Skip to content

Create dependabot.yml #750

Create dependabot.yml

Create dependabot.yml #750

Workflow file for this run

name: Publish
# Controls when the action will run.
on:
# Triggers the workflow on new SemVer tags
push:
branches:
- master
- dev
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+'
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: true
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
docker:
runs-on: ubuntu-latest
strategy:
matrix:
network: ["mainnet" , "zen"]
permissions:
packages: write
steps:
- uses: actions/checkout@v3
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Prepare environment variables
run: |
if [[ "${{ matrix.network }}" == "zen" ]]; then
echo "BUILD_TAGS=testnet netgo" >> $GITHUB_ENV
echo "DOCKER_METADATA_SUFFIX=-zen" >> $GITHUB_ENV
else
echo "BUILD_TAGS=netgo" >> $GITHUB_ENV
echo "DOCKER_METADATA_SUFFIX=" >> $GITHUB_ENV
fi
- uses: docker/metadata-action@v4
name: Generate tags
id: meta
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
flavor: |
suffix=${{ env.DOCKER_METADATA_SUFFIX }},onlatest=true
tags: |
type=ref,event=branch
type=sha,prefix=
type=semver,pattern={{version}}
- uses: docker/build-push-action@v4
with:
context: .
build-args: |
BUILD_TAGS=${{ env.BUILD_TAGS }}
file: ./docker/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
build-linux:
runs-on: ubuntu-latest
strategy:
matrix:
network: ["mainnet" , "zen"]
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 'stable'
- name: Setup
run: |
sudo apt update
sudo apt install -y gcc-aarch64-linux-gnu
go generate ./...
- name: Set build tag environment variable
run: |
if [[ "${{ matrix.network }}" == "zen" ]]; then
echo "BUILD_TAGS=testnet netgo" >> $GITHUB_ENV
echo "ZIP_OUTPUT_SUFFIX=_zen" >> $GITHUB_ENV
else
echo "BUILD_TAGS=netgo" >> $GITHUB_ENV
echo "ZIP_OUTPUT_SUFFIX=" >> $GITHUB_ENV
fi
- name: Build amd64
env:
CGO_ENABLED: 1
GOOS: linux
GOARCH: amd64
run: |
mkdir -p release
ZIP_OUTPUT=release/renterd${{ env.ZIP_OUTPUT_SUFFIX }}_${GOOS}_${GOARCH}.zip
go build -tags="$BUILD_TAGS" -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/renterd
cp README.md LICENSE bin/
zip -qj $ZIP_OUTPUT bin/*
- name: Build arm64
env:
CGO_ENABLED: 1
GOOS: linux
GOARCH: arm64
CC: aarch64-linux-gnu-gcc
run: |
mkdir -p release
ZIP_OUTPUT=release/renterd${{ env.ZIP_OUTPUT_SUFFIX }}_${GOOS}_${GOARCH}.zip
go build -tags="$BUILD_TAGS" -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/renterd
cp README.md LICENSE bin/
zip -qj $ZIP_OUTPUT bin/*
- uses: actions/upload-artifact@v3
with:
name: renterd
path: release/
build-mac:
runs-on: macos-latest
strategy:
matrix:
network: ["mainnet" , "zen"]
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 'stable'
- name: Setup Notarization
env:
APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }}
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }}
APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }}
APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
run: |
# extract apple cert
APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH
# extract apple key
mkdir -p ~/private_keys
APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8
echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH
# create temp keychain
security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security default-keychain -s $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import keychain
security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security find-identity -v $KEYCHAIN_PATH -p codesigning
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH
# generate
go generate ./...
- name: Set build tag environment variable
run: |
if [[ "${{ matrix.network }}" == "zen" ]]; then
echo "BUILD_TAGS=testnet netgo" >> $GITHUB_ENV
echo "ZIP_OUTPUT_SUFFIX=_zen" >> $GITHUB_ENV
else
echo "BUILD_TAGS=netgo" >> $GITHUB_ENV
echo "ZIP_OUTPUT_SUFFIX=" >> $GITHUB_ENV
fi
- name: Build amd64
env:
APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }}
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }}
APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }}
APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
CGO_ENABLED: 1
GOOS: darwin
GOARCH: amd64
run: |
mkdir -p release
ZIP_OUTPUT=release/renterd${{ env.ZIP_OUTPUT_SUFFIX }}_${GOOS}_${GOARCH}.zip
go build -tags="$BUILD_TAGS" -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/renterd
cp README.md LICENSE bin/
/usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/renterd
ditto -ck bin $ZIP_OUTPUT
xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT
- name: Build arm64
env:
APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }}
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }}
APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }}
APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
CGO_ENABLED: 1
GOOS: darwin
GOARCH: arm64
run: |
mkdir -p release
ZIP_OUTPUT=release/renterd${{ env.ZIP_OUTPUT_SUFFIX }}_${GOOS}_${GOARCH}.zip
go build -tags="$BUILD_TAGS" -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/renterd
cp README.md LICENSE bin/
/usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/renterd
ditto -ck bin $ZIP_OUTPUT
xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT
- uses: actions/upload-artifact@v3
with:
name: renterd
path: release/
build-windows:
runs-on: windows-latest
strategy:
matrix:
network: ["mainnet" , "zen"]
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 'stable'
- name: Set build tag environment variable
run: |
if ( "${{ matrix.network }}" -eq "zen" ) {
"BUILD_TAGS=testnet netgo" >> $env:GITHUB_ENV
"ZIP_OUTPUT_SUFFIX=_zen" >> $env:GITHUB_ENV
} else {
"BUILD_TAGS=netgo" >> $env:GITHUB_ENV
"ZIP_OUTPUT_SUFFIX=" >> $env:GITHUB_ENV
}
- name: Setup
shell: bash
run: |
dotnet tool install --global AzureSignTool
go generate ./...
- name: Build amd64
env:
CGO_ENABLED: 1
GOOS: windows
GOARCH: amd64
shell: bash
run: |
mkdir -p release
ZIP_OUTPUT=release/renterd${{ env.ZIP_OUTPUT_SUFFIX }}_${GOOS}_${GOARCH}.zip
go build -tags="$BUILD_TAGS" -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/renterd
azuresigntool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v bin/renterd.exe
cp README.md LICENSE bin/
7z a $ZIP_OUTPUT bin/*
- uses: actions/upload-artifact@v3
with:
name: renterd
path: release/