constellation/.github/actions/artifact_upload/action.yml

name: Upload artifact
description: Upload an encrypted zip archive as a github artifact.

inputs:
  path:
    description: 'The path(s) that should be uploaded. Paths may contain globs. Only the final component of a path is uploaded.'
    required: true
  name:
    description: 'The name of the artifact.'
    required: true
  retention-days:
    description: 'How long the artifact should be retained for.'
    default: 60
  encryptionSecret:
    description: 'The secret to use for encrypting the files.'
    required: true

runs:
  using: "composite"
  steps:
    - name: Install zip
      uses: ./.github/actions/setup_bazel_nix
      with:
        nixTools: |
          zip

    - name: Create temporary directory
      id: tempdir
      shell: bash
      run: echo "directory=$(mktemp -d)" >> "$GITHUB_OUTPUT"

    - name: Create archive
      shell: bash
      run: |
        shopt -s extglob

        paths="${{ inputs.path }}"
        paths=${paths%$'\n'} # Remove trailing newline

        # Check if any file matches the given pattern(s).
        something_exists=false
        for pattern in ${paths}
        do
          if compgen -G "${pattern}" > /dev/null; then
            something_exists=true
          fi
        done

        # Create an archive if files exist.
        # Don't create an archive file if no files are found
        # and warn.
        if ! ${something_exists}
        then
          echo "::warning:: No files/directories found with the provided path(s): ${paths}. No artifact will be uploaded."
          exit 0
        fi

        for target in ${paths}
        do
          pushd "$(dirname "${target}")" || exit 1
          zip -e -P '${{ inputs.encryptionSecret }}' -r "${{ steps.tempdir.outputs.directory }}/archive.zip" "$(basename "${target}")"
          popd || exit 1
        done

    - name: Upload archive as artifact
      uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
      with:
        name: ${{ inputs.name }}
        path: ${{ steps.tempdir.outputs.directory }}/archive.zip
        retention-days: ${{ inputs.retention-days }}
        if-no-files-found: ignore
ci: encrypt artifacts (#2567) 2023-12-20 09:17:49 -05:00			`name: Upload artifact`
			`description: Upload an encrypted zip archive as a github artifact.`

			`inputs:`
			`path:`
ci: fix artifact upload in image build pipeline (#2765) * Fix parameter expansion when uploading multiple files * On download, ensure target directory exists * Rename encryption-secret -> encryptionSecret * Remove incorrect secret access from e2e test action * Add missing checkout action to workflows using our download action * Fix spacing * Fix upload action uploading whole directory structure instead of target files * Explicitly give write permissions to Azure disk image, since permissions are no longer dropped on upload --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2023-12-21 13:28:18 -05:00			`description: 'The path(s) that should be uploaded. Paths may contain globs. Only the final component of a path is uploaded.'`
ci: encrypt artifacts (#2567) 2023-12-20 09:17:49 -05:00			`required: true`
			`name:`
			`description: 'The name of the artifact.'`
			`required: true`
			`retention-days:`
			`description: 'How long the artifact should be retained for.'`
			`default: 60`
ci: fix artifact upload in image build pipeline (#2765) * Fix parameter expansion when uploading multiple files * On download, ensure target directory exists * Rename encryption-secret -> encryptionSecret * Remove incorrect secret access from e2e test action * Add missing checkout action to workflows using our download action * Fix spacing * Fix upload action uploading whole directory structure instead of target files * Explicitly give write permissions to Azure disk image, since permissions are no longer dropped on upload --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2023-12-21 13:28:18 -05:00			`encryptionSecret:`
ci: encrypt artifacts (#2567) 2023-12-20 09:17:49 -05:00			`description: 'The secret to use for encrypting the files.'`
			`required: true`

			`runs:`
			`using: "composite"`
			`steps:`
			`- name: Install zip`
			`uses: ./.github/actions/setup_bazel_nix`
			`with:`
			`nixTools: \|`
			`zip`

