Files
t8y2--dbx/.github/workflows/publish-packages.yml
T
2026-07-13 13:09:14 +08:00

383 lines
14 KiB
YAML

name: Publish Packages
on:
workflow_dispatch:
inputs:
tag:
description: "Release tag (e.g. v0.3.10)"
required: true
permissions:
contents: write
env:
APP_NAME: dbx
PRODUCT_NAME: DBX
REPO_OWNER: t8y2
jobs:
publish:
name: Publish to Homebrew & Scoop
runs-on: ubuntu-latest
steps:
- name: Extract version from tag
id: version
run: |
TAG="${{ github.event.inputs.tag }}"
TAG="$(echo "${TAG}" | xargs)"
VERSION="${TAG#v}"
if [[ ! "${VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+ ]]; then
echo "::error::Tag '${TAG}' does not look like a semver version."
exit 1
fi
echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
- name: Download release assets
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
mkdir -p artifacts
VERSION="${{ steps.version.outputs.version }}"
TAG="${{ steps.version.outputs.tag }}"
ASSETS=(
"${PRODUCT_NAME}_${VERSION}_aarch64.dmg"
"${PRODUCT_NAME}_${VERSION}_x64.dmg"
"${PRODUCT_NAME}_${VERSION}_x64-setup.exe"
"${PRODUCT_NAME}_${VERSION}_arm64-setup.exe"
)
for ASSET in "${ASSETS[@]}"; do
echo "::group::Downloading ${ASSET}"
gh release download "${TAG}" \
--repo "${{ github.repository }}" \
--pattern "${ASSET}" \
--dir artifacts \
--clobber
echo "::endgroup::"
done
ls -lh artifacts/
- name: Compute SHA256 hashes
id: hashes
run: |
VERSION="${{ steps.version.outputs.version }}"
compute_hash() {
local file="$1" name="$2"
if [[ ! -f "${file}" ]]; then
echo "::error::Missing artifact: ${file}"
exit 1
fi
local hash
hash=$(sha256sum "${file}" | cut -d ' ' -f 1)
echo "${name}=${hash}" >> "$GITHUB_OUTPUT"
echo " ${name}: ${hash}"
}
echo "SHA256 hashes:"
compute_hash "artifacts/${PRODUCT_NAME}_${VERSION}_aarch64.dmg" "sha_dmg_arm64"
compute_hash "artifacts/${PRODUCT_NAME}_${VERSION}_x64.dmg" "sha_dmg_x64"
compute_hash "artifacts/${PRODUCT_NAME}_${VERSION}_x64-setup.exe" "sha_exe_x64"
compute_hash "artifacts/${PRODUCT_NAME}_${VERSION}_arm64-setup.exe" "sha_exe_arm64"
- name: Publish Homebrew Cask
env:
TAP_GITHUB_TOKEN: ${{ secrets.TAP_GITHUB_TOKEN }}
run: |
VERSION="${{ steps.version.outputs.version }}"
SHA_ARM64="${{ steps.hashes.outputs.sha_dmg_arm64 }}"
SHA_X64="${{ steps.hashes.outputs.sha_dmg_x64 }}"
git clone --depth 1 \
"https://x-access-token:${TAP_GITHUB_TOKEN}@github.com/${REPO_OWNER}/homebrew-tap.git" \
homebrew-tap
cd homebrew-tap
mkdir -p Casks
cat > Casks/dbx.rb <<'RUBY_EOF'
cask "dbx" do
arch arm: "aarch64", intel: "x64"
version "__VERSION__"
sha256 arm: "__SHA_ARM64__",
intel: "__SHA_X64__"
url "https://github.com/__OWNER__/__APP__/releases/download/v#{version}/__PRODUCT___#{version}_#{arch}.dmg",
verified: "github.com/__OWNER__/__APP__/"
name "DBX"
desc "Database management tool"
homepage "https://dbxio.com/"
depends_on macos: :big_sur
app "DBX.app"
zap trash: [
"~/Library/Application Support/com.dbx.app",
"~/Library/Caches/com.dbx.app",
"~/Library/Logs/com.dbx.app",
"~/Library/Preferences/com.dbx.app.plist",
]
end
RUBY_EOF
sed -i 's/^ //' Casks/dbx.rb
sed -i "s/__VERSION__/${VERSION}/g" Casks/dbx.rb
sed -i "s/__OWNER__/${REPO_OWNER}/g" Casks/dbx.rb
sed -i "s/__APP__/${APP_NAME}/g" Casks/dbx.rb
sed -i "s/__PRODUCT__/${PRODUCT_NAME}/g" Casks/dbx.rb
sed -i "s/__SHA_ARM64__/${SHA_ARM64}/g" Casks/dbx.rb
sed -i "s/__SHA_X64__/${SHA_X64}/g" Casks/dbx.rb
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add Casks/dbx.rb
if git diff --cached --quiet; then
echo "Homebrew Cask is already up to date."
