chatapppay/.gitea/workflows/upload-release.yml

name: upload-release

on:
  workflow_dispatch:
    inputs:
      release_id:
        description: "Shared release id, for example 20260406-abc1234"
        required: true

env:
  SERVICE_NAME: "pay"
  BINARY_NAME: "pay"
  BUILD_TARGET: "./cmd/pay"
  CONFIG_SOURCE: "config/prod.yaml"
  COS_BUCKET: "app-release-1417798587"
  COS_REGION: "me-saudi-arabia"
  COS_PREFIX: "releases/prod"

jobs:
  build-and-upload:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Go
        uses: actions/setup-go@v5
        with:
          go-version-file: go.mod

      - name: Test
        run: go test ./...

      - name: Build package
        shell: bash
        run: |
          set -Eeuo pipefail
          test -f "${CONFIG_SOURCE}"
          RELEASE_ID="${{ github.event.inputs.release_id }}"
          ROOT="$(pwd)"
          OUT_DIR="${ROOT}/dist/${SERVICE_NAME}"
          PKG_DIR="${OUT_DIR}/package"

          rm -rf "${OUT_DIR}"
          mkdir -p "${PKG_DIR}/bin" "${PKG_DIR}/config"

          CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
            go build -trimpath -ldflags="-s -w" \
            -o "${PKG_DIR}/bin/${BINARY_NAME}" \
            "${BUILD_TARGET}"

          cp "${CONFIG_SOURCE}" "${PKG_DIR}/config/prod.yaml"

          tar -C "${PKG_DIR}" -czf "${OUT_DIR}/${SERVICE_NAME}.tgz" .
          sha256sum "${OUT_DIR}/${SERVICE_NAME}.tgz" | awk '{print $1}' > "${OUT_DIR}/${SERVICE_NAME}.sha256"

          echo "RELEASE_ID=${RELEASE_ID}" >> "${GITHUB_ENV}"
          echo "TGZ_PATH=${OUT_DIR}/${SERVICE_NAME}.tgz" >> "${GITHUB_ENV}"
          echo "SHA_PATH=${OUT_DIR}/${SERVICE_NAME}.sha256" >> "${GITHUB_ENV}"

      - name: Upload to COS
        env:
          TENCENTCLOUD_SECRET_ID: ${{ secrets.TENCENTCLOUD_SECRET_ID }}
          TENCENTCLOUD_SECRET_KEY: ${{ secrets.TENCENTCLOUD_SECRET_KEY }}
          TENCENTCLOUD_SESSION_TOKEN: ${{ secrets.TENCENTCLOUD_SESSION_TOKEN }}
        shell: bash
        run: |
          set -Eeuo pipefail
          python3 -m pip install --upgrade pip >/dev/null
          python3 -m pip install cos-python-sdk-v5 >/dev/null
          python3 - <<'PY'
          import os
          from qcloud_cos import CosConfig, CosS3Client

          secret_id = os.environ["TENCENTCLOUD_SECRET_ID"]
          secret_key = os.environ["TENCENTCLOUD_SECRET_KEY"]
          token = os.getenv("TENCENTCLOUD_SESSION_TOKEN")
          region = os.environ["COS_REGION"]
          bucket = os.environ["COS_BUCKET"]
          prefix = os.environ["COS_PREFIX"].strip("/")
          release_id = os.environ["RELEASE_ID"]
          service = os.environ["SERVICE_NAME"]
          tgz_path = os.environ["TGZ_PATH"]
          sha_path = os.environ["SHA_PATH"]

          cfg = CosConfig(Region=region, SecretId=secret_id, SecretKey=secret_key, Token=token, Scheme="https")
          client = CosS3Client(cfg)

          def upload(local_path: str, remote_name: str) -> None:
              key = f"{prefix}/{release_id}/{service}/{remote_name}"
              with open(local_path, "rb") as fh:
                  client.put_object(Bucket=bucket, Body=fh, Key=key, EnableMD5=True)
              print(f"uploaded: {key}")

          upload(tgz_path, f"{service}.tgz")
          upload(sha_path, f"{service}.sha256")
          PY