Skip to content
release

release #17

Sign in to view logs

release

release #17

Workflow file for this run

.github/workflows/release.yml at ef2547b
name: release
on:
workflow_dispatch:
inputs:
workflow_run_id:
description: 'ID of the workflow run to fetch artifacts from'
required: true
type: string
signed_binary_name:
description: 'Name of the signed binary'
required: false
default: 'spiceai.taco'
type: string
release:
types: [created]
jobs:
release:
runs-on: code-signing
environment: signed_release
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- name: Download Artifact
uses: actions/download-artifact@v4
with:
name: spice.unsigned.taco
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ inputs.workflow_run_id }}
- name: Copy unsigned taco
run: |
cp spice.taco ${{ inputs.signed_binary_name }}
echo "Signed binary name: ${{ inputs.signed_binary_name }}"
- name: Set up Java for signing
uses: actions/setup-java@v4
with:
java-version: '11'
distribution: 'zulu'
- name: Sign ${{ inputs.signed_binary_name }}
shell: powershell
env:
DIGICERT_TOKEN_PASSWORD: ${{ secrets.DIGICERT_TOKEN_PASSWORD }}
DIGICERT_KEY_ALIAS: ${{ secrets.DIGICERT_KEY_ALIAS }}
DIGICERT_TOKEN_CFG_PATH: ${{ secrets.DIGICERT_TOKEN_CFG_PATH }}
run: .\sign.ps1"
- name: Upload ${{ inputs.signed_binary_name }}
uses: actions/upload-artifact@v4
with:
name: ${{ inputs.signed_binary_name }}
path: ${{ inputs.signed_binary_name }}
- name: Upload to release
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
draft: true
prerelease: true
fail_on_unmatched_files: true
files: ${{ inputs.signed_binary_name }}