From 3abf49c9c54a5c74a06c8e76eec8527cf48faae6 Mon Sep 17 00:00:00 2001
From: Mathieu Morrissette <mathieumorrissette@gmail.com>
Date: Fri, 28 Feb 2025 11:38:05 -0500
Subject: [PATCH] fix(ci): Fix release ci

---
 .github/workflows/ci.yml             | 39 +---------------
 .github/workflows/release-nugets.yml | 35 ++++++--------
 .github/workflows/release-others.yml | 69 ++++++++++------------------
 3 files changed, 41 insertions(+), 102 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f4181f1f..77daede7 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -43,7 +43,7 @@ jobs:
   #### NATIVE BUILD ####
   native_build_linux:
     needs: [rust_code_format, setup_config]
-    runs-on: "ubuntu-20.04" # Ensure we build with the minimum supported sysroot
+    runs-on: "ubuntu-22.04" # Ensure we build with the minimum supported sysroot
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/workflows/native/native-build-linux
@@ -279,39 +279,4 @@ jobs:
         with:
           lfs: true
       - run: git lfs pull
-      - uses: ./.github/workflows/other/source-publish
-
-  publish_sbom:
-    runs-on: "ubuntu-22.04"
-    if: ${{ github.event.inputs.generate_release == 'true' }}
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Check out devolutions/actions
-        uses: actions/checkout@v4
-        with:
-          path: ./.github/workflows
-          ref: v1
-          repository: Devolutions/actions
-          token: ${{ secrets.DEVOLUTIONSBOT_TOKEN }}
-
-      - name: Generate Rust SBOM
-        uses:  ./.github/workflows/cyclonedx-rust-generate
-        with:
-          path: .
-
-      - name: Save BOM
-        uses: actions/upload-artifact@v4.3.6
-        with:
-          name: bom_devolutions_crypto_rust.xml
-          path: ./bom.xml
-
-      - name: Upload SBOM
-        uses:  ./.github/workflows/dtrack-upload-sbom
-        with:
-          api_key: ${{ secrets.DTRACK_AUTOMATION_API_KEY }}
-          autocreate: 'true'
-          bom_filename: devolutions-crypto/bom.xml
-          project_name: 'devolutions-crypto'
-          project_version: ${{ github.event.inputs.version }}
-          server_hostname: 'dtrack-api.devolutions.com'
+      - uses: ./.github/workflows/other/source-publish
\ No newline at end of file
diff --git a/.github/workflows/release-nugets.yml b/.github/workflows/release-nugets.yml
index 5a93d08f..1621b2ce 100644
--- a/.github/workflows/release-nugets.yml
+++ b/.github/workflows/release-nugets.yml
@@ -36,21 +36,25 @@ jobs:
         git config user.email "bot@devolutions.net"
         git fetch --all
 
-    - name: Read Version
-      id: version
-      run: |
-        version=$(grep "version" config.txt | sed -E 's/version = "(.*)"/\1/')
-        echo "version=$version" >> $GITHUB_OUTPUT
-
     - name: Download Nugets Artifact
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         CI: true
-      run: dv github download-artifact nugets-windows . devolutions-crypto
+      run: |
+        dv github download-artifact nugets-windows . devolutions-crypto
+        dv github download-artifact config.txt . devolutions-crypto
 
     - name: Extract Artifacts
-      run: 7z x nugets-windows.zip -o./devolutions-crypto-nugets
-  
+      run: |
+        7z x nugets-windows.zip -o./devolutions-crypto-nugets
+        7z x config.txt.zip
+
+    - name: Read Version
+      id: version
+      run: |
+        version=$(grep "version" config.txt | sed -E 's/version = "(.*)"/\1/')
+        echo "version=$version" >> $GITHUB_OUTPUT
+
     - name: Publish Core NuGet
       if: ${{ inputs.publish_core_nuget }}
       run: |
@@ -67,17 +71,6 @@ jobs:
         if [ "${{ inputs.publish_dry_run }}" != "true" ]; then # if not dry run, actually run the command
           eval "$COMMAND"
 
-          git checkout "release/nuget-v${{ steps.version.outputs.version }}"
-          git push origin "release/nuget-v${{ steps.version.outputs.version }}"
           git tag "nuget-v${{ steps.version.outputs.version }}"
           git push origin "nuget-v${{ steps.version.outputs.version }}"
-        fi
-
-    - name: Delete Nuget branch
-      if: ${{ inputs.publish_core_nuget && !inputs.publish_dry_run }}
-      run: |
-        git fetch
-        git reset --hard HEAD
-        git clean -fdx
-        git switch master
-        git push origin --delete release/nuget-v${{ steps.version.outputs.version }}
\ No newline at end of file
+        fi
\ No newline at end of file
diff --git a/.github/workflows/release-others.yml b/.github/workflows/release-others.yml
index fb5b8db2..d6f80d15 100644
--- a/.github/workflows/release-others.yml
+++ b/.github/workflows/release-others.yml
@@ -6,6 +6,10 @@ on:
         description: "Publish Rust Crate"
         required: true
         type: boolean
+      publish_sbom_rust:
+        description: "Publish Rust SBOM"
+        required: true
+        type: boolean
       publish_kotlin:
         description: "Publish Kotlin"
         required: true
@@ -106,8 +110,6 @@ jobs:
         else
           cargo publish --token ${{ secrets.CRATES_IO_TOKEN }}
 
