diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index e164e146..105f5381 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -81,6 +81,12 @@ jobs: target key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + - name: configure GPG key + if: (github.ref == 'refs/heads/master' || github.event_name == 'push') && github.repository == 'realaravinth/dumbserve' + run: echo -n "$RELEASE_BOT_GPG_SIGNING_KEY" | gpg --batch --import --pinentry-mode loopback + env: + RELEASE_BOT_GPG_SIGNING_KEY: ${{ secrets.RELEASE_BOT_GPG_SIGNING_KEY }} + - name: load env run: | source .env_sample \ @@ -133,6 +139,13 @@ jobs: if: (github.ref == 'refs/heads/master' || github.event_name == 'push') && github.repository == 'mCaptcha/mCaptcha' run: make docker-publish + - name: publish bins + if: (github.ref == 'refs/heads/master' || github.event_name == 'push') && github.repository == 'mCaptcha/mCaptcha' + run: ./scripts/publish.sh publish master latest $DUMBSERVE_PASSWORD + env: + DUMBSERVE_PASSWORD: ${{ secrets.DUMBSERVE_PASSWORD }} + GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }} + - name: generate documentation if: matrix.version == 'stable' && (github.repository == 'mCaptcha/mCaptcha') run: make doc diff --git a/scripts/publish.sh b/scripts/publish.sh index 72f001fa..3f87e41d 100755 --- a/scripts/publish.sh +++ b/scripts/publish.sh @@ -1,23 +1,45 @@ #!/bin/bash +# Copyright (C) 2022 Aravinth Manivannan +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . # publish.sh: grab bin from docker container, pack, sign and upload -# $1: mCaptcha version -# $2: Docker img tag +# $2: binary version +# $3: Docker img tag +# $4: dumbserve password + set -xEeuo pipefail -TMP_DIR=$(mktemp -d) -FILENAME="mCaptcha-$1-linux-amd64" -TARBALL="mCaptcha-$1.tar.gz" -TARGET_DIR="$TMP_DIR/$FILENAME" -DOCKER_IMG="mcaptcha/mcaptcha:$2" +DUMBSERVE_USERNAME=mcaptcha +DUMBSERVE_PASSWORD=$4 +DUMBSERVE_HOST="https://$DUMBSERVE_USERNAME:$DUMBSERVE_PASSWORD@dl.mcaptcha.org" + +NAME=mcaptcha +KEY=0CBABF3084E84E867A76709750BE39D10ECE01FB + +TMP_DIR=$(mktemp -d) +FILENAME="$NAME-$2-linux-amd64" +TARBALL=$FILENAME.tar.gz +TARGET_DIR="$TMP_DIR/$FILENAME/" +mkdir -p $TARGET_DIR +DOCKER_IMG="mcaptcha/$NAME:$3" -mkdir $TARGET_DIR get_bin(){ echo "[*] Grabbing binary" container_id=$(docker create $DOCKER_IMG) - #docker cp $container_id:/usr/local/bin/mcaptcha $TARGET_DIR/ - docker cp $container_id:/usr/local/bin/mcaptcha $TARGET_DIR/ + docker cp $container_id:/usr/local/bin/$NAME $TARGET_DIR/ docker rm -v $container_id } @@ -35,24 +57,64 @@ copy() { get_bin } + + pack() { echo "[*] Creating dist tarball" - tar -cvzf $TARBALL $TARGET_DIR + pushd $TMP_DIR + tar -cvzf $TARBALL $FILENAME + popd } checksum() { echo "[*] Generating dist tarball checksum" + pushd $TMP_DIR sha256sum $TARBALL > $TARBALL.sha256 + popd } sign() { echo "[*] Signing dist tarball checksum" - gpg --output $TARBALL.asc --sign --detach --armor $TARBALL + pushd $TMP_DIR + export GPG_TTY=$(tty) + gpg --verbose \ + --pinentry-mode loopback \ + --batch --yes \ + --passphrase $GPG_PASSWORD \ + --local-user $KEY \ + --output $TARBALL.asc \ + --sign --detach \ + --armor $TARBALL + popd } -copy -pushd $TMP_DIR -pack -checksum -sign -popd +delete_dir() { + curl --location --request DELETE "$DUMBSERVE_HOST/api/v1/files/delete" \ + --header 'Content-Type: application/json' \ + --data-raw "{ + \"path\": \"$1\" + }" +} + +upload_dist() { + delete_dir $1 + + pushd $TMP_DIR + for file in $TARBALL $TARBALL.asc $TARBALL.sha256 + do + curl -v \ + -F upload=@$file \ + "$DUMBSERVE_HOST/api/v1/files/upload?path=$1/" + done + popd +} + +publish() { + copy + pack + checksum + sign + upload_dist $2 +} + +$1 $@