manylinux_binary_aarch64/opengrep_manylinux_aarch64.cert | |
| artifacts/opengrep_manylinux_binary_aarch64/opengrep_manylinux_aarch64.sig | |
| artifacts/opengrep_musllinux_binary_x86_64/opengrep_musllinux_x86 | |
| artifacts/opengrep_musllinux_binary_x86_64/opengrep_musllinux_x86.cert | |
| artifacts/opengrep_musllinux_binary_x86_64/opengrep_musllinux_x86.sig | |
| artifacts/opengrep_musllinux_binary_aarch64/opengrep_musllinux_aarch64 | |
| artifacts/opengrep_musllinux_binary_aarch64/opengrep_musllinux_aarch64.cert | |
| artifacts/opengrep_musllinux_binary_aarch64/opengrep_musllinux_aarch64.sig | |
| artifacts/opengrep_osx_binary_arm64/opengrep_osx_arm64 | |
| artifacts/opengrep_osx_binary_arm64/opengrep_osx_arm64.cert | |
| artifacts/opengrep_osx_binary_arm64/opengrep_osx_arm64.sig | |
| artifacts/opengrep_osx_binary_x86/opengrep_osx_x86 | |
| artifacts/opengrep_osx_binary_x86/opengrep_osx_x86.cert | |
| artifacts/opengrep_osx_binary_x86/opengrep_osx_x86.sig | |
| artifacts/opengrep_windows_binary_x86/opengrep_windows_x86.exe | |
| artifacts/opengrep_windows_binary_x86/opengrep_windows_x86.exe.cert | |
| artifacts/opengrep_windows_binary_x86/opengrep_windows_x86.exe.sig | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |