Skip to content

Build and Create Pre-Release #123

Build and Create Pre-Release

Build and Create Pre-Release #123

name: Build and Create Pre-Release
on:
workflow_dispatch:
inputs:
version:
description: 'If this is a release what version is this for? If this is a pre-release what version are you developing toward?'
required: true
type: string
preRelease:
description: 'Create Pre-release? -SNAPSHOT-{COMMIT} will be appended to the version above.'
required: false
type: boolean
deletePrevBuild:
description: 'Cleanup existing pre-releases?'
required: false
type: boolean
jobs:
build:
outputs:
version: ${{ steps.save-version.outputs.version }}
rpm-version: ${{ steps.save-version.outputs.rpm-version }}
artifacts: ${{ steps.save-version.outputs.artifacts }}
rpm-artifacts: ${{ steps.save-version.outputs.rpm-artifacts }}
deb-artifacts: ${{ steps.save-version.outputs.deb-artifacts }}
zip-artifacts: ${{ steps.save-version.outputs.zip-artifacts }}
pkg-artifacts: ${{ steps.save-version.outputs.pkg-artifacts }}
sha-artifacts: ${{ steps.save-version.outputs.sha-artifacts }}
asc-artifacts: ${{ steps.save-version.outputs.asc-artifacts }}
runs-on: macos-13
steps:
- name: "Git checkout"
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: "Install Homebrew"
run: /bin/bash -c "NONINTERACTIVE=1 $(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
- name: "Install Dependencies"
run: |
/usr/local/bin/brew install --overwrite [email protected] || echo "I1.1"
/usr/local/bin/brew link --overwrite [email protected] || echo "I1.2"
/usr/local/bin/brew install --overwrite dpkg zip make wget jq rpm || echo "I2"
/usr/local/bin/brew link --overwrite [email protected] || echo "I1.3"
/usr/local/bin/brew install [email protected] || echo "I1.4"
/usr/local/bin/brew install [email protected] || echo "I1.5"
for i in dpkg zip make wget jq rpm python3.11; do command -v $i || exit 1; done
echo "Dependencies checked"
- name: Get go version from go.mod
run: |
echo "GO_VERSION=$(grep '^go ' go.mod | cut -d " " -f 2)" >> $GITHUB_ENV
- uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: "Install Packages.pkg for making macos PKG files"
run: |
wget http://s.sudre.free.fr/Software/files/Packages.dmg
hdiutil attach -mountpoint /Volumes/Packages Packages.dmg
cd /Volumes/Packages
sudo installer -pkg Install\ Packages.pkg -target /
- name: Tag Before Building
id: tag
if: inputs.version != ''
env:
TAG: ${{ inputs.version }}
SNAPSHOT: ${{ inputs.preRelease }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "Tagging the repository with ${TAG}"
git config --global user.email "[email protected]"
git config --global user.name "GitHub Actions"
if [ "${SNAPSHOT}" = "true" ]; then
COMMIT=$(git rev-parse --short HEAD)
TAG="${TAG}-SNAPSHOT-${COMMIT}"
fi
# Ensure the tag does not already exist
if ! gh release view "${TAG}" > /dev/null 2>&1; then
git tag -a "${TAG}" -m "Release ${TAG}"
git push origin "${TAG}"
echo "Tag ${TAG} created and pushed successfully."
else
echo "Tag ${TAG} already exists."
fi
- name: "Compile"
env:
ADDCOMMIT: ${{ inputs.preRelease }}
run: |
buildcmd="build-prerelease"
[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official"
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin
cd ~/work/asvec/asvec && make cleanall && make ${buildcmd}
- name: "Create linux packages"
env:
ADDCOMMIT: ${{ inputs.preRelease }}
run: |
buildcmd="build-prerelease"
[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official"
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin
cd ~/work/asvec/asvec && make pkg-linux
- name: "Create windows zips"
env:
ADDCOMMIT: ${{ inputs.preRelease }}
run: |
buildcmd="build-prerelease"
[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official"
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin
cd ~/work/asvec/asvec && make pkg-windows-zip
- name: "Print asvec version"
run: cd ~/work/asvec/asvec && ./bin/asvec-macos-amd64 --version
- name: "Prepare keychain for signing MacOS"
env:
keypw: ${{ secrets.APPLEUSERPW }}
INSTALLERP12: ${{ secrets.INSTALLERP12 }}
APPLICATIONP12: ${{ secrets.APPLICATIONP12 }}
run: |
set -e
security create-keychain -p mysecretpassword build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p mysecretpassword build.keychain
security set-keychain-settings build.keychain
security unlock-keychain -p mysecretpassword build.keychain
echo "$APPLICATIONP12" | base64 -d > app.p12
echo "$INSTALLERP12" | base64 -d > install.p12
security import app.p12 -k build.keychain -P $keypw -A
security import install.p12 -k build.keychain -P $keypw -A
security set-key-partition-list -S apple-tool:,apple: -s -k mysecretpassword build.keychain
- name: "Sign and build MacOS"
