Publish release #534

Workflow file for this run

.github/workflows/publish-release.yml at 73b17ba

	name: Publish release

	on:
	workflow_dispatch:
	inputs:
	isPreRelease:
	description: 'Tag created is a pre-release tag'
	required: true
	default: 'false'
	preReleaseSuffix:
	description: 'The text that will be suffixed to the Git tag. e.g., rc1'
	required: false
	default: ''

	permissions:
	id-token: write
	contents: write

	jobs:
	publish-release:
	name: Publish Release
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v3
	- name: Set up JDK 17
	uses: actions/setup-java@v3
	with:
	distribution: 'temurin'
	java-version: '17.0.7'
	- name: Set version env variable
	id: version-set
	run: \|
	SHORT_VERSION=$((grep -w 'version' \| cut -d= -f2 \| cut -d- -f1) < gradle.properties)
	DIST_VERSION=$((grep -w 'version' \| cut -d= -f2) < gradle.properties \| rev \| cut --complement -d- -f1 \| rev)
	LANG_VERSION=$((grep -w "ballerinaLangVersion" \| cut -d= -f2 \| cut -d- -f1 \| xargs) < gradle.properties)
	CODE_NAME=$((grep -w 'codeName' \| cut -d= -f2) < gradle.properties)
	RELEASE_VERSION=$DIST_VERSION
	TAGGED_VERSION=$RELEASE_VERSION
	LONG_VERSION=$DIST_VERSION-$CODE_NAME
	if [ -n "${{ github.event.inputs.preReleaseSuffix }}" ]; then
	TAGGED_VERSION=$RELEASE_VERSION-${{ github.event.inputs.preReleaseSuffix }}
	fi
	echo VERSION=$RELEASE_VERSION >> $GITHUB_ENV
	echo GIT_TAG=$TAGGED_VERSION >> $GITHUB_ENV
	echo "::set-output name=version::$RELEASE_VERSION"
	echo "::set-output name=sversion::$SHORT_VERSION"
	echo "::set-output name=taggedVersion::$TAGGED_VERSION"
	echo "::set-output name=longVersion::$LONG_VERSION"
	echo "::set-output name=langVersion::$LANG_VERSION"
	- name: Pre release depenency version update
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	run: \|
	echo "Version: ${VERSION}"
	echo "Tagged Version: ${GIT_TAG}"
	git config user.name ${{ secrets.BALLERINA_BOT_USERNAME }}
	git config user.email ${{ secrets.BALLERINA_BOT_EMAIL }}
	git checkout -b release-${GIT_TAG}
	- name: Generate UUID
	run: \|
	UUID=$(uuidgen)
	perl -pi -e "s/^\sinstallerVersion=./installerVersion=$UUID/" gradle.properties
	git config user.name ${{ secrets.BALLERINA_BOT_USERNAME }}
	git config user.email ${{ secrets.BALLERINA_BOT_EMAIL }}
	git add gradle.properties
	git commit -m "Update UUID for installer"
	- name: Grant execute permission for gradlew
	run: chmod +x gradlew
	- name: Publish artifact
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	packageUser: ${{ secrets.BALLERINA_BOT_USERNAME }}
	packagePAT: ${{ secrets.BALLERINA_BOT_TOKEN }}
	devCentralToken: ${{ secrets.BALLERINA_CENTRAL_DEV_ACCESS_TOKEN }}
	githubAccessToken: ${{ secrets.GITHUB_TOKEN }}
	ballerinaBotWorkflow: $ {{ secrets.BALLERINA_BOT_WORKFLOW }}
	run: \|
	./gradlew build -Pversion=${VERSION}
	./gradlew release -Prelease.useAutomaticVersion=true -x test
	- name: Checkout docker repo
	uses: actions/checkout@v3
	with:
	repository: ballerina-platform/module-ballerina-docker
	path: module-ballerina-docker
	- name: Copy zip artifact
	run: cp ballerina/build/distributions/ballerina-22*.zip module-ballerina-docker/base/docker/
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v1
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1
	- name: Login to DockerHub
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKER_HUB_USER }}
	password: ${{ secrets.DOCKER_HUB_TOKEN }}
	- name: Build the docker image
	id: docker_build
	uses: docker/build-push-action@v2
	with:
	context: module-ballerina-docker/base/docker/
	load: true
	push: false
	tags: ballerina/ballerina:release-test
	build-args: \|
	BALLERINA_DIST=ballerina-${{ steps.version-set.outputs.sversion }}.zip
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: 'ballerina/ballerina:release-test'
	skip-dirs: 'ballerina/runtime/examples'
	format: 'table'
	exit-code: '1'
	timeout: "10m0s"
	- name: cosign-installer
	uses: sigstore/cosign-installer@v3.5.0
	- name: Set up Node.js
	uses: actions/setup-node@v2
	with:
	node-version: '14'
	- name: Install GitHub CLI
