Add support for automatic signing (#805)

dantleech · web-flow · commit 080587c3507d · 2021-04-12T13:55:50.000+01:00
* Add support for automatic signing

* Add composer install

* Fetch depth

* Update release

* Do not build on PR
diff --git a/.github/workflows/release-phar.yml b/.github/workflows/release-phar.yml
@@ -12,27 +12,46 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
+        with:
+            fetch-depth: 0
 
       - name: Set PHP 7.3
         uses: shivammathur/setup-php@v2
         with:
           php-version: '7.3'
 
+      -
+        name: "Composer install"
+        uses: "ramsey/composer-install@v1"
+        with:
+            composer-options: "--no-scripts --no-dev"
+
       - name: Compile phpbench.phar
-        run: |
-          composer install
-          wget https://github.com/box-project/box/releases/download/3.9.1/box.phar
-          php box.phar compile -c box.json.gh-release
+        run: bin/build-phar.sh
+        env:
+          GPG_SIGNING: 1
+          GPG_SECRET_KEY: ${{ secrets.GPG_SECRET_KEY }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
 
       - name: Check existence of compiled .phar
-        run: test -e phpbench.phar && exit 0 || exit 10
+        run: test -e build/phpbench.phar && exit 0 || exit 10
 
-      - name: Upload to Release
+      - name: "Upload PHAR to Release"
         uses: actions/upload-release-asset@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ github.event.release.upload_url }}
-          asset_path: ./phpbench.phar
+          asset_path: ./build/phpbench.phar
           asset_name: phpbench.phar
           asset_content_type: application/octet-stream
+
+      - name: "Attach signature to Release"
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create-release.outputs.upload_url }}
+          asset_path: ./build/phpbench.phar.asc
+          asset_name: phpbench.phar.asc
+          asset_content_type: application/pgp-signature
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,7 @@
 /composer.lock
 /vendor
 /docs/build
+/build
 /.phpbench.sqlite
 /phpunit.xml
 /.travis/phpbench-phar-private.pem
diff --git a/bin/build-phar.sh b/bin/build-phar.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+set -e
+
+mkdir -p build
+cd build
+
+wget -O box.phar https://github.com/box-project/box/releases/download/3.11.1/box.phar
+php box.phar compile -c ../box.json.gh-release
+
+if [[ "$GPG_SIGNING" != '' ]] ; then
+    if [[ "$GPG_SECRET_KEY" != '' ]] ; then
+        echo "Load secret key into gpg"
+        echo "$GPG_SECRET_KEY" | gpg --import --no-tty --batch --yes
+    fi
+
+    echo "Sign Phar"
+
+    echo "$GPG_PASSPHRASE" | gpg --command-fd 0 --passphrase-fd 0 --pinentry-mode loopback -u 15E1F8E2B149E6F5 --batch --detach-sign --armor --output phpbench.phar.asc phpbench.phar
+fi
+
+cd -
diff --git a/box.json.gh-release b/box.json.gh-release
@@ -1,5 +1,4 @@
 {
-  "chmod": "0755",
   "compression": "GZ",
   "directories": [
     "lib",
@@ -21,6 +20,5 @@
   "git-tag": "git_tag",
   "intercept": true,
   "main": "bin/phpbench.php",
-  "output": "phpbench.phar",
-  "stub": true
+  "output": "build/phpbench.phar"
 }

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,4 @@`
`1`	`1`	`{`
`2`		`- "chmod": "0755",`
`3`	`2`	`"compression": "GZ",`
`4`	`3`	`"directories": [`
`5`	`4`	`"lib",`
`@@ -21,6 +20,5 @@`
`21`	`20`	`"git-tag": "git_tag",`
`22`	`21`	`"intercept": true,`
`23`	`22`	`"main": "bin/phpbench.php",`
`24`		`- "output": "phpbench.phar",`
`25`		`- "stub": true`
	`23`	`+ "output": "build/phpbench.phar"`
`26`	`24`	`}`