name: Upload Windows Installer [DEPRECATED] on: workflow_dispatch: inputs: version: description: 'Release version to build and upload (e.g. "v9.8.7")' required: true dryrun: description: 'Perform all the steps except uploading to the release page' required: true default: "true" # 'choice' type requires string value type: choice options: - "true" # Must be quoted string, boolean value not supported. - "false" permissions: contents: write jobs: build: runs-on: windows-latest env: FETCH_BASE_URL: ${{ github.server_url }}/${{ github.repository }} steps: - name: Consolidate dryrun setting to always be true or false id: actual_dryrun run: | # The 'release' trigger will not have a 'dryrun' input set. Handle # this case in a readable/maintainable way. $inputs_dryrun = "${{ inputs.dryrun }}" if ($inputs_dryrun.Length -lt 1) { Write-Output "dryrun=false" | Out-File -FilePath $env:GITHUB_OUTPUT -Append } else { Write-Output "dryrun=${{ inputs.dryrun }}" | Out-File -FilePath $env:GITHUB_OUTPUT -Append } - name: Dry Run Status run: | Write-Output "::notice::This workflow execution will be a dry-run: ${{ steps.actual_dryrun.outputs.dryrun }}" - name: Determine version id: getversion run: | $version = "${{ inputs.version }}" if ($version.Length -lt 1) { $version = "${{ github.event.release.tag_name }}" if ($version.Length -lt 1) { Write-Host "::error::Could not determine version!" Exit 1 } } Write-Output "version=$version" | Out-File -FilePath $env:GITHUB_OUTPUT -Append # Note this purposefully checks out the same branch the action runs in, as the # installer build script is designed to support older releases (uses the archives # on the release tag). - uses: actions/checkout@v5 # This step is super-duper critical for the built/signed windows installer .exe file. # It ensures the referenced $version github release page does NOT already contain # this file. Windows assigns a UUID to the installer at build time, it's assumed # by windows that one release version == one UUID (always). Breaking this assumption # has some rather nasty side-effects in windows, such as possibly breaking 'uninstall' # functionality. For dry-runs, the .exe is saved in the workflow artifacts for a human # to judge w/n (i.e. in some extreme case) it should be uploaded to the release page. - name: Check id: check run: | Push-Location contrib\win-installer .\check.ps1 ${{steps.getversion.outputs.version}} $code = $LASTEXITCODE if ($code -eq 2) { Write-Output "already-exists=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Append Pop-Location Exit 0 } Write-Output "upload_asset_name=$env:UPLOAD_ASSET_NAME" | Out-File -FilePath $env:GITHUB_OUTPUT -Append Pop-Location Exit $code # The podman release process requires a cross-compile of the windows binaries be uploaded to # the release page as a hard-coded filename. If non-existent, this workflow will fail in # non-obvious ways with a non-obvious error message. Address that here. - name: Confirm upload_asset_name is non-empty if: steps.check.outputs.upload_asset_name == '' run: | Write-Output "::error::check.ps1 script failed to find manually uploaded podman-remote-release-windows_amd64.zip github release asset for version ${{steps.getversion.outputs.version}}." Exit 1 - name: Set up Go uses: actions/setup-go@v6 # N/B: already-exists may be an empty-string or "false", handle both cases. if: steps.check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true' with: go-version: stable - name: Set up WiX run: dotnet tool install --global wix - name: Setup Signature Tooling if: steps.Check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true' run: | dotnet tool install --global AzureSignTool --version 3.0.0 echo "CERT_NAME=${{secrets.AZ_CERT_NAME}}" | Out-File -FilePath $env:GITHUB_ENV -Append echo "VAULT_ID=${{secrets.AZ_VAULT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append echo "APP_ID=${{secrets.AZ_APP_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append echo "TENANT_ID=${{secrets.AZ_TENANT_ID}}" | Out-File -FilePath $env:GITHUB_ENV -Append echo "CLIENT_SECRET=${{secrets.AZ_CLIENT_SECRET}}" | Out-File -FilePath $env:GITHUB_ENV -Append - name: Pandoc Setup uses: r-lib/actions/setup-pandoc@v2 with: pandoc-version: '3.1.11' - name: Build id: build if: steps.check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true' run: | Push-Location contrib\win-installer .\build.ps1 ${{steps.getversion.outputs.version}} prod $code = $LASTEXITCODE if ($code -eq 2) { Write-Output "artifact-missing=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Append Pop-Location Exit 0 } Pop-Location Exit $code - name: Artifact if: steps.check.outputs.already-exists != 'true' || steps.actual_dryrun.outputs.dryrun == 'true' uses: actions/upload-artifact@v4 with: name: installer path: | ${{ steps.check.outputs.upload_asset_name }} .\contrib\win-installer\shasums - name: Upload if: >- steps.actual_dryrun.outputs.dryrun == 'false' && steps.check.outputs.already-exists != 'true' && steps.build.outputs.artifact-missing != 'true' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | Push-Location contrib\win-installer $version = "${{ steps.getversion.outputs.version }}" if ($version[0] -ne "v") { $version = "v$version" } gh release upload $version ${{ steps.check.outputs.upload_asset_name }} if ($LASTEXITCODE -ne 0) { .\check.ps1 $version if ($LASTEXITCODE -eq 2) { Write-Host "Another job uploaded before us, skipping" Pop-Location Exit 0 } Pop-Location Exit 1 } if (Test-Path -Path shasums) { gh release upload --clobber $version shasums } Pop-Location