-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Certify the AME backend binary (#72)
- Loading branch information
Showing
3 changed files
with
196 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -115,6 +115,18 @@ jobs: | |
| Remove-Item -Recurse -Force $tempDir | ||
| shell: pwsh | ||
|
|
||
| - name: Upload binary (Windows) | ||
| if: matrix.os == 'windows-latest' | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: aspect-model-editor-v${{ github.event.inputs.release_version }}-win | ||
| path: | | ||
| aspect-model-editor-runtime/target/ame-backend-${{ github.event.inputs.release_version }}-win.exe | ||
| aspect-model-editor-runtime/target/*.dll | ||
| aspect-model-editor-runtime/target/*.bat | ||
| aspect-model-editor-runtime/target/lib/ | ||
| # Release Mac and Linux executables | ||
| - name: Create GitHub release (Mac) | ||
| if: ${{ (matrix.os == 'macos-12') && (!contains( github.ref, '-M' )) }} | ||
| uses: svenstaro/upload-release-action@latest | ||
|
|
@@ -164,24 +176,46 @@ jobs: | |
| git config user.name github-actions | ||
| git config user.email [email protected] | ||
| - name: Create GitHub release (Windows) | ||
| if: ${{ (matrix.os == 'windows-latest') && (!contains( github.ref, '-M' )) }} | ||
| uses: svenstaro/upload-release-action@latest | ||
| with: | ||
| file_glob: true | ||
| overwrite: true | ||
| prerelease: false | ||
| repo_token: ${{ secrets.GITHUB_TOKEN }} | ||
| file: aspect-model-editor-v${{ github.event.inputs.release_version }}-win.zip | ||
| tag: v${{ github.event.inputs.release_version }} | ||
| # Sign Windows executable | ||
| - name: Get Artifact ID (Windows) | ||
| if: matrix.os == 'windows-latest' | ||
| shell: bash | ||
| run: | | ||
| # Get the list of artifacts for the specified workflow run | ||
| response=$(curl -H "Authorization: Bearer $TOKEN" -H "Accept: application/vnd.github+json" "https://api.github.com/repos/${{ github.repository_owner }}/$(echo '${{ github.repository }}' | cut -d'/' -f2)/actions/runs/${{ github.run_id }}/artifacts") | ||
| # Filter out the ID of the artifact with a name that contains "windows" | ||
| artifact_id=$(echo "$response" | jq -r '.artifacts[] | select(.name | contains("win")) | .id') | ||
| # Save the artifact ID in an environment variable | ||
| echo "ARTIFACT_ID=$artifact_id" >> $GITHUB_ENV | ||
| env: | ||
| TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Commit Artifact url and version changes and push to pre release branch for jenkins (Windows) | ||
| if: matrix.os == 'windows-latest' | ||
| shell: bash | ||
| run: | | ||
| ARTIFACT_URL_WIN="https://api.github.com/repos/eclipse-esmf/esmf-aspect-model-editor-backend/actions/artifacts/$ARTIFACT_ID/zip" | ||
| BRANCH_NAME="pre_release_configuration" | ||
| echo "artifact_url_win=$ARTIFACT_URL_WIN" > parameters.txt | ||
| echo "version=${{ github.event.inputs.release_version }}" >> parameters.txt | ||
| git config --global user.email "[email protected]" | ||
| git config --global user.name "github-actions" | ||
| git checkout -b $BRANCH_NAME | ||
| git add parameters.txt | ||
| git commit -m "Add parameters.txt with artifact_url_win and version" | ||
| git push origin $BRANCH_NAME | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Trigger Jenkins Job, for signing executable | ||
| if: matrix.os == 'windows-latest' | ||
| shell: bash | ||
| run: | | ||
| DATA='{"repository": {"url": "https://github.com/eclipse-esmf/esmf-aspect-model-editor-backend", "html_url": "https://github.com/eclipse-esmf/esmf-aspect-model-editor-backend", "owner": { "name": "ESMF"}}, "pusher": { "name": "GitHub Action", "email": "[email protected]"}}' | ||
| SHA1="$(echo -n "${DATA}" | openssl dgst -sha1 -hmac "${WEBHOOK_SECRET}" | sed 's/SHA1(stdin)= //')" | ||
| curl -X POST https://ci.eclipse.org/esmf/github-webhook/ -H "Content-Type: application/json" -H "X-GitHub-Event: push" -H "X-Hub-Signature: sha1=${SHA1}" -d "${DATA}" | ||
| - name: Create GitHub pre-release (Windows) | ||
| if: ${{ (matrix.os == 'windows-latest') && (contains( github.ref, '-M' )) }} | ||
| uses: svenstaro/upload-release-action@latest | ||
| with: | ||
| file_glob: true | ||
| overwrite: true | ||
| prerelease: true | ||
| repo_token: ${{ secrets.GITHUB_TOKEN }} | ||
| file: aspect-model-editor-v${{ github.event.inputs.release_version }}-win.zip | ||
| tag: v${{ github.event.inputs.release_version }} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,115 @@ | ||
| pipeline { | ||
| agent any | ||
|
|
||
| environment { | ||
| GITHUB_BOT_TOKEN = credentials('github-bot-token') | ||
| } | ||
|
|
||
| stages { | ||
| stage('Read parameters file') { | ||
| steps { | ||
| script { | ||
| if (fileExists('parameters.txt')) { | ||
| // Read the file | ||
| def fileContent = readFile('parameters.txt').trim() | ||
|
|
||
| // Split the file content into lines | ||
| def lines = fileContent.split("\n") | ||
|
|
||
| // Iterate over the lines and set the environment variables | ||
| lines.each { line -> | ||
| def parts = line.split('=') | ||
| if (parts.size() == 2) { | ||
| env[parts[0]] = parts[1] | ||
| } | ||
| } | ||
|
|
||
| echo "Artifact URL: ${env.artifact_url_win}" | ||
| echo "Version: ${env.version}" | ||
| } else { | ||
| echo "Error: parameters.txt does not exist." | ||
| } | ||
| } | ||
| } | ||
| } | ||
|
|
||
| stage('Download and unpack artifact') { | ||
| steps { | ||
| script { | ||
| sh "curl -L -H 'Accept: application/vnd.github.v3+json' \ | ||
| -H 'Authorization: Bearer ${GITHUB_BOT_TOKEN}' \ | ||
| '${env.artifact_url_win}' \ | ||
| --output 'aspect-model-editor-v${env.version}-win.zip'" | ||
| sh "mkdir -p unpack_dir" | ||
| sh "unzip -o aspect-model-editor-v${env.version}-win.zip -d unpack_dir" | ||
| sh "ls -a unpack_dir" | ||
| } | ||
| } | ||
| } | ||
|
|
||
| stage('Sign Applications') { | ||
| steps { | ||
| script { | ||
| sh "mkdir -p signed_dir" | ||
| sh "find unpack_dir -name '*.dll' -exec mv {} signed_dir \\;" | ||
| sh "curl -o signed_dir/ame-backend-${env.version}-win.exe -F file=@unpack_dir/ame-backend-${env.version}-win.exe https://cbi.eclipse.org/authenticode/sign" | ||
| sh "zip -r aspect-model-editor-v${env.version}-win-signed.zip signed_dir" | ||
| } | ||
| } | ||
| } | ||
|
|
||
| stage('Release signed WINDOWS artifact to GitHub Releases') { | ||
| steps { | ||
| script { | ||
| def repo = "eclipse-esmf/esmf-aspect-model-editor-backend" | ||
| def tagName = "v${env.version}" | ||
| def fileName = "aspect-model-editor-v${env.version}-win-signed.zip" | ||
| def releaseId = "" | ||
|
|
||
| def tagExists = sh(script: """ | ||
| curl -s -L \\ | ||
| -H "Accept: application/vnd.github+json" \\ | ||
| -H "Authorization: Bearer \$GITHUB_BOT_TOKEN" \\ | ||
| https://api.github.com/repos/${repo}/git/refs/tags/${tagName} | jq -r '.ref' | ||
| """, returnStdout: true).trim() | ||
|
|
||
| if (tagExists == "null") { | ||
| // Tag does not exist, create a new one | ||
| releaseId = sh(script: """ | ||
| curl -s -L \\ | ||
| -H "Accept: application/vnd.github+json" \\ | ||
| -H "Authorization: Bearer \$GITHUB_BOT_TOKEN" \\ | ||
| -X POST \\ | ||
| -d '{ "tag_name": "${tagName}", "name": "${tagName}", "body": "Release ${tagName}" }' \\ | ||
| https://api.github.com/repos/${repo}/releases | jq -r '.id' | ||
| """, returnStdout: true).trim() | ||
| } else { | ||
| // Tag exists, use the existing one | ||
| releaseId = sh(script: """ | ||
| curl -s -L \\ | ||
| -H "Accept: application/vnd.github+json" \\ | ||
| -H "Authorization: Bearer \$GITHUB_BOT_TOKEN" \\ | ||
| https://api.github.com/repos/${repo}/releases/tags/${tagName} | jq -r '.id' | ||
| """, returnStdout: true).trim() | ||
| } | ||
|
|
||
| sh """ | ||
| curl -L \ | ||
| -X POST \ | ||
| -H "Accept: application/vnd.github+json" \\ | ||
| -H "Authorization: Bearer \$GITHUB_BOT_TOKEN" \ | ||
| -H "Content-Type: application/octet-stream" \ | ||
| --data-binary @${fileName} \ | ||
| "https://uploads.github.com/repos/${repo}/releases/${releaseId}/assets?name=${fileName}" | ||
| """ | ||
|
|
||
| sh """ | ||
| curl -X DELETE \ | ||
| -H "Authorization: Bearer \$GITHUB_BOT_TOKEN" \ | ||
| "https://api.github.com/repos/eclipse-esmf/esmf-aspect-model-editor-backend/git/refs/heads/pre_release_configuration" | ||
| """ | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } |