Skip to content

Build git-artifacts (x86_64) #208

Build git-artifacts (x86_64)

Build git-artifacts (x86_64) #208

Workflow file for this run

name: git-artifacts
run-name: Build git-artifacts (${{ inputs.architecture }})
on:
workflow_dispatch:
inputs:
artifacts:
description: 'Optionally restrict what artifacts to build (portable, installer, etc.). Separate artifacts with spaces'
required: false
architecture:
type: choice
description: 'Architecture to build'
required: true
options:
- x86_64
- i686
- aarch64
tag_git_workflow_run_id:
description: 'Workflow run ID of the tag-git pipeline'
required: false
existing_git_tag:
description: 'Existing tag to build from. Requires tag_git_workflow_run_id to be empty'
required: false
build_extra_rev_for_existing_git_tag:
description: 'build-extra revision to use if building from an existing Git tag. Required if existing_git_tag is non-empty'
required: false
env:
GPG_OPTIONS: "--batch --yes --no-tty --list-options no-show-photos --verify-options no-show-photos --pinentry-mode loopback"
HOME: "${{github.workspace}}\\home"
USERPROFILE: "${{github.workspace}}\\home"
ARTIFACTS_TO_BUILD: "${{github.event.inputs.artifacts}}"
ARCHITECTURE: "${{github.event.inputs.architecture}}"
OWNER: git-for-windows
REPO: git
TAG_GIT_WORKFLOW_RUN_ID: "${{github.event.inputs.tag_git_workflow_run_id}}"
EXISTING_GIT_TAG: "${{github.event.inputs.existing_git_tag}}"
BUILD_EXTRA_REV_FOR_EXISTING_GIT_TAG: "${{github.event.inputs.build_extra_rev_for_existing_git_tag}}"
defaults:
run:
shell: bash
jobs:
pkg:
runs-on: ${{ github.event.inputs.architecture == 'aarch64' && fromJSON('["Windows", "ARM64"]') || 'windows-latest' }}
outputs:
artifact_matrix: ${{steps.artifact-build-matrix.outputs.matrix}}
msystem: ${{steps.configure-environment.outputs.MSYSTEM}}
mingw_package_prefix: ${{steps.configure-environment.outputs.MINGW_PACKAGE_PREFIX}}
sdk_repo_arch: ${{steps.configure-environment.outputs.SDK_REPO_ARCH}}
check-run-state: ${{steps.check-run-state.outputs.check-run-state}}
steps:
- name: clone git-for-windows-automation
uses: actions/checkout@v4
- name: Construct bundle-artifacts from existing tag
if: env.EXISTING_GIT_TAG != ''
run: |
die () {
echo "$*" >&2
exit 1
}
test -z "$TAG_GIT_WORKFLOW_RUN_ID" ||
die 'existing_git_tag cannot be used with tag_git_workflow_run_id!'
test -n "$BUILD_EXTRA_REV_FOR_EXISTING_GIT_TAG" ||
die 'existing_git_tag needs build_extra_rev_for_existing_git_tag!'
set -o pipefail &&
mkdir -p bundle-artifacts &&
echo "$EXISTING_GIT_TAG" >bundle-artifacts/next_version &&
echo "$EXISTING_GIT_TAG" |
sed -n '/^v[0-9]\+\.[0-9]\+\.[0-9]\+\.windows\.[0-9]\+$/{s/^v//;s/\.windows\.1//;s/\.windows\.\(.*\)/(\1)/;p}' \
>bundle-artifacts/display_version &&
sed 's/(\(.*\))$/.\1/' <bundle-artifacts/display_version >bundle-artifacts/ver &&
echo "GIT_VERSION=$EXISTING_GIT_TAG" >> $GITHUB_ENV &&
git fetch --depth 1 --filter blob:none https://github.com/$OWNER/$REPO "refs/tags/$EXISTING_GIT_TAG:refs/tags/$EXISTING_GIT_TAG" &&
echo "GIT_REV=$(git rev-parse --verify "refs/tags/$EXISTING_GIT_TAG"^0)" >>$GITHUB_ENV
- name: wait if workflow run has not finished yet
if: env.TAG_GIT_WORKFLOW_RUN_ID != ''
uses: actions/github-script@v7
with:
script: |
const { waitForWorkflowRunToFinish } = require('./workflow-runs')
await waitForWorkflowRunToFinish(
console,
'${{ secrets.GITHUB_TOKEN }}',
context.repo.owner,
context.repo.repo,
process.env.TAG_GIT_WORKFLOW_RUN_ID
)
- name: Get bundle-artifacts download URL
uses: actions/github-script@v7
if: env.TAG_GIT_WORKFLOW_RUN_ID != ''
id: get-bundle-artifacts-url
with:
script: |
if (process.env.EXISTING_GIT_TAG || process.env.BUILD_EXTRA_REV_FOR_EXISTING_GIT_TAG) {
throw new Error('tag_git_workflow_run_id cannot be used with existing_git_tag or build_extra_rev_for_existing_git_tag!')
