From 5b040213b605e91ab534c011806235c90c5aa2b9 Mon Sep 17 00:00:00 2001 From: Nate Maninger Date: Mon, 25 Mar 2024 17:21:42 -0700 Subject: [PATCH] TEMP: add component --- .github/workflows/publish.yml | 374 +++++++++++++++++++--------------- 1 file changed, 205 insertions(+), 169 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 6f411afa..14434a35 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -11,50 +11,50 @@ on: - 'v[0-9]+.[0-9]+.[0-9]+-**' jobs: - test: - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 - with: - go-version: '1.21' - - name: Test - uses: ./.github/actions/test - docker: - runs-on: ubuntu-latest - needs: [ test ] - permissions: - packages: write - contents: read - steps: - - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - uses: docker/metadata-action@v5 - name: generate tags - id: meta - with: - images: ghcr.io/${{ github.repository }} - tags: | - type=ref,event=branch - type=sha,prefix= - type=semver,pattern={{version}} - - uses: docker/build-push-action@v5 - with: - context: . - file: ./docker/Dockerfile - platforms: linux/amd64,linux/arm64 - push: true - tags: ${{ steps.meta.outputs.tags }} - cache-from: type=gha - cache-to: type=gha,mode=max +# test: +# runs-on: ubuntu-latest +# permissions: +# contents: read +# steps: +# - uses: actions/checkout@v4 +# - uses: actions/setup-go@v5 +# with: +# go-version: '1.21' +# - name: Test +# uses: ./.github/actions/test +# docker: +# runs-on: ubuntu-latest +# needs: [ test ] +# permissions: +# packages: write +# contents: read +# steps: +# - uses: actions/checkout@v4 +# - uses: docker/setup-qemu-action@v3 +# - uses: docker/setup-buildx-action@v3 +# - uses: docker/login-action@v3 +# with: +# registry: ghcr.io +# username: ${{ github.repository_owner }} +# password: ${{ secrets.GITHUB_TOKEN }} +# - uses: docker/metadata-action@v5 +# name: generate tags +# id: meta +# with: +# images: ghcr.io/${{ github.repository }} +# tags: | +# type=ref,event=branch +# type=sha,prefix= +# type=semver,pattern={{version}} +# - uses: docker/build-push-action@v5 +# with: +# context: . +# file: ./docker/Dockerfile +# platforms: linux/amd64,linux/arm64 +# push: true +# tags: ${{ steps.meta.outputs.tags }} +# cache-from: type=gha +# cache-to: type=gha,mode=max build-linux: runs-on: ubuntu-latest needs: [ test ] @@ -95,146 +95,182 @@ jobs: with: name: hostd path: release/ - build-mac: - runs-on: macos-latest - needs: [ test ] +# build-mac: +# runs-on: macos-latest +# needs: [ test ] +# steps: +# - uses: actions/checkout@v4 +# - uses: actions/setup-go@v5 +# with: +# go-version: '1.21' +# - name: Setup +# env: +# APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} +# APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} +# APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} +# APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} +# APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} +# APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} +# APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} +# run: | +# # extract apple cert +# APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12 +# KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db +# echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH +# +# # extract apple key +# mkdir -p ~/private_keys +# APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8 +# echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH +# +# # create temp keychain +# security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH +# security default-keychain -s $KEYCHAIN_PATH +# security set-keychain-settings -lut 21600 $KEYCHAIN_PATH +# security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH +# +# # import keychain +# security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH +# security find-identity -v $KEYCHAIN_PATH -p codesigning +# security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH +# +# # generate +# go generate ./... +# +# # resync system clock https://github.com/actions/runner/issues/2996#issuecomment-1833103110 +# sudo sntp -sS time.windows.com +# - name: Build amd64 +# env: +# APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} +# APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} +# APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} +# APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} +# APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} +# APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} +# APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} +# CGO_ENABLED: 1 +# GOOS: darwin +# GOARCH: amd64 +# run: | +# ZIP_OUTPUT=release/hostd_${GOOS}_${GOARCH}.zip +# mkdir -p release +# go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/hostd +# cp README.md LICENSE bin/ +# /usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/hostd +# ditto -ck bin $ZIP_OUTPUT +# xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT +# - name: Build arm64 +# env: +# APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} +# APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} +# APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} +# APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} +# APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} +# APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} +# APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} +# CGO_ENABLED: 1 +# GOOS: darwin +# GOARCH: arm64 +# run: | +# ZIP_OUTPUT=release/hostd_${GOOS}_${GOARCH}.zip +# mkdir -p release +# go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/hostd +# cp README.md LICENSE bin/ +# /usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/hostd +# ditto -ck bin $ZIP_OUTPUT +# xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT +# - uses: actions/upload-artifact@v3 +# with: +# name: hostd +# path: release/ +# build-windows: +# runs-on: windows-latest +# needs: [ test ] +# steps: +# - uses: actions/checkout@v4 +# - uses: actions/setup-go@v5 +# with: +# go-version: '1.21' +# - name: Setup +# shell: bash +# run: | +# dotnet tool install --global AzureSignTool +# go generate ./... +# - name: Build amd64 +# env: +# CGO_ENABLED: 1 +# GOOS: windows +# GOARCH: amd64 +# shell: bash +# run: | +# mkdir -p release +# ZIP_OUTPUT=release/hostd_${GOOS}_${GOARCH}.zip +# go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/hostd +# azuresigntool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v bin/hostd.exe +# cp README.md LICENSE bin/ +# 7z a $ZIP_OUTPUT ./bin/* +# - uses: actions/upload-artifact@v3 +# with: +# name: hostd +# path: release/ + dispatch-homebrew: # only runs on full releases + if: startsWith(github.ref, 'refs/tags/v') startsWith(github.ref, 'ref/b') + needs: [build-linux] + runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 - with: - go-version: '1.21' - - name: Setup - env: - APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} - APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} - APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} - APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} - APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} - APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} - APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} - run: | - # extract apple cert - APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12 - KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db - echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH - - # extract apple key - mkdir -p ~/private_keys - APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8 - echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH - - # create temp keychain - security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - security default-keychain -s $KEYCHAIN_PATH - security set-keychain-settings -lut 21600 $KEYCHAIN_PATH - security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - - # import keychain - security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH - security find-identity -v $KEYCHAIN_PATH -p codesigning - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH - - # generate - go generate ./... + - name: Extract Tag Name + id: get_tag + run: echo "::set-output name=tag_name::${GITHUB_REF#refs/tags/}" - # resync system clock https://github.com/actions/runner/issues/2996#issuecomment-1833103110 - sudo sntp -sS time.windows.com - - name: Build amd64 - env: - APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} - APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} - APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} - APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} - APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} - APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} - APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} - CGO_ENABLED: 1 - GOOS: darwin - GOARCH: amd64 - run: | - ZIP_OUTPUT=release/hostd_${GOOS}_${GOARCH}.zip - mkdir -p release - go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/hostd - cp README.md LICENSE bin/ - /usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/hostd - ditto -ck bin $ZIP_OUTPUT - xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT - - name: Build arm64 - env: - APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} - APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} - APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} - APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} - APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} - APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} - APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} - CGO_ENABLED: 1 - GOOS: darwin - GOARCH: arm64 - run: | - ZIP_OUTPUT=release/hostd_${GOOS}_${GOARCH}.zip - mkdir -p release - go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/hostd - cp README.md LICENSE bin/ - /usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/hostd - ditto -ck bin $ZIP_OUTPUT - xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT - - uses: actions/upload-artifact@v3 - with: - name: hostd - path: release/ - build-windows: - runs-on: windows-latest - needs: [ test ] - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 - with: - go-version: '1.21' - - name: Setup - shell: bash - run: | - dotnet tool install --global AzureSignTool - go generate ./... - - name: Build amd64 - env: - CGO_ENABLED: 1 - GOOS: windows - GOARCH: amd64 - shell: bash - run: | - mkdir -p release - ZIP_OUTPUT=release/hostd_${GOOS}_${GOARCH}.zip - go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/hostd - azuresigntool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v bin/hostd.exe - cp README.md LICENSE bin/ - 7z a $ZIP_OUTPUT ./bin/* - - uses: actions/upload-artifact@v3 + - name: Dispatch + uses: peter-evans/repository-dispatch@v3 with: - name: hostd - path: release/ - dispatch: - if: startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-') - needs: [ docker, build-linux, build-mac, build-windows ] - strategy: - matrix: - repo: ['siafoundation/homebrew-sia', 'siafoundation/linux'] + token: ${{ secrets.PAT_REPOSITORY_DISPATCH }} + repository: siafoundation/homebrew-sia + event-type: release-tagged + client-payload: > + { + "description": "hostd: The Next-Gen Sia Host", + "tag": "${{ steps.get_tag.outputs.tag_name }}", + "project": "hostd-temp", + "workflow_id": "${{ github.run_id }}" + } + + dispatch-linux: # run on full releases, beta releases, and master branch + if: startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/head/master') + needs: [build-linux] runs-on: ubuntu-latest steps: - name: Extract Tag Name id: get_tag run: echo "::set-output name=tag_name::${GITHUB_REF#refs/tags/}" + - name: Extract Release Component + id: get_component + uses: actions/github-script@v7 + with: + result-encoding: string + script: | + const isRelease = context.ref.startsWith('refs/tags/v'), + isBeta = isRelease && context.ref.includes('-beta'); + + if (isBeta) { + return 'beta'; + } else if (isRelease) { + return 'main'; + } + return 'nightly'; - - name: Repository Dispatch + - name: Dispatch uses: peter-evans/repository-dispatch@v3 with: token: ${{ secrets.PAT_REPOSITORY_DISPATCH }} - repository: ${{ matrix.repo }} + repository: siafoundation/linux event-type: release-tagged client-payload: > { - "description": "Hostd: A host for Sia", + "description": "hostd: The Next-Gen Sia host", "tag": "${{ steps.get_tag.outputs.tag_name }}", - "project": "hostd", + "project": "hostd-temp", "workflow_id": "${{ github.run_id }}" + "component": "${{ steps.get_component.outputs.result }}" } \ No newline at end of file