			`- name: Create temporary directory`
			`id: tempdir`
			`shell: bash`
			`run: echo "directory=$(mktemp -d)" >> "$GITHUB_OUTPUT"`

			`- name: Create archive`
			`shell: bash`
			`run: \|`
			`shopt -s extglob`

ci: fix artifact upload in image build pipeline (#2765) * Fix parameter expansion when uploading multiple files * On download, ensure target directory exists * Rename encryption-secret -> encryptionSecret * Remove incorrect secret access from e2e test action * Add missing checkout action to workflows using our download action * Fix spacing * Fix upload action uploading whole directory structure instead of target files * Explicitly give write permissions to Azure disk image, since permissions are no longer dropped on upload --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2023-12-21 13:28:18 -05:00			`paths="${{ inputs.path }}"`
			`paths=${paths%$'\n'} # Remove trailing newline`

ci: encrypt artifacts (#2567) 2023-12-20 09:17:49 -05:00			`# Check if any file matches the given pattern(s).`
			`something_exists=false`
ci: fix artifact upload in image build pipeline (#2765) * Fix parameter expansion when uploading multiple files * On download, ensure target directory exists * Rename encryption-secret -> encryptionSecret * Remove incorrect secret access from e2e test action * Add missing checkout action to workflows using our download action * Fix spacing * Fix upload action uploading whole directory structure instead of target files * Explicitly give write permissions to Azure disk image, since permissions are no longer dropped on upload --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2023-12-21 13:28:18 -05:00			`for pattern in ${paths}`
			`do`
			`if compgen -G "${pattern}" > /dev/null; then`
ci: encrypt artifacts (#2567) 2023-12-20 09:17:49 -05:00			`something_exists=true`
			`fi`
			`done`

			`# Create an archive if files exist.`
			`# Don't create an archive file if no files are found`
			`# and warn.`
ci: fix artifact upload in image build pipeline (#2765) * Fix parameter expansion when uploading multiple files * On download, ensure target directory exists * Rename encryption-secret -> encryptionSecret * Remove incorrect secret access from e2e test action * Add missing checkout action to workflows using our download action * Fix spacing * Fix upload action uploading whole directory structure instead of target files * Explicitly give write permissions to Azure disk image, since permissions are no longer dropped on upload --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2023-12-21 13:28:18 -05:00			`if ! ${something_exists}`
			`then`
			`echo "::warning:: No files/directories found with the provided path(s): ${paths}. No artifact will be uploaded."`
			`exit 0`
ci: encrypt artifacts (#2567) 2023-12-20 09:17:49 -05:00			`fi`

ci: fix artifact upload in image build pipeline (#2765) * Fix parameter expansion when uploading multiple files * On download, ensure target directory exists * Rename encryption-secret -> encryptionSecret * Remove incorrect secret access from e2e test action * Add missing checkout action to workflows using our download action * Fix spacing * Fix upload action uploading whole directory structure instead of target files * Explicitly give write permissions to Azure disk image, since permissions are no longer dropped on upload --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2023-12-21 13:28:18 -05:00			`for target in ${paths}`
			`do`
			`pushd "$(dirname "${target}")" \|\| exit 1`
			`zip -e -P '${{ inputs.encryptionSecret }}' -r "${{ steps.tempdir.outputs.directory }}/archive.zip" "$(basename "${target}")"`
			`popd \|\| exit 1`
			`done`

ci: encrypt artifacts (#2567) 2023-12-20 09:17:49 -05:00			`- name: Upload archive as artifact`
deps: update actions/upload-artifact and actions/download-artifact action to v4 (#2756) * deps: update actions/upload-artifact action to v4 * deps: update actions/download-artifacts action to v4 --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> 2024-02-07 08:50:15 -05:00			`uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1`
ci: encrypt artifacts (#2567) 2023-12-20 09:17:49 -05:00			`with:`
			`name: ${{ inputs.name }}`
			`path: ${{ steps.tempdir.outputs.directory }}/archive.zip`
			`retention-days: ${{ inputs.retention-days }}`
			`if-no-files-found: ignore`