	run: \|
	npm install -g github-cli
	gh --version
	- name: Get Markdown file
	id: file-url
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	gh repo view ballerina-platform/ballerina-dev-website --json url --jq '.clone_url'
	gh api repos/ballerina-platform/ballerina-dev-website/contents/downloads/verify-ballerina-artifacts.md -H 'Accept: application/vnd.github.v3.raw' > release_notes.md
	sed -i '1,10d' release_notes.md
	- name: Retrieve Branch
	id: retrieve-branch
	run: \|
	branchName=$(echo ${{ github.ref }} \| cut -d'/' -f3)
	echo "::set-output name=branchName::$branchName"
	- name: Update Markdown file
	run: \|
	if ${{ github.event.inputs.isPreRelease }} == 'true'; then
	echo "" > release_notes.md;
	else sed -i 's/{{ version }}/${{ steps.version-set.outputs.taggedVersion }}/g' release_notes.md; sed -i 's/{{ branch }}/${{ steps.retrieve-branch.outputs.branchName }}/g' release_notes.md; fi
	- name: Read release notes from file
	id: release_notes
	uses: actions/github-script@v4
	with:
	github-token: ${{ secrets.BALLERINA_BOT_TOKEN }}
	script: \|
	const fs = require('fs');
	const releaseNotes = fs.readFileSync('release_notes.md', 'utf8');
	core.setOutput('notes', releaseNotes);
	- name: Create release
	id: create_release
	uses: actions/create-release@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	tag_name: "v${{ steps.version-set.outputs.taggedVersion }}"
	release_name: ${{ steps.version-set.outputs.taggedVersion }}
	body: ${{ steps.release_notes.outputs.notes }}
	draft: false
	prerelease: ${{ github.event.inputs.isPreRelease }}
	- name: Create linux-deb Installer
	id: run_installers_deb
	run: \|
	cd installers/linux-deb
	./build-ballerina-linux-deb-x64.sh -v ${{ steps.version-set.outputs.longVersion }} -p ./../../ballerina/build/distributions
	echo "Created linux-deb successfully"
	- name: Sign the linux-deb installer
	run: \|
	cosign sign-blob installers/linux-deb/target/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sig --yes
	- name: Verify the linux-deb installer
	run: \|
	cosign verify-blob installers/linux-deb/target/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
	- name: Create linux-rpm Installer
	id: run_installers_rpm
	run: \|
	cd installers/linux-rpm
	./build-ballerina-linux-rpm-x64.sh -v ${{ steps.version-set.outputs.longVersion }} -p ./../../ballerina/build/distributions
	echo "Created linux-rpm successfully"
	- name: Sign the linux-rpm installer
	run: \|
	cosign sign-blob installers/linux-rpm/rpmbuild/RPMS/x86_64/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sig --yes
	- name: Verify the linux-rpm installer
	run: \|
	cosign verify-blob installers/linux-rpm/rpmbuild/RPMS/x86_64/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
	- name: Generate Hashes
	run: \|
	openssl dgst -sha256 -out ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sha256 installers/linux-deb/target/ballerina-*-linux-x64.deb
	openssl dgst -sha256 -out ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sha256 installers/linux-rpm/rpmbuild/RPMS/x86_64/ballerina-*-linux-x64.rpm
	openssl dgst -sha256 -out ballerina-${{ steps.version-set.outputs.longVersion }}.zip.sha256 ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}.zip
	openssl dgst -sha256 -out ballerina-${{ steps.version-set.outputs.sversion }}.zip.sha256 ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.sversion }}.zip
	- name: Sign the zip artifacts
	run: \|
	cosign sign-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}.zip --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}.sig --yes
	cosign sign-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.sversion }}.zip --output-certificate ballerina-${{ steps.version-set.outputs.sversion }}.pem --output-signature ballerina-${{ steps.version-set.outputs.sversion }}.sig --yes
	cosign sign-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos.zip --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-macos.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-macos.sig --yes
