Publish new release #168
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish new release | |
on: | |
schedule: | |
- cron: "0 0 * * 0" | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
publish: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get latest release | |
id: get-latest-release | |
run: | | |
echo "updated=false" >> $GITHUB_ENV | |
CURRENT_VERSION="$(curl -s -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/LibreScore/app-librescore/releases/latest | jq --raw-output ".tag_name")" | |
LATEST_VERSION="$(curl -s -u ${{ secrets.LIBRESCORE_USERNAME }}:${{ secrets.LIBRESCORE_TOKEN }} -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/LibreScore/${{ secrets.LIBRESCORE_REPO_A }}/releases/latest | jq --raw-output ".tag_name")" | |
echo "CURRENT_VERSION=$CURRENT_VERSION" >> "$GITHUB_ENV" | |
echo "LATEST_VERSION=$LATEST_VERSION" >> "$GITHUB_ENV" | |
if [[ $CURRENT_VERSION != $LATEST_VERSION ]]; then | |
echo "updated=true" >> $GITHUB_ENV | |
fi | |
for i in {0..10}; do | |
curl -s -LJO -H "Accept: application/octet-stream" -u ${{ secrets.LIBRESCORE_USERNAME }}:${{ secrets.LIBRESCORE_TOKEN }} "https://api.github.com/repos/LibreScore/${{ secrets.LIBRESCORE_REPO_A }}/releases/assets/"$(curl -s -u ${{ secrets.LIBRESCORE_USERNAME }}:${{ secrets.LIBRESCORE_TOKEN }} https://api.github.com/repos/LibreScore/${{ secrets.LIBRESCORE_REPO_A }}/releases/latest | jq --raw-output ".assets[$i].id")"" | |
done | |
echo "tag_name=$(curl -s -u ${{ secrets.LIBRESCORE_USERNAME }}:${{ secrets.LIBRESCORE_TOKEN }} -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/LibreScore/${{ secrets.LIBRESCORE_REPO_A }}/releases/latest | jq --raw-output ".tag_name")" >> $GITHUB_ENV | |
- name: Update token | |
if: env.updated == 'true' | |
run: | | |
jwt_header=$(echo -n '{"alg":"HS256","typ":"JWT"}' | base64 | sed s/\+/-/g | sed 's/\//_/g' | sed -E s/=+$//) | |
payload=$(echo -n '{"role":"client","version":"'"${{ steps.get-latest-release.outputs.LATEST_VERSION }}"'"}' | base64 | sed s/\+/-/g |sed 's/\//_/g' | sed -E s/=+$//) | |
secret="${{ secrets.PG_SECRET }}" | |
hexsecret=$(echo -n "$secret" | xxd -p | paste -sd "") | |
hmac_signature=$(echo -n "${jwt_header}.${payload}" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$hexsecret -binary | base64 | sed s/\+/-/g | sed 's/\//_/g' | sed -E s/=+$//) | |
jwt="${jwt_header}.${payload}.${hmac_signature}" | |
git -C $HOME clone --single-branch --no-tags --depth=1 https://${{ secrets.LIBRESCORE_USERNAME }}:${{ secrets.LIBRESCORE_TOKEN }}@github.com/LibreScore/${{ secrets.LIBRESCORE_REPO_A }} | |
cd $HOME/${{ secrets.LIBRESCORE_REPO_A }} | |
sed -ri 's/"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.+"/echo \\ \\ \\ \\ \\ \\ \\"'"$jwt"'\\"\\;/e' lib/utils/db_api.dart | |
git config user.name github-actions | |
git config user.email [email protected] | |
git add -A | |
git commit -m "chore: update token" | |
git push --atomic origin master | |
echo "${{ secrets.SSH_KEY }}" | base64 --decode > $HOME/id_rsa | |
chmod 600 $HOME/id_rsa | |
ssh -i $HOME/id_rsa -o StrictHostKeyChecking=accept-new ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_DOMAIN }} -p ${{ secrets.SSH_PORT }} 'sudo -u postgres psql librescore -c "create or replace function auth.check_token() returns void language plpgsql as \$\$ begin if current_setting('"'request.jwt.claims', true)::json->>'version' not in ('server', '${{ env.CURRENT_VERSION }}', '${{ env.LATEST_VERSION }}') then raise insufficient_privilege using hint = 'Outdated version'"'; end if; end \$\$;"' | |
- name: Upload assets | |
if: env.updated == 'true' | |
uses: softprops/action-gh-release@v1 | |
with: | |
token: ${{ secrets.LIBRESCORE_TOKEN }} | |
body: '## Download | |
| <img src="https://upload.wikimedia.org/wikipedia/commons/e/e2/Windows_logo_and_wordmark_-_2021.svg" width="512"> | <img src="https://upload.wikimedia.org/wikipedia/commons/2/21/MacOS_wordmark_%282017%29.svg" width="512"> | <img src="https://upload.wikimedia.org/wikipedia/commons/3/35/Tux.svg" width="512"> | <img src="https://upload.wikimedia.org/wikipedia/commons/3/31/Android_robot_head.svg" width="512"> | | |
| :---: | :---: | :---: | :---: | | |
| Windows (7+) (64-bit only) | macOS (10.14+) (Rosetta 2) | Linux (64-bit only) | Android (6.0+) | | |
| [Download (EXE)](https://github.com/LibreScore/app-librescore/releases/download/${{ env.tag_name }}/LibreScore.exe) | [Download (DMG)](https://github.com/LibreScore/app-librescore/releases/download/${{ env.tag_name }}/LibreScore.dmg) | [Download (AppImage)](https://github.com/LibreScore/app-librescore/releases/download/${{ env.tag_name }}/LibreScore.AppImage) | [Download (APK)](https://github.com/LibreScore/app-librescore/releases/download/${{ env.tag_name }}/LibreScore.apk) | | |
### Having trouble? | |
Installation instructions are in the [README](https://github.com/LibreScore/app-librescore/blob/master/README.md) file.' | |
tag_name: ${{ env.tag_name }} | |
files: | | |
./LibreScore.AppImage | |
./LibreScore.apk | |
./LibreScore-arm64-v8a.apk | |
./LibreScore-armeabi-v7a.apk | |
./LibreScore-x86_64.apk | |
./LibreScoreMsix.exe | |
./LibreScoreInno.exe | |
./LibreScore.exe | |
./LibreScore.zip | |
./LibreScore.dmg | |
./LibreScore.pkg | |
- name: Delete workflow run | |
if: env.updated == 'false' | |
run: | | |
curl -s -i -u ${{ secrets.LIBRESCORE_USERNAME }}:${{ secrets.LIBRESCORE_TOKEN }} -d '{"event_type":"delete_action","client_payload":{"run_id":"'"${{ github.run_id }}"'","repo":"LibreScore/app-librescore"}}' -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/LibreScore/actions/dispatches |