@@ -507,113 +507,112 @@ jobs:
507507retention-days : 7
508508 if-no-files-found : error
509509
510- # TODO Temporarily disabled to avoid accidental publish while testing
511- # publish-github:
512- # runs-on: ubuntu-latest
513- # needs: [configure, build, sign-windows-installer]
514- # if: ${{ startsWith(github.ref, 'refs/tags/v') && github.event_name != 'workflow_dispatch' }}
515- # env:
516- # VERSION: ${{ needs.configure.outputs.k6_version }}
517- # permissions:
518- # actions: read
519- # contents: write
520- # steps:
521- # - name: Checkout code
522- # uses: actions/checkout@v5
523- # with:
524- # persist-credentials: false
525- # - name: Download signed binaries
526- # uses: actions/download-artifact@v4
527- # with:
528- # name: binaries-signed
529- # path: dist
530- # - name: Download signed Windows binaries
531- # uses: actions/download-artifact@v4
532- # with:
533- # name: binaries-windows-signed
534- # path: dist
535- # - name: Generate checksum file
536- # run: cd dist && sha256sum * > "k6-${VERSION}-checksums.txt"
537- # - name: Anchore SBOM Action
538- # continue-on-error: true
539- # uses: anchore/sbom-action@7b36ad622f042cab6f59a75c2ac24ccb256e9b45 # v0.20.4
540- # with:
541- # artifact-name: k6-${{ env.VERSION }}-spdx.json
542- # upload-release-assets: false
543- # output-file: dist/k6-${{ env.VERSION }}-spdx.json
544- # - name: Create release
545- # env:
546- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
547- # run: |
548- # set -x
549- # assets=()
550- # for asset in ./dist/*; do
551- # assets+=("$asset")
552- # done
553- # gh release create "$VERSION" "${assets[@]}" --target "$GITHUB_SHA" -F "./release notes/${VERSION}.md"
554-
555- # publish-packages:
556- # runs-on: ubuntu-latest
557- # needs: [configure, build, sign-windows-installer]
558- # if: ${{ startsWith(github.ref, 'refs/tags/v') && github.event_name != 'workflow_dispatch' }}
559- # env:
560- # VERSION: ${{ needs.configure.outputs.k6_version }}
561- # permissions:
562- # actions: read
563- # contents: read
564- # packages: read
565- # id-token: write # Required for Vault
566- # steps:
567- # - name: Checkout code
568- # uses: actions/checkout@v5
569- # with:
570- # persist-credentials: false
571- # - name: Download signed binaries
572- # uses: actions/download-artifact@v4
573- # with:
574- # name: binaries-signed
575- # path: dist
576- # - name: Download signed Windows binaries
577- # uses: actions/download-artifact@v4
578- # with:
579- # name: binaries-windows-signed
580- # path: dist
581- # - name: Rename binaries
582- # # To be consistent with the filenames used in dl.k6.io
583- # run: |
584- # mv "dist/k6-$VERSION-windows-amd64.msi" "dist/k6-$VERSION-amd64.msi"
585- # mv "dist/k6-$VERSION-linux-amd64.rpm" "dist/k6-$VERSION-amd64.rpm"
586- # mv "dist/k6-$VERSION-linux-amd64.deb" "dist/k6-$VERSION-amd64.deb"
587- # - uses: grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets/v1.3.0
588- # with:
589- # repo_secrets: |
590- # IAM_ROLE_ARN=deploy:packager-iam-role
591- # AWS_CF_DISTRIBUTION=cloudfront:AWS_CF_DISTRIBUTION
592- # PGP_SIGN_KEY_PASSPHRASE=pgp:PGP_SIGN_KEY_PASSPHRASE
593- # PGP_SIGN_KEY=pgp:PGP_SIGN_KEY
594- # S3_BUCKET=s3:AWS_S3_BUCKET
595- # - uses: grafana/shared-workflows/actions/aws-auth@aws-auth/v1.0.2
596- # with:
597- # aws-region: "us-east-2"
598- # role-arn: ${{ env.IAM_ROLE_ARN }}
599- # set-creds-in-environment: true
600- # - name: Setup docker compose environment
601- # run: |
602- # cat > packaging/.env <<EOF
603- # AWS_ACCESS_KEY_ID=${env.AWS_ACCESS_KEY_ID}
604- # AWS_CF_DISTRIBUTION="${AWS_CF_DISTRIBUTION}"
605- # AWS_DEFAULT_REGION=us-east-2
606- # AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
607- # AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}
608- # PGP_SIGN_KEY_PASSPHRASE=${PGP_SIGN_KEY_PASSPHRASE}
609- # S3_BUCKET=${S3_BUCKET}
610- # EOF
611- # echo "${PGP_SIGN_KEY}" > packaging/sign-key.gpg
612- # - name: Publish packages
613- # env:
614- # GITHUB_ACTOR: ${{ github.actor }}
615- # run: |
616- # echo "${{ secrets.GITHUB_TOKEN }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
