Publish Release #21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Release | |
| on: | |
| # Manual Trigger | |
| workflow_dispatch: | |
| inputs: | |
| run_id: | |
| description: 'Build Workflow Run ID' | |
| required: true | |
| tag_name: | |
| description: 'Release Tag (e.g. v3.3.0)' | |
| required: false | |
| default: 'auto' | |
| is_draft: | |
| description: 'Create as Draft' | |
| type: boolean | |
| default: true | |
| # Automatic Trigger (Chained) | |
| workflow_run: | |
| workflows: ["Build OpenSSL 3.x"] | |
| types: | |
| - completed | |
| branches: | |
| - main | |
| - workflow_dev | |
| permissions: | |
| contents: write | |
| jobs: | |
| # ============================================================================ | |
| # JOB 1: VERIFICATION (The Stub) | |
| # Runs on 3 OSs to verify the binaries before releasing | |
| # ============================================================================ | |
| verify_binaries: | |
| name: Verify ${{ matrix.os }} | |
| if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-14] | |
| steps: | |
| - name: Determine Run ID | |
| shell: bash | |
| run: | | |
| if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then | |
| echo "TARGET_RUN_ID=${{ inputs.run_id }}" >> $GITHUB_ENV | |
| else | |
| echo "TARGET_RUN_ID=${{ github.event.workflow_run.id }}" >> $GITHUB_ENV | |
| fi | |
| - name: Download Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| run-id: ${{ env.TARGET_RUN_ID }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| path: verify_staging | |
| # ------------------------------------------------------------------------ | |
| # STUB TEST: This is where we will add the TaurusTLS tool later | |
| # ------------------------------------------------------------------------ | |
| - name: Run Compatibility Check (Stub) | |
| shell: bash | |
| run: | | |
| echo "=======================================================" | |
| echo "Running Compatibility Tests on ${{ matrix.os }}..." | |
| echo "=======================================================" | |
| # 1. Locate the correct artifact for this OS (Simple Find) | |
| # In the future, we will extract the specific archive for this OS | |
| echo "Locating artifacts..." | |
| find verify_staging -name "*.zip" -o -name "*.tar.gz" | |
| echo "" | |
| echo "[STUB] Executing TaurusCheck..." | |
| echo "[STUB] Loading Libraries..." | |
| echo "[STUB] Verifying Symbols..." | |
| # Force Success for now | |
| echo ">>> TEST PASSED (Stub)" | |
| exit 0 | |
| # ============================================================================ | |
| # JOB 2: CREATE RELEASE | |
| # Only runs if 'verify_binaries' succeeds | |
| # ============================================================================ | |
| create_release: | |
| name: Create Draft Release | |
| needs: verify_binaries | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| - name: Determine Run ID | |
| shell: bash | |
| run: | | |
| if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then | |
| echo "TARGET_RUN_ID=${{ inputs.run_id }}" >> $GITHUB_ENV | |
| else | |
| echo "TARGET_RUN_ID=${{ github.event.workflow_run.id }}" >> $GITHUB_ENV | |
| fi | |
| - name: Download Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| run-id: ${{ env.TARGET_RUN_ID }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| path: release_staging | |
| - name: Stage Assets & Detect Version | |
| run: | | |
| mkdir -p assets | |
| find release_staging -type f \( -name "*.zip" -o -name "*.tar.gz" \) -exec mv {} assets/ \; | |
| # Detect Version from filename (e.g. openssl-3.3.0-Windows...) | |
| SAMPLE_FILE=$(ls assets | head -n 1) | |
| if [[ "$SAMPLE_FILE" =~ openssl-([^-]+)- ]]; then | |
| DETECTED_VER="${BASH_REMATCH[1]}" | |
| echo "OPENSSL_VERSION=$DETECTED_VER" >> $GITHUB_ENV | |
| else | |
| echo "OPENSSL_VERSION=Unknown" >> $GITHUB_ENV | |
| fi | |
| - name: Determine Tag | |
| run: | | |
| # Check if user provided a specific tag in manual dispatch | |
| if [ "${{ inputs.tag_name }}" != "" ] && [ "${{ inputs.tag_name }}" != "auto" ]; then | |
| echo "RELEASE_TAG=${{ inputs.tag_name }}" >> $GITHUB_ENV | |
| else | |
| # NEW FORMAT: v.{version} (e.g., v.3.3.1) | |
| # We assume OPENSSL_VERSION was detected in the previous step | |
| echo "RELEASE_TAG=v.${{ env.OPENSSL_VERSION }}" >> $GITHUB_ENV | |
| fi | |
| - name: Create or Update Release | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| TITLE="OpenSSL Distribution ${{ env.OPENSSL_VERSION }}" | |
| TAG="${{ env.RELEASE_TAG }}" | |
| echo "Target Tag: $TAG" | |
| # 1. Check if release exists | |
| if gh release view "$TAG" > /dev/null 2>&1; then | |
| echo "✅ Release '$TAG' already exists. Switching to Update mode." | |
| # Optional: Update the notes/title to reflect the new build ID | |
| # We assume we want to keep it as Draft/Prerelease if it was one, | |
| # or just update metadata. | |
| gh release edit "$TAG" \ | |
| --title "$TITLE" \ | |
| --notes "Automated build from Run ${{ env.TARGET_RUN_ID }} (Updated)." \ | |
| --draft \ | |
| --prerelease | |
| else | |
| echo "🆕 Release '$TAG' does not exist. Creating..." | |
| gh release create "$TAG" \ | |
| --draft \ | |
| --prerelease \ | |
| --title "$TITLE" \ | |
| --notes "Automated build from Run ${{ env.TARGET_RUN_ID }}." | |
| fi | |
| - name: Upload Assets | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| working-directory: assets | |
| run: | | |
| for file in *; do | |
| echo "Uploading $file..." | |
| gh release upload "${{ env.RELEASE_TAG }}" "$file" --clobber | |
| done |