Change: [CI] Use Cloudflare R2 as CDN

OpenTTD · Jun 30, 2023 · 64e95a7 · 64e95a7
1 parent 110489f
commit 64e95a7
Showing 1 changed file with 32 additions and 12 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -24,27 +24,29 @@ jobs:
         fetch-depth: 0
 
     - name: Set variables
-      shell: bash
       id: vars
+      env:
+        CDN_SIGNING_KEY: ${{ secrets.CDN_SIGNING_KEY }}
+      shell: bash
       run: |
         FULL_VERSION=$(./findversion.sh)
         RELEASE_DATE=$(TZ='UTC' date +"%Y-%m-%d %H:%M UTC")
         VERSION=$(echo "${FULL_VERSION}" | cut -f 1 -d$'\t')
         IS_TAG=$(echo "${FULL_VERSION}" | cut -f 5 -d$'\t')
 
         # If this secret is not set, we are doing a dryrun. This means that
-        # people who fork this repository will not try to publish this to AWS
+        # people who fork this repository will not try to publish this to CDN
         # (as that will most likely fail anyway).
-        if [ -z "${{ secrets.CDN_S3_BUCKET }}" ]; then
+        if [ -z "${CDN_SIGNING_KEY}" ]; then
           DRY_RUN="true"
         else
           DRY_RUN="false"
         fi
 
         REPO_NAME=$(echo ${{ github.repository }} | cut -d/ -f2 | tr [A-Z] [a-z])
-        # If we run on "schedule", we are producting a nightly. Otherwise it
-        # is a tag, so a release.
-        if [ "${{ github.event_name }}" = "schedule" ]; then
+        # If we run on "schedule" / "workflow-dispatch", we are producting a nightly.
+        # Otherwise it is a release.
+        if [ "${{ github.event_name }}" = "schedule" ] || [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
           FOLDER="${REPO_NAME}-nightlies"
 
           # Download the latest version we published; if we are different, it
@@ -93,7 +95,7 @@ jobs:
       shell: bash
       run: |
         sudo apt update
-        sudo apt install -y gimp grfcodec --no-install-recommends
+        sudo apt install -y gimp grfcodec libfile-mimeinfo-perl --no-install-recommends
 
         python -m pip install --upgrade pip
         python -m pip install nml
@@ -138,13 +140,31 @@ jobs:
     - if: steps.vars.outputs.dry-run == 'false' && steps.vars.outputs.skip == 'false'
       name: Publish
       id: publish
+      env:
+        CDN_SIGNING_KEY: ${{ secrets.CDN_SIGNING_KEY }}
       shell: bash
       run: |
-        aws s3 cp --recursive --only-show-errors bundles/ s3://${{ secrets.CDN_S3_BUCKET }}/${{ steps.vars.outputs.folder }}/${{ steps.vars.outputs.version }}/
-      env:
-        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
+        echo "${CDN_SIGNING_KEY}" > cdn_signing_key.pem
+
+        cd bundles
+
+        for i in $(ls); do
+          echo "Uploading ${i} ..."
+
+          FILENAME="${{ steps.vars.outputs.folder }}/${{ steps.vars.outputs.version }}/${i}"
+          SIGNATURE=$(echo -n "${FILENAME}" | openssl dgst -sha256 -sign ../cdn_signing_key.pem | base64 -w0)
+          CONTENT_TYPE=$(mimetype -b ${i})
+
+          curl \
+            -s \
+            --fail \
+            -X PUT \
+            -T ${i} \
+            -H "Content-Type: ${CONTENT_TYPE}" \
+            -H "X-Signature: ${SIGNATURE}" \
+            -H "User-Agent: cdn-upload/1.0" \
+            https://cdn-preview.openttd.org/${FILENAME}
+        done
 
     - if: steps.vars.outputs.dry-run == 'false' && steps.vars.outputs.skip == 'false'
       name: Trigger 'update CDN'