Skip to content
Reproduce and verify packages

Docs. #6649

Sign in to view logs

Docs.

Docs. #6649

Workflow file for this run

.github/workflows/rave.yml at f70b445
name: Reproduce and verify packages
on:
push:
branches:
- trunk
pull_request:
branches:
- '**'
schedule:
# Hourly schedule.
#
# ┌───────────── minute (0 - 59)
# │ ┌────────── hour (0 - 23)
# │ │ ┌─────── day of the month (1 - 31)
# │ │ │ ┌──── month (1 - 12 or JAN-DEC)
# │ │ │ │ ┌─ day of the week (0 - 6 or SUN-SAT)
# │ │ │ │ │
# │ │ │ │ │
# │ │ │ │ │
- cron: '0 * * * *'
workflow_dispatch:
inputs:
version:
description: Full semver tag name for WordPress release in `x.y.z` format.
required: true
type: string
permissions: {}
jobs:
versions:
name: Determine latest version
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
timeout-minutes: 10
outputs:
version: ${{ steps.fetch.outputs.version }}
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: true
- name: Fetch offers from version check API
run: | #shell
# Fetches the latest release
wget --quiet --output-document=- https://api.wordpress.org/core/version-check/1.7/ \
--user-agent='WordPress/6.8' \
| jq '
.offers
| map(select(.response == "autoupdate"))
| max_by(.version | split(".") | map(tonumber))
' > offers.json
- name: Get latest version from API data
if: ${{ github.event_name != 'workflow_dispatch' }}
run: | #shell
# Extract version and if the number is in major.minor syntax, append a .0
version=$(jq --raw-output '.version | capture("(?<major>\\d+)\\.(?<minor>\\d+)(\\.(?<patch>\\d+))?") | .major + "." + .minor + "." + (.patch // "0")' offers.json)
echo "$version" > version.txt
- name: Fetch version from workflow input
if: ${{ github.event_name == 'workflow_dispatch' }}
env:
VERSION: ${{ github.event.inputs.version }}
run: | #shell
echo "${VERSION}" > version.txt
- name: Output version from version.txt
id: fetch
run: | #shell
echo version="$(cat version.txt)" >> "$GITHUB_OUTPUT"
- name: Save version.txt
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # 4.5.0
with:
name: version
path: version.txt
if-no-files-found: error
- name: Save offers.json
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # 4.5.0
with:
name: offers
path: offers.json
if-no-files-found: error
- name: Create pull request if there are changes to offers.json
if: github.ref == 'refs/heads/trunk'
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
with:
add-paths: offers.json
title: "Update offers.json"
body: "This pull request updates the offers.json file."
branch: offers
commit-message: "Update offers.json"
base: trunk
delete-branch: true
reproduce:
name: "Reproduce ${{ needs.versions.outputs.version }}"
permissions: {}
needs:
- versions
strategy:
matrix:
source:
- develop.svn.wordpress.org
- develop.git.wordpress.org
- github-wordpress-develop
- core.trac.wordpress.org
fail-fast: false
uses: ./.github/workflows/reproduce.yml
with:
tag: ${{ needs.versions.outputs.version }}
source: ${{ matrix.source }}
fetch-build:
name: ${{ matrix.label }}
permissions: {}
needs:
- versions
strategy:
matrix:
label:
- Fetch builds
build:
- core.svn.wordpress.org
- core.git.wordpress.org
fail-fast: false
uses: ./.github/workflows/fetch-build.yml
with:
tag: ${{ needs.versions.outputs.version }}
build: ${{ matrix.build }}
compare:
name: ${{ matrix.label }}
permissions: {}
needs:
- reproduce
- fetch-build
- versions
strategy:
matrix:
label:
- Compare
source:
- develop.git.wordpress.org
- github-wordpress-develop
- core.git.wordpress.org
- core.svn.wordpress.org
- core.trac.wordpress.org
fail-fast: false
uses: ./.github/workflows/compare.yml
with:
tag: ${{ needs.versions.outputs.version }}
source: ${{ matrix.source }}
offers:
name: Verify update offers
if: ${{ github.event_name != 'workflow_dispatch' }}
permissions: {}
needs:
- versions
uses: ./.github/workflows/offer.yml
with:
tag: ${{ needs.versions.outputs.version }}
verify-packages:
name: ${{ matrix.label }}
permissions:
contents: read
id-token: write
attestations: write
needs:
- reproduce
- versions
strategy:
matrix:
label:
- Verify packages
package:
- wordpress.org-zip
- wordpress.org-tar
- downloads.wordpress.org-zip
- downloads.wordpress.org-tar
- downloads.w.org-zip
- downloads.w.org-tar
- github-zip
- docker-wordpress
- wpengine-zip
- aspirecloud-zip
- fair-zip
- roots-wordpress-full
- johnpbloch-wordpress
- build.trac.wordpress.org
tag:
- ${{ needs.versions.outputs.version }}
include: ${{ github.event_name != 'workflow_dispatch' && fromJson('[{"label":"Verify latest packages","package":"wordpress.org-zip","tag":"latest"},{"label":"Verify latest packages","package":"wordpress.org-tar","tag":"latest"}]') || fromJson('[]') }}
fail-fast: false
uses: ./.github/workflows/verify.yml
with:
tag: ${{ matrix.tag }}
package: ${{ matrix.package }}
verify-hashes:
name: Verify hashes
permissions: {}
needs:
- versions
uses: ./.github/workflows/hashes.yml
with:
tag: ${{ needs.versions.outputs.version }}
verify-versions:
name: ${{ matrix.label }}
if: ${{ github.event_name != 'workflow_dispatch' }}
permissions:
contents: read
needs:
- versions
strategy:
matrix:
label:
- Verify distributed versions
package:
- github-zip
- docker-wordpress
- wpengine-zip
- aspirecloud-zip
- fair-zip
- roots-wordpress-full
- johnpbloch-wordpress
- stable-check
fail-fast: false
uses: ./.github/workflows/versions.yml
with:
tag: ${{ needs.versions.outputs.version }}
package: ${{ matrix.package }}
verify-checksums:
name: Verify checksums
permissions:
contents: write
pull-requests: write
needs:
- versions
uses: ./.github/workflows/checksums.yml
with:
tag: ${{ needs.versions.outputs.version }}