}
const getDownloadURL = require('./get-workflow-run-artifact')
const workflowRunId = process.env.TAG_GIT_WORKFLOW_RUN_ID
core.info('Getting download URL for bundle-artifacts...')
const downloadURL = await getDownloadURL(github, context.repo.owner, context.repo.repo, workflowRunId, 'bundle-artifacts')
core.info(`Successfully got download URL. It expires after 1 minute: ${downloadURL}`)
core.setOutput('download-url', downloadURL)
- name: Download bundle-artifacts zip
if: env.TAG_GIT_WORKFLOW_RUN_ID != ''
run: |
mkdir bundle-artifacts
curl -o bundle-artifacts.zip "${{steps.get-bundle-artifacts-url.outputs.download-url}}"
unzip bundle-artifacts.zip -d bundle-artifacts
echo "GIT_VERSION=$(cat bundle-artifacts/next_version)" >> $GITHUB_ENV
echo "GIT_REV=$(cat bundle-artifacts/git-commit-oid)" >>$GITHUB_ENV
- name: Mirror Check Run to ${{ env.OWNER }}/${{ env.REPO }}
uses: ./.github/actions/check-run-action
with:
app-id: ${{ secrets.GH_APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
owner: ${{ env.OWNER }}
repo: ${{ env.REPO }}
rev: ${{ env.GIT_REV }}
check-run-name: "git-artifacts-${{ env.ARCHITECTURE }}"
title: "Build Git ${{ env.GIT_VERSION }} artifacts"
summary: "Build Git ${{ env.GIT_VERSION }} artifacts from commit ${{ env.GIT_REV }}${{ env.TAG_GIT_WORKFLOW_RUN_ID && format(' (tag-git run #{0})', env.TAG_GIT_WORKFLOW_RUN_ID) || '' }}"
text: "For details, see [this run](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id}})."
details-url: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id}}"
- name: Re-publish bundle-artifacts so the next job can easily use it
uses: actions/upload-artifact@v4
with:
name: bundle-artifacts
path: bundle-artifacts
- name: Configure environment
id: configure-environment
run: |
case "$ARCHITECTURE" in
x86_64)
MSYSTEM=MINGW64
MINGW_PREFIX=/mingw64
MINGW_PACKAGE_PREFIX=mingw-w64-x86_64
SDK_REPO_ARCH=64
;;
i686)
MSYSTEM=MINGW32
MINGW_PREFIX=/mingw32
MINGW_PACKAGE_PREFIX=mingw-w64-i686
SDK_REPO_ARCH=32
;;
aarch64)
MSYSTEM=CLANGARM64
MINGW_PREFIX=/clangarm64
MINGW_PACKAGE_PREFIX=mingw-w64-clang-aarch64
SDK_REPO_ARCH=arm64
;;
*)
echo "Unhandled architecture: $ARCHITECTURE"
exit 1
;;
esac
echo "MSYSTEM=$MSYSTEM" >> $GITHUB_ENV
echo "MSYSTEM=$MSYSTEM" >> $GITHUB_OUTPUT
echo "MINGW_PREFIX=$MINGW_PREFIX" >> $GITHUB_ENV
echo "MINGW_PACKAGE_PREFIX=$MINGW_PACKAGE_PREFIX" >> $GITHUB_ENV
echo "MINGW_PACKAGE_PREFIX=$MINGW_PACKAGE_PREFIX" >> $GITHUB_OUTPUT
echo "SDK_REPO_ARCH=$SDK_REPO_ARCH" >> $GITHUB_OUTPUT
test -n "$ARTIFACTS_TO_BUILD" || {
ARTIFACTS_TO_BUILD="installer portable archive mingit"
test "$ARCHITECTURE" = aarch64 || ARTIFACTS_TO_BUILD="$ARTIFACTS_TO_BUILD mingit-busybox"
test "$ARCHITECTURE" != x86_64 || ARTIFACTS_TO_BUILD="$ARTIFACTS_TO_BUILD nuget"
}
echo "ARTIFACTS_TO_BUILD=$ARTIFACTS_TO_BUILD" >> $GITHUB_ENV
- name: Configure user
run:
USER_NAME="${{github.actor}}" &&
USER_EMAIL="${{github.actor}}@users.noreply.github.com" &&
mkdir "$HOME" &&
git config --global user.name "$USER_NAME" &&
git config --global user.email "$USER_EMAIL" &&
echo "PACKAGER=$USER_NAME <$USER_EMAIL>" >> $GITHUB_ENV
- uses: git-for-windows/setup-git-for-windows-sdk@v1
with:
flavor: build-installers
architecture: ${{env.architecture}}
- name: Create artifact build matrix
uses: actions/github-script@v7
id: artifact-build-matrix
with:
script: |
core.info('Preparing artifact build matrix...')
