-
-
Notifications
You must be signed in to change notification settings - Fork 398
142 lines (121 loc) · 4.87 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
name: release
on:
push:
tags:
- '[0-9]+.[0-9]+.[0-9]+*'
jobs:
create-release-artifacts:
runs-on: ubuntu-latest
container:
image: arduino/arduino-cli:builder-1
volumes:
# cache go dependencies across pipeline's steps
- ${{ github.workspace }}/go:/go
steps:
- name: Checkout
uses: actions/checkout@v1
- name: Build
run: goreleaser
- name: Upload artifacts
uses: actions/upload-artifact@v1
with:
name: dist
path: dist
notarize-macos:
runs-on: macos-latest
needs: create-release-artifacts
steps:
- name: Checkout
uses: actions/checkout@v1
- name: Download artifacts
uses: actions/download-artifact@v1
with:
name: dist
- name: Download Gon
run: |
wget -q https://github.com/mitchellh/gon/releases/download/v0.2.2/gon_0.2.2_macos.zip
unzip gon_0.2.2_macos.zip -d /usr/local/bin
rm -f gon_0.2.2_macos.zip
- name: Notarize binary, re-package it and update checksum
env:
AC_USERNAME: ${{ secrets.AC_USERNAME }}
AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
# This step performs the following:
# 1. Download keychain from GH secrets and decode it from base64
# 2. Add the keychain to the system keychains and unlock it
# 3. Call Gon to start notarization process (using AC_USERNAME and AC_PASSWORD)
# 4. Repackage the signed binary replaced in place by Gon (ignoring the output zip file)
# 5. Recalculate package checksum and replace it in the goreleaser nnnnnn-checksums.txt file
run: |
echo "${{ secrets.KEYCHAIN }}" | base64 --decode > ~/Library/Keychains/apple-developer.keychain-db
security list-keychains -s ~/Library/Keychains/apple-developer.keychain-db
security unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" ~/Library/Keychains/apple-developer.keychain-db
gon gon.config.hcl
# GitHub's upload/download-artifact@v1 actions don't preserve file permissions,
# so we need to add execution permission back until @v2 actions are released.
chmod +x dist/arduino_cli_osx_darwin_amd64/arduino-cli
TAG=${GITHUB_REF/refs\/tags\//}
tar -czvf dist/arduino-cli_${TAG}_macOS_64bit.tar.gz \
-C dist/arduino_cli_osx_darwin_amd64/ arduino-cli \
-C ../../ LICENSE.txt
CLI_CHECKSUM=$(shasum -a 256 dist/arduino-cli_${TAG}_macOS_64bit.tar.gz | cut -d " " -f 1)
perl -pi -w -e "s/.*arduino-cli_${TAG}_macOS_64bit.tar.gz/${CLI_CHECKSUM} arduino-cli_${TAG}_macOS_64bit.tar.gz/g;" dist/*-checksums.txt
- name: Upload artifacts
uses: actions/upload-artifact@v1
with:
name: dist
path: dist
create-release:
runs-on: ubuntu-latest
needs: notarize-macos
steps:
- name: Checkout
uses: actions/checkout@v1
- name: Download artifact
uses: actions/download-artifact@v1
with:
name: dist
- name: Read CHANGELOG
id: changelog
run: |
body=$(cat dist/CHANGELOG.md)
body="${body//'%'/'%25'}"
body="${body//$'\n'/'%0A'}"
body="${body//$'\r'/'%0D'}"
echo $body
echo "::set-output name=BODY::$body"
- name: Identify Prerelease
# This is a workaround while waiting for create-release action
# to implement auto pre-release based on tag
id: prerelease
run: |
wget -q -P /tmp https://github.com/fsaintjacques/semver-tool/archive/3.0.0.zip
unzip -p /tmp/3.0.0.zip semver-tool-3.0.0/src/semver >/tmp/semver && chmod +x /tmp/semver
if [[ $(/tmp/semver get prerel ${GITHUB_REF/refs\/tags\//}) ]]; then echo "::set-output name=IS_PRE::true"; fi
- name: Create Github Release
id: create_release
uses: actions/create-release@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: ${{ github.ref }}
body: ${{ steps.changelog.outputs.BODY }}
draft: false
prerelease: ${{ steps.prerelease.outputs.IS_PRE }}
- name: Upload release files on Github
uses: svenstaro/upload-release-action@v1-release
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: dist/*
tag: ${{ github.ref }}
file_glob: true
- name: Upload release files on Arduino downloads servers
uses: docker://plugins/s3
env:
PLUGIN_SOURCE: 'dist/*'
PLUGIN_TARGET: '/arduino-cli/'
PLUGIN_STRIP_PREFIX: 'dist/'
PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}