-
Notifications
You must be signed in to change notification settings - Fork 0
280 lines (255 loc) Β· 12.7 KB
/
create-prerelease.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
name: Build and Create Pre-Release
on:
workflow_dispatch:
inputs:
version:
description: 'If this is a release what version is this for? If this is a pre-release what version are you developing toward?'
required: true
type: string
preRelease:
description: 'Create Pre-release? -SNAPSHOT-{COMMIT} will be appended to the version above.'
required: false
type: boolean
deletePrevBuild:
description: 'Cleanup existing pre-releases?'
required: false
type: boolean
jobs:
build:
outputs:
version: ${{ steps.save-version.outputs.version }}
rpm-version: ${{ steps.save-version.outputs.rpm-version }}
artifacts: ${{ steps.save-version.outputs.artifacts }}
rpm-artifacts: ${{ steps.save-version.outputs.rpm-artifacts }}
deb-artifacts: ${{ steps.save-version.outputs.deb-artifacts }}
zip-artifacts: ${{ steps.save-version.outputs.zip-artifacts }}
pkg-artifacts: ${{ steps.save-version.outputs.pkg-artifacts }}
sha-artifacts: ${{ steps.save-version.outputs.sha-artifacts }}
asc-artifacts: ${{ steps.save-version.outputs.asc-artifacts }}
runs-on: macos-13
steps:
- name: "Git checkout"
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: "Install Homebrew"
run: /bin/bash -c "NONINTERACTIVE=1 $(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
- name: "Install Dependencies"
run: |
/usr/local/bin/brew install --overwrite [email protected] || echo "I1.1"
/usr/local/bin/brew link --overwrite [email protected] || echo "I1.2"
/usr/local/bin/brew install --overwrite dpkg zip make wget jq rpm || echo "I2"
/usr/local/bin/brew link --overwrite [email protected] || echo "I1.3"
/usr/local/bin/brew install [email protected] || echo "I1.4"
/usr/local/bin/brew install [email protected] || echo "I1.5"
for i in dpkg zip make wget jq rpm python3.11; do command -v $i || exit 1; done
echo "Dependencies checked"
- name: Get go version from go.mod
run: |
echo "GO_VERSION=$(grep '^go ' go.mod | cut -d " " -f 2)" >> $GITHUB_ENV
- uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: "Install Packages.pkg for making macos PKG files"
run: |
wget http://s.sudre.free.fr/Software/files/Packages.dmg
hdiutil attach -mountpoint /Volumes/Packages Packages.dmg
cd /Volumes/Packages
sudo installer -pkg Install\ Packages.pkg -target /
- name: Tag Before Building
id: tag
if: inputs.version != ''
env:
TAG: ${{ inputs.version }}
SNAPSHOT: ${{ inputs.preRelease }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "Tagging the repository with ${TAG}"
git config --global user.email "[email protected]"
git config --global user.name "GitHub Actions"
if [ "${SNAPSHOT}" = "true" ]; then
COMMIT=$(git rev-parse --short HEAD)
TAG="${TAG}-SNAPSHOT-${COMMIT}"
fi
# Ensure the tag does not already exist
if ! gh release view "${TAG}" > /dev/null 2>&1; then
git tag -a "${TAG}" -m "Release ${TAG}"
git push origin "${TAG}"
echo "Tag ${TAG} created and pushed successfully."
else
echo "Tag ${TAG} already exists."
fi
- name: "Compile"
env:
ADDCOMMIT: ${{ inputs.preRelease }}
run: |
buildcmd="build-prerelease"
[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official"
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin
cd ~/work/asvec/asvec && make cleanall && make ${buildcmd}
- name: "Create linux packages"
env:
ADDCOMMIT: ${{ inputs.preRelease }}
run: |
buildcmd="build-prerelease"
[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official"
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin
cd ~/work/asvec/asvec && make pkg-linux
- name: "Create windows zips"
env:
ADDCOMMIT: ${{ inputs.preRelease }}
run: |
buildcmd="build-prerelease"
[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official"
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin
cd ~/work/asvec/asvec && make pkg-windows-zip
- name: "Print asvec version"
run: cd ~/work/asvec/asvec && ./bin/asvec-macos-amd64 --version
- name: "Prepare keychain for signing MacOS"
env:
keypw: ${{ secrets.APPLEUSERPW }}
INSTALLERP12: ${{ secrets.INSTALLERP12 }}
APPLICATIONP12: ${{ secrets.APPLICATIONP12 }}
run: |
set -e
security create-keychain -p mysecretpassword build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p mysecretpassword build.keychain
security set-keychain-settings build.keychain
security unlock-keychain -p mysecretpassword build.keychain
echo "$APPLICATIONP12" | base64 -d > app.p12
echo "$INSTALLERP12" | base64 -d > install.p12
security import app.p12 -k build.keychain -P $keypw -A
security import install.p12 -k build.keychain -P $keypw -A
security set-key-partition-list -S apple-tool:,apple: -s -k mysecretpassword build.keychain
