diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e40df6930..1f090dff7 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -6,245 +6,23 @@ on: push: branches: - master - - dev tags: - - 'v[0-9]+.[0-9]+.[0-9]+' - - 'v[0-9]+.[0-9]+.[0-9]+-**' + - "v[0-9]+.[0-9]+.[0-9]+" + - "v[0-9]+.[0-9]+.[0-9]+-**" concurrency: group: ${{ github.workflow }} - -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} + cancel-in-progress: false jobs: - docker: - runs-on: ubuntu-latest - permissions: - packages: write - steps: - - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - uses: docker/metadata-action@v4 - name: Generate tags - id: meta - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=sha,prefix= - type=semver,pattern={{version}} - - uses: docker/build-push-action@v4 - with: - context: . - file: ./docker/Dockerfile - platforms: linux/amd64,linux/arm64 - push: true - tags: ${{ steps.meta.outputs.tags }} - build-linux: - runs-on: ubuntu-latest - strategy: - matrix: - arch: [ amd64, arm64 ] - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 - with: - go-version: 'stable' - - name: Setup - run: | - go generate ./... - if [ ${{ matrix.arch }} == "arm64" ]; then - sudo apt update - sudo apt install -y gcc-aarch64-linux-gnu - echo "CC=aarch64-linux-gnu-gcc" >> $GITHUB_ENV - fi - - name: Build ${{ matrix.arch }} - env: - CGO_ENABLED: 1 - GOOS: linux - GOARCH: ${{ matrix.arch }} - run: | - mkdir -p release - ZIP_OUTPUT=release/renterd_${GOOS}_${GOARCH}.zip - go build -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/renterd - cp README.md LICENSE bin/ - zip -qj $ZIP_OUTPUT bin/* - - uses: actions/upload-artifact@v4 - with: - name: renterd_linux_${{ matrix.arch }} - path: release/* - build-mac: - runs-on: macos-latest - strategy: - matrix: - arch: [ amd64, arm64 ] - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 - with: - go-version: 'stable' - - name: Setup Notarization - env: - APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} - APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} - APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} - APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} - APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} - APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} - APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} - run: | - # extract apple cert - APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12 - KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db - echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH - - # extract apple key - mkdir -p ~/private_keys - APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8 - echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH - - # create temp keychain - security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - security default-keychain -s $KEYCHAIN_PATH - security set-keychain-settings -lut 21600 $KEYCHAIN_PATH - security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - - # import keychain - security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH - security find-identity -v $KEYCHAIN_PATH -p codesigning - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH - - # generate - go generate ./... - - name: Build ${{ matrix.arch }} - env: - APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} - APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} - APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} - APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} - APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} - APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} - APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} - CGO_ENABLED: 1 - GOOS: darwin - GOARCH: ${{ matrix.arch }} - run: | - mkdir -p release - ZIP_OUTPUT=release/renterd${{ env.ZIP_OUTPUT_SUFFIX }}_${GOOS}_${GOARCH}.zip - go build -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/renterd - cp README.md LICENSE bin/ - /usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/renterd - ditto -ck bin $ZIP_OUTPUT - xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT - - uses: actions/upload-artifact@v4 - with: - name: renterd_darwin_${{ matrix.arch }} - path: release/* - build-windows: - runs-on: windows-latest - strategy: - matrix: - arch: [ amd64 ] - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 - with: - go-version: 'stable' - - name: Setup - shell: bash - run: | - dotnet tool install --global AzureSignTool - go generate ./... - - name: Build ${{ matrix.arch }} - env: - CGO_ENABLED: 1 - GOOS: windows - GOARCH: ${{ matrix.arch }} - shell: bash - run: | - mkdir -p release - ZIP_OUTPUT=release/renterd${{ env.ZIP_OUTPUT_SUFFIX }}_${GOOS}_${GOARCH}.zip - go build -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/renterd - azuresigntool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v bin/renterd.exe - cp README.md LICENSE bin/ - 7z a $ZIP_OUTPUT bin/* - - uses: actions/upload-artifact@v4 - with: - name: renterd_windows_${{ matrix.arch }} - path: release/* - - combine-release-assets: - runs-on: ubuntu-latest - needs: [ build-linux, build-mac, build-windows ] - steps: - - name: Merge Artifacts - uses: actions/upload-artifact/merge@v4 - with: - name: renterd - - dispatch-homebrew: # only runs on full releases - if: startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-') - needs: [ build-mac ] - runs-on: ubuntu-latest - steps: - - name: Extract Tag Name - id: get_tag - run: echo "tag_name=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV - - - name: Dispatch - uses: peter-evans/repository-dispatch@v3 - with: - token: ${{ secrets.PAT_REPOSITORY_DISPATCH }} - repository: siafoundation/homebrew-sia - event-type: release-tagged - client-payload: > - { - "description": "Renterd: The Next-Gen Sia Renter", - "tag": "${{ env.tag_name }}", - "project": "renterd", - "workflow_id": "${{ github.run_id }}" - } - dispatch-linux: # run on full releases, release candidates, and master branch - if: startsWith(github.ref, 'refs/tags/v') || endsWith(github.ref, 'master') - needs: [ build-linux ] - runs-on: ubuntu-latest - steps: - - name: Build Dispatch Payload - id: get_payload - uses: actions/github-script@v7 - with: - script: | - const isRelease = context.ref.startsWith('refs/tags/v'), - isBeta = isRelease && context.ref.includes('-beta'), - tag = isRelease ? context.ref.replace('refs/tags/', '') : 'master'; - - let component = 'nightly'; - if (isBeta) { - component = 'beta'; - } else if (isRelease) { - component = 'main'; - } - - return { - description: "renterd: The Next-Gen Sia Renter", - tag: tag, - project: "renterd", - workflow_id: context.runId, - component: component - }; - - - name: Dispatch - uses: peter-evans/repository-dispatch@v3 - with: - token: ${{ secrets.PAT_REPOSITORY_DISPATCH }} - repository: siafoundation/linux - event-type: release-tagged - client-payload: ${{ steps.get_payload.outputs.result }} \ No newline at end of file + publish: + uses: SiaFoundation/workflows/.github/workflows/go-publish.yml@master + secrets: inherit + with: + linux-build-args: -tags='timetzdata netgo' -trimpath -a -ldflags '-s -w -linkmode external -extldflags "-static"' + windows-build-args: -tags='timetzdata netgo' -trimpath -a -ldflags '-s -w -linkmode external -extldflags "-static"' + macos-build-args: -tags='timetzdata netgo' -trimpath -a -ldflags '-s -w' + cgo-enabled: 1 + project: renterd + project-desc: "renterd: The Next-Gen Sia Renter" + version-tag: ${{ github.ref_name }} \ No newline at end of file