	cosign sign-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.zip --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.sig --yes
	cosign sign-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-windows.zip --output-certificate ballerina-${{ steps.version-set.outputs.longVersion }}-windows.pem --output-signature ballerina-${{ steps.version-set.outputs.longVersion }}-windows.sig --yes
	- name: Verify the zip artifacts
	run: \|
	cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
	cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.sversion }}.zip --certificate ballerina-${{ steps.version-set.outputs.sversion }}.pem --signature ballerina-${{ steps.version-set.outputs.sversion }}.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
	cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-macos.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-macos.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
	cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
	cosign verify-blob ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-windows.zip --certificate ballerina-${{ steps.version-set.outputs.longVersion }}-windows.pem --signature ballerina-${{ steps.version-set.outputs.longVersion }}-windows.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
	- name: Upload zip artifacts
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}.zip
	asset_path: ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}.zip
	asset_content_type: application/octet-stream
	- name: Upload zip artifact's Certificate
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}.pem
	asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}.pem
	asset_content_type: application/octet-stream
	- name: Upload zip artifact's Signature
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}.sig
	asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}.sig
	asset_content_type: application/octet-stream
	- name: Upload zip without tool artifacts
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.sversion }}.zip
	asset_path: ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.sversion }}.zip
	asset_content_type: application/octet-stream
	- name: Upload zip without tool artifact's Certificate
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.sversion }}.pem
	asset_path: ./ballerina-${{ steps.version-set.outputs.sversion }}.pem
	asset_content_type: application/octet-stream
	- name: Upload zip without tool artifact's Signature
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.sversion }}.sig
	asset_path: ./ballerina-${{ steps.version-set.outputs.sversion }}.sig
	asset_content_type: application/octet-stream
	- name: Upload Linux deb Installer
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb
	asset_path: installers/linux-deb/target/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb
	asset_content_type: application/octet-stream
	- name: Upload Linux deb Installer's Certificate
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.pem
	asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.pem
	asset_content_type: application/octet-stream
	- name: Upload Linux deb Installer's Signature
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sig
	asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sig
	asset_content_type: application/octet-stream
	- name: Upload Linux rpm Installer
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm
	asset_path: installers/linux-rpm/rpmbuild/RPMS/x86_64/ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm
	asset_content_type: application/octet-stream
	- name: Upload Linux rpm Installer's Certificate
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.pem
	asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.pem
	asset_content_type: application/octet-stream
	- name: Upload Linux rpm Installer's Signature
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sig
	asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sig
	asset_content_type: application/octet-stream
	- name: Upload MacOS zip artifacts
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos.zip
