Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update CI Actions #42

Merged
merged 2 commits into from
Jun 10, 2024
Merged

Update CI Actions #42

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
df07ba2
ci: add publish workflows, update actions
n8maninger Jun 10, 2024
74cf769
fix lint errors
n8maninger Jun 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/actions/test/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ runs:
shell: bash
run: git config --global core.autocrlf false
- name: Lint
uses: golangci/golangci-lint-action@v3
uses: golangci/golangci-lint-action@v4
with:
skip-cache: true
- name: Analyze
Expand All @@ -19,6 +19,6 @@ runs:
directories: |
api
- name: Test
uses: n8maninger/action-golang-test@v1
uses: n8maninger/action-golang-test@v2
with:
args: "-race;-tags=testing netgo"
4 changes: 2 additions & 2 deletions .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ jobs:
steps:
- name: Configure git
run: git config --global core.autocrlf false # required on Windows
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
- name: Test
Expand Down
261 changes: 261 additions & 0 deletions .github/workflows/publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,261 @@
name: Publish

# Controls when the action will run.
on:
# Triggers the workflow on new SemVer tags
push:
branches:
- master
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+-**'

concurrency:
group: ${{ github.workflow }}

jobs:
test:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: '1.21'
- name: Test
uses: ./.github/actions/test
docker:
runs-on: ubuntu-latest
needs: [ test ]
permissions:
packages: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/metadata-action@v5
name: generate tags
id: meta
with:
images: ghcr.io/${{ github.repository }}
tags: |
type=ref,event=branch
type=sha,prefix=
type=semver,pattern={{version}}
- uses: docker/build-push-action@v5
with:
context: .
file: ./docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-linux:
runs-on: ubuntu-latest
needs: [ test ]
strategy:
matrix:
go-arch: [amd64, arm64]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: '1.21'
- name: Setup
run: |
sudo apt update
go generate ./...
if [ ${{ matrix.go-arch }} == "arm64" ]; then
sudo apt install -y gcc-aarch64-linux-gnu
echo "CC=aarch64-linux-gnu-gcc" >> $GITHUB_ENV
fi
- name: Build ${{ matrix.go-arch }}
env:
CGO_ENABLED: 1
GOOS: linux
GOARCH: ${{ matrix.go-arch }}
run: |
mkdir -p release
ZIP_OUTPUT=release/explored_${GOOS}_${GOARCH}.zip
go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/explored
cp README.md LICENSE bin/
zip -qj $ZIP_OUTPUT bin/*
- uses: actions/upload-artifact@v4
with:
name: explored_linux_${{ matrix.go-arch }}
path: release/*
build-mac:
runs-on: macos-latest
needs: [ test ]
strategy:
matrix:
go-arch: [amd64, arm64]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: '1.21'
- name: Setup
env:
APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }}
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }}
APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }}
APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
run: |
# extract apple cert
APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH

# extract apple key
mkdir -p ~/private_keys
APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8
echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH

# create temp keychain
security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security default-keychain -s $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

# import keychain
security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security find-identity -v $KEYCHAIN_PATH -p codesigning
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH

# generate
go generate ./...

# resync system clock https://github.com/actions/runner/issues/2996#issuecomment-1833103110
sudo sntp -sS time.windows.com
- name: Build ${{ matrix.go-arch }}
env:
APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }}
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }}
APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }}
APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
CGO_ENABLED: 1
GOOS: darwin
GOARCH: ${{ matrix.go-arch }}
run: |
ZIP_OUTPUT=release/explored_${GOOS}_${GOARCH}.zip
mkdir -p release
go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/explored
cp README.md LICENSE bin/
/usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/explored
ditto -ck bin $ZIP_OUTPUT
xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT
- uses: actions/upload-artifact@v4
with:
name: explored_darwin_${{ matrix.go-arch }}
path: release/*
build-windows:
runs-on: windows-latest
needs: [ test ]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: '1.21'
- name: Setup
shell: bash
run: |
dotnet tool install --global AzureSignTool
go generate ./...
- name: Build amd64
env:
CGO_ENABLED: 1
GOOS: windows
GOARCH: amd64
shell: bash
run: |
mkdir -p release
ZIP_OUTPUT=release/explored_${GOOS}_${GOARCH}.zip
go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/explored
azuresigntool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v bin/explored.exe
cp README.md LICENSE bin/
7z a $ZIP_OUTPUT ./bin/*
- uses: actions/upload-artifact@v4
with:
name: explored_windows_amd64
path: release/*
combine-release-assets:
runs-on: ubuntu-latest
needs: [ build-linux, build-mac, build-windows ]
steps:
- name: Merge Artifacts
uses: actions/upload-artifact/merge@v4
with:
name: explored

# dispatch-homebrew: # only runs on full releases
# if: startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-')
# needs: [ build-mac ]
# runs-on: ubuntu-latest
# steps:
# - name: Extract Tag Name
# id: get_tag
# run: echo "::set-output name=tag_name::${GITHUB_REF#refs/tags/}"
#
# - name: Dispatch
# uses: peter-evans/repository-dispatch@v3
# with:
# token: ${{ secrets.PAT_REPOSITORY_DISPATCH }}
# repository: siafoundation/homebrew-sia
# event-type: release-tagged
# client-payload: >
# {
# "description": "explored: The Next-Gen Sia Explorer",
# "tag": "${{ steps.get_tag.outputs.tag_name }}",
# "project": "explored",
# "workflow_id": "${{ github.run_id }}"
# }
# dispatch-linux: # always runs
# needs: [ build-linux ]
# runs-on: ubuntu-latest
# steps:
# - name: Build Dispatch Payload
# id: get_payload
# uses: actions/github-script@v7
# with:
# script: |
# const isRelease = context.ref.startsWith('refs/tags/v'),
# isBeta = isRelease && context.ref.includes('-beta'),
# tag = isRelease ? context.ref.replace('refs/tags/', '') : 'master';
#
# let component = 'nightly';
# if (isBeta) {
# component = 'beta';
# } else if (isRelease) {
# component = 'main';
# }
#
# return {
# description: "explored: The Next-Gen Sia Explorer",
# tag: tag,
# project: "explored",
# workflow_id: context.runId,
# component: component
# };
#
# - name: Dispatch
# uses: peter-evans/repository-dispatch@v3
# with:
# token: ${{ secrets.PAT_REPOSITORY_DISPATCH }}
# repository: siafoundation/linux
# event-type: release-tagged
# client-payload: ${{ steps.get_payload.outputs.result }}
Loading
Loading