Autocreate signed tag/sigs [skip ci]

Sigil-Ebook · Jul 21, 2021 · 344554c · 344554c
1 parent f8200d3
commit 344554c
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 1 deletion.
diff --git a/.github/workflows/create_tag.yml b/.github/workflows/create_tag.yml
@@ -0,0 +1,68 @@
+name: Create Signed Tag Manually
+
+on:
+  workflow_dispatch: 
+    branches: master
+    inputs:
+      tag_name:
+        description: 'Tag name to create'
+        required: true
+        default: ''
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+      with:
+        token: ${{ secrets.ROBO_ACTIONS }}
+
+    - name: Check Tag Name
+      id: check_tag_name
+      if: ${{ github.event.inputs.tag_name != '' }}
+      uses: actions-ecosystem/action-regex-match@v2
+      with:
+        text: ${{ github.event.inputs.tag_name }}
+        regex: '^\d+\.\d+\.\d+$'
+
+
+    - name: GPG Import
+      if: ${{ steps.check_tag_name.outputs.match != '' }}
+      uses: crazy-max/ghaction-import-gpg@v3
+      with:
+        gpg-private-key: ${{ secrets.SIGNING_BONUS_TAGS }}
+        passphrase: ${{ secrets.SIGNING_BONUS_PHRASE }}
+        git-user-signingkey: true
+        git-tag-gpgsign: true
+
+    - name: Sign and Push Tag
+      id: create_archive
+      if: ${{ steps.check_tag_name.outputs.match != '' }}
+      run: |
+        git tag -s ${{ github.event.inputs.tag_name }} -m 'Tag for ${{ github.event.inputs.tag_name }} release'
+        git push origin ${{ github.event.inputs.tag_name }}
+        REPO=$(basename "$(pwd)")
+        TAG=${{ github.event.inputs.tag_name }}
+        FNAME=${REPO}-${TAG#v}
+        echo "::set-output name=fname::$FNAME"
+        URL="https://github.com/$GITHUB_REPOSITORY/archive/refs/tags/${{ github.event.inputs.tag_name }}.zip"
+        git archive --prefix=${REPO}-${TAG#v}/ -o ${FNAME}.tar.gz ${TAG}
+        gpg --detach-sign --pinentry-mode loopback --passphrase ${{ secrets.SIGNING_BONUS_PHRASE }} ${FNAME}.tar.gz
+        curl -L -o ${FNAME}.zip ${URL}
+        gpg --detach-sign --pinentry-mode loopback --passphrase ${{ secrets.SIGNING_BONUS_PHRASE }} ${FNAME}.zip
+
+    - name: Create Release
+      if: ${{ steps.check_tag_name.outputs.match != '' }}
+      uses: ncipollo/release-action@v1
+      with:
+        token: ${{ secrets.ROBO_ACTIONS }}
+        name: ${{ steps.create_archive.outputs.fname }}
+        tag: ${{ github.event.inputs.tag_name }}
+        body: |
+          Changes in this Release
+          - First Change
+          - Second Change
+        draft: true
+        prerelease: false
+        artifacts: "./${{ steps.create_archive.outputs.fname }}.tar.gz.sig, ./${{ steps.create_archive.outputs.fname }}.zip.sig"
diff --git a/.github/workflows/make_post.py b/.github/workflows/make_post.py
@@ -73,7 +73,7 @@ def main(argv):
         j = json.load(f)
     r = j['release']
     date = parser.parse(r['published_at'])
-    title = r['name']
+    title = r['name'] + ' Released'
 
     # file name for blog post
     filename = os.path.join('.', date.strftime('%Y-%m-%d') + '-' + title.lower().replace(' ', '-') + '.md')