zishuo/rtsp-simple-server
1
0
Fork 0
mirror of https://github.com/aler9/rtsp-simple-server synced 2026-04-22 15:07:19 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
11a3d3eaeea0e594c85cf4072305164828ee46a0
rtsp-simple-server/.github/workflows/release.yml
T
dependabot[bot] 11a3d3eaee build(deps): bump actions/github-script from 8 to 9 (#5662) 
Bumps [actions/github-script](https://github.com/actions/github-script) from 8 to 9.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v8...v9)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: '9'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-19 21:40:50 +02:00

161 lines
4.4 KiB
YAML
Raw Blame History

name: release
on:
push:
tags:
- 'v*'
permissions:
id-token: write
attestations: write
artifact-metadata: write
contents: write
issues: write
jobs:
binaries:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v6
- run: make binaries
- run: cd binaries && sha256sum -b * > checksums.sha256
- uses: actions/attest@v4
with:
subject-path: '${{ github.workspace }}/binaries/*'
- uses: actions/upload-artifact@v7
with:
name: binaries
path: binaries
github_release:
needs: binaries
runs-on: ubuntu-22.04
steps:
- uses: actions/download-artifact@v8
with:
name: binaries
path: binaries
- uses: actions/github-script@v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fs = require('fs').promises;
const { repo: { owner, repo } } = context;
const currentRelease = context.ref.split('/')[2];
let body = `## New major features\n`
+ `\n`
+ `TODO\n`
+ `\n`
+ `## Fixes and improvements\n`
+ `\n`
+ `TODO\n`
+ `\n`
+ `## Security\n`
+ `\n`
+ `Binaries are compiled from source code by the [Release workflow](https://github.com/${owner}/${repo}/actions/workflows/release.yml), which is a fully-visible process that prevents any change or external interference in produced artifacts.\n`
+ `\n`
+ 'Checksums of binaries are also published in a public blockchain by using [GitHub Attestations](https://docs.github.com/en/actions/concepts/security/artifact-attestations), and they can be verified by running:\n'
+ `\n`
+ '```\n'
+ `ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx\n`
+ '```\n'
+ `\n`
+ 'You can verify checksums of binaries by downloading `checksums.sha256` and running:\n'
+ `\n`
+ '```\n'
+ `cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check\n`
+ '```\n'
+ `\n`;
const res = await github.rest.repos.createRelease({
owner,
repo,
tag_name: currentRelease,
name: currentRelease,
body,
});
const release_id = res.data.id;
for (const name of await fs.readdir('./binaries/')) {
await github.rest.repos.uploadReleaseAsset({
owner,
repo,
release_id,
name,
data: await fs.readFile(`./binaries/${name}`),
});
}
github_notify_issues:
needs: github_release
runs-on: ubuntu-22.04
steps:
- uses: actions/github-script@v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { repo: { owner, repo } } = context;
const tags = await github.rest.repos.listTags({
owner,
repo,
});
const curTag = tags.data[0];
const prevTag = tags.data[1];
const diff = await github.rest.repos.compareCommitsWithBasehead({
owner,
repo,
basehead: `${prevTag.commit.sha}...${curTag.commit.sha}`,
});
const issues = {};
for (const commit of diff.data.commits) {
for (const match of commit.commit.message.matchAll(/(^| |\()#([0-9]+)( |\)|$)/g)) {
issues[match[2]] = 1;
}
}
for (const issue in issues) {
try {
await github.rest.issues.createComment({
owner,
repo,
issue_number: parseInt(issue),
body: `This issue is mentioned in release ${curTag.name} 🚀\n`
+ `Check out the entire changelog by [clicking here](https://github.com/${owner}/${repo}/releases/tag/${curTag.name})`,
});
} catch (exc) {
console.error(exc.toString());
}
}
dockerhub:
needs: binaries
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v6
- uses: actions/download-artifact@v8
with:
name: binaries
path: binaries
- run: make dockerhub
env:
DOCKER_USER: ${{ secrets.DOCKER_USER }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
Reference in New Issue View Git Blame Copy Permalink