	asset_path: ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos.zip
	asset_content_type: application/octet-stream
	- name: Upload MacOS zip artifact's Certificate
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos.pem
	asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-macos.pem
	asset_content_type: application/octet-stream
	- name: Upload MacOS zip artifact's Signature
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos.sig
	asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-macos.sig
	asset_content_type: application/octet-stream
	- name: Upload MacOS-ARM zip artifacts
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.zip
	asset_path: ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.zip
	asset_content_type: application/octet-stream
	- name: Upload MacOS-ARM zip artifact's Certificate
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.pem
	asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.pem
	asset_content_type: application/octet-stream
	- name: Upload MacOS-ARM zip artifact's Signature
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.sig
	asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-macos-arm.sig
	asset_content_type: application/octet-stream
	- name: Upload Windows zip artifacts
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-windows.zip
	asset_path: ballerina/build/distributions/ballerina-${{ steps.version-set.outputs.longVersion }}-windows.zip
	asset_content_type: application/octet-stream
	- name: Upload Windows zip artifact's Certificate
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-windows.pem
	asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-windows.pem
	asset_content_type: application/octet-stream
	- name: Upload Windows zip artifact's Signature
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-windows.sig
	asset_path: ./ballerina-${{ steps.version-set.outputs.longVersion }}-windows.sig
	asset_content_type: application/octet-stream
	- name: Upload Linux deb Hashes
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sha256
	asset_path: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.deb.sha256
	asset_content_type: application/octet-stream
	- name: Upload Linux rpm Hashes
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sha256
	asset_path: ballerina-${{ steps.version-set.outputs.longVersion }}-linux-x64.rpm.sha256
	asset_content_type: application/octet-stream
	- name: Upload Ballerina zip Hashes
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.longVersion }}.zip.sha256
	asset_path: ballerina-${{ steps.version-set.outputs.longVersion }}.zip.sha256
	asset_content_type: application/octet-stream
	- name: Upload ballerina Short Name zip Hashes
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ steps.create_release.outputs.upload_url }}
	asset_name: ballerina-${{ steps.version-set.outputs.sversion }}.zip.sha256
	asset_path: ballerina-${{ steps.version-set.outputs.sversion }}.zip.sha256
	asset_content_type: application/octet-stream
	- name: Install Ballerina DEB
	run: sudo dpkg -i installers/linux-deb/target/ballerina-*-linux-x64.deb
	- name: Update Installer Test Configs
	run: \|
	DISPLAY_TEXT=${{ steps.version-set.outputs.langVersion }}
	SWAN_LAKE_LATEST_VERSION="swan-lake-"+$DISPLAY_TEXT
	perl -pi -e "s/^\sswan-lake-latest-version-display-text=./swan-lake-latest-version-display-text=$DISPLAY_TEXT/" ballerina-test-automation/gradle.properties
	perl -pi -e "s/^\sswan-lake-latest-version=./swan-lake-latest-version=$SWAN_LAKE_LATEST_VERSION/" ballerina-test-automation/gradle.properties
	- name: Run Installer Tests
	working-directory: ./ballerina-test-automation/installer-test
	run: ./../gradlew build --stacktrace -scan --console=plain --no-daemon -DballerinaInstalled=true
	env:
	TEST_MODE_ACTIVE: true
	- name: Post release PR
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	run: \|
	curl -fsSL https://github.com/github/hub/raw/master/script/get \| bash -s 2.14.1
	bin/hub pull-request -m "[Automated] Sync master after "$VERSION" release"

