π Deployment #421
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
| name: π Deployment | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| date: | |
| description: Build date | |
| required: true | |
| type: string | |
| prerelease: | |
| description: This is a pre-release | |
| required: true | |
| type: string | |
| tags: | |
| description: Tag a release | |
| required: true | |
| type: string | |
| permissions: | |
| contents: read | |
| actions: read | |
| jobs: | |
| build: | |
| name: π Build | |
| uses: ./.github/workflows/build.yml | |
| secrets: | |
| MOZ_API_KEY: '${{ secrets.MOZ_API_KEY }}' | |
| with: | |
| MOZ_BUILD_DATE: '${{ github.event.inputs.date }}' | |
| PRE_RELEASE: '${{ github.event.inputs.prerelease }}' | |
| TAG_VERSION: '${{ github.event.inputs.tags }}' | |
| TRIGGER_EVENT: '${{ github.event_name }}' | |
| sign: | |
| name: β Sign | |
| uses: ./.github/workflows/sign.yml | |
| needs: build | |
| permissions: | |
| actions: read | |
| contents: read | |
| id-token: write | |
| secrets: | |
| AWS_ACCESS_KEY_ID: '${{ secrets.CF_ACCESS_KEY_ID }}' | |
| AWS_SECRET_ACCESS_KEY: '${{ secrets.CF_ACCESS_KEY_SECRET }}' | |
| AZURE_CLIENT_ID: '${{ secrets.AZURE_CLIENT_ID }}' | |
| AZURE_CRT: '${{ secrets.AZURE_CRT }}' | |
| AZURE_SUBSCRIPTION_ID: '${{ secrets.AZURE_SUBSCRIPTION_ID }}' | |
| AZURE_TENANT_ID: '${{ secrets.AZURE_TENANT_ID }}' | |
| AZURE_VAULT_ID: '${{ secrets.AZURE_VAULT_ID }}' | |
| CF_ENDPOINT: '${{ secrets.CF_ENDPOINT }}' | |
| MACOS_CERTIFICATE: '${{ secrets.MACOS_CERTIFICATE }}' | |
| MACOS_CERTIFICATE_PWD: '${{ secrets.MACOS_CERTIFICATE_PWD }}' | |
| MACOS_CI_KEYCHAIN_PWD: '${{ secrets.MACOS_CI_KEYCHAIN_PWD }}' | |
| MACOS_NOTARIZATION_APPLE_ID: '${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}' | |
| MACOS_NOTARIZATION_PWD: '${{ secrets.MACOS_NOTARIZATION_PWD }}' | |
| MACOS_NOTARIZATION_TEAM_ID: '${{ secrets.MACOS_NOTARIZATION_TEAM_ID }}' | |
| ONE_PEM: '${{ secrets.ONE_PEM }}' | |
| SIGN_BASE64: '${{ secrets.SIGN_BASE64 }}' | |
| with: | |
| build_run_id: '${{ needs.build.outputs.run_id }}' | |
| manual_resign: 'false' | |
| publish: | |
| name: π Publish | |
| uses: ./.github/workflows/publish.yml | |
| needs: sign | |
| secrets: | |
| AWS_ACCESS_KEY_ID: '${{ secrets.CF_ACCESS_KEY_ID }}' | |
| AWS_SECRET_ACCESS_KEY: '${{ secrets.CF_ACCESS_KEY_SECRET }}' | |
| CF_AUTH: '${{ secrets.BULK_REDIRECT_TOKEN }}' | |
| CF_ENDPOINT: '${{ secrets.CF_ENDPOINT }}' | |
| CF_ZONE_ID: '${{ secrets.CF_ZONE_ID }}' | |
| with: | |
| sign_run_id: '${{ needs.sign.outputs.sign_run_id }}' |