Release - Create checksums and GPG sign #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release - Create checksums and GPG sign | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release_tag: | |
| # TODO: make this mandatory and validate that it is in a release* branch and looks like | |
| # 'release-\d+.\d+ or something like that. | |
| # For now we don't do it so that we can test. | |
| description: 'Git tag at which to sync for deploy and release' | |
| type: string | |
| jobs: | |
| publish: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout and setup | |
| uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '11' | |
| distribution: 'temurin' | |
| gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
| gpg-passphrase: MAVEN_GPG_PASSPHRASE | |
| - name: Import GPG keys | |
| run: | | |
| echo -r "$gpg-private-key" | gpg --passphrase=$MAVEN_GPG_PASSPHRASE --import | |
| gpg -k | |
| gpg -K | |
| env: | |
| gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
| - name: Get all release files | |
| run: | | |
| mkdir tempFolder | |
| pushd tempFolder | |
| # gh release download ${{ inputs.release_tag }} -p "*.zip" -p "*.tgz" -p "*.jar" --repo=${{ github.repository }} | |
| gh release download release-74-2 -p "*.zip" -p "*.tgz" -p "*.jar" --repo=unicode-org/icu | |
| ls -al | |
| popd | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| - name: Checksums and sign | |
| run: | | |
| source icu4j/releases_tools/shared.sh | |
| echo "============================" | |
| echo $PWD | |
| pushd tempFolder | |
| echo $PWD | |
| sha512sum -b icu4c* > SHASUM512.txt | |
| sha512sum -b *.jar > icu4j-${artifact_version}.md5 | |
| sha512sum -b icu4c-*-data-bin-*.zip > icu4c-${artifact_version}-binary.md5 | |
| sha512sum -b icu4c-*-src.* > icu4c-${artifact_version}-sources.md5 | |
| find . -type f -name 'icu4c*' -exec gpg --no-tty --batch --pinentry-mode loopback --passphrase=$MAVEN_GPG_PASSPHRASE --output {}.asc --detach-sig {} \; | |
| gpg --no-tty --batch --pinentry-mode loopback --passphrase=$MAVEN_GPG_PASSPHRASE --output SHASUM512.txt.asc --detach-sig SHASUM512.txt | |
| popd | |
| env: | |
| MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
| - name: Upload all release files | |
| run: | | |
| echo Upload everything |