From ad76b80ec76d5c0a79b52bb032341b6046c0983e Mon Sep 17 00:00:00 2001 From: MatteoPologruto Date: Tue, 16 May 2023 09:14:12 +0200 Subject: [PATCH] Sync release-go-task with upstream template --- .github/workflows/release-go-task.yml | 62 ++++++++++++++++----------- DistTasks.yml | 25 +---------- 2 files changed, 39 insertions(+), 48 deletions(-) diff --git a/.github/workflows/release-go-task.yml b/.github/workflows/release-go-task.yml index 44896e0..4b8991f 100644 --- a/.github/workflows/release-go-task.yml +++ b/.github/workflows/release-go-task.yml @@ -19,6 +19,19 @@ jobs: create-release-artifacts: runs-on: ubuntu-latest + strategy: + matrix: + os: + - Windows_32bit + - Windows_64bit + - Linux_32bit + - Linux_64bit + - Linux_ARMv6 + - Linux_ARMv7 + - Linux_ARM64 + - macOS_64bit + - macOS_ARM64 + steps: - name: Checkout repository uses: actions/checkout@v3 @@ -26,6 +39,8 @@ jobs: fetch-depth: 0 - name: Create changelog + # Avoid creating the same changelog for each os + if: matrix.os == 'Windows_32bit' uses: arduino/create-changelog@v1 with: tag-regex: '^[0-9]+\.[0-9]+\.[0-9]+.*$' @@ -40,7 +55,7 @@ jobs: version: 3.x - name: Build - run: task dist:all + run: task dist:${{ matrix.os }} - name: Upload artifacts uses: actions/upload-artifact@v3 @@ -48,7 +63,7 @@ jobs: if-no-files-found: error name: ${{ env.ARTIFACT_NAME }} path: ${{ env.DIST_DIR }} - + notarize-macos: name: Notarize ${{ matrix.artifact.name }} runs-on: macos-latest @@ -82,7 +97,8 @@ jobs: env: KEYCHAIN: "sign.keychain" INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12" - KEYCHAIN_PASSWORD: keychainpassword # Arbitrary password for a keychain that exists only for the duration of the job, so not secret + # Arbitrary password for a keychain that exists only for the duration of the job, so not secret + KEYCHAIN_PASSWORD: keychainpassword run: | echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}" security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" @@ -132,14 +148,10 @@ jobs: run: | gon "${{ env.GON_CONFIG_PATH }}" - - name: Re-package binary and output checksum + - name: Re-package binary id: re-package working-directory: ${{ env.DIST_DIR }} - # This step performs the following: - # 1. Repackage the signed binary replaced in place by Gon (ignoring the output zip file) - # 2. Recalculate package checksum - # 3. Output the new checksum to include in the nnnnnn-checksums.txt file - # (it cannot be done there because of workflow job parallelization) + # Repackage the signed binary replaced in place by Gon (ignoring the output zip file) run: | # GitHub's upload/download-artifact actions don't preserve file permissions, # so we need to add execution permission back until the action is made to do this. @@ -149,11 +161,9 @@ jobs: tar -czvf "$PACKAGE_FILENAME" \ -C "${{ env.PROJECT_NAME }}_osx_${{ matrix.artifact.name }}/" "${{ env.PROJECT_NAME }}" \ -C ../../ LICENSE.txt - CHECKSUM_LINE="$(shasum -a 256 $PACKAGE_FILENAME)" echo "PACKAGE_FILENAME=$PACKAGE_FILENAME" >> $GITHUB_ENV - echo "::set-output name=checksum-${{ matrix.artifact.name }}::$CHECKSUM_LINE" - - name: Upload artifacts + - name: Upload artifact uses: actions/upload-artifact@v3 with: if-no-files-found: error @@ -170,25 +180,29 @@ jobs: with: name: ${{ env.ARTIFACT_NAME }} path: ${{ env.DIST_DIR }} - - - name: Update checksum + + - name: Create checksum file + working-directory: ${{ env.DIST_DIR}} run: | - declare -a checksum_lines=("${{ needs.notarize-macos.outputs.checksum-darwin_amd64 }}" "${{ needs.notarize-macos.outputs.checksum-darwin_arm64 }}") - for checksum_line in "${checksum_lines[@]}" - do - CHECKSUM=$(echo ${checksum_line} | cut -d " " -f 1) - PACKAGE_FILENAME=$(echo ${checksum_line} | cut -d " " -f 2) - perl -pi -w -e "s/.