const createArtifactsMatrix = require('./create-artifacts-matrix')
try {
const output = createArtifactsMatrix(process.env.ARTIFACTS_TO_BUILD, process.env.ARCHITECTURE)
core.info(`Will be using the following matrix: ${JSON.stringify(output)}`)
core.setOutput('matrix', output)
} catch (e) {
core.setFailed(e.message)
}
- name: Restore ${{env.MINGW_PACKAGE_PREFIX}}-git, if cached
id: restore-cached-git-pkg
uses: actions/cache/restore@v4
with:
path: artifacts
key: pkg-${{env.GIT_VERSION}}-${{env.ARCHITECTURE}}-${{env.TAG_GIT_WORKFLOW_RUN_ID}}
- name: Clone and update build-extra
if: steps.restore-cached-git-pkg.outputs.cache-hit != 'true'
run: |
d=/usr/src/build-extra &&
if test ! -d $d/.git
then
git clone --single-branch -b main https://github.com/git-for-windows/build-extra $d
else
git -C $d fetch https://github.com/git-for-windows/build-extra main &&
git -C $d switch -C main FETCH_HEAD
fi &&
if test -z "$BUILD_EXTRA_REV_FOR_EXISTING_GIT_TAG"
then
git -C $d -c pull.rebase=false pull "$PWD"/bundle-artifacts/build-extra.bundle main
else
git -C $d fetch origin "$BUILD_EXTRA_REV_FOR_EXISTING_GIT_TAG" &&
git -C $d reset --hard "$BUILD_EXTRA_REV_FOR_EXISTING_GIT_TAG"
fi
- name: Prepare git-for-windows/git clone with the tag
if: steps.restore-cached-git-pkg.outputs.cache-hit != 'true'
run: |
if test ! -d /usr/src/MINGW-packages
then
git clone --depth 1 --single-branch -b main \
https://github.com/git-for-windows/MINGW-packages /usr/src/MINGW-packages
fi &&
cd /usr/src/MINGW-packages/mingw-w64-git &&
if test ! -d git
then
git clone --bare https://github.com/git-for-windows/git.git git
fi &&
if test ! -d src/git
then
git clone --reference git https://github.com/git-for-windows/git src/git &&
echo ../../../../git/objects >src/git/.git/objects/info/alternates
fi &&
cd src/git &&
if test -n "$EXISTING_GIT_TAG"
then
git fetch origin "refs/tags/$EXISTING_GIT_TAG:refs/tags/$EXISTING_GIT_TAG"
else
git fetch --tags "$GITHUB_WORKSPACE"/bundle-artifacts/git.bundle \
$(cat "$GITHUB_WORKSPACE"/bundle-artifacts/next_version)
fi &&
git reset --hard $(cat "$GITHUB_WORKSPACE"/bundle-artifacts/next_version)
- name: Prepare home directory for code-signing
env:
CODESIGN_P12: ${{secrets.CODESIGN_P12}}
CODESIGN_PASS: ${{secrets.CODESIGN_PASS}}
if: env.CODESIGN_P12 != '' && env.CODESIGN_PASS != '' && steps.restore-cached-git-pkg.outputs.cache-hit != 'true'
run: |
cd home &&
mkdir -p .sig &&
echo -n "$CODESIGN_P12" | tr % '\n' | base64 -d >.sig/codesign.p12 &&
echo -n "$CODESIGN_PASS" >.sig/codesign.pass
git config --global alias.signtool '!sh "/usr/src/build-extra/signtool.sh"'
- name: Prepare home directory for GPG signing
timeout-minutes: 5
if: env.GPGKEY != '' && steps.restore-cached-git-pkg.outputs.cache-hit != 'true'
run: |
echo '${{secrets.PRIVGPGKEY}}' | tr % '\n' | gpg $GPG_OPTIONS --import &&
info="$(gpg --list-keys --with-colons "${GPGKEY%% *}" | cut -d : -f 1,10 | sed -n '/^uid/{s|uid:||p;q}')" &&
