-
Notifications
You must be signed in to change notification settings - Fork 18
90 lines (76 loc) · 6.31 KB
/
publish_new_release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
name: Publish new release
on:
schedule:
- cron: "0 0 * * 0"
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Get latest release
id: get-latest-release
run: |
echo "updated=false" >> $GITHUB_ENV
CURRENT_VERSION="$(curl -s -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/LibreScore/app-librescore/releases/latest | jq --raw-output ".tag_name")"
LATEST_VERSION="$(curl -s -u ${{ secrets.LIBRESCORE_USERNAME }}:${{ secrets.LIBRESCORE_TOKEN }} -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/LibreScore/${{ secrets.LIBRESCORE_REPO_A }}/releases/latest | jq --raw-output ".tag_name")"
echo "CURRENT_VERSION=$CURRENT_VERSION" >> "$GITHUB_ENV"
echo "LATEST_VERSION=$LATEST_VERSION" >> "$GITHUB_ENV"
if [[ $CURRENT_VERSION != $LATEST_VERSION ]]; then
echo "updated=true" >> $GITHUB_ENV
fi
for i in {0..10}; do
curl -s -LJO -H "Accept: application/octet-stream" -u ${{ secrets.LIBRESCORE_USERNAME }}:${{ secrets.LIBRESCORE_TOKEN }} "https://api.github.com/repos/LibreScore/${{ secrets.LIBRESCORE_REPO_A }}/releases/assets/"$(curl -s -u ${{ secrets.LIBRESCORE_USERNAME }}:${{ secrets.LIBRESCORE_TOKEN }} https://api.github.com/repos/LibreScore/${{ secrets.LIBRESCORE_REPO_A }}/releases/latest | jq --raw-output ".assets[$i].id")""
done
echo "tag_name=$(curl -s -u ${{ secrets.LIBRESCORE_USERNAME }}:${{ secrets.LIBRESCORE_TOKEN }} -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/LibreScore/${{ secrets.LIBRESCORE_REPO_A }}/releases/latest | jq --raw-output ".tag_name")" >> $GITHUB_ENV
- name: Update token
if: env.updated == 'true'
run: |
jwt_header=$(echo -n '{"alg":"HS256","typ":"JWT"}' | base64 | sed s/\+/-/g | sed 's/\//_/g' | sed -E s/=+$//)
payload=$(echo -n '{"role":"client","version":"'"${{ steps.get-latest-release.outputs.LATEST_VERSION }}"'"}' | base64 | sed s/\+/-/g |sed 's/\//_/g' | sed -E s/=+$//)
secret="${{ secrets.PG_SECRET }}"
hexsecret=$(echo -n "$secret" | xxd -p | paste -sd "")
hmac_signature=$(echo -n "${jwt_header}.${payload}" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$hexsecret -binary | base64 | sed s/\+/-/g | sed 's/\//_/g' | sed -E s/=+$//)
jwt="${jwt_header}.${payload}.${hmac_signature}"
git -C $HOME clone --single-branch --no-tags --depth=1 https://${{ secrets.LIBRESCORE_USERNAME }}:${{ secrets.LIBRESCORE_TOKEN }}@github.com/LibreScore/${{ secrets.LIBRESCORE_REPO_A }}
cd $HOME/${{ secrets.LIBRESCORE_REPO_A }}
sed -ri 's/"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.+"/echo \\ \\ \\ \\ \\ \\ \\"'"$jwt"'\\"\\;/e' lib/utils/db_api.dart
git config user.name github-actions
git config user.email [email protected]
git add -A
git commit -m "chore: update token"
git push --atomic origin master
echo "${{ secrets.SSH_KEY }}" | base64 --decode > $HOME/id_rsa
chmod 600 $HOME/id_rsa
ssh -i $HOME/id_rsa -o StrictHostKeyChecking=accept-new ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_DOMAIN }} -p ${{ secrets.SSH_PORT }} 'sudo -u postgres psql librescore -c "create or replace function auth.check_token() returns void language plpgsql as \$\$ begin if current_setting('"'request.jwt.claims', true)::json->>'version' not in ('server', '${{ env.CURRENT_VERSION }}', '${{ env.LATEST_VERSION }}') then raise insufficient_privilege using hint = 'Outdated version'"'; end if; end \$\$;"'
- name: Upload assets
if: env.updated == 'true'
uses: softprops/action-gh-release@v1
with:
token: ${{ secrets.LIBRESCORE_TOKEN }}
body: '## Download
| <img src="https://upload.wikimedia.org/wikipedia/commons/e/e2/Windows_logo_and_wordmark_-_2021.svg" width="512"> | <img src="https://upload.wikimedia.org/wikipedia/commons/2/21/MacOS_wordmark_%282017%29.svg" width="512"> | <img src="https://upload.wikimedia.org/wikipedia/commons/3/35/Tux.svg" width="512"> | <img src="https://upload.wikimedia.org/wikipedia/commons/3/31/Android_robot_head.svg" width="512"> |
| :---: | :---: | :---: | :---: |
| Windows (7+) (64-bit only) | macOS (10.14+) (Rosetta 2) | Linux (64-bit only) | Android (6.0+) |
| [Download (EXE)](https://github.com/LibreScore/app-librescore/releases/download/${{ env.tag_name }}/LibreScore.exe) | [Download (DMG)](https://github.com/LibreScore/app-librescore/releases/download/${{ env.tag_name }}/LibreScore.dmg) | [Download (AppImage)](https://github.com/LibreScore/app-librescore/releases/download/${{ env.tag_name }}/LibreScore.AppImage) | [Download (APK)](https://github.com/LibreScore/app-librescore/releases/download/${{ env.tag_name }}/LibreScore.apk) |
### Having trouble?
Installation instructions are in the [README](https://github.com/LibreScore/app-librescore/blob/master/README.md) file.'
tag_name: ${{ env.tag_name }}
files: |
./LibreScore.AppImage
./LibreScore.apk
./LibreScore-arm64-v8a.apk
./LibreScore-armeabi-v7a.apk
./LibreScore-x86_64.apk
./LibreScoreMsix.exe
./LibreScoreInno.exe
./LibreScore.exe
./LibreScore.zip
./LibreScore.dmg
./LibreScore.pkg
- name: Delete workflow run
if: env.updated == 'false'
run: |
curl -s -i -u ${{ secrets.LIBRESCORE_USERNAME }}:${{ secrets.LIBRESCORE_TOKEN }} -d '{"event_type":"delete_action","client_payload":{"run_id":"'"${{ github.run_id }}"'","repo":"LibreScore/app-librescore"}}' -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/LibreScore/actions/dispatches