*${PACKAGE_FILENAME}/${CHECKSUM} ${PACKAGE_FILENAME}/g;" ${{ env.DIST_DIR }}/*-checksums.txt - done + TAG="${GITHUB_REF/refs\/tags\//}" + sha256sum ${{ env.PROJECT_NAME }}_${TAG}* > ${TAG}-checksums.txt - name: Identify Prerelease # This is a workaround while waiting for create-release action # to implement auto pre-release based on tag id: prerelease run: | - wget -q -P /tmp https://github.com/fsaintjacques/semver-tool/archive/3.0.0.zip - unzip -p /tmp/3.0.0.zip semver-tool-3.0.0/src/semver >/tmp/semver && chmod +x /tmp/semver - if [[ "$(/tmp/semver get prerel "${GITHUB_REF/refs\/tags\//}")" ]]; then echo "::set-output name=IS_PRE::true"; fi + wget -q -P /tmp https://github.com/fsaintjacques/semver-tool/archive/3.2.0.zip + unzip -p /tmp/3.2.0.zip semver-tool-3.2.0/src/semver >/tmp/semver && chmod +x /tmp/semver + if [[ \ + "$( + /tmp/semver get prerel \ + "${GITHUB_REF/refs\/tags\//}" + )" != \ + "" \ + ]]; then + echo "IS_PRE=true" >> $GITHUB_OUTPUT + fi - name: Create Github Release and upload artifacts uses: ncipollo/release-action@v1 diff --git a/DistTasks.yml b/DistTasks.yml index 4f4cf5d..ce54ca0 100644 --- a/DistTasks.yml +++ b/DistTasks.yml @@ -20,22 +20,8 @@ version: "3" vars: CONTAINER: "docker.elastic.co/beats-dev/golang-crossbuild" GO_VERSION: "1.18.3" - CHECKSUM_FILE: "{{.VERSION}}-checksums.txt" tasks: - all: - desc: Build for distribution for all platforms - cmds: - - task: Windows_32bit - - task: Windows_64bit - - task: Linux_32bit - - task: Linux_64bit - - task: Linux_ARMv6 - - task: Linux_ARMv7 - - task: Linux_ARM64 - - task: macOS_64bit - - task: macOS_ARM64 - Windows_32bit: desc: Builds Windows 32 bit binaries dir: "{{.DIST_DIR}}" @@ -48,7 +34,6 @@ tasks: -p "{{.BUILD_PLATFORM}}" zip {{.PACKAGE_NAME}} {{.PLATFORM_DIR}}/{{.PROJECT_NAME}}.exe ../LICENSE.txt -j - sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} vars: PLATFORM_DIR: "{{.PROJECT_NAME}}_windows_386" @@ -70,7 +55,6 @@ tasks: -p "{{.BUILD_PLATFORM}}" zip {{.PACKAGE_NAME}} {{.PLATFORM_DIR}}/{{.PROJECT_NAME}}.exe ../LICENSE.txt -j - sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} vars: PLATFORM_DIR: "{{.PROJECT_NAME}}_windows_amd64" @@ -92,7 +76,6 @@ tasks: -p "{{.BUILD_PLATFORM}}" tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} - sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} vars: PLATFORM_DIR: "{{.PROJECT_NAME}}_linux_amd32" @@ -114,7 +97,6 @@ tasks: -p "{{.BUILD_PLATFORM}}" tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} - sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} vars: PLATFORM_DIR: "{{.PROJECT_NAME}}_linux_amd64" @@ -136,7 +118,6 @@ tasks: -p "{{.BUILD_PLATFORM}}" tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} - sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} vars: PLATFORM_DIR: "{{.PROJECT_NAME}}_linux_arm_7" @@ -158,7 +139,6 @@ tasks: -p "{{.BUILD_PLATFORM}}" tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} - sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} vars: PLATFORM_DIR: "{{.PROJECT_NAME}}_linux_arm_6" @@ -208,10 +188,9 @@ tasks: -p "{{.BUILD_PLATFORM}}" tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} - sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} vars: - PLATFORM_DIR: "{{.PROJECT_NAME}}_linux_arm_6" + PLATFORM_DIR: "{{.PROJECT_NAME}}_linux_arm_64" BUILD_COMMAND: "go build -o {{.DIST_DIR}}/{{.PLATFORM_DIR}}/{{.PROJECT_NAME}} {{.LDFLAGS}}" BUILD_PLATFORM: "linux/arm64" CONTAINER_TAG: "{{.GO_VERSION}}-arm" @@ -230,7 +209,6 @@ tasks: -p "{{.BUILD_PLATFORM}}" tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} - sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} vars: PLATFORM_DIR: "{{.PROJECT_NAME}}_osx_darwin_amd64" @@ -265,7 +243,6 @@ tasks: -p "{{.BUILD_PLATFORM}}" tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} - sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} vars: PLATFORM_DIR: "{{.PROJECT_NAME}}_osx_darwin_arm64"