else
git commit -m "dbx ${VERSION}"
git push
echo "::notice::Homebrew Cask updated to ${VERSION}"
fi
- name: Publish Scoop manifest
env:
TAP_GITHUB_TOKEN: ${{ secrets.TAP_GITHUB_TOKEN }}
run: |
VERSION="${{ steps.version.outputs.version }}"
SHA_EXE_X64="${{ steps.hashes.outputs.sha_exe_x64 }}"
SHA_EXE_ARM64="${{ steps.hashes.outputs.sha_exe_arm64 }}"
git clone --depth 1 \
"https://x-access-token:${TAP_GITHUB_TOKEN}@github.com/${REPO_OWNER}/scoop-bucket.git" \
scoop-bucket
cd scoop-bucket
cat > dbx.json <<JSON_EOF
{
"version": "${VERSION}",
"description": "Open-source database management tool",
"homepage": "https://github.com/${REPO_OWNER}/${APP_NAME}",
"license": "Apache-2.0",
"architecture": {
"64bit": {
"url": "https://github.com/${REPO_OWNER}/${APP_NAME}/releases/download/v${VERSION}/${PRODUCT_NAME}_${VERSION}_x64-setup.exe",
"hash": "${SHA_EXE_X64}"
},
"arm64": {
"url": "https://github.com/${REPO_OWNER}/${APP_NAME}/releases/download/v${VERSION}/${PRODUCT_NAME}_${VERSION}_arm64-setup.exe",
"hash": "${SHA_EXE_ARM64}"
}
},
"innosetup": false,
"installer": {
"args": ["/S", "/D=\$dir"]
},
"uninstaller": {
"file": "uninstall.exe",
"args": ["/S"]
},
"checkver": {
"github": "https://github.com/${REPO_OWNER}/${APP_NAME}"
},
"autoupdate": {
"architecture": {
"64bit": {
"url": "https://github.com/${REPO_OWNER}/${APP_NAME}/releases/download/v\$version/${PRODUCT_NAME}_\$version_x64-setup.exe"
},
"arm64": {
"url": "https://github.com/${REPO_OWNER}/${APP_NAME}/releases/download/v\$version/${PRODUCT_NAME}_\$version_arm64-setup.exe"
}
}
}
}
JSON_EOF
sed -i 's/^ //' dbx.json
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add dbx.json
if git diff --cached --quiet; then
echo "Scoop manifest is already up to date."
else
git commit -m "dbx ${VERSION}"
git push
echo "::notice::Scoop manifest updated to ${VERSION}"
fi
upload-r2:
name: Upload to R2
runs-on: ubuntu-latest
steps:
- name: Extract version from tag
id: version
run: |
TAG="${{ github.event.inputs.tag }}"
TAG="$(echo "${TAG}" | xargs)"
echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
- name: Download release assets
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
mkdir -p assets
gh release download "${{ steps.version.outputs.tag }}" \
--repo "${{ github.repository }}" \
--dir assets \
--clobber
ls -lh assets/
- name: Rewrite latest.json download URLs to R2 CDN
run: |
TAG="${{ steps.version.outputs.tag }}"
LATEST_JSON="assets/latest.json"
if [ ! -f "$LATEST_JSON" ]; then
echo "::warning::latest.json not found, skipping URL rewrite"
exit 0
fi
echo "Before:"
jq '.platforms[]?.url // empty' "$LATEST_JSON"
jq --arg tag "$TAG" '
(.platforms[]?.url?) |= (
sub("https://github\\.com/t8y2/dbx/releases/download/" + $tag + "/"; "https://dl.dbxio.com/releases/latest/")
+ "?v=" + $tag
)
' "$LATEST_JSON" > "$LATEST_JSON.tmp"
mv "$LATEST_JSON.tmp" "$LATEST_JSON"
echo "After:"
jq '.platforms[]?.url // empty' "$LATEST_JSON"
- name: Upload to R2 (versioned)
run: |
aws s3 sync ./assets "s3://${{ secrets.R2_BUCKET_NAME }}/releases/${{ steps.version.outputs.tag }}/" \
--endpoint-url "https://${{ secrets.R2_ACCOUNT_ID }}.r2.cloudflarestorage.com"
env:
AWS_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
- name: Upload to R2 (latest)
run: |
aws s3 sync ./assets "s3://${{ secrets.R2_BUCKET_NAME }}/releases/latest/" \
--endpoint-url "https://${{ secrets.R2_ACCOUNT_ID }}.r2.cloudflarestorage.com" \
--cache-control "no-cache" \
--delete
env:
AWS_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
- name: Purge Cloudflare cache
run: |
set -euo pipefail
zone_id="${CLOUDFLARE_ZONE_ID:-}"
if [ -z "$zone_id" ]; then
zone_id="$(curl -fsSL \
-H "Authorization: Bearer ${CLOUDFLARE_API_TOKEN}" \
-H "Content-Type: application/json" \
"https://api.cloudflare.com/client/v4/zones?name=dbxio.com" \
| jq -r '.result[0].id // empty')"
fi
if [ -z "$zone_id" ]; then
echo "::error::Cloudflare zone dbxio.com not found. Set CLOUDFLARE_ZONE_ID or grant Zone:Read to CLOUDFLARE_API_TOKEN."
