Skip to content

CI

CI #585

Workflow file for this run

---
name: CI
"on":
push:
branches:
- trunk
pull_request:
branches:
- trunk
schedule:
- cron: "0 0 * * TUE"
jobs:
gpg-sign:
name: GPG Signing
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/[email protected]
- name: Setup Python
uses: actions/[email protected]
- name: Install Python dependencies
run: |
python3 -m venv --upgrade-deps venv
venv/bin/pip install --upgrade pip wheel
venv/bin/pip install --require-hashes -r requirements.txt
- name: Clone Artichoke
uses: actions/[email protected]
with:
repository: artichoke/artichoke
path: artichoke
# ```
# $ gpg --fingerprint --with-subkey-fingerprints [email protected]
# pub ed25519 2021-01-03 [SC]
# C983 8F10 4021 F59E E6F6 BCBE B199 D034 7FDA 14A4
# uid [ultimate] Code signing for Artichoke Ruby <[email protected]>
# sub cv25519 2021-01-03 [E]
# 7719 1B6D 83B2 F4E8 5197 125B A9A3 F70E 710A 15AA
# sub ed25519 2021-01-03 [S]
# 1C4A 856A CF86 EC1E E841 180F AF57 A37C AC06 1452
# ```
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_SIGNING_KEY_PASSPHRASE }}
fingerprint: 1C4A856ACF86EC1EE841180FAF57A37CAC061452
- name: List keys
run: gpg -K
- name: Build release artifacts
working-directory: artichoke
run: cargo build --verbose --release
- name: GPG sign binary
id: gpg_signing
run: venv/bin/python3 gpg_sign.py "nightly-gpg-sign-test" --artifact artichoke/target/release/artichoke
- name: Verify GPG signature
run: gpg --batch --verify "${{ steps.gpg_signing.outputs.signature }}" artichoke/target/release/artichoke
apple-codesign:
name: Apple Codesigning
runs-on: macos-latest
steps:
- name: Checkout repository
uses: actions/[email protected]
- name: Setup Python
uses: actions/[email protected]
- name: Install Python dependencies
run: |
python3 -m venv --upgrade-deps venv
venv/bin/pip install --upgrade pip wheel
venv/bin/pip install --require-hashes -r requirements.txt
- name: Clone Artichoke
uses: actions/[email protected]
with:
repository: artichoke/artichoke
path: artichoke
- name: Build release artifacts
working-directory: artichoke
run: cargo build --verbose --release
# This will codesign binaries in place which means that the tarballed
# binaries will be codesigned as well.
- name: Run Apple Codesigning and Notarization
id: apple_codesigning
if: runner.os == 'macOS'
run: |
venv/bin/python3 macos_sign_and_notarize.py "nightly-apple-codesign-test" \
--binary "artichoke/target/release/artichoke" \
--binary "artichoke/target/release/airb" \
--resource artichoke/LICENSE \
--resource artichoke/README.md \
--dmg-icon-url "https://artichoke.github.io/logo/Artichoke-dmg.icns"
env:
MACOS_NOTARIZE_APP_PASSWORD: ${{ secrets.MACOS_NOTARIZE_APP_PASSWORD }}
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PASSPHRASE: ${{ secrets.MACOS_CERTIFICATE_PASSPHRASE }}
- name: Verify code signature
run: |
codesign --verify --check-notarization --deep --strict=all artichoke/target/release/artichoke
codesign --verify --check-notarization --deep --strict=all artichoke/target/release/airb
- name: Verify DMG code signature
run: spctl -a -t open --context context:primary-signature "${{ steps.apple_codesigning.outputs.asset }}" -v
python:
name: Lint and format Python
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/[email protected]
- name: Setup Python
uses: actions/[email protected]
- name: Install Python dependencies
run: |
python3 -m venv --upgrade-deps venv
venv/bin/pip install --upgrade pip wheel
venv/bin/pip install --require-hashes -r requirements.txt
- name: Run black
run: venv/bin/black --check --diff --verbose .
- name: Run ruff
run: venv/bin/ruff --format=github .
- name: Run mypy
run: venv/bin/mypy .
ruby:
name: Lint and format Ruby
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/[email protected]
- name: Install Ruby toolchain
uses: ruby/setup-ruby@52b8784594ec115fd17094752708121dc5dabb47 # v1.154.0
with:
ruby-version: ".ruby-version"
bundler-cache: true
- name: Lint and check formatting with Rubocop
run: bundle exec rubocop --format github
text:
name: Lint and format text
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/[email protected]
- name: Format with prettier
run: npx prettier --check '**/*'
- name: Lint YAML sources with yamllint
run: |
yamllint --version
echo "Linting YAML sources with yamllint ..."
yamllint --strict --format github .
echo "OK"