nginx · sean-breen · Jun 10, 2025 · Jun 10, 2025 · Jun 10, 2025 · Jun 13, 2025
@@ -28,7 +28,7 @@ on:
         default: false
         type: boolean
       createPullRequest:
-        description: 'Create pull request back into v3'
+        description: 'Create pull request back into main'
         default: false
         type: boolean
       releaseBranch:
@@ -262,23 +262,6 @@ jobs:
           echo "$GPG_KEY" | base64 --decode > ${NFPM_SIGNING_KEY_FILE}
           make package
 
-      - name: Azure Login
-        if: ${{ inputs.uploadAzure == true }}
-        uses: azure/login@8c334a195cbb38e46038007b304988d888bf676a # v2.0.0
-        with:
-          creds: ${{ secrets.AZURE_CREDENTIALS }}
-
-      - name: Azure Upload Release Packages
-        if: ${{ inputs.uploadAzure == true }}
-        uses: azure/CLI@965c8d7571d2231a54e321ddd07f7b10317f34d9 # v2.0.0
-        with:
-          inlineScript: |
-            for i in ./build/azure/packages/nginx-agent*; do
-              echo "Uploading ${i} to nginx-agent/${GITHUB_REF##*/}/${i##*/}"
-              az storage blob upload --auth-mode=login -f "$i" -c ${{ secrets.AZURE_CONTAINER_NAME }} \
-              --account-name ${{ secrets.AZURE_ACCOUNT_NAME }} --overwrite -n nginx-agent/${GITHUB_REF##*/}/${i##*/}
-            done
-
       - name: Install GPG tools
         if: ${{ inputs.publishPackages == true }}
         run: |
@@ -302,34 +285,9 @@ jobs:
         run: |
           make release
 
-      - name: Upload Release Assets
-        if: ${{ needs.vars.outputs.github_release == 'true' }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        # clobber overwrites existing assets of the same name
-        run: |
-          gh release upload --clobber v${{ inputs.packageVersion }} \
-            $(find ./build/github/packages -type f \( -name "*.deb" -o -name "*.rpm" -o -name "*.pkg" -o -name "*.apk" \))
-
-      - name: Publish Github Release
-        if: ${{ needs.vars.outputs.github_release == 'true' }}
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          script: |
-            const {RELEASE_ID} = process.env
-            const release = (await github.rest.repos.updateRelease({
-              owner: context.payload.repository.owner.login,
-              repo: context.payload.repository.name,
-              release_id: `${RELEASE_ID}`,
-              draft: false,
-            }))
-            console.log(`Release published: ${release.data.html_url}`)
-        env:
-          RELEASE_ID: ${{ needs.release-draft.outputs.release_id }}
-
   merge-release:
     if: ${{ needs.vars.outputs.create_pull_request == 'true' }}
-    name: Merge release branch back into V3 branch
+    name: Merge release branch back into main branch
     runs-on: ubuntu-22.04
     needs: [vars,tag-release]
     permissions:
@@ -346,11 +304,11 @@ jobs:
           script: |
             const { repo, owner } = context.repo;
             const result = await github.rest.pulls.create({
-              title: 'Merge ${{ github.ref_name }} back into v3',
+              title: 'Merge ${{ github.ref_name }} back into main',
               owner,
               repo,
               head: '${{ github.ref_name }}',
-              base: 'v3',
+              base: 'main',
               body: [
                 'This PR is auto-generated by the release workflow.'
               ].join('\n')

@@ -0,0 +1,102 @@
+name: Publish Release packages
+
+on:
+  workflow_dispatch:
+    inputs:
+      pkgRepo:
+        description: "Source repository to pull packages from"
+        type: string
+        default: ""
+      pkgVersion:
+        description: 'Agent version'
+        type: string
+        default: ""
+      uploadAzure:
+        description: 'Publish packages Azure storage'
+        type: boolean
+        default: false
+      uploadGithub:
+        description: 'Publish packages to GitHub release'
+        type: boolean
+        default: false
+
+defaults:
+  run:
+    shell: bash
+
+permissions:
+  contents: read
+
+jobs:
+  vars:
+    name: Set workflow variables
+    runs-on: ubuntu-22.04
+    outputs:
+      github_release: ${{steps.vars.outputs.github_release }}
+      upload_azure: ${{steps.vars.outputs.upload_azure }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        with:
+          ref: ${{ inputs.releaseBranch }}
+
+      - name: Set variables
+        id: vars
+        run: |
+          echo "github_release=${{ inputs.uploadGithub }}" >> $GITHUB_OUTPUT
+          echo "upload_azure=${{ inputs.uploadAzure }}" >> $GITHUB_OUTPUT
+          cat $GITHUB_OUTPUT
+
+  upload-release-assets:
+    name: Upload assets
+    runs-on: ubuntu-22.04
+    needs: [vars]
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        with:
+          ref: ${{ inputs.releaseBranch }}
+
+      - name: Azure Login
+        if: ${{ inputs.uploadAzure == true }}
+        uses: azure/login@8c334a195cbb38e46038007b304988d888bf676a # v2.0.0
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Download Packages
+        run:
+          |
+          echo "Checking Packages in ${{inputs.pkgRepo}}/nginx-agent"
+          PKG_REPO=${{inputs.pkgRepo}} CERT=${{secrets.PUBTEST_CERT}} KEY=${{secrets.PUBTEST_KEY}} DL=1 scripts/packages/package-check.sh ${{inputs.pkgVersion}}
+          find ${{inputs.pkgRepo}}/nginx-agent | grep -e "nginx-agent[_-]${{inputs.pkgVersion}}"
+
+      - name: Azure Upload Release Packages
+        if: ${{ inputs.uploadAzure == true }}
+        uses: azure/CLI@965c8d7571d2231a54e321ddd07f7b10317f34d9 # v2.0.0
+        with:
+          inlineScript: |
+            for i in $(find ${{inputs.pkgRepo}}/nginx-agent | grep -e "nginx-agent[_-]${{inputs.pkgVersion}}"); do
+              dest="nginx-agent/${GITHUB_REF##*/}/${i##*/}"
+              if [[ "$i" == *.apk ]]; then
+                ver=$(echo "$i" | grep -o -e "v[0-9]*\.[0-9]*")
+                arch=$(echo "$i" | grep -o -F -e "x86_64" -e "aarch64")
+                dest="nginx-agent/${GITHUB_REF##*/}/nginx-agent-$VER-$ver-$arch.apk"
+              fi
+              echo "Uploading ${i} to ${dest}"
+              az storage blob upload --auth-mode=login -f "$i" -c ${{ secrets.AZURE_CONTAINER_NAME }} \
+              --account-name ${{ secrets.AZURE_ACCOUNT_NAME }} --overwrite -n ${dest}
+            done
+
+      - name: Azure Logout
+        run: |
+          az logout
+        if: always()
+
+      - name: GitHub Upload Release Assets
+        if: ${{ needs.vars.outputs.github_release == 'true' }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        # clobber overwrites existing assets of the same name
+        run: |
+          gh release upload --clobber v${{ inputs.pkgVersion }} \
+            $(find ${{inputs.pkgRepo}}/nginx-agent | grep -e "nginx-agent[_-]${{inputs.pkgVersion}}")