Release #167
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - '**' | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: registry.gitlab.com/islandoftex/images/texlive:latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Fixup Run actions/checkout | |
| run: git config --global --add safe.directory '*' | |
| - name: Generate the revision file | |
| run: | | |
| export tagname=$(git describe --abbrev=0 --tags) | |
| export revision=$(git describe --tags) | |
| export tagdate=$(git log -n 1 "$tagname" --pretty=format:%cs) | |
| export revisiondate=$(git log -n 1 "$revision" --pretty=format:%cs) | |
| l3build tag --date "$tagdate" "$tagname" | |
| cat tex/generic/pgf/pgf.revision.tex | |
| echo "tagname=$tagname" >> $GITHUB_ENV | |
| echo "tagdate=$tagdate" >> $GITHUB_ENV | |
| - name: Prepare release notes | |
| run: | | |
| awk '/^## \[${{ env.tagname }}\]/ && !seen { seen=1; print; next } /^## / && seen { exit } seen { print }' \ | |
| doc/generic/pgf/CHANGELOG.md | tee RELEASE_NOTES.md | |
| if ! [ -s RELEASE_NOTES.md ]; then | |
| >&2 echo "RELEASE_NOTES.md is empty! Does the release ${{ env.tagname }} exist?" | |
| exit 1 | |
| fi | |
| cat <<'EOF' | tee CTAN_NOTES.md | |
| The release files are signed using a detached signature. You can obtain the | |
| signature from the GitHub release page | |
| https://github.com/pgf-tikz/pgf/releases/download/${{ env.tagname }}/pgf_${{ env.tagname }}.ctan.flatdir.zip.sig | |
| EOF | |
| - name: l3build ctan | |
| run: | | |
| l3build ctan | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: pgfmanual | |
| path: build/doc/pgfmanual.pdf | |
| - name: "ZIP: Sign" | |
| env: | |
| GPG_SECRET_KEY: ${{ secrets.GPG_SECRET_KEY }} | |
| GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }} | |
| run: | | |
| # get the keys | |
| printenv GPG_SECRET_KEY > "pgf.sec" | |
| printenv GPG_PUBLIC_KEY > "pgf.pub" | |
| export GNUPGHOME=$(mktemp -d) | |
| install -dm 0700 "$GNUPGHOME" | |
| gpg --import "pgf.sec" | |
| gpg --armor --output "pgf.tds.zip.sig" --detach-sign "pgf.tds.zip" | |
| gpg --armor --output "pgf.ctan.flatdir.zip.sig" --detach-sign "pgf.ctan.flatdir.zip" | |
| rm -rf "$GNUPGHOME" | |
| # verify the signature against the distributed public key | |
| export GNUPGHOME=$(mktemp -d) | |
| install -dm 0700 "$GNUPGHOME" | |
| gpg --import "pgf.pub" | |
| gpg --verify "pgf.tds.zip.sig" | |
| gpg --verify "pgf.ctan.flatdir.zip.sig" | |
| rm -rf "$GNUPGHOME" | |
| - name: "Release: create" | |
| uses: actions/create-release@v1 | |
| id: create_release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: ${{ env.tagname }} | |
| release_name: ${{ env.tagname }} | |
| body_path: RELEASE_NOTES.md | |
| - name: "Release: upload assets" | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const { basename, extname } = require('path'); | |
| const { readFile } = require('fs').promises; | |
| const release_id = '${{ steps.create_release.outputs.id }}' | |
| console.log('Release ID:', release_id) | |
| for (const { path, name } of [ | |
| { path: './build/doc/pgfmanual.pdf', | |
| name: 'pgfmanual-${{ env.tagname }}.pdf' }, | |
| { path: './pgf.pub', | |
| name: 'pgf-${{ env.tagname }}.pub' }, | |
| { path: './pgf.tds.zip', | |
| name: 'pgf_${{ env.tagname }}.tds.zip' }, | |
| { path: './pgf.tds.zip.sig', | |
| name: 'pgf_${{ env.tagname }}.tds.zip.sig' }, | |
| { path: './pgf.ctan.flatdir.zip', | |
| name: 'pgf_${{ env.tagname }}.ctan.flatdir.zip' }, | |
| { path: './pgf.ctan.flatdir.zip.sig', | |
| name: 'pgf_${{ env.tagname }}.ctan.flatdir.zip.sig' } | |
| ]) { | |
| console.log('uploadReleaseAsset:', path, '->', name) | |
| await github.rest.repos.uploadReleaseAsset({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| release_id: release_id, | |
| name: name, | |
| data: await readFile(path) | |
| }); | |
| } | |
| - name: "CTAN: Validate" | |
| run: | | |
| # temp workaround for l3build 2022-11-10 | |
| # see https://github.com/latex3/l3build/issues/264 | |
| echo "n" | l3build upload --dry-run --date "$tagdate" "$tagname" | |
| - name: "CTAN: Upload" | |
| if: github.repository == 'pgf-tikz/pgf' | |
| run: | | |
| # temp workaround for l3build 2022-11-10 | |
| # https://github.com/latex3/l3build/issues/265 | |
| echo "y" | l3build upload --date "$tagdate" "$tagname" |