mirror of
https://github.com/certbot/certbot.git
synced 2026-05-21 17:57:19 -04:00
86 lines
2.7 KiB
YAML
86 lines
2.7 KiB
YAML
name: Deploy snaps
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
snapReleaseChannel:
|
|
description: 'snap channel to release to'
|
|
required: true
|
|
type: string
|
|
secrets:
|
|
SNAPCRAFTCFG:
|
|
required: true
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
env:
|
|
SNAP_RELEASE_CHANNEL: "${{ inputs.snapReleaseChannel }}"
|
|
|
|
jobs:
|
|
# This job relies on credentials used to publish the Certbot snaps. This
|
|
# credential file was created by running:
|
|
#
|
|
# snapcraft logout
|
|
# snapcraft export-login --channels=beta,edge snapcraft.cfg
|
|
# (provide the shared snapcraft credentials when prompted)
|
|
#
|
|
# Then the contents of the file were added as a secret in Github
|
|
# with the name SNAPCRAFTCFG under the Secrets and Variables -> Actions
|
|
# section of the settings for the certbot organization.
|
|
#
|
|
# Revoking these credentials can be done by changing the password of the
|
|
# account used to generate the credentials. See
|
|
# https://forum.snapcraft.io/t/revoking-exported-credentials/19031 for more
|
|
# info.
|
|
publish_snap:
|
|
name: Publish snap
|
|
if: ${{ inputs.snapReleaseChannel == 'edge' || inputs.snapReleaseChannel == 'beta' }}
|
|
runs-on:
|
|
- 'ubuntu-24.04'
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
SNAP_ARCH: [amd64, armhf, arm64]
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
- name: Install dependencies
|
|
run: |-
|
|
sudo apt-get update
|
|
sudo apt-get install -y --no-install-recommends snapd
|
|
sudo snap install --classic snapcraft
|
|
shell: bash
|
|
- name: Retrieve Certbot snaps
|
|
if: ${{ matrix.SNAP_ARCH == 'armhf' }}
|
|
uses: actions/download-artifact@v8.0.1
|
|
with:
|
|
name: snaps_${{ matrix.SNAP_ARCH }}
|
|
path: "${{ github.workspace }}/snap"
|
|
- name: Retrieve Certbot snaps
|
|
if: ${{ matrix.SNAP_ARCH != 'armhf' }}
|
|
uses: actions/download-artifact@v8.0.1
|
|
with:
|
|
pattern: snap-*-${{ matrix.SNAP_ARCH }}
|
|
merge-multiple: true
|
|
path: "${{ github.workspace }}/snap"
|
|
- name: Display structure of downloaded files
|
|
run: ls -R "${{ github.workspace }}/snap"
|
|
- name: Publish to Snap store
|
|
run: |-
|
|
export SNAPCRAFT_STORE_CREDENTIALS="${{ secrets.SNAPCRAFTCFG }}"
|
|
for SNAP_FILE in snap/*.snap; do
|
|
tools/retry.sh eval snapcraft upload --release="${SNAP_RELEASE_CHANNEL}" "${SNAP_FILE}"
|
|
done
|
|
shell: bash
|
|
publish_snap_invalid:
|
|
# Fail instead of silently skipping snap release
|
|
name: Fail on invalid snapReleaseChannel
|
|
if: ${{ inputs.snapReleaseChannel != 'edge' && inputs.snapReleaseChannel != 'beta' }}
|
|
runs-on:
|
|
- 'ubuntu-latest'
|
|
steps:
|
|
- name: Fail
|
|
run: exit 1
|
|
shell: bash
|