Mindustry/.github/workflows/deployment.yml
Alex a68c17d876
GitHub Workflows security hardening (#7629)
* build: harden push.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden deployment.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden pr.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-09-27 08:10:18 -04:00

92 lines
3.2 KiB
YAML

name: Deployment
on:
push:
tags:
- 'v*'
permissions: {}
jobs:
deploy:
permissions:
contents: write # for release creation (svenstaro/upload-release-action)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up JDK 17
uses: actions/setup-java@v1
with:
java-version: 17
- name: Set env
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- name: Add Arc release
run: |
git clone --depth=1 --branch=master https://github.com/Anuken/Arc ../Arc
cd ../Arc
git tag ${RELEASE_VERSION}
git push https://Anuken:${{ secrets.API_TOKEN_GITHUB }}@github.com/Anuken/Arc ${RELEASE_VERSION};
cd ../Mindustry
- name: Update JITpack repo
run: |
cd ../
cp -r ./Mindustry ./MindustryJitpack
cd MindustryJitpack
git config --global user.name "Github Actions"
git config --global user.email "actions@github.com"
git clone --depth 1 https://github.com/Anuken/MindustryJitpack.git
rm -rf .git
cp -r ./MindustryJitpack/.git ./.git
rm -rf MindustryJitpack
rm -rf .github
rm README.md
git add .
git commit --allow-empty -m "${GITHUB_SHA}"
git push https://Anuken:${{ secrets.API_TOKEN_GITHUB }}@github.com/Anuken/MindustryJitpack
git tag ${RELEASE_VERSION}
git push https://Anuken:${{ secrets.API_TOKEN_GITHUB }}@github.com/Anuken/MindustryJitpack
cd ../Mindustry
- name: Create artifacts
run: |
./gradlew desktop:dist server:dist core:mergedJavadoc -Pbuildversion=${RELEASE_VERSION:1}
- name: Update docs
run: |
cd ../
git config --global user.email "cli@github.com"
git config --global user.name "Github Actions"
git clone --depth=1 https://github.com/MindustryGame/docs.git
cd docs
find . -maxdepth 1 ! -name ".git" ! -name . -exec rm -r {} \;
cd ../
cp -a Mindustry/core/build/javadoc/. docs/
cd docs
git add .
git commit --allow-empty -m "Update ${RELEASE_VERSION:1}"
git push https://Anuken:${{ secrets.API_TOKEN_GITHUB }}@github.com/MindustryGame/docs
cd ../Mindustry
- name: Update F-Droid build string
run: |
git clone --depth=1 --branch=master https://github.com/Anuken/MindustryBuilds ../MindustryBuilds
cd ../MindustryBuilds
echo "Updating version to ${RELEASE_VERSION:1}"
BNUM=$(($GITHUB_RUN_NUMBER + 1000))
echo versionName=7-fdroid-${RELEASE_VERSION:1}$'\n'versionCode=${BNUM} > version_fdroid.txt
git add .
git commit -m "Updating to build ${RELEASE_VERSION:1}"
git push https://Anuken:${{ secrets.API_TOKEN_GITHUB }}@github.com/Anuken/MindustryBuilds
cd ../Mindustry
- name: Upload client artifacts
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: desktop/build/libs/Mindustry.jar
tag: ${{ github.ref }}
- name: Upload server artifacts
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: server/build/libs/server-release.jar
tag: ${{ github.ref }}