git config --global user.name "${info% <*}" &&
git config --global user.email "<${info#*<}"
env:
GPGKEY: ${{secrets.GPGKEY}}
- name: update check-run
if: steps.restore-cached-git-pkg.outputs.cache-hit != 'true'
uses: ./.github/actions/check-run-action
with:
app-id: ${{ secrets.GH_APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
append-text: 'About to build the `${{env.MINGW_PACKAGE_PREFIX}}-git` package'
- name: Build ${{env.MINGW_PACKAGE_PREFIX}}-git
timeout-minutes: 60
if: steps.restore-cached-git-pkg.outputs.cache-hit != 'true'
env:
GPGKEY: "${{secrets.GPGKEY}}"
run: |
set -x
BUILD_SRC=$(test x86_64 != "$ARCHITECTURE" || echo "--build-src-pkg")
# Make sure that there is a `/usr/bin/git` that can be used by `makepkg-mingw`
printf '#!/bin/sh\n\nexec '$MINGW_PREFIX'/bin/git.exe "$@"\n' >/usr/bin/git &&
(
cd /usr/src/MINGW-packages/mingw-w64-git/src/git &&
/usr/src/build-extra/please.sh build-mingw-w64-git --reset-pkgrel --only-$ARCHITECTURE $BUILD_SRC \
-o "$GITHUB_WORKSPACE"/artifacts HEAD
) &&
cp bundle-artifacts/ver artifacts/ &&
if test -n "$GPGKEY"
then
for tar in artifacts/*.tar*
do
/usr/src/build-extra/gnupg-with-gpgkey.sh --detach-sign --no-armor $tar
done
fi &&
b=$PWD/artifacts &&
version=$(cat bundle-artifacts/next_version) &&
(cd /usr/src/MINGW-packages/mingw-w64-git &&
cp PKGBUILD.$version PKGBUILD &&
if test -z "$EXISTING_GIT_TAG"
then
git commit -s -m "mingw-w64-git: new version ($version)" PKGBUILD &&
git bundle create "$b"/MINGW-packages.bundle origin/main..main
elif ! git update-index --ignore-submodules --refresh ||
! git diff-files --ignore-submodules ||
! git diff-index --cached --ignore-submodules HEAD
then
echo "::warning::Uncommitted changes after build!" >&2 &&
git diff >&2 &&
git bundle create "$b"/MINGW-packages.bundle main^..main
fi)
- name: Cache ${{env.MINGW_PACKAGE_PREFIX}}-git
if: steps.restore-cached-git-pkg.outputs.cache-hit != 'true'
uses: actions/cache/save@v4
with:
path: artifacts
key: pkg-${{env.GIT_VERSION}}-${{env.ARCHITECTURE}}-${{env.TAG_GIT_WORKFLOW_RUN_ID}}
- name: update check-run
uses: ./.github/actions/check-run-action
with:
app-id: ${{ secrets.GH_APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
append-text: 'The `${{env.MINGW_PACKAGE_PREFIX}}-git` package was built successfully'
- name: Publish ${{env.MINGW_PACKAGE_PREFIX}}-git
uses: actions/upload-artifact@v4
with:
name: pkg-${{env.ARCHITECTURE}}
path: artifacts
- name: make check-run state available to other jobs
id: check-run-state
run: |
echo "check-run-state=$(base64 -w 0 <"$RUNNER_TEMP/check-run.state")" >>$GITHUB_OUTPUT
- name: update check-run if failed or canceled
if: failure() || cancelled()
uses: ./.github/actions/check-run-action
with:
app-id: ${{ secrets.GH_APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
append-text: "${{ format('Completed: {0}', job.status) }}."
