Skip to content

Release Apollo

Release Apollo #47

Workflow file for this run

---
# kics-scan ignore
name: Release Apollo
defaults:
run:
shell: bash
concurrency:
group: ${{ github.head_ref }}${{ github.ref }}
cancel-in-progress: true
env:
JAVA_VERSION: 17
GITHUB_ACTOR: "hyperledger-bot"
GITHUB_ACTOR_EMAIL: "[email protected]"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
on:
workflow_dispatch:
permissions:
contents: write
packages: write
jobs:
release:
runs-on: macos-13
steps:
- name: "Checkout the repo"
uses: actions/checkout@v4
with:
submodules: recursive
token: ${{ secrets.IDENTUS_CI }}
fetch-depth: 0
gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
gpg-passphrase: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
- name: "Install Java ${{ env.JAVA_VERSION }}"
uses: actions/setup-java@v4
with:
java-version: "${{ env.JAVA_VERSION }}"
distribution: zulu
gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
gpg-passphrase: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
- name: "Install Homebrew"
run: >
/bin/bash -c "$(curl -fsSL
https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
- name: "Install autoconf, automake, libtool"
run: |
brew install autoconf automake libtool
- name: "Install Mac ToolChain"
run: |
brew tap messense/macos-cross-toolchains
- name: "Install Linux GNU for x86_64"
run: |
rm -f '/usr/local/bin/2to3'
rm -f '/usr/local/bin/2to3-3.11'
rm -f '/usr/local/bin/2to3-3.12'
rm -f '/usr/local/bin/python3'
rm -f '/usr/local/bin/python3.11'
rm -f '/usr/local/bin/python3.12'
rm -f '/usr/local/bin/idle3'
rm -f '/usr/local/bin/idle3.11'
rm -f '/usr/local/bin/idle3.12'
rm -f '/usr/local/bin/pydoc3'
rm -f '/usr/local/bin/pydoc3.11'
rm -f '/usr/local/bin/pydoc3.12'
rm -f '/usr/local/bin/python3-config'
rm -f '/usr/local/bin/python3.11-config'
rm -f '/usr/local/bin/python3.12-config'
brew install --overwrite x86_64-unknown-linux-gnu
- name: "Install Linux GNU for aarch64"
run: |
brew install --overwrite aarch64-unknown-linux-gnu
- name: "Install Rust Targets"
run: |
rustup target add armv7-linux-androideabi
rustup target add i686-linux-android
rustup target add aarch64-linux-android
rustup target add x86_64-linux-android
rustup target add aarch64-apple-darwin
rustup target add x86_64-apple-darwin
rustup target add aarch64-unknown-linux-gnu
rustup target add x86_64-unknown-linux-gnu
- uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: '15.0.1'
- uses: crazy-max/ghaction-import-gpg@v5
id: import_gpg
with:
gpg_private_key: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
passphrase: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
git_user_signingkey: true
git_commit_gpgsign: true
git_config_global: true
git_tag_gpgsign: false
- name: "Install rust toolchain (Linux)"
if: matrix.os-type == 'linux'
run: sudo apt install rustc build-essential -y
- name: "Install rust toolchain (Macos)"
if: matrix.os-type == 'macos'
run: brew install rustup
- name: "Install wasm-pack"
run: cargo install wasm-pack
- name: "Release"
env:
GITHUB_TOKEN: ${{ secrets.IDENTUS_CI }}
GIT_AUTHOR_EMAIL: ${{ steps.import_gpg.outputs.email }}
GIT_COMMITTER_EMAIL: ${{ steps.import_gpg.outputs.email }}
GIT_AUTHOR_NAME: ${{ steps.import_gpg.outputs.name }}
GIT_COMMITTER_NAME: ${{ steps.import_gpg.outputs.name }}
SONATYPE_USERNAME: ${{ secrets.OSSRH_USERNAME }}
SONATYPE_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
SONATYPE_GPG_SECRET: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
SONATYPE_GPG_PASSWORD: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}
run: |
npm install
npx semantic-release