diff --git a/.github/workflows/post-publish.yml b/.github/workflows/post-publish.yml index 619f0f607..94e782cb6 100644 --- a/.github/workflows/post-publish.yml +++ b/.github/workflows/post-publish.yml @@ -6,25 +6,13 @@ on: jobs: get-version: + uses: ./.github/workflows/get-version.yml + with: + version: ${{ github.event.release.tag_name }} + + notify: runs-on: ubuntu-latest steps: - - name: Download source tarball - run: | - curl --silent --fail-with-body --proto "=https" -L -H "Accept: application/vnd.github+json" https://github.com/cryptomator/cryptomator/archive/refs/tags/${{ github.event.release.tag_name }}.tar.gz --output cryptomator-${{ github.event.release.tag_name }}.tar.gz - - name: Sign source tarball with key 615D449FE6E6A235 - run: | - echo "${GPG_PRIVATE_KEY}" | gpg --batch --quiet --import - echo "${GPG_PASSPHRASE}" | gpg --batch --quiet --passphrase-fd 0 --pinentry-mode loopback -u 615D449FE6E6A235 --detach-sign -a cryptomator-*.tar.gz - env: - GPG_PRIVATE_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} - GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }} - - name: Publish asc on GitHub Releases - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 - with: - fail_on_unmatched_files: true - token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }} - files: | - cryptomator-*.tar.gz.asc - name: Slack Notification uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 env: @@ -36,4 +24,58 @@ jobs: SLACK_TITLE: "Release ${{ github.event.repository.name }} ${{ github.event.release.tag_name }} published." SLACK_MESSAGE: "Ready to ." SLACK_FOOTER: false - MSG_MINIMAL: true \ No newline at end of file + MSG_MINIMAL: true + + get-asset-urls: + name: Get release asset URLs + runs-on: ubuntu-latest + outputs: + msi-url: ${{ steps.urls.outputs.msi }} + exe-url: ${{ steps.urls.outputs.exe }} + steps: + - name: Extract MSI and EXE download URLs + id: urls + run: | + MSI_URL=$(gh api "repos/${{ github.repository }}/releases/${{ github.event.release.id }}/assets" \ + --jq '[.[] | select(.name | endswith("-x64.msi"))][0].browser_download_url') + EXE_URL=$(gh api "repos/${{ github.repository }}/releases/${{ github.event.release.id }}/assets" \ + --jq '[.[] | select(.name | endswith("-x64.exe"))][0].browser_download_url') + echo "msi=${MSI_URL}" >> $GITHUB_OUTPUT + echo "exe=${EXE_URL}" >> $GITHUB_OUTPUT + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + allowlist-msi-x64: + needs: [get-asset-urls] + if: needs.get-asset-urls.outputs.msi-url != 'null' && needs.get-asset-urls.outputs.msi-url != '' + uses: ./.github/workflows/av-whitelist.yml + with: + url: ${{ needs.get-asset-urls.outputs.msi-url }} + secrets: inherit + + allowlist-exe-x64: + needs: [get-asset-urls, allowlist-msi-x64] + if: needs.get-asset-urls.outputs.exe-url != 'null' && needs.get-asset-urls.outputs.exe-url != '' + uses: ./.github/workflows/av-whitelist.yml + with: + url: ${{ needs.get-asset-urls.outputs.exe-url }} + secrets: inherit + + notify-winget: + name: Notify for winget-release + if: needs.get-version.outputs.versionType == 'stable' + needs: [get-version, get-asset-urls] + runs-on: ubuntu-latest + steps: + - name: Slack Notification + uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 + env: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_USERNAME: 'Cryptobot' + SLACK_ICON: false + SLACK_ICON_EMOJI: ':bot:' + SLACK_CHANNEL: 'cryptomator-desktop' + SLACK_TITLE: "Release ${{ github.event.repository.name }} ${{ github.event.release.tag_name }} published." + SLACK_MESSAGE: "Ready to ." + SLACK_FOOTER: false + MSG_MINIMAL: true diff --git a/.github/workflows/win-exe.yml b/.github/workflows/win-exe.yml index 536083d72..0c242016e 100644 --- a/.github/workflows/win-exe.yml +++ b/.github/workflows/win-exe.yml @@ -459,9 +459,6 @@ jobs: if: github.ref_type == 'tag' && inputs.is-release runs-on: ubuntu-latest needs: [ build-msi, build-exe ] - outputs: - download-url-msi-x64: ${{ fromJSON(steps.publish.outputs.assets)[0].browser_download_url }} - download-url-exe-x64: ${{ fromJSON(steps.publish.outputs.assets)[2].browser_download_url }} steps: - name: Download installers uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 @@ -474,41 +471,7 @@ jobs: draft: true fail_on_unmatched_files: true token: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }} - # do not change ordering of filelist, required for correct job output files: | *x64.msi *x64.exe *.asc - - allowlist-msi-x64: - uses: ./.github/workflows/av-whitelist.yml - needs: [ publish ] - with: - url: ${{ needs.publish.outputs.download-url-msi-x64 }} - secrets: inherit - - allowlist-exe-x64: - uses: ./.github/workflows/av-whitelist.yml - needs: [ publish, allowlist-msi-x64 ] - with: - url: ${{ needs.publish.outputs.download-url-exe-x64 }} - secrets: inherit - - notify-winget: - name: Notify for winget-release - if: needs.get-version.outputs.versionType == 'stable' - needs: [publish, get-version] - runs-on: ubuntu-latest - steps: - - name: Slack Notification - uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 - env: - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_USERNAME: 'Cryptobot' - SLACK_ICON: false - SLACK_ICON_EMOJI: ':bot:' - SLACK_CHANNEL: 'cryptomator-desktop' - SLACK_TITLE: "MSI packages of ${{ github.event.repository.name }} ${{ github.event.release.tag_name }} published." - SLACK_MESSAGE: "Ready to ." - SLACK_FOOTER: false - MSG_MINIMAL: true