-
Notifications
You must be signed in to change notification settings - Fork 19
115 lines (105 loc) · 3.51 KB
/
generate_dist.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
name: Generate and commit distribution files to requested PR
on:
workflow_dispatch:
issue_comment:
types: [created, edited]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
generate_dist:
if: |
contains('["OWNER", "CONTRIBUTOR", "COLLABORATOR", "MEMBER"]', github.event.comment.author_association) &&
github.event.issue.pull_request &&
github.event.comment.body == '/generate_dist'
runs-on: ubuntu-latest
permissions:
contents: read
steps:
# Checkout only the changed data files
- uses: actions/checkout@v4
- name: Checkout PR
run: gh pr checkout ${{ github.event.issue.number }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Keep only data/ files
run: |
git fetch origin main:main
git reset --hard origin/main
git checkout HEAD@{1} -- 'data/**/*.yml'
# Setup dependencies
- uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- uses: cue-lang/[email protected]
with:
version: 'v0.7.0'
- name: Install b3sum
run: |
curl -L https://github.com/BLAKE3-team/BLAKE3/releases/download/1.5.3/b3sum_linux_x64_bin -o b3sum
chmod +x b3sum
sudo mv b3sum /usr/local/bin/
# Generate distribution files and manifests
- name: Generate distribution files
run: VERBOSE=1 make --file=Makefile build
- name: Create distribution manifest
run: |
target="dist"
manifest="manifest.b3"
manifest_sig="${manifest}.sig"
find "$target" -type f -print0 | sort -z | xargs -0 b3sum > "$manifest"
echo -n "${{ secrets.MANIFEST_KEY }}" | b3sum --keyed "$manifest" > "$manifest_sig"
- uses: actions/upload-artifact@v4
with:
name: dist
path: |
dist/
manifest.b3
manifest.b3.sig
commit_dist:
runs-on: ubuntu-latest
needs: generate_dist
permissions:
contents: write
steps:
# Checkout code
- uses: actions/checkout@v4
- name: Checkout PR
run: gh pr checkout ${{ github.event.issue.number }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Verify and apply distribution files
- uses: actions/download-artifact@v4
with:
name: dist
path: .
- name: Install b3sum
run: |
curl -L https://github.com/BLAKE3-team/BLAKE3/releases/download/1.5.3/b3sum_linux_x64_bin -o b3sum
chmod +x b3sum
sudo mv b3sum /usr/local/bin/
- name: Verify file integrity
run: |
manifest="manifest.b3"
manifest_sig="${manifest}.sig"
verify_sig="verify.b3.sig"
echo -n "${{ secrets.MANIFEST_KEY }}" | b3sum --keyed "$manifest" > "$verify_sig"
echo "Vetting $manifest_sig with generated $verify_sig"
if ! (cmp -s "$manifest_sig" "$verify_sig"); then
echo "Error: Integrity failure. Invalid key used to generate ${verify_sig}."
exit 1
fi
rm -f "$manifest_sig" "$verify_sig"
echo "Vetting $manifest"
if ! (b3sum --check "$manifest"); then
echo "Error: Integrity failure. Files are inconsistent with ${manifest}."
exit 1
fi
rm -f "$manifest"
- name: Commit distribution files
run: |
git config --local user.name "GitHub Action"
git config --local user.email "[email protected]"
git add dist
git commit -m "🤖 Update distribution files" || exit 0 # Exit gracefully if no changes
git push