env:
xasvec_appleid: ${{ secrets.APPLEUSER }}
xasvec_applepw: ${{ secrets.APPLEAPPPW }}
xasvec_signer: ${{ secrets.APPLESIGNER }}
xasvec_installsigner: ${{ secrets.APPLEINSTALLSIGNER }}
xasvec_teamid: ${{ secrets.APPLETEAMID }}
run: |
set -e
export asvec_appleid="${xasvec_appleid}"
export asvec_applepw="${xasvec_applepw}"
export asvec_signer="${xasvec_signer}"
export asvec_installsigner="${xasvec_installsigner}"
export asvec_teamid="${xasvec_teamid}"
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin && cd ~/work/asvec/asvec && make macos-build-all && make macos-notarize-all
- name: Save Version
id: save-version
run: |
VER=$(cat VERSION.md)
echo version=${VER} >> $GITHUB_OUTPUT
RPM_VER=$(echo ${VER} | sed 's/-/_/g')
echo rpm-verion=${RPM_VER} >> $GITHUB_OUTPUT
ARTIFACTS="asvec-linux-amd64-${VER}.deb asvec-linux-amd64-${RPM_VER}.rpm asvec-linux-amd64-${VER}.zip asvec-linux-arm64-${VER}.deb asvec-linux-arm64-${RPM_VER}.rpm asvec-linux-arm64-${VER}.zip asvec-macos-${VER}.pkg asvec-macos-amd64-${VER}.zip asvec-macos-arm64-${VER}.zip asvec-windows-amd64-${VER}.zip asvec-windows-arm64-${VER}.zip"
echo "artifacts=${ARTIFACTS}" >> $GITHUB_OUTPUT
RPM_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.rpm$' | tr '\n' ' ')
echo "rpm-artifacts=${RPM_ARTIFACTS}" >> $GITHUB_OUTPUT
DEB_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.deb$' | tr '\n' ' ')
echo "deb-artifacts=${DEB_ARTIFACTS}" >> $GITHUB_OUTPUT
ZIP_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.zip$' | tr '\n' ' ')
echo "zip-artifacts=${ZIP_ARTIFACTS}" >> $GITHUB_OUTPUT
PKG_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.pkg$' | tr '\n' ' ')
echo "pkg-artifacts=${PKG_ARTIFACTS}" >> $GITHUB_OUTPUT
SHA256_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.sha256"; done | tr '\n' ' ')
echo "sha-artifacts=${SHA256_FILES}" >> $GITHUB_OUTPUT
ASC_FILES=$(for pkg in ${ARTIFACTS} ${SHA256_FILES}; do
if [[ ! "${pkg}" =~ \.rpm$ && ! "${pkg}" =~ \.deb$ ]]; then
echo "${pkg}.asc"
fi
done | tr '\n' ' ')
echo "asc-artifacts=${ASC_FILES}" >> $GITHUB_OUTPUT
- name: "Upload Artifacts"
uses: actions/upload-artifact@v4
with:
name: asvec-artifacts
path: ~/work/asvec/asvec/bin/packages/asvec-*
sign:
needs: build
runs-on: ubuntu-latest
steps:
- name: "Git checkout"
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: "Download Artifacts"
uses: actions/download-artifact@v4
with:
name: asvec-artifacts
- name: setup GPG
uses: aerospike/shared-workflows/devops/setup-gpg@main
with:
gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }}
gpg-key-pass: ${{ secrets.GPG_PASS }}
gpg-key-name: "aerospike-inc"
- name: GPG Sign All Files
env:
GPG_TTY: no-tty
GPG_PASSPHRASE: ${{ secrets.GPG_PASS }}
run: |
rpm --addsign ${{needs.build.outputs.rpm-artifacts}}
rpm --checksig ${{needs.build.outputs.rpm-artifacts}}
dpkg-sig --sign builder ${{needs.build.outputs.deb-artifacts}}
dpkg-sig --verify ${{needs.build.outputs.deb-artifacts}}
for file in ${{needs.build.outputs.zip-artifacts}} ${{needs.build.outputs.pkg-artifacts}}; do
gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}"
gpg --verify "${file}.asc" "${file}"
done
- name: Create Checksums
run: |
for pkg in ${{needs.build.outputs.artifacts}}; do
shasum -a 256 $pkg > ${pkg}.sha256
done
for file in ${{needs.build.outputs.sha-artifacts}}; do
gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}"
gpg --verify "${file}.asc" "${file}"
done
- name: "Upload Artifacts"
uses: actions/upload-artifact@v4
with:
name: asvec-artifacts
path: asvec-*
overwrite: true
pre-release:
needs:
- sign
- build
runs-on: ubuntu-latest
steps:
- name: "Git checkout"
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: "Download Artifacts"
uses: actions/download-artifact@v4
with:
name: asvec-artifacts
- name: "Create a new pre-release"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -e
TAG=${{needs.build.outputs.version}}
FULLCOMMIT=$(git rev-parse HEAD)
gh release create -R github.com/aerospike/asvec --prerelease --target ${FULLCOMMIT} --title "Asvec - ${TAG}" ${TAG} ${{needs.build.outputs.artifacts}} ${{needs.build.outputs.sha-artifacts}} ${{needs.build.outputs.asc-artifacts}}
- name: "Delete previous pre-release"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DELPREV: ${{ inputs.deletePrevBuild }}
run: |
if [ "${DELPREV}" = "true" ]; then
set -e
gh release list -R github.com/aerospike/asvec -L 100 | grep Pre-release | awk -F'\t' '{print $3}' | while read -r line; do
if [ "$line" != "${{needs.build.outputs.version}}" ]; then
if [[ "$line" == "${{ inputs.version }}-SNAPSHOT-"* ]]; then
echo "Removing $line"
gh release delete "$line" -R github.com/aerospike/asvec --yes --cleanup-tag
fi
fi
done
fi