- name: "Sign and build MacOS"
env:
xasvec_appleid: ${{ secrets.APPLEUSER }}
xasvec_applepw: ${{ secrets.APPLEAPPPW }}
xasvec_signer: ${{ secrets.APPLESIGNER }}
xasvec_installsigner: ${{ secrets.APPLEINSTALLSIGNER }}
xasvec_teamid: ${{ secrets.APPLETEAMID }}
run: |
set -e
export asvec_appleid="${xasvec_appleid}"
export asvec_applepw="${xasvec_applepw}"
export asvec_signer="${xasvec_signer}"
export asvec_installsigner="${xasvec_installsigner}"
export asvec_teamid="${xasvec_teamid}"
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin && cd ~/work/asvec/asvec && make macos-build-all && make macos-notarize-all
- name: Save Version
id: save-version
run: |
VER=$(cat VERSION.md)
echo version=${VER} >> $GITHUB_OUTPUT
RPM_VER=$(echo ${VER} | sed 's/-/_/g')
echo rpm-verion=${RPM_VER} >> $GITHUB_OUTPUT
ARTIFACTS="asvec-linux-amd64-${VER}.deb asvec-linux-amd64-${RPM_VER}.rpm asvec-linux-amd64-${VER}.zip asvec-linux-arm64-${VER}.deb asvec-linux-arm64-${RPM_VER}.rpm asvec-linux-arm64-${VER}.zip asvec-macos-${VER}.pkg asvec-macos-amd64-${VER}.zip asvec-macos-arm64-${VER}.zip asvec-windows-amd64-${VER}.zip asvec-windows-arm64-${VER}.zip"
echo "artifacts=${ARTIFACTS}" >> $GITHUB_OUTPUT
RPM_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.rpm$' | tr '\n' ' ')
echo "rpm-artifacts=${RPM_ARTIFACTS}" >> $GITHUB_OUTPUT
DEB_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.deb$' | tr '\n' ' ')
echo "deb-artifacts=${DEB_ARTIFACTS}" >> $GITHUB_OUTPUT
ZIP_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.zip$' | tr '\n' ' ')
echo "zip-artifacts=${ZIP_ARTIFACTS}" >> $GITHUB_OUTPUT
PKG_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.pkg$' | tr '\n' ' ')
echo "pkg-artifacts=${PKG_ARTIFACTS}" >> $GITHUB_OUTPUT
SHA256_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.sha256"; done | tr '\n' ' ')
echo "sha-artifacts=${SHA256_FILES}" >> $GITHUB_OUTPUT
ASC_FILES=$(for pkg in ${ARTIFACTS} ${SHA256_FILES}; do
if [[ ! "${pkg}" =~ \.rpm$ && ! "${pkg}" =~ \.deb$ ]]; then
echo "${pkg}.asc"
fi
done | tr '\n' ' ')
echo "asc-artifacts=${ASC_FILES}" >> $GITHUB_OUTPUT
- name: "Upload Artifacts"
uses: actions/upload-artifact@v4
with:
name: asvec-artifacts
path: ~/work/asvec/asvec/bin/packages/asvec-*
sign:
needs: build
runs-on: ubuntu-latest
steps:
- name: "Git checkout"
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: "Download Artifacts"
uses: actions/download-artifact@v4
with:
name: asvec-artifacts
- name: setup GPG
uses: aerospike/shared-workflows/devops/setup-gpg@main
with:
gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }}
gpg-key-pass: ${{ secrets.GPG_PASS }}
gpg-key-name: "aerospike-inc"
- name: GPG Sign All Files
env:
GPG_TTY: no-tty
GPG_PASSPHRASE: ${{ secrets.GPG_PASS }}
run: |
rpm --addsign ${{needs.build.outputs.rpm-artifacts}}
rpm --checksig ${{needs.build.outputs.rpm-artifacts}}
dpkg-sig --sign builder ${{needs.build.outputs.deb-artifacts}}
dpkg-sig --verify ${{needs.build.outputs.deb-artifacts}}
for file in ${{needs.build.outputs.zip-artifacts}} ${{needs.build.outputs.pkg-artifacts}}; do
gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}"
gpg --verify "${file}.asc" "${file}"
done
- name: Create Checksums
run: |
for pkg in ${{needs.build.outputs.artifacts}}; do
shasum -a 256 $pkg > ${pkg}.sha256
done
for file in ${{needs.build.outputs.sha-artifacts}}; do
gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}"
gpg --verify "${file}.asc" "${file}"
done
- name: "Upload Artifacts"
uses: actions/upload-artifact@v4
with:
name: asvec-artifacts
path: asvec-*
overwrite: true
pre-release:
needs:
- sign
- build
runs-on: ubuntu-latest
steps:
- name: "Git checkout"
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: "Download Artifacts"
uses: actions/download-artifact@v4
with:
name: asvec-artifacts
- name: "Create a new pre-release"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -e
TAG=${{needs.build.outputs.version}}
FULLCOMMIT=$(git rev-parse HEAD)
gh release create -R github.com/aerospike/asvec --prerelease --target ${FULLCOMMIT} --title "Asvec - ${TAG}" ${TAG} ${{needs.build.outputs.artifacts}} ${{needs.build.outputs.sha-artifacts}} ${{needs.build.outputs.asc-artifacts}}
- name: "Delete previous pre-release"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DELPREV: ${{ inputs.deletePrevBuild }}
run: |
if [ "${DELPREV}" = "true" ]; then
set -e
gh release list -R github.com/aerospike/asvec -L 100 | grep Pre-release | awk -F'\t' '{print $3}' | while read -r line; do
if [ "$line" != "${{needs.build.outputs.version}}" ]; then
if [[ "$line" == "${{ inputs.version }}-SNAPSHOT-"* ]]; then
echo "Removing $line"
gh release delete "$line" -R github.com/aerospike/asvec --yes --cleanup-tag
fi
fi
done
fi