conclusion: ${{ job.status }}
artifacts:
runs-on: ${{ github.event.inputs.architecture == 'aarch64' && fromJSON('["Windows", "ARM64"]') || 'windows-latest' }}
needs: pkg
env:
MSYSTEM: ${{ needs.pkg.outputs.msystem }}
MINGW_PACKAGE_PREFIX: ${{ needs.pkg.outputs.mingw_package_prefix }}
SDK_REPO_ARCH: ${{ needs.pkg.outputs.sdk_repo_arch }}
strategy:
fail-fast: false
matrix: ${{ fromJSON(needs.pkg.outputs.artifact_matrix) }}
outputs:
sha256sum-installer: ${{ steps.build.outputs.sha256sum-installer }}
sha256sum-portable: ${{ steps.build.outputs.sha256sum-portable }}
sha256sum-archive: ${{ steps.build.outputs.sha256sum-archive }}
sha256sum-mingit: ${{ steps.build.outputs.sha256sum-mingit }}
sha256sum-mingit-busybox: ${{ steps.build.outputs.sha256sum-mingit-busybox }}
sha256sum-nuget: ${{ steps.build.outputs.sha256sum-nuget }}
steps:
- name: clone git-for-windows-automation
if: needs.pkg.outputs.check-run-state != '' && always()
uses: actions/checkout@v4
- name: Download pkg-${{env.ARCHITECTURE}}
uses: actions/download-artifact@v4
with:
name: pkg-${{env.ARCHITECTURE}}
path: pkg-${{env.ARCHITECTURE}}
- name: Download bundle-artifacts
uses: actions/download-artifact@v4
with:
name: bundle-artifacts
path: bundle-artifacts
- uses: git-for-windows/setup-git-for-windows-sdk@v1
with:
flavor: build-installers
architecture: ${{env.ARCHITECTURE}}
- name: Configure user
run:
USER_NAME="${{github.actor}}" &&
USER_EMAIL="${{github.actor}}@users.noreply.github.com" &&
mkdir "$HOME" &&
git config --global user.name "$USER_NAME" &&
git config --global user.email "$USER_EMAIL"
- name: Clone and update build-extra
run: |
d=/usr/src/build-extra &&
if test ! -d $d/.git
then
git clone --single-branch -b main https://github.com/git-for-windows/build-extra $d
else
git -C $d fetch https://github.com/git-for-windows/build-extra main &&
git -C $d switch -C main FETCH_HEAD
fi &&
if test -z "$BUILD_EXTRA_REV_FOR_EXISTING_GIT_TAG"
then
git -C $d -c pull.rebase=false pull "$PWD"/bundle-artifacts/build-extra.bundle main
else
git -C $d fetch origin "$BUILD_EXTRA_REV_FOR_EXISTING_GIT_TAG" &&
git -C $d reset --hard "$BUILD_EXTRA_REV_FOR_EXISTING_GIT_TAG"
fi
- name: Prepare home directory for code-signing
env:
CODESIGN_P12: ${{secrets.CODESIGN_P12}}
CODESIGN_PASS: ${{secrets.CODESIGN_PASS}}
if: (matrix.artifact.name == 'installer' || matrix.artifact.name == 'portable') && env.CODESIGN_P12 != '' && env.CODESIGN_PASS != ''
run: |
mkdir -p home/.sig &&
echo -n "$CODESIGN_P12" | tr % '\n' | base64 -d >home/.sig/codesign.p12 &&
echo -n "$CODESIGN_PASS" >home/.sig/codesign.pass &&
git config --global alias.signtool '!sh "/usr/src/build-extra/signtool.sh"'
- name: Build ${{env.ARCHITECTURE}} ${{matrix.artifact.name}}-mingit
if: matrix.artifact.name == 'nuget'
run: |
set -x
eval /usr/src/build-extra/please.sh make_installers_from_mingw_w64_git --version=$(cat pkg-${{env.ARCHITECTURE}}/ver) -o artifacts --${{matrix.artifact.name}}-mingit --pkg=pkg-${{env.ARCHITECTURE}}/${{env.MINGW_PACKAGE_PREFIX}}-git-[0-9]*.tar.xz --pkg=pkg-${{env.ARCHITECTURE}}/${{env.MINGW_PACKAGE_PREFIX}}-git-doc-html-[0-9]*.tar.xz
- name: Build ${{env.ARCHITECTURE}} ${{matrix.artifact.name}}
id: build
run: |
set -x
version=$(cat pkg-${{env.ARCHITECTURE}}/ver) &&
if test mingit-busybox = ${{matrix.artifact.name}}
then
version="${version}-busybox"
fi &&
