release #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| signed_binary_name: | |
| description: 'Name of the signed binary' | |
| required: false | |
| default: 'spiceai.signed.taco' | |
| type: string | |
| release: | |
| types: [created] | |
| jobs: | |
| build: | |
| runs-on: code-signing | |
| if: github.event.action == 'created' && github.event.release.prerelease == true | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Install Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.13 | |
| - name: Make Package (unsigned) | |
| run: | | |
| make package | |
| - name: Set up Java for signing | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '11' | |
| distribution: 'zulu' | |
| - name: Sign ${{ inputs.signed_binary_name}} | |
| env: | |
| DIGICERT_KEY_ALIAS: ${{ secrets.DIGICERT_KEY_ALIAS }} | |
| run: | | |
| jarsigner -tsa http://timestamp.digicert.com -verbose -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg pkcs11properties.cfg -sigalg SHA256withRSA -signedjar ${{ inputs.signed_binary_name}} spice.taco $DIGICERT_KEY_ALIAS | |
| shell: bash | |
| - name: Upload to release | |
| uses: softprops/action-gh-release@v2 | |
| if: startsWith(github.ref, 'refs/tags/') | |
| with: | |
| draft: true | |
| prerelease: true | |
| fail_on_unmatched_files: true | |
| files: ${{ inputs.signed_binary_name }} |