	outputs:
	project-version: ${{ steps.version-set.outputs.longVersion }}
	upload-asset-url: ${{ steps.create_release.outputs.upload_url }}
	release-version: ${{ steps.version-set.outputs.taggedVersion }}
	lang-version: ${{ steps.version-set.outputs.langVersion }}

	macos-installer-build:
	name: MacOS Installer Build
	needs: publish-release
	runs-on: macos-latest

	steps:
	- name: Checkout Repository
	uses: actions/checkout@v2
	- name: Set up JDK 17
	uses: actions/setup-java@v2
	with:
	distribution: 'temurin'
	java-version: '17.0.7'
	- name: Download MacOS Intaller Zip
	run: \|
	wget https://github.com/ballerina-platform/ballerina-distribution/releases/download/v${{ needs.publish-release.outputs.release-version }}/ballerina-${{ needs.publish-release.outputs.project-version }}-macos.zip
	- name: cosign-installer
	uses: sigstore/cosign-installer@v3.5.0
	- name: Create macos-pkg Installer
	id: run_installers_pkg
	run: \|
	cd installers/mac
	./build-ballerina-macos-x64.sh -v ${{ needs.publish-release.outputs.project-version }} -p ./../../
	echo "Created macos-pkg successfully"
	- name: Sign the MacOS installer
	run: \|
	cosign sign-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg --output-certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.pem --output-signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sig --yes
	- name: Verify the MacOS installer
	run: \|
	cosign verify-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg --certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.pem --signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
	- name: Generate Hashes
	run: \|
	openssl dgst -sha256 -out ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sha256 installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg
	- name: Upload MacOS pkg Hashes
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
	asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sha256
	asset_path: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sha256
	asset_content_type: application/octet-stream
	- name: Upload MacOS pkg Installer
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
	asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg
	asset_path: installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg
	asset_content_type: application/octet-stream
	- name: Upload MacOS installer's Certificate
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
	asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.pem
	asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.pem
	asset_content_type: application/octet-stream
	- name: Upload MacOS installer's Signature
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
	asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sig
	asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-macos-x64.pkg.sig
	asset_content_type: application/octet-stream
	- name: Install Ballerina PKG
	run: sudo installer -pkg installers/mac/target/pkg/ballerina-*-macos-x64.pkg -target /
	- name: Update Installer Test Configs
	run: \|
	DISPLAY_TEXT=${{ needs.publish-release.outputs.lang-version }}
	SWAN_LAKE_LATEST_VERSION="swan-lake-"+$DISPLAY_TEXT
	perl -pi -e "s/^\sswan-lake-latest-version-display-text=./swan-lake-latest-version-display-text=$DISPLAY_TEXT/" ballerina-test-automation/gradle.properties
	perl -pi -e "s/^\sswan-lake-latest-version=./swan-lake-latest-version=$SWAN_LAKE_LATEST_VERSION/" ballerina-test-automation/gradle.properties
	- name: Run Installer Tests
	working-directory: ./ballerina-test-automation/installer-test
	run: ./../gradlew build --stacktrace -scan --console=plain --no-daemon -DballerinaInstalled=true
	env:
	TEST_MODE_ACTIVE: true
	- name: Download MacOS-ARM Intaller Zip
	run: \|
	wget https://github.com/ballerina-platform/ballerina-distribution/releases/download/v${{ needs.publish-release.outputs.release-version }}/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm.zip
	- name: Create macos-arm-pkg Installer
	id: run_installers_arm_pkg
	run: \|
	cd installers/mac
	./build-ballerina-macos-x64.sh -v ${{ needs.publish-release.outputs.project-version }} -p ./../../ -a arm
	echo "Created macos-arm-pkg successfully"
	- name: Sign the MacOS-ARM installer
	run: \|
	cosign sign-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg --output-certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.pem --output-signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sig --yes
	- name: Verify the MacOS-ARM installer
	run: \|
	cosign verify-blob installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg --certificate ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.pem --signature ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
	- name: Generate Hashes
	run: \|
	openssl dgst -sha256 -out ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sha256 installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg
	- name: Upload MacOS-ARM pkg Hashes
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
	asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sha256
	asset_path: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sha256
	asset_content_type: application/octet-stream
	- name: Upload MacOS-ARM pkg Installer
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
	asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg
	asset_path: installers/mac/target/pkg/ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg
	asset_content_type: application/octet-stream
	- name: Upload MacOS-ARM installer's Certificate
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
	asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.pem
	asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.pem
	asset_content_type: application/octet-stream
	- name: Upload MacOS-ARM installer's Signature
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
	asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sig
	asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-macos-arm-x64.pkg.sig
	asset_content_type: application/octet-stream