617- # cd packaging
618- # docker compose pull packager
619- # docker compose run --rm packager
510+ publish-github :
511+ runs-on : ubuntu-latest
512+ needs : [configure, build, sign-windows-installer]
513+ if : ${{ startsWith(github.ref, 'refs/tags/v') && github.event_name != 'workflow_dispatch' }}
514+ env :
515+ VERSION : ${{ needs.configure.outputs.k6_version }}
516+ permissions :
517+ actions : read
518+ contents : write
519+ steps :
520+ - name : Checkout code
521+ uses : actions/checkout@v5
522+ with :
523+ persist-credentials : false
524+ - name : Download signed binaries
525+ uses : actions/download-artifact@v4
526+ with :
527+ name : binaries-signed
528+ path : dist
529+ - name : Download signed Windows binaries
530+ uses : actions/download-artifact@v4
531+ with :
532+ name : binaries-windows-signed
533+ path : dist
534+ - name : Generate checksum file
535+ run : cd dist && sha256sum * > "k6-${VERSION}-checksums.txt"
536+ - name : Anchore SBOM Action
537+ continue-on-error : true
538+ uses : anchore/sbom-action@7b36ad622f042cab6f59a75c2ac24ccb256e9b45 # v0.20.4
539+ with :
540+ artifact-name : k6-${{ env.VERSION }}-spdx.json
541+ upload-release-assets : false
542+ output-file : dist/k6-${{ env.VERSION }}-spdx.json
543+ - name : Create release
544+ env :
545+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
546+ run : |
547+ set -x
548+ assets=()
549+ for asset in ./dist/*; do
550+ assets+=("$asset")
551+ done
552+ gh release create "$VERSION" "${assets[@]}" --target "$GITHUB_SHA" -F "./release notes/${VERSION}.md"
553+
554+ publish-packages :
555+ runs-on : ubuntu-latest
556+ needs : [configure, build, sign-windows-installer]
557+ if : ${{ startsWith(github.ref, 'refs/tags/v') && github.event_name != 'workflow_dispatch' }}
558+ env :
559+ VERSION : ${{ needs.configure.outputs.k6_version }}
560+ permissions :
561+ actions : read
562+ contents : read
563+ packages : read
564+ id-token : write # Required for Vault
565+ steps :
566+ - name : Checkout code
567+ uses : actions/checkout@v5
568+ with :
569+ persist-credentials : false
570+ - name : Download signed binaries
571+ uses : actions/download-artifact@v4
572+ with :
573+ name : binaries-signed
574+ path : dist
575+ - name : Download signed Windows binaries
576+ uses : actions/download-artifact@v4
577+ with :
578+ name : binaries-windows-signed
579+ path : dist
580+ - name : Rename binaries
581+ # To be consistent with the filenames used in dl.k6.io
582+ run : |
583+ mv "dist/k6-$VERSION-windows-amd64.msi" "dist/k6-$VERSION-amd64.msi"
584+ mv "dist/k6-$VERSION-linux-amd64.rpm" "dist/k6-$VERSION-amd64.rpm"
585+ mv "dist/k6-$VERSION-linux-amd64.deb" "dist/k6-$VERSION-amd64.deb"
586+ uses : grafana/shared-workflows/actions/get-vault-secrets@get-vault-secrets/v1.3.0
587+ with :
588+ repo_secrets : |
589+ IAM_ROLE_ARN=deploy:packager-iam-role
590+ AWS_CF_DISTRIBUTION=cloudfront:AWS_CF_DISTRIBUTION
591+ PGP_SIGN_KEY_PASSPHRASE=pgp:PGP_SIGN_KEY_PASSPHRASE
592+ PGP_SIGN_KEY=pgp:PGP_SIGN_KEY
593+ S3_BUCKET=s3:AWS_S3_BUCKET
594+ uses : grafana/shared-workflows/actions/aws-auth@aws-auth/v1.0.2
595+ with :
596+ aws-region : " us-east-2"
597+ role-arn : ${{ env.IAM_ROLE_ARN }}
598+ set-creds-in-environment : true
599+ - name : Setup docker compose environment
600+ run : |
601+ cat > packaging/.env <<EOF
602+ AWS_ACCESS_KEY_ID=${env.AWS_ACCESS_KEY_ID}
603+ AWS_CF_DISTRIBUTION="${AWS_CF_DISTRIBUTION}"
604+ AWS_DEFAULT_REGION=us-east-2
605+ AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
606+ AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}
607+ PGP_SIGN_KEY_PASSPHRASE=${PGP_SIGN_KEY_PASSPHRASE}
608+ S3_BUCKET=${S3_BUCKET}
609+ EOF
610+ echo "${PGP_SIGN_KEY}" > packaging/sign-key.gpg
611+ name : Publish packages
612+ env :
613+ GITHUB_ACTOR : ${{ github.actor }}
614+ run : |
615+ echo "${{ secrets.GITHUB_TOKEN }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin
616+ cd packaging
617+ docker compose pull packager
618+ docker compose run --rm packager
0 commit comments