-
-
Notifications
You must be signed in to change notification settings - Fork 398
118 lines (102 loc) · 4.05 KB
/
nightly.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
name: nightly
on:
schedule:
# run every day at 1AM
- cron: "0 1 * * *"
jobs:
create-nightly-artifacts:
# This workflow is only of value to the arduino/arduino-cli repository and
# would always fail in forks
if: github.repository == 'arduino/arduino-cli'
runs-on: ubuntu-latest
container:
image: arduino/arduino-cli:builder-1
volumes:
# cache go dependencies across pipeline's steps
- ${{ github.workspace }}/go:/go
steps:
- name: checkout
uses: actions/checkout@v1
- name: build
env:
PACKAGE_NAME_PREFIX: ${{ github.workflow }}
run: goreleaser --snapshot
- name: Upload artifacts
uses: actions/upload-artifact@v1
with:
name: dist
path: dist
notarize-macos:
runs-on: macos-latest
needs: create-nightly-artifacts
steps:
- name: Checkout
uses: actions/checkout@v1
- name: Download artifacts
uses: actions/download-artifact@v1
with:
name: dist
- name: Download Gon
run: |
wget -q https://github.com/mitchellh/gon/releases/download/v0.2.2/gon_0.2.2_macos.zip
unzip gon_0.2.2_macos.zip -d /usr/local/bin
rm -f gon_0.2.2_macos.zip
- name: Notarize binary, re-package it and update checksum
env:
AC_USERNAME: ${{ secrets.AC_USERNAME }}
AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
# This step performs the following:
# 1. Download keychain from GH secrets and decode it from base64
# 2. Add the keychain to the system keychains and unlock it
# 3. Call Gon to start notarization process (using AC_USERNAME and AC_PASSWORD)
# 4. Repackage the signed binary replaced in place by Gon (ignoring the output zip file)
# 5. Recalculate package checksum and replace it in the goreleaser nnnnnn-checksums.txt file
run: |
echo "${{ secrets.KEYCHAIN }}" | base64 --decode > ~/Library/Keychains/apple-developer.keychain-db
security list-keychains -s ~/Library/Keychains/apple-developer.keychain-db
security unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" ~/Library/Keychains/apple-developer.keychain-db
gon gon.config.hcl
# GitHub's upload/download-artifact@v1 actions don't preserve file permissions,
# so we need to add execution permission back until @v2 actions are released.
chmod +x dist/arduino_cli_osx_darwin_amd64/arduino-cli
PACKAGE_FILENAME="$(basename dist/arduino-cli_${{ github.workflow }}-*_macOS_64bit.tar.gz)"
tar -czvf dist/$PACKAGE_FILENAME \
-C dist/arduino_cli_osx_darwin_amd64/ arduino-cli \
-C ../../ LICENSE.txt
CLI_CHECKSUM=$(shasum -a 256 dist/$PACKAGE_FILENAME | cut -d " " -f 1)
perl -pi -w -e "s/.*${PACKAGE_FILENAME}/${CLI_CHECKSUM} ${PACKAGE_FILENAME}/g;" dist/*-checksums.txt
- name: Upload artifacts
uses: actions/upload-artifact@v1
with:
name: dist
path: dist
publish-nightly:
runs-on: ubuntu-latest
needs: notarize-macos
steps:
- name: Download artifact
uses: actions/download-artifact@v1
with:
name: dist
- name: upload
uses: docker://plugins/s3
env:
PLUGIN_SOURCE: "dist/*"
PLUGIN_TARGET: "/arduino-cli/nightly"
PLUGIN_STRIP_PREFIX: "dist/"
PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Report failure
if: failure()
uses: masci/datadog@v1
with:
api-key: ${{ secrets.DD_API_KEY }}
events: |
- title: "Arduino CLI nighly build failed"
text: "Nightly build worfklow has failed"
alert_type: "error"
host: ${{ github.repository }}
tags:
- "project:arduino-cli"
- "workflow:${{ github.workflow }}"