eval /usr/src/build-extra/please.sh make_installers_from_mingw_w64_git --version=$version -o artifacts --${{matrix.artifact.name}} --pkg=pkg-${{env.ARCHITECTURE}}/${{env.MINGW_PACKAGE_PREFIX}}-git-[0-9]*.tar.xz --pkg=pkg-${{env.ARCHITECTURE}}/${{env.MINGW_PACKAGE_PREFIX}}-git-doc-html-[0-9]*.tar.xz &&
if test portable = '${{matrix.artifact.name}}' && test -n "$(git config alias.signtool)"
then
git signtool artifacts/PortableGit-*.exe
fi &&
(
cd artifacts &&
openssl dgst -sha256 -r ${{matrix.artifact.fileprefix}}*.${{matrix.artifact.fileextension}} >sha256sums.txt
) &&
echo "sha256sum-${{ matrix.artifact.name}}<<EOF" >>$GITHUB_OUTPUT &&
cat artifacts/sha256sums.txt >>$GITHUB_OUTPUT &&
echo EOF >>$GITHUB_OUTPUT
- name: Copy package-versions and pdbs (installer)
if: matrix.artifact.name == 'installer'
run: |
cp /usr/src/build-extra/installer/package-versions.txt artifacts/ &&
a=$PWD/artifacts &&
p=$PWD/pkg-${{env.ARCHITECTURE}} &&
(cd /usr/src/build-extra &&
mkdir -p cached-source-packages &&
cp "$p"/*-pdb* cached-source-packages/ &&
GIT_CONFIG_PARAMETERS="'windows.sdk${{env.SDK_REPO_ARCH}}.path='" ./please.sh bundle_pdbs --arch=${{env.ARCHITECTURE}} --directory="$a" installer/package-versions.txt)
- name: Copy package-versions (MinGit)
if: matrix.artifact.name == 'mingit'
run: |
cp /usr/src/build-extra/mingit/root/etc/package-versions.txt artifacts/
- name: Publish ${{matrix.artifact.name}}-${{env.ARCHITECTURE}}
uses: actions/upload-artifact@v4
with:
name: ${{matrix.artifact.name}}-${{env.ARCHITECTURE}}
path: artifacts
- name: restore check-run state
if: needs.pkg.outputs.check-run-state != '' && always()
id: check-run-state
run: |
base64 -d <(echo "${{ needs.pkg.outputs.check-run-state }}") >"$RUNNER_TEMP/check-run.state"
- name: update check-run
if: needs.pkg.outputs.check-run-state != ''
uses: ./.github/actions/check-run-action
with:
app-id: ${{ secrets.GH_APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
append-text: 'Built ${{ matrix.artifact.name }}'
- name: update check-run if failed or canceled
if: needs.pkg.outputs.check-run-state != '' && (failure() || cancelled())
uses: ./.github/actions/check-run-action
with:
app-id: ${{ secrets.GH_APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
append-text: "${{ format('Completed: {0}', job.status) }}."
conclusion: ${{ job.status }}
sha256sums:
runs-on: ubuntu-latest
needs: ['pkg', 'artifacts']
steps:
- name: gather all SHA-256 checksums
uses: actions/github-script@v7
env:
SHA256SUMS: ${{ toJSON(needs.artifacts.outputs) }}
with:
script: |
const fs = require('fs')
fs.mkdirSync('sha256sums')
fs.writeFileSync('sha256sums/sha256sums.txt', Object.values(JSON.parse(process.env.SHA256SUMS)).join('\n'))
- name: publish SHA-256 checksums
uses: actions/upload-artifact@v4
with:
name: sha256sums
path: sha256sums
- name: clone git-for-windows-automation
if: needs.pkg.outputs.check-run-state != '' && always()
uses: actions/checkout@v4
- name: restore check-run state
if: needs.pkg.outputs.check-run-state != '' && always()
id: check-run-state
run: |
base64 -d <(echo "${{ needs.pkg.outputs.check-run-state }}") >"$RUNNER_TEMP/check-run.state"
- name: update check-run
if: needs.pkg.outputs.check-run-state != '' && always()
uses: ./.github/actions/check-run-action
with:
app-id: ${{ secrets.GH_APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
append-text: "${{ job.status == 'success' && 'Done!' || format('Completed: {0}', job.status) }}."
conclusion: ${{ job.status }}