ci: validate and package updater 3.4 after dual-platform acceptance
This commit is contained in:
@@ -5,6 +5,7 @@ on:
|
||||
branches: [main, develop, 'feature/**', 'release/**', 'hotfix/**']
|
||||
pull_request:
|
||||
branches: [main, develop]
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
@@ -42,16 +43,21 @@ jobs:
|
||||
- name: Git-Staging-Filter Regressionstest
|
||||
run: npm run verify:git-staging
|
||||
|
||||
- name: Release-Manifest und Paketvertrag prüfen
|
||||
run: npm run verify:release-manifest
|
||||
|
||||
- name: Git-Ignore-Grenzen für Quell- und Runtimeordner prüfen
|
||||
run: npm run verify:ignore-boundaries
|
||||
|
||||
- name: Syntaxprüfung
|
||||
run: npm run check
|
||||
|
||||
|
||||
- name: PowerShell-Regressionen statisch prüfen
|
||||
run: npm run verify:powershell-static
|
||||
|
||||
- name: Updater-3.4-Lifecycle und Startkette prüfen
|
||||
run: npm run verify:updater-start-chain && npm run verify:updater-lifecycle
|
||||
|
||||
- name: Produktiven Source-Root und Archivgrenzen prüfen
|
||||
run: npm run verify:source-boundaries
|
||||
|
||||
@@ -146,3 +152,69 @@ jobs:
|
||||
shell: pwsh
|
||||
run: npm run verify:all
|
||||
|
||||
package-after-acceptance:
|
||||
name: Updater-3.4-Paket nach Abnahme
|
||||
needs: [quality, windows-release-contract]
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 15
|
||||
steps:
|
||||
- name: Exakten geprüften Head auschecken
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Node.js 22 aktivieren
|
||||
uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: '22.x'
|
||||
cache: npm
|
||||
|
||||
- name: Abhängigkeiten reproduzierbar installieren
|
||||
run: npm ci
|
||||
|
||||
- name: main für den Provenienzvergleich aktualisieren
|
||||
run: git fetch origin main:refs/remotes/origin/main
|
||||
|
||||
- name: Reproduzierbares Root-Manifest bestätigen
|
||||
shell: bash
|
||||
run: |
|
||||
node tools/generate-release-manifest.mjs .
|
||||
git diff --exit-code -- release-manifest.json
|
||||
|
||||
- name: Paket mit unveränderlicher Provenienz erzeugen
|
||||
env:
|
||||
VENDOO_SOURCE_COMMIT: ${{ github.event.pull_request.head.sha || github.sha }}
|
||||
run: node tools/build-release.mjs
|
||||
|
||||
- name: Paketmanifest und SHA-256 prüfen
|
||||
shell: bash
|
||||
run: |
|
||||
set -euo pipefail
|
||||
release_name="$(tr -d '\r\n' < release-output/RELEASE_NAME.txt)"
|
||||
package_dir="release-output/${release_name}"
|
||||
node --input-type=module - "$package_dir" <<'NODE'
|
||||
import { readAndValidateManifest } from './tools/release-manifest-lib.mjs';
|
||||
const packageDir = process.argv[2];
|
||||
const manifest = readAndValidateManifest(packageDir);
|
||||
if (manifest.schema !== 'vendoo-release-package-v2') throw new Error(`Unerwartetes Paketschema: ${manifest.schema}`);
|
||||
if (manifest.updaterVersion !== '3.4.0') throw new Error(`Unerwartete Updater-Version: ${manifest.updaterVersion}`);
|
||||
if (manifest.targetVersion !== '1.43.0') throw new Error(`Unerwartete Zielversion: ${manifest.targetVersion}`);
|
||||
console.log(`Paket validiert: ${manifest.targetVersion}, Updater ${manifest.updaterVersion}, Payload ${manifest.payloadHash}`);
|
||||
NODE
|
||||
(
|
||||
cd release-output
|
||||
zip -qr "${release_name}.zip" "${release_name}"
|
||||
sha256sum "${release_name}.zip" > "${release_name}.zip.sha256"
|
||||
sha256sum --check "${release_name}.zip.sha256"
|
||||
)
|
||||
|
||||
- name: Abgenommenes Paket als CI-Artefakt bereitstellen
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: vendoo-1.43.0-updater-3.4-${{ github.event.pull_request.head.sha || github.sha }}
|
||||
path: |
|
||||
release-output/*.zip
|
||||
release-output/*.zip.sha256
|
||||
if-no-files-found: error
|
||||
retention-days: 14
|
||||
|
||||
Reference in New Issue
Block a user