name: "Publish Images" on: workflow_call: inputs: git_ref: required: true type: string artifact_id: required: true type: string artifact_file: required: true type: string dry_run: required: false type: boolean default: false jobs: publish: runs-on: ubuntu-latest defaults: run: shell: bash env: VERSION: "${{ inputs.git_ref }}" permissions: contents: write steps: - name: Checkout code uses: actions/checkout@v3 with: ref: "${{ env.VERSION }}" - name: "Download artifact" uses: actions/download-artifact@v4 with: name: ${{ inputs.artifact_id }} path: artifacts - name: "Publish artifact" env: IMG: "${{ inputs.artifact_file }}" GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | set -ex mkdir -p publish mv "artifacts/${{ inputs.artifact_file }}" publish/ cd publish asset="${IMG}" [[ "$IMG" =~ .*".img" ]] && { zip "${IMG%.img}.zip" "${IMG?}" asset="${IMG%.img}.zip" } checksum="$(md5sum "$asset")" echo "Artifact Checksum: $checksum" [[ "${{ inputs.dry_run }}" == "true" ]] && { echo "Dry run only. Skipping release..." exit 0 } success=false for i in {1..5} do body="$(gh release view --json body "${VERSION}" | jq -r '.body')" if ! [[ "$body" =~ .*'**Checksums:**'.* ]] then body="${body} **Checksums:** \`\`\` \`\`\`" fi body="${body%$'\n\`\`\`'*} $checksum \`\`\`" gh release edit "${VERSION?}" -n "$body" if gh release view --json body "${VERSION}" | jq -r '.body' | grep "$checksum" then success=true break else WAIT_TIME="$((1 + $RANDOM % 20))" echo "Checksum missing from release description. Retrying in $WAIT_TIME seconds..." sleep "$WAIT_TIME" fi done [[ "$success" == "true" ]] || { echo "Updating release description failed." exit 1 } gh release upload "${VERSION?}" "${asset}" echo "Image published successfully."