-          git checkout "release/rust-v${{ steps.version.outputs.version_native }}"
-          git push origin "release/rust-v${{ steps.version.outputs.version_native }}"
           git tag "rust-v${{ steps.version.outputs.version_native }}"
           git push origin "rust-v${{ steps.version.outputs.version_native }}"
         fi
@@ -123,8 +125,6 @@ jobs:
         else
           npm publish --access=public
 
-          git checkout "release/npm-bundler-v${{ steps.version.outputs.version_native }}"
-          git push origin "release/npm-bundler-v${{ steps.version.outputs.version_native }}"
           git tag "npm-bundler-v${{ steps.version.outputs.version_native }}"
           git push origin "npm-bundler-v${{ steps.version.outputs.version_native }}"
         fi
@@ -140,8 +140,6 @@ jobs:
         else
           npm publish --access=public
 
-          git checkout "release/npm-web-v${{ steps.version.outputs.version_native }}"
-          git push origin "release/npm-web-v${{ steps.version.outputs.version_native }}"
           git tag "npm-web-v${{ steps.version.outputs.version_native }}"
           git push origin "npm-web-v${{ steps.version.outputs.version_native }}"
         fi
@@ -162,8 +160,6 @@ jobs:
         else
           twine upload --verbose -u "__token__" -p ${{ secrets.PYPI_OWNER_API_KEY }} ./devolutions-crypto-wheels/*
 
-          git checkout "release/python-v${{ steps.version.outputs.version_native }}"
-          git push origin "release/python-v${{ steps.version.outputs.version_native }}"
           git tag "python-v${{ steps.version.outputs.version_native }}"
           git push origin "python-v${{ steps.version.outputs.version_native }}"
         fi
@@ -179,8 +175,6 @@ jobs:
         cloudsmith push maven devolutions/maven-public devolutions-crypto-maven-android/outputs/aar/lib.aar \
         --pom-file=devolutions-crypto-maven-android/publications/mavenAndroid/pom-default.xml
 
-        git checkout "release/kotlin-v${{ steps.version.outputs.version }}"
-        git push origin "release/kotlin-v${{ steps.version.outputs.version }}"
         git tag "kotlin-v${{ steps.version.outputs.version }}"
         git push origin "kotlin-v${{ steps.version.outputs.version }}"
       env:
@@ -222,39 +216,26 @@ jobs:
         git switch master
         git push origin --delete release/swift-v${{ steps.version.outputs.version }}
 
-    - name: Delete Kotlin branch
-      if: ${{ inputs.publish_kotlin && !inputs.publish_dry_run }}
-      run: |
-        git fetch
-        git reset --hard HEAD
-        git clean -fdx
-        git switch master
-        git push origin --delete release/kotlin-v${{ steps.version.outputs.version }}
-
-    - name: Delete Python branch
-      if: ${{ inputs.publish_python && !inputs.publish_dry_run }}
-      run: |
-        git fetch
-        git reset --hard HEAD
-        git clean -fdx
-        git switch master
-        git push origin --delete release/python-v${{ steps.version.outputs.version_native }}
+    - name: Generate Rust SBOM
+      if: ${{ inputs.publish_sbom_rust }}
+      uses:  ./.github/workflows/cyclonedx-rust-generate
+      with:
+        path: .
 
-    - name: Delete Rust branch
-      if: ${{ inputs.publish_python && !inputs.publish_dry_run }}
-      run: |
-        git fetch
-        git reset --hard HEAD
-        git clean -fdx
-        git switch master
-        git push origin --delete release/rust-v${{ steps.version.outputs.version_native }}
+    - name: Save BOM
+      if: ${{ inputs.publish_sbom_rust }}
+      uses: actions/upload-artifact@v4.3.6
+      with:
+        name: bom_devolutions_crypto_rust.xml
+        path: ./bom.xml
 
-    - name: Delete NPM branches
-      if: ${{ inputs.publish_npm && !inputs.publish_dry_run }}
-      run: |
-        git fetch
-        git reset --hard HEAD
-        git clean -fdx
-        git switch master
-        git push origin --delete release/npm-bundler-v${{ steps.version.outputs.version_native }}
-        git push origin --delete release/npm-web-v${{ steps.version.outputs.version_native }}
\ No newline at end of file
+    - name: Upload SBOM
+      if: ${{ inputs.publish_sbom_rust }}
+      uses:  ./.github/workflows/dtrack-upload-sbom
+      with:
+        api_key: ${{ secrets.DTRACK_AUTOMATION_API_KEY }}
+        autocreate: 'true'
+        bom_filename: devolutions-crypto/bom.xml
+        project_name: 'devolutions-crypto'
+        project_version: ${{ github.event.inputs.version }}
+        server_hostname: 'dtrack-api.devolutions.com'