Release - Create checksums and GPG sign #13
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release - Create checksums and GPG sign | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| gitReleaseTag: | |
| description: 'Release tag to upload to. Must start with "release-"' | |
| type: string | |
| env: | |
| RELEASE_FOLDER: '${{ github.workspace }}/releaseDist' | |
| jobs: | |
| sign_and_checksums: | |
| if: ${{ inputs.gitReleaseTag && startsWith(inputs.gitReleaseTag, 'release-') }} | |
| runs-on: ubuntu-22.04 # Updated in BRS | |
| environment: release-env | |
| permissions: | |
| contents: write # So that we can upload to release | |
| steps: | |
| - name: Checkout and setup | |
| uses: actions/checkout@v5 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: '11' | |
| distribution: 'temurin' | |
| gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} | |
| gpg-passphrase: MAVEN_GPG_PASSPHRASE | |
| - name: Get all release files | |
| run: | | |
| mkdir -p ${RELEASE_FOLDER} | |
| pushd ${RELEASE_FOLDER} | |
| gh release download ${{ inputs.gitReleaseTag }} -p "*.zip" -p "*.tgz" -p "*.jar" --repo=${{ github.repository }} | |
| popd | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| - name: Checksums and sign | |
| run: | | |
| source icu4j/releases_tools/shared.sh | |
| pushd ${RELEASE_FOLDER} | |
| sha512sum -b icu4c* > SHASUM512.txt | |
| md5sum -b *.jar > icu4j-${github_rel_version}.md5 | |
| md5sum -b icu4c-*-data-bin-*.zip > icu4c-${github_rel_version}-binary.md5 | |
| md5sum -b icu4c-*-sources.* > icu4c-${github_rel_version}-sources.md5 | |
| find . -type f -name 'icu4c*' -exec gpg --no-tty --batch --pinentry-mode loopback --passphrase=$MAVEN_GPG_PASSPHRASE -a --output {}.asc --detach-sig {} \; | |
| gpg --no-tty --batch --pinentry-mode loopback --passphrase=$MAVEN_GPG_PASSPHRASE -a --output SHASUM512.txt.asc --detach-sig SHASUM512.txt | |
| popd | |
| env: | |
| MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} | |
| - name: Upload to release | |
| run: | | |
| gh release upload ${{ inputs.gitReleaseTag }} LICENSE --clobber --repo=${{ github.repository }} | |
| gh release upload ${{ inputs.gitReleaseTag }} ${RELEASE_FOLDER}/*.md5 --clobber --repo=${{ github.repository }} | |
| gh release upload ${{ inputs.gitReleaseTag }} ${RELEASE_FOLDER}/*.asc --clobber --repo=${{ github.repository }} | |
| gh release upload ${{ inputs.gitReleaseTag }} ${RELEASE_FOLDER}/SHASUM512.txt --clobber --repo=${{ github.repository }} | |
| env: | |
| GH_TOKEN: ${{ github.token }} |