OSSign Waiting Loop #3
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file implements a waiting loop to check for signed files from OSSign. | |
| # You need to create the environment "Signatures" (or another name) in your repository | |
| # and set a waiting period to change the interval. If you do not set a waiting period, this workflow will run again directly after it has finished every time. | |
| name: OSSign Waiting Loop | |
| on: | |
| # You can also manually start this workflow with the ID printed out in the dispatch workflow | |
| workflow_dispatch: | |
| inputs: | |
| workflow_id: | |
| description: 'The workflow ID from dispatch' | |
| required: true | |
| type: string | |
| attempt: | |
| required: false | |
| description: 'The attempt number' | |
| type: number | |
| default: 1 | |
| max_attempts: | |
| required: false | |
| description: 'The maximum number of attempts (times the waiting period duration you set in the environment gives the max wait time, e.g. 30 minutes * 48 = 24 hours)' | |
| type: number | |
| default: 100 | |
| jobs: | |
| wait-and-check: | |
| runs-on: ubuntu-latest | |
| # This job uses an environment with a wait period set in the policy to work around the fact that you cannot pause workflows | |
| environment: Signatures | |
| permissions: | |
| # Needs actions: write to be able to dispatch workflows | |
| actions: write | |
| # Uses contents: write to be able to read and write workflow artifacts | |
| contents: write | |
| steps: | |
| # Checks if the attempt threshold was reached, if yes, exits with error | |
| - name: Check if the threshold has been reached | |
| shell: bash | |
| run: | | |
| if [ ${{ github.event.inputs.attempt }} -gt ${{ github.event.inputs.max_attempts }} ]; then | |
| echo "Maximum number of attempts reached, exiting." | |
| exit 1 | |
| fi | |
| - name: Check if signing is finished | |
| id: check | |
| uses: ossign/actions/workflow/dispatch@main | |
| with: | |
| username: ${{ secrets.OSSIGN_USER }} | |
| token: ${{ secrets.OSSIGN_TOKEN }} | |
| single_check: ${{ github.event.inputs.workflow_id }} | |
| # You can replace this step with another that downloads the signed artifacts and uploads them to releases | |
| # The data returnjed in signed_artifacts is: | |
| # [ | |
| # { | |
| # "id": "Release artifact ID", | |
| # "name": "Filename.exe", | |
| # "url": "https://api.github.com/repos/OSSign/exampleuser--examplerepo/releases/assets/[releaseArtifactID]", | |
| # "browser_download_url": "https://github.com/OSSign/exampleuser--examplerepo/releases/download/[releaseArtifactID]/Filename.exe" | |
| # } | |
| # ] | |
| - name: If artifacts were returned, we are done! | |
| if: steps.check.outputs.signed_artifacts != '' | |
| run: | | |
| echo "Signing complete, signed artifacts: ${{ steps.check.outputs.signed_artifacts }}" | |
| # If the signature was not finished, increase the attempt counter and restart the workflow | |
| - name: Increase attempt counter | |
| if: steps.check.outputs.signed_artifacts == '' | |
| id: increased | |
| run: | | |
| echo "Attempt ${{ github.event.inputs.attempt }} failed, will try again." | |
| echo "attempt_no=$(( ${{ github.event.inputs.attempt }} + 1 ))" >> $GITHUB_OUTPUT | |
| - name: If signing is not finished, restart the workflow | |
| if: steps.check.outputs.signed_artifacts == '' | |
| uses: benc-uk/workflow-dispatch@v1 | |
| with: | |
| workflow: wait-signature.yml | |
| inputs: | | |
| { | |
| "workflow_id": "${{ github.event.inputs.workflow_id }}", | |
| "attempt": "${{ steps.increased.outputs.attempt_no }}" | |
| } |