diff --git a/.circleci/config.yml b/.circleci/config.yml index 4529743ea04..c634737854e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -36,33 +36,6 @@ jobs: make armbuild V=1; make clean make -C tests test-legacy test-longmatch; make clean make -C lib libzstd-nomt; make clean - # This step is only run on release tags. - # It publishes the source tarball as artifacts and if the GITHUB_TOKEN - # environment variable is set it will publish the source tarball to the - # tagged release. - publish-github-release: - docker: - - image: fbopensource/zstd-circleci-primary:0.0.1 - environment: - CIRCLE_ARTIFACTS: /tmp/circleci-artifacts - steps: - - checkout - - run: - name: Publish - command: | - export VERSION=$(echo $CIRCLE_TAG | tail -c +2) - export ZSTD_VERSION=zstd-$VERSION - git archive $CIRCLE_TAG --prefix $ZSTD_VERSION/ --format tar \ - -o $ZSTD_VERSION.tar - sha256sum $ZSTD_VERSION.tar > $ZSTD_VERSION.tar.sha256 - zstd -19 $ZSTD_VERSION.tar - sha256sum $ZSTD_VERSION.tar.zst > $ZSTD_VERSION.tar.zst.sha256 - gzip -k -9 $ZSTD_VERSION.tar - sha256sum $ZSTD_VERSION.tar.gz > $ZSTD_VERSION.tar.gz.sha256 - mkdir -p $CIRCLE_ARTIFACTS - cp $ZSTD_VERSION.tar* $CIRCLE_ARTIFACTS - - store_artifacts: - path: /tmp/circleci-artifacts # This step should only be run in a cron job regression-test: docker: diff --git a/.github/workflows/publish-release-artifacts.yml b/.github/workflows/publish-release-artifacts.yml new file mode 100644 index 00000000000..952cb26b7e9 --- /dev/null +++ b/.github/workflows/publish-release-artifacts.yml @@ -0,0 +1,68 @@ +name: publish-release-artifacts + +on: + release: + types: + - created + +jobs: + publish-release-artifacts: + runs-on: ubuntu-latest + if: startsWith(github.ref, 'refs/tags/') + + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Archive + env: + RELEASE_SIGNING_KEY: ${{ secrets.RELEASE_SIGNING_KEY }} + RELEASE_SIGNING_KEY_PASSPHRASE: ${{ secrets.RELEASE_SIGNING_KEY_PASSPHRASE }} + run: | + # compute file name + export TAG="$(echo "$GITHUB_REF" | sed -n 's_^refs/tags/__p')" + if [ -z "$TAG" ]; then + echo "action must be run on a tag. GITHUB_REF is not a tag: $GITHUB_REF" + exit 1 + fi + # Attempt to extract "1.2.3" from "v1.2.3" to maintain artifact name backwards compat. + # Otherwise, degrade to using full tag. + export VERSION="$(echo "$TAG" | sed 's_^v\([0-9]\+\.[0-9]\+\.[0-9]\+\)$_\1_')" + export ZSTD_VERSION="zstd-$VERSION" + + # archive + git archive $TAG \ + --prefix $ZSTD_VERSION/ \ + --format tar \ + -o $ZSTD_VERSION.tar + + # Do the rest of the work in a sub-dir so we can glob everything we want to publish. + mkdir artifacts/ + mv $ZSTD_VERSION.tar artifacts/ + cd artifacts/ + + # compress + zstd -k -19 $ZSTD_VERSION.tar + gzip -k -9 $ZSTD_VERSION.tar + + # we only publish the compressed tarballs + rm $ZSTD_VERSION.tar + + # hash + sha256sum $ZSTD_VERSION.tar.zst > $ZSTD_VERSION.tar.zst.sha256 + sha256sum $ZSTD_VERSION.tar.gz > $ZSTD_VERSION.tar.gz.sha256 + + # sign + if [ -n "$RELEASE_SIGNING_KEY" ]; then + export GPG_BATCH_OPTS="--batch --no-use-agent --pinentry-mode loopback --no-tty --yes" + echo "$RELEASE_SIGNING_KEY" | gpg $GPG_BATCH_OPTS --import + gpg $GPG_BATCH_OPTS --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.zst.sig $ZSTD_VERSION.tar.zst + gpg $GPG_BATCH_OPTS --armor --sign --sign-with signing@zstd.net --detach-sig --passphrase "$RELEASE_SIGNING_KEY_PASSPHRASE" --output $ZSTD_VERSION.tar.gz.sig $ZSTD_VERSION.tar.gz + fi + + - name: Publish + uses: skx/github-action-publish-binaries@release-1.3 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + args: artifacts/*