Merge pull request #375 from SiaFoundation/nate/explorer-state #628
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish | |
# Controls when the action will run. | |
on: | |
# Triggers the workflow on new SemVer tags | |
push: | |
branches: | |
- master | |
tags: | |
- 'v[0-9]+.[0-9]+.[0-9]+' | |
- 'v[0-9]+.[0-9]+.[0-9]+-**' | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '1.21' | |
- name: Test | |
uses: ./.github/actions/test | |
docker: | |
runs-on: ubuntu-latest | |
needs: [ test ] | |
permissions: | |
packages: write | |
contents: read | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: docker/setup-qemu-action@v3 | |
- uses: docker/setup-buildx-action@v3 | |
- uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- uses: docker/metadata-action@v5 | |
name: generate tags | |
id: meta | |
with: | |
images: ghcr.io/${{ github.repository }} | |
tags: | | |
type=ref,event=branch | |
type=sha,prefix= | |
type=semver,pattern={{version}} | |
- uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./docker/Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
build-linux: | |
runs-on: ubuntu-latest | |
needs: [ test ] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '1.21' | |
- name: Setup | |
run: | | |
sudo apt update | |
sudo apt install -y gcc-aarch64-linux-gnu | |
go generate ./... | |
- name: Build amd64 | |
env: | |
CGO_ENABLED: 1 | |
GOOS: linux | |
GOARCH: amd64 | |
run: | | |
mkdir -p release | |
ZIP_OUTPUT=release/hostd_${GOOS}_${GOARCH}.zip | |
go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/hostd | |
cp README.md LICENSE bin/ | |
zip -qj $ZIP_OUTPUT bin/* | |
- name: Build arm64 | |
env: | |
CGO_ENABLED: 1 | |
GOOS: linux | |
GOARCH: arm64 | |
CC: aarch64-linux-gnu-gcc | |
run: | | |
mkdir -p release | |
ZIP_OUTPUT=release/hostd_${GOOS}_${GOARCH}.zip | |
go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/hostd | |
cp README.md LICENSE bin/ | |
zip -qj $ZIP_OUTPUT bin/* | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: hostd | |
path: release/ | |
build-mac: | |
runs-on: macos-latest | |
needs: [ test ] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '1.21' | |
- name: Setup | |
env: | |
APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} | |
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} | |
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} | |
APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} | |
APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} | |
APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} | |
APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} | |
run: | | |
# extract apple cert | |
APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12 | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH | |
# extract apple key | |
mkdir -p ~/private_keys | |
APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8 | |
echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH | |
# create temp keychain | |
security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security default-keychain -s $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import keychain | |
security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security find-identity -v $KEYCHAIN_PATH -p codesigning | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH | |
# generate | |
go generate ./... | |
# resync system clock https://github.com/actions/runner/issues/2996#issuecomment-1833103110 | |
sudo sntp -sS time.windows.com | |
- name: Build amd64 | |
env: | |
APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} | |
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} | |
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} | |
APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} | |
APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} | |
APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} | |
APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} | |
CGO_ENABLED: 1 | |
GOOS: darwin | |
GOARCH: amd64 | |
run: | | |
ZIP_OUTPUT=release/hostd_${GOOS}_${GOARCH}.zip | |
mkdir -p release | |
go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/hostd | |
cp README.md LICENSE bin/ | |
/usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/hostd | |
ditto -ck bin $ZIP_OUTPUT | |
xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT | |
- name: Build arm64 | |
env: | |
APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} | |
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} | |
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} | |
APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} | |
APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} | |
APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} | |
APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} | |
CGO_ENABLED: 1 | |
GOOS: darwin | |
GOARCH: arm64 | |
run: | | |
ZIP_OUTPUT=release/hostd_${GOOS}_${GOARCH}.zip | |
mkdir -p release | |
go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/hostd | |
cp README.md LICENSE bin/ | |
/usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/hostd | |
ditto -ck bin $ZIP_OUTPUT | |
xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: hostd | |
path: release/ | |
build-windows: | |
runs-on: windows-latest | |
needs: [ test ] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '1.21' | |
- name: Setup | |
shell: bash | |
run: | | |
dotnet tool install --global AzureSignTool | |
go generate ./... | |
- name: Build amd64 | |
env: | |
CGO_ENABLED: 1 | |
GOOS: windows | |
GOARCH: amd64 | |
shell: bash | |
run: | | |
mkdir -p release | |
ZIP_OUTPUT=release/hostd_${GOOS}_${GOARCH}.zip | |
go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/hostd | |
azuresigntool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v bin/hostd.exe | |
cp README.md LICENSE bin/ | |
7z a $ZIP_OUTPUT ./bin/* | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: hostd | |
path: release/ | |
dispatch-homebrew: # only runs on full releases | |
if: startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-') | |
needs: [ docker, build-linux, build-mac, build-windows ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Extract Tag Name | |
id: get_tag | |
run: echo "::set-output name=tag_name::${GITHUB_REF#refs/tags/}" | |
- name: Dispatch | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ secrets.PAT_REPOSITORY_DISPATCH }} | |
repository: siafoundation/homebrew-sia | |
event-type: release-tagged | |
client-payload: > | |
{ | |
"description": "hostd: The Next-Gen Sia Host", | |
"tag": "${{ steps.get_tag.outputs.tag_name }}", | |
"project": "hostd", | |
"workflow_id": "${{ github.run_id }}" | |
} | |
dispatch-linux: # always runs | |
needs: [ docker, build-linux, build-mac, build-windows ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Build Dispatch Payload | |
id: get_payload | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const isRelease = context.ref.startsWith('refs/tags/v'), | |
isBeta = isRelease && context.ref.includes('-beta'), | |
tag = isRelease ? context.ref.replace('refs/tags/', '') : 'master'; | |
let component = 'nightly'; | |
if (isBeta) { | |
component = 'beta'; | |
} else if (isRelease) { | |
component = 'main'; | |
} | |
return { | |
description: "hostd: The Next-Gen Sia Host", | |
tag: tag, | |
project: "hostd", | |
workflow_id: context.runId, | |
component: component | |
}; | |
- name: Dispatch | |
uses: peter-evans/repository-dispatch@v3 | |
with: | |
token: ${{ secrets.PAT_REPOSITORY_DISPATCH }} | |
repository: siafoundation/linux | |
event-type: release-tagged | |
client-payload: ${{ steps.get_payload.outputs.result }} |