name: Upload artifact
description: Upload an encrypted zip archive as a github artifact.
inputs:
path:
description: 'The path(s) that should be uploaded. Paths may contain globs. Only the final component of a path is uploaded.'
required: true
name:
description: 'The name of the artifact.'
required: true
retention-days:
description: 'How long the artifact should be retained for.'
default: 60
encryptionSecret:
description: 'The secret to use for encrypting the files.'
required: true
overwrite:
description: 'Overwrite an artifact with the same name.'
default: false
required: false
runs:
using: "composite"
steps:
- name: Install 7zip
uses: ./.github/actions/setup_bazel_nix
with:
nixTools: |
_7zz
- name: Create temporary directory
id: tempdir
shell: bash
run: echo "directory=$(mktemp -d)" >> "$GITHUB_OUTPUT"
- name: Create archive
shell: bash
run: |
set -euo pipefail
shopt -s extglob
paths="${{ inputs.path }}"
paths=${paths%$'\n'} # Remove trailing newline
# Check if any file matches the given pattern(s).
something_exists=false
for pattern in ${paths}
do
if compgen -G "${pattern}" > /dev/null; then
something_exists=true
fi
done
# Create an archive if files exist.
# Don't create an archive file if no files are found
# and warn.
if ! ${something_exists}
then
echo "::warning:: No files/directories found with the provided path(s): ${paths}. No artifact will be uploaded."
exit 0
fi
for target in ${paths}
do
if compgen -G "${target}" > /dev/null
then
pushd "$(dirname "${target}")"
7zz a -p'${{ inputs.encryptionSecret }}' -bso0 -bsp0 -t7z -ms=on -mhe=on "${{ steps.tempdir.outputs.directory }}/archive.7z" "$(basename "${target}")"
popd
fi
done
- name: Upload archive as artifact
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: ${{ inputs.name }}
path: ${{ steps.tempdir.outputs.directory }}/archive.7z
retention-days: ${{ inputs.retention-days }}
if-no-files-found: ignore
overwrite: ${{ inputs.overwrite }}