External/mediamtx
1
0
Fork 1
mirror of https://github.com/bluenviron/mediamtx.git synced 2025-12-19 17:50:03 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
mediamtx/.github/workflows/release.yml
Alessandro Ros 7bca38badb
add self-upgrader (#3501) (#5035) 
this allows to upgrade MediaMTX to latest version by running

./mediamtx --upgrade
2025-10-13 13:06:47 +02:00

162 lines
4.4 KiB
YAML
Raw Blame History

name: release
on:
push:
tags:
- 'v*'
permissions:
id-token: write
attestations: write
contents: write
issues: write
discussions: write
pull-requests: write
jobs:
binaries:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v5
- run: make binaries
- run: cd binaries && sha256sum -b * > checksums.sha256
- uses: actions/attest-build-provenance@v3
with:
subject-path: '${{ github.workspace }}/binaries/*'
- uses: actions/upload-artifact@v4
with:
name: binaries
path: binaries
github_release:
needs: binaries
runs-on: ubuntu-22.04
steps:
- uses: actions/download-artifact@v5
with:
name: binaries
path: binaries
- uses: actions/github-script@v8
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fs = require('fs').promises;
const { repo: { owner, repo } } = context;
const currentRelease = context.ref.split('/')[2];
let body = `## New major features\n`
+ `\n`
+ `TODO\n`
+ `\n`
+ `## Fixes and improvements\n`
+ `\n`
+ `TODO\n`
+ `\n`
+ `## Security\n`
+ `\n`
+ `Binaries are compiled from source through the [Release workflow](https://github.com/${owner}/${repo}/actions/workflows/release.yml) without human intervention,`
+ ` preventing any external interference.\n`
+ `\n`
+ 'You can verify that binaries have been produced by the workflow by using [GitHub Attestations](https://docs.github.com/en/actions/concepts/security/artifact-attestations):\n'
+ `\n`
+ '```\n'
+ `ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx\n`
+ '```\n'
+ `\n`
+ 'You can verify checksums of binaries by downloading `checksums.sha256` and running:\n'
+ `\n`
+ '```\n'
+ `cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check\n`
+ '```\n'
+ `\n`;
const res = await github.rest.repos.createRelease({
owner,
repo,
tag_name: currentRelease,
name: currentRelease,
body,
});
const release_id = res.data.id;
for (const name of await fs.readdir('./binaries/')) {
await github.rest.repos.uploadReleaseAsset({
owner,
repo,
release_id,
name,
data: await fs.readFile(`./binaries/${name}`),
});
}
github_notify_issues:
needs: github_release
runs-on: ubuntu-22.04
steps:
- uses: actions/github-script@v8
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { repo: { owner, repo } } = context;
const tags = await github.rest.repos.listTags({
owner,
repo,
});
const curTag = tags.data[0];
const prevTag = tags.data[1];
const diff = await github.rest.repos.compareCommitsWithBasehead({
owner,
repo,
basehead: `${prevTag.commit.sha}...${curTag.commit.sha}`,
});
const issues = {};
for (const commit of diff.data.commits) {
for (const match of commit.commit.message.matchAll(/(^| |\()#([0-9]+)( |\)|$)/g)) {
issues[match[2]] = 1;
}
}
for (const issue in issues) {
try {
await github.rest.issues.createComment({
owner,
repo,
issue_number: parseInt(issue),
body: `This issue is mentioned in release ${curTag.name} 🚀\n`
+ `Check out the entire changelog by [clicking here](https://github.com/${owner}/${repo}/releases/tag/${curTag.name})`,
});
} catch (exc) {
console.error(exc.toString());
}
}
dockerhub:
needs: binaries
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v5
- uses: actions/download-artifact@v5
with:
name: binaries
path: binaries
- run: make dockerhub
env:
DOCKER_USER: ${{ secrets.DOCKER_USER }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
Reference in a new issue View git blame Copy permalink