diff --git a/.github/actions/extract-release-notes/action.yml b/.github/actions/extract-release-notes/action.yml new file mode 100644 index 00000000..0e1f4958 --- /dev/null +++ b/.github/actions/extract-release-notes/action.yml @@ -0,0 +1,31 @@ +name: Extract Release Notes +description: Extract release notes from CHANGELOG.md for a given version + +inputs: + version: + description: Version to extract notes for + required: true + +outputs: + notes: + description: Extracted release notes + value: ${{ steps.extract.outputs.notes }} + +runs: + using: composite + steps: + - id: extract + shell: bash + run: | + VERSION="${{ inputs.version }}" + MAJOR="${VERSION%%.*}" + # Try exact version match first, fall back to major version match + NOTES=$(awk "/^## ${VERSION}( |$)/{found=1; next} /^## /{if(found) exit} found{print}" CHANGELOG.md) + if [ -z "$NOTES" ]; then + NOTES=$(awk "/^## ${MAJOR}( |$)/{found=1; next} /^## /{if(found) exit} found{print}" CHANGELOG.md) + fi + { + echo "notes<> $GITHUB_OUTPUT diff --git a/.github/actions/prepare-release-artifacts/action.yml b/.github/actions/prepare-release-artifacts/action.yml new file mode 100644 index 00000000..b2280e1f --- /dev/null +++ b/.github/actions/prepare-release-artifacts/action.yml @@ -0,0 +1,61 @@ +name: Prepare Release Artifacts +description: Download, flatten, and verify release artifacts for publishing + +runs: + using: composite + steps: + - name: Download all artifacts + uses: actions/download-artifact@v4 + with: + path: artifacts + + - name: List downloaded artifacts + shell: bash + run: | + echo "=== All artifacts downloaded ===" + ls -lR artifacts/ + echo "" + echo "=== Windows artifacts only ===" + ls -l artifacts/windows-*/ + + - name: Flatten artifacts (exclude unsigned Windows installers) + shell: bash + run: | + mkdir -p staging + # Copy all files except those from unsigned Windows artifact directories + find artifacts -type f ! -path "*/windows-*-unsigned-*/*" -exec cp {} staging/ \; + echo "" + echo "=== Files copied to staging ===" + ls -lh staging/ + echo "" + echo "=== Windows installers in staging ===" + ls -lh staging/YACReader*.exe || echo "No Windows installers found" + + - name: Verify Windows installer signatures + shell: bash + run: | + echo "=== Installing osslsigncode to verify signatures ===" + sudo apt-get update + sudo apt-get install -y osslsigncode + + echo "" + echo "=== Checking signatures on Windows installers ===" + for installer in staging/YACReader*.exe; do + if [ -f "$installer" ]; then + echo "Checking: $(basename $installer)" + echo "File size: $(stat -c%s $installer) bytes" + + # Try to extract signature info + if osslsigncode verify -in "$installer" 2>&1 | grep -q "Signature verification: ok"; then + echo " ✓ SIGNED - Signature verified successfully" + osslsigncode verify -in "$installer" 2>&1 | grep -E "(Signed|Signer|Timestamp)" + else + echo " ✗ UNSIGNED or INVALID - No valid signature found" + osslsigncode verify -in "$installer" 2>&1 | head -20 + fi + echo "" + fi + done + + echo "=== Summary ===" + echo "Total installers in staging: $(ls staging/YACReader*.exe 2>/dev/null | wc -l)" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4df9ccc2..efa5c5d7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -502,58 +502,8 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Download all artifacts - uses: actions/download-artifact@v4 - with: - path: artifacts - - - name: List downloaded artifacts - run: | - echo "=== All artifacts downloaded ===" - ls -lR artifacts/ - echo "" - echo "=== Windows artifacts only ===" - ls -l artifacts/windows-*/ - - - name: Flatten artifacts (exclude unsigned Windows installers) - run: | - mkdir -p staging - # Copy all files except those from unsigned Windows artifact directories - find artifacts -type f ! -path "*/windows-*-unsigned-*/*" -exec cp {} staging/ \; - echo "" - echo "=== Files copied to staging ===" - ls -lh staging/ - echo "" - echo "=== Windows installers in staging ===" - ls -lh staging/YACReader*.exe || echo "No Windows installers found" - - - name: Verify Windows installer signatures - run: | - echo "=== Installing osslsigncode to verify signatures ===" - sudo apt-get update - sudo apt-get install -y osslsigncode - - echo "" - echo "=== Checking signatures on Windows installers ===" - for installer in staging/YACReader*.exe; do - if [ -f "$installer" ]; then - echo "Checking: $(basename $installer)" - echo "File size: $(stat -c%s $installer) bytes" - - # Try to extract signature info - if osslsigncode verify -in "$installer" 2>&1 | grep -q "Signature verification: ok"; then - echo " ✓ SIGNED - Signature verified successfully" - osslsigncode verify -in "$installer" 2>&1 | grep -E "(Signed|Signer|Timestamp)" - else - echo " ✗ UNSIGNED or INVALID - No valid signature found" - osslsigncode verify -in "$installer" 2>&1 | head -20 - fi - echo "" - fi - done - - echo "=== Summary ===" - echo "Total installers in staging: $(ls staging/YACReader*.exe 2>/dev/null | wc -l)" + - name: Prepare release artifacts + uses: ./.github/actions/prepare-release-artifacts - name: Get version id: version @@ -562,6 +512,12 @@ jobs: echo "version=$VERSION" >> $GITHUB_OUTPUT echo "Version: $VERSION" + - name: Extract release notes + id: release_notes + uses: ./.github/actions/extract-release-notes + with: + version: ${{ steps.version.outputs.version }} + - name: Login to Docker Hub uses: docker/login-action@v3 with: @@ -590,6 +546,7 @@ jobs: repository: YACReader/yacreader-dev-builds tag_name: ${{ steps.version.outputs.version }} name: ${{ steps.version.outputs.version }} + body: ${{ steps.release_notes.outputs.notes }} target_commitish: 25313e3d4d03fcbe44d3943db23bc03bbd1a5205 files: staging/* env: @@ -612,58 +569,8 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Download all artifacts - uses: actions/download-artifact@v4 - with: - path: artifacts - - - name: List downloaded artifacts - run: | - echo "=== All artifacts downloaded ===" - ls -lR artifacts/ - echo "" - echo "=== Windows artifacts only ===" - ls -l artifacts/windows-*/ - - - name: Flatten artifacts (exclude unsigned Windows installers) - run: | - mkdir -p staging - # Copy all files except those from unsigned Windows artifact directories - find artifacts -type f ! -path "*/windows-*-unsigned-*/*" -exec cp {} staging/ \; - echo "" - echo "=== Files copied to staging ===" - ls -lh staging/ - echo "" - echo "=== Windows installers in staging ===" - ls -lh staging/YACReader*.exe || echo "No Windows installers found" - - - name: Verify Windows installer signatures - run: | - echo "=== Installing osslsigncode to verify signatures ===" - sudo apt-get update - sudo apt-get install -y osslsigncode - - echo "" - echo "=== Checking signatures on Windows installers ===" - for installer in staging/YACReader*.exe; do - if [ -f "$installer" ]; then - echo "Checking: $(basename $installer)" - echo "File size: $(stat -c%s $installer) bytes" - - # Try to extract signature info - if osslsigncode verify -in "$installer" 2>&1 | grep -q "Signature verification: ok"; then - echo " ✓ SIGNED - Signature verified successfully" - osslsigncode verify -in "$installer" 2>&1 | grep -E "(Signed|Signer|Timestamp)" - else - echo " ✗ UNSIGNED or INVALID - No valid signature found" - osslsigncode verify -in "$installer" 2>&1 | head -20 - fi - echo "" - fi - done - - echo "=== Summary ===" - echo "Total installers in staging: $(ls staging/YACReader*.exe 2>/dev/null | wc -l)" + - name: Prepare release artifacts + uses: ./.github/actions/prepare-release-artifacts - name: Get version id: version @@ -672,6 +579,12 @@ jobs: echo "version=$VERSION" >> $GITHUB_OUTPUT echo "Version: $VERSION" + - name: Extract release notes + id: release_notes + uses: ./.github/actions/extract-release-notes + with: + version: ${{ steps.version.outputs.version }} + - name: Login to Docker Hub uses: docker/login-action@v3 with: @@ -705,6 +618,7 @@ jobs: with: tag_name: ${{ steps.version.outputs.version }} name: ${{ steps.version.outputs.version }} + body: ${{ steps.release_notes.outputs.notes }} files: staging/* env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -726,58 +640,8 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Download all artifacts - uses: actions/download-artifact@v4 - with: - path: artifacts - - - name: List downloaded artifacts - run: | - echo "=== All artifacts downloaded ===" - ls -lR artifacts/ - echo "" - echo "=== Windows artifacts only ===" - ls -l artifacts/windows-*/ - - - name: Flatten artifacts (exclude unsigned Windows installers) - run: | - mkdir -p staging - # Copy all files except those from unsigned Windows artifact directories - find artifacts -type f ! -path "*/windows-*-unsigned-*/*" -exec cp {} staging/ \; - echo "" - echo "=== Files copied to staging ===" - ls -lh staging/ - echo "" - echo "=== Windows installers in staging ===" - ls -lh staging/YACReader*.exe || echo "No Windows installers found" - - - name: Verify Windows installer signatures - run: | - echo "=== Installing osslsigncode to verify signatures ===" - sudo apt-get update - sudo apt-get install -y osslsigncode - - echo "" - echo "=== Checking signatures on Windows installers ===" - for installer in staging/YACReader*.exe; do - if [ -f "$installer" ]; then - echo "Checking: $(basename $installer)" - echo "File size: $(stat -c%s $installer) bytes" - - # Try to extract signature info - if osslsigncode verify -in "$installer" 2>&1 | grep -q "Signature verification: ok"; then - echo " ✓ SIGNED - Signature verified successfully" - osslsigncode verify -in "$installer" 2>&1 | grep -E "(Signed|Signer|Timestamp)" - else - echo " ✗ UNSIGNED or INVALID - No valid signature found" - osslsigncode verify -in "$installer" 2>&1 | head -20 - fi - echo "" - fi - done - - echo "=== Summary ===" - echo "Total installers in staging: $(ls staging/YACReader*.exe 2>/dev/null | wc -l)" + - name: Prepare release artifacts + uses: ./.github/actions/prepare-release-artifacts - name: Get version id: version @@ -786,6 +650,12 @@ jobs: echo "version=$VERSION" >> $GITHUB_OUTPUT echo "Version: $VERSION" + - name: Extract release notes + id: release_notes + uses: ./.github/actions/extract-release-notes + with: + version: ${{ steps.version.outputs.version }} + - name: Login to Docker Hub uses: docker/login-action@v3 with: @@ -815,6 +685,7 @@ jobs: repository: YACReader/yacreader-dev-builds tag_name: ${{ steps.version.outputs.version }} name: ${{ steps.version.outputs.version }} + body: ${{ steps.release_notes.outputs.notes }} prerelease: true target_commitish: 25313e3d4d03fcbe44d3943db23bc03bbd1a5205 files: staging/*