From 1f3908ca9f1363e1e26379ccbd2283d7a6aae369 Mon Sep 17 00:00:00 2001
From: Evil Eye <malusluminis@hotmail.com>
Date: Mon, 4 Nov 2024 20:17:48 +0100
Subject: [PATCH] Include tag in file names and push urls and hashes to gitlab

---
 .github/workflows/build.yaml | 105 +++++++++++++++++++++++++++++++++--
 1 file changed, 100 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 27d15cb..1542244 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -216,12 +216,107 @@ jobs:
 
     - name: Rename artifacts
       run: |
-        mv vcpkg-x64-*-${{ github.sha }}/vcpkg-x64-windows-2019-${{ github.sha }}.7z windows-2019.7z
-        mv vcpkg-x64-*-${{ github.sha }}/vcpkg-x64-windows-2022-${{ github.sha }}.7z windows-2022.7z
-        mv vcpkg-x64-*-${{ github.sha }}/vcpkg-x64-windows-2019-pdb-${{ github.sha }}.7z windows-2019-pdb.7z
-        mv vcpkg-x64-*-${{ github.sha }}/vcpkg-x64-windows-2022-pdb-${{ github.sha }}.7z windows-2022-pdb.7z
+        mv vcpkg-x64-*-${{ github.sha }}/vcpkg-x64-windows-2019-${{ github.sha }}.7z windows-2019-${{ github.ref_name }}.7z
+        mv vcpkg-x64-*-${{ github.sha }}/vcpkg-x64-windows-2022-${{ github.sha }}.7z windows-2022-${{ github.ref_name }}.7z
+        mv vcpkg-x64-*-${{ github.sha }}/vcpkg-x64-windows-2019-pdb-${{ github.sha }}.7z windows-2019-pdb-${{ github.ref_name }}.7z
+        mv vcpkg-x64-*-${{ github.sha }}/vcpkg-x64-windows-2022-pdb-${{ github.sha }}.7z windows-2022-pdb-${{ github.ref_name }}.7z
 
     - name: Release
       uses: softprops/action-gh-release@v2
       with:
-        files: windows-*.7z
+        files: windows-*-${{ github.ref_name }}.7z
+
+    - name: Setup ssh-agent
+      env:
+        SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+      if: ${{ env.SSH_PRIVATE_KEY != '' }}
+      uses: webfactory/ssh-agent@v0.9.0
+      with:
+        ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
+    - name: Import GPG key
+      id: import_gpg
+      env:
+        GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+        GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }}
+      if: ${{ env.GPG_PRIVATE_KEY != '' && env.GPG_PRIVATE_KEY_PASSPHRASE != '' }}
+      uses: crazy-max/ghaction-import-gpg@v6
+      with:
+        gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+        passphrase: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }}
+
+    - name: Configure ssh known hosts for gitlab.com
+      env:
+        SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+      if: ${{ env.SSH_PRIVATE_KEY != '' }}
+      run: cat gitlab_known_hosts >> ~/.ssh/known_hosts
+
+    - name: Configure git user
+      run: |
+        git config --global user.email 'openmw-deps-build@users.noreply.github.com'
+        git config --global user.name 'openmw-deps-build'
+
+    - name: Configure git sign key
+      if: ${{ steps.import_gpg.outputs.fingerprint != '' }}
+      run: |
+        git config --global user.signkey ${{ steps.import_gpg.outputs.fingerprint }}
+        git config --global commit.gpgsign true
+
+    - name: Clone openmw-deps repository via SSH
+      env:
+        SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+        GIT_LFS_SKIP_SMUDGE: 1
+        # see https://github.com/git-lfs/git-lfs/issues/5749
+        GIT_CLONE_PROTECTION_ACTIVE: false
+      if: ${{ env.SSH_PRIVATE_KEY != '' }}
+      run: git clone git@gitlab.com:OpenMW/openmw-deps.git
+
+    - name: Clone openmw-deps repository via HTTPS
+      env:
+        SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+        GIT_LFS_SKIP_SMUDGE: 1
+        # see https://github.com/git-lfs/git-lfs/issues/5749
+        GIT_CLONE_PROTECTION_ACTIVE: false
+      if: ${{ env.SSH_PRIVATE_KEY == '' }}
+      run: git clone https://gitlab.com/OpenMW/openmw-deps.git
+
+    - name: Generate files containing a download url and hash
+      run: |
+        for file in windows-*-${{ github.ref_name }}.7z; do
+          echo "${{ github.server_url }}/${{ github.repository }}/releases/download/${{ github.ref_name }}/$file" > "openmw-deps/windows/$file.txt"
+          shasum -a 512 "$file" >> "openmw-deps/windows/$file.txt"
+        done
+
+    - name: Generate commit message
+      env:
+        GH_TOKEN: ${{ github.token }}
+      working-directory: ${{ github.workspace }}/openmw-deps
+      run: |
+        echo Add vcpkg package urls built at ${{ github.sha }} > commit_message.txt
+        echo >> commit_message.txt
+        printf 'Pushed by ' >> commit_message.txt
+        url=$(gh run --repo ${{ github.repository }} view ${{ github.run_id }} --json jobs --jq '.jobs[] | select(.name == "push-dynamic") | .url')
+        echo "${url:?}" >> commit_message.txt
+        echo >> commit_message.txt
+
+    - name: Commit generated metadata
+      working-directory: ${{ github.workspace }}/openmw-deps
+      run: |
+        git checkout -b vcpkg-x64-${{ github.sha }}
+        git add windows/windows-*-${{ github.ref_name }}.7z.txt
+        git commit -F commit_message.txt
+
+    - name: Verify commit to openmw-deps repository
+      if: ${{ steps.import_gpg.outputs.fingerprint != '' }}
+      working-directory: ${{ github.workspace }}/openmw-deps
+      run: git verify-commit HEAD
+
+    - name: Push generated metadata to gitlab
+      env:
+        SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+      # Make sure only signed commits are pushed
+      if: ${{ vars.PUSH_URL != '' && env.SSH_PRIVATE_KEY != '' && steps.import_gpg.outputs.fingerprint != '' }}
+      working-directory: ${{ github.workspace }}/openmw-deps
+      run: |
+        git remote set-url --push origin "${{ vars.PUSH_URL }}"
+        git push origin vcpkg-x64-${{ github.sha }}