	windows-installer-build:
	name: Windows Installer Build
	needs: publish-release
	runs-on: windows-latest

	steps:
	- name: Checkout Repository
	uses: actions/checkout@v2
	- name: Set up JDK 17
	uses: actions/setup-java@v2
	with:
	distribution: 'temurin'
	java-version: '17.0.7'
	- uses: actions/setup-dotnet@v1
	with:
	dotnet-version: '2.1.x'
	- name: Install GUID Generator
	run: dotnet tool install -g dotnet-guid --version 0.5.2
	- name: Set up Wix toolkit
	run: echo "${WIX}bin" >> $GITHUB_PATH
	shell: bash
	- name: Set cosign-installer
	uses: sigstore/cosign-installer@v3.5.0
	- name: Download Windows Installer Zip
	run: \|
	echo default login ${{ secrets.BALLERINA_BOT_USERNAME }} password ${{ secrets.BALLERINA_BOT_TOKEN }} >> _netrc
	curl --netrc-file _netrc -L -o ballerina-${{ needs.publish-release.outputs.project-version }}-windows.zip https://github.com/ballerina-platform/ballerina-distribution/releases/download/v${{ needs.publish-release.outputs.release-version }}/ballerina-${{ needs.publish-release.outputs.project-version }}-windows.zip
	- name: Create windows-msi Installer
	id: run_installers_msi
	run: \|
	move installers\windows .\
	ren windows w
	cd w
	.\build-ballerina-windows-x64.bat --version ${{ needs.publish-release.outputs.project-version }} --path .\..\
	- name: Sign the Windows installer
	run: \|
	cosign sign-blob w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi --output-certificate ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.pem --output-signature ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sig --yes
	- name: Verify the Windows installer
	run: \|
	cosign verify-blob w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi --certificate ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.pem --signature ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sig --certificate-identity=https://github.com/ballerina-platform/ballerina-distribution/.github/workflows/publish-release.yml@${{ github.ref }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
	- name: Generate Hashes
	run: \|
	openssl dgst -sha256 -out ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sha256 w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi
	- name: Upload Windows msi Hashes
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
	asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sha256
	asset_path: ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sha256
	asset_content_type: application/octet-stream
	- name: Upload Windows msi Installer
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
	asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi
	asset_path: w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi
	asset_content_type: application/octet-stream
	- name: Upload Windows installer's Certificate
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
	asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.pem
	asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.pem
	asset_content_type: application/octet-stream
	- name: Upload Windows installer's Signature
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.BALLERINA_BOT_TOKEN }}
	with:
	upload_url: ${{ needs.publish-release.outputs.upload-asset-url }}
	asset_name: ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sig
	asset_path: ./ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi.sig
	asset_content_type: application/octet-stream
	- name: Install Ballerina msi
	run: msiexec /i w\target\msi\ballerina-${{ needs.publish-release.outputs.project-version }}-windows-x64.msi /quiet /qr
	shell: cmd
	- name: Update Installer Test Configs
	run: \|
	set DISPLAY_TEXT=${{ needs.publish-release.outputs.lang-version }}
	set SWAN_LAKE_LATEST_VERSION=swan-lake-%DISPLAY_TEXT%
	perl -pi -e "s/^\sswan-lake-latest-version-display-text=./swan-lake-latest-version-display-text=%DISPLAY_TEXT%/" ballerina-test-automation/gradle.properties
	perl -pi -e "s/^\sswan-lake-latest-version=./swan-lake-latest-version=%SWAN_LAKE_LATEST_VERSION%/" ballerina-test-automation/gradle.properties
	shell: cmd
	- name: Run Installer Tests
	working-directory: .\ballerina-test-automation\installer-test
	run: \|
	$env:Path += ";C:\Program Files\Ballerina\bin"
	.\..\gradlew build --stacktrace -scan --console=plain --no-daemon -DballerinaInstalled=true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Publish release #534

Workflow file

Publish release #534

Jobs

Run details

Workflow file for this run