Rewrite asset deploy.
This switches to `gh` which is the more modern CLI, and also available by default which removes the old installer script. This also tightens the scope where GITHUB_TOKEN is exposed to just the step where `gh` is executed. Finally, it tightens the permissions on the GITHUB_TOKEN (though `contents: write` is extremely permissive, since that allows writing to almost anything in the repo).
This commit is contained in:
parent
baa936439d
commit
9497354cfd
|
@ -7,6 +7,9 @@ defaults:
|
||||||
run:
|
run:
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
release:
|
release:
|
||||||
name: Deploy Release
|
name: Deploy Release
|
||||||
|
@ -32,14 +35,14 @@ jobs:
|
||||||
os: windows-latest
|
os: windows-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@master
|
- uses: actions/checkout@master
|
||||||
- name: Install hub
|
|
||||||
run: ci/install-hub.sh ${{ matrix.os }}
|
|
||||||
- name: Install Rust
|
- name: Install Rust
|
||||||
run: ci/install-rust.sh stable ${{ matrix.target }}
|
run: ci/install-rust.sh stable ${{ matrix.target }}
|
||||||
- name: Build and deploy artifacts
|
- name: Build asset
|
||||||
|
run: ci/make-release-asset.sh ${{ matrix.os }} ${{ matrix.target }}
|
||||||
|
- name: Update release with new asset
|
||||||
env:
|
env:
|
||||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
run: ci/make-release-asset.sh ${{ matrix.os }} ${{ matrix.target }}
|
run: gh release upload $MDBOOK_TAG $MDBOOK_ASSET
|
||||||
pages:
|
pages:
|
||||||
name: GitHub Pages
|
name: GitHub Pages
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
|
@ -1,24 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
# Installs the `hub` executable into hub/bin
|
|
||||||
set -ex
|
|
||||||
case $1 in
|
|
||||||
ubuntu*)
|
|
||||||
curl -LsSf https://github.com/github/hub/releases/download/v2.12.8/hub-linux-amd64-2.12.8.tgz -o hub.tgz
|
|
||||||
mkdir hub
|
|
||||||
tar -xzvf hub.tgz --strip=1 -C hub
|
|
||||||
;;
|
|
||||||
macos*)
|
|
||||||
curl -LsSf https://github.com/github/hub/releases/download/v2.12.8/hub-darwin-amd64-2.12.8.tgz -o hub.tgz
|
|
||||||
mkdir hub
|
|
||||||
tar -xzvf hub.tgz --strip=1 -C hub
|
|
||||||
;;
|
|
||||||
windows*)
|
|
||||||
curl -LsSf https://github.com/github/hub/releases/download/v2.12.8/hub-windows-amd64-2.12.8.zip -o hub.zip
|
|
||||||
7z x hub.zip -ohub
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "OS should be first parameter, was: $1"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
echo "$PWD/hub/bin" >> $GITHUB_PATH
|
|
|
@ -44,9 +44,10 @@ case $1 in
|
||||||
esac
|
esac
|
||||||
cd ../..
|
cd ../..
|
||||||
|
|
||||||
if [[ -z "$GITHUB_TOKEN" ]]
|
if [[ -z "$GITHUB_ENV" ]]
|
||||||
then
|
then
|
||||||
echo "$GITHUB_TOKEN not set, skipping deploy."
|
echo "GITHUB_ENV not set, run: gh release upload $TAG target/$asset"
|
||||||
else
|
else
|
||||||
hub release edit -m "" --attach $asset $TAG
|
echo "MDBOOK_TAG=$TAG" >> $GITHUB_ENV
|
||||||
|
echo "MDBOOK_ASSET=target/$asset" >> $GITHUB_ENV
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in New Issue