exit 1
fi
curl -fsSL -X POST \
-H "Authorization: Bearer ${CLOUDFLARE_API_TOKEN}" \
-H "Content-Type: application/json" \
--data '{"purge_everything":true}' \
"https://api.cloudflare.com/client/v4/zones/${zone_id}/purge_cache" \
| jq -e '.success == true'
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
promote-release:
name: Promote to Release
needs: [publish, upload-r2]
runs-on: ubuntu-latest
steps:
- name: Promote prerelease to release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
TAG="${{ github.event.inputs.tag }}"
gh release edit "${TAG}" \
--repo "${{ github.repository }}" \
--prerelease=false \
--latest
echo "::notice::Release ${TAG} promoted from prerelease to latest release"
notify-qq:
name: QQ Notify
needs: [promote-release]
runs-on: ubuntu-latest
steps:
- name: Build message
id: msg
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG: ${{ github.event.inputs.tag }}
run: |
RELEASE_JSON=$(gh release view "${TAG}" --repo "${{ github.repository }}" --json tagName,name,url,body)
export RELEASE_TAG=$(echo "$RELEASE_JSON" | jq -r '.tagName')
export RELEASE_URL=$(echo "$RELEASE_JSON" | jq -r '.url')
export RELEASE_BODY=$(echo "$RELEASE_JSON" | jq -r '.body')
python3 - <<'PYEOF'
import os, re
tag = os.environ["RELEASE_TAG"]
url = os.environ["RELEASE_URL"]
body = os.environ.get("RELEASE_BODY", "")[:800]
body = re.sub(r'#{1,6}\s*', '', body)
body = re.sub(r'\*\*(.+?)\*\*', r'\1', body)
body = re.sub(r'\*(.+?)\*', r'\1', body)
body = re.sub(r'`(.+?)`', r'\1', body)
body = re.sub(r'\[(.+?)\]\(.+?\)', r'\1', body)
body = re.sub(r'\n{3,}', '\n\n', body)
body = body.strip()
msg = "\n".join([
"━━━━━━━━━━━━━━━",
f"🚀 新版本发布 {tag}",
"━━━━━━━━━━━━━━━",
"",
body,
"",
f"下载: {url}",
"━━━━━━━━━━━━━━━",
])
with open(os.environ["GITHUB_OUTPUT"], "a") as f:
delim = "EOF_MSG"
f.write(f"msg<<{delim}\n{msg}\n{delim}\n")
PYEOF
- name: Send to QQ group
env:
SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
HOST: ${{ secrets.DEPLOY_HOST }}
ASTRBOT_API_KEY: ${{ secrets.ASTRBOT_API_KEY }}
MSG_CONTENT: ${{ steps.msg.outputs.msg }}
run: |
mkdir -p ~/.ssh
echo "$SSH_KEY" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
ssh-keyscan -H "$HOST" >> ~/.ssh/known_hosts 2>/dev/null
PAYLOAD=$(jq -nc --arg msg "$MSG_CONTENT" \
'{"umo": "default:GroupMessage:1087880322", "message": $msg}')
printf '%s' "$PAYLOAD" | ssh "root@${HOST}" "curl -fsS -X POST http://localhost:6185/api/v1/im/message \
-H 'Authorization: Bearer ${ASTRBOT_API_KEY}' \
-H 'Content-Type: application/json' \
--data-binary @-"