From fd066873045c550cc6d185a5c03976de8a819d99 Mon Sep 17 00:00:00 2001 From: Paolo Calao Date: Thu, 23 Sep 2021 16:58:15 +0200 Subject: [PATCH 1/6] CI: Add release workflow --- .github/workflows/release-go-task.yml | 166 +++++++++++++++++ DistTasks.yml | 253 ++++++++++++++++++++++++++ Taskfile.yml | 24 +++ 3 files changed, 443 insertions(+) create mode 100644 .github/workflows/release-go-task.yml create mode 100644 DistTasks.yml diff --git a/.github/workflows/release-go-task.yml b/.github/workflows/release-go-task.yml new file mode 100644 index 00000000..6c6ca221 --- /dev/null +++ b/.github/workflows/release-go-task.yml @@ -0,0 +1,166 @@ +# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/release-go-task.md +name: Release + +env: + # As defined by the Taskfile's PROJECT_NAME variable + PROJECT_NAME: arduino-cloud-cli + # As defined by the Taskfile's DIST_DIR variable + DIST_DIR: dist + # The project's folder on Arduino's download server for uploading builds + AWS_PLUGIN_TARGET: TODO + ARTIFACT_NAME: dist + +on: + push: + tags: + - "[0-9]+.[0-9]+.[0-9]+*" + +jobs: + create-release-artifacts: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Create changelog + uses: arduino/create-changelog@v1 + with: + tag-regex: '^[0-9]+\.[0-9]+\.[0-9]+.*$' + filter-regex: '^\[(skip|changelog)[ ,-](skip|changelog)\].*' + case-insensitive-regex: true + changelog-file-path: "${{ env.DIST_DIR }}/CHANGELOG.md" + + - name: Install Task + uses: arduino/setup-task@v1 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + version: 3.x + + - name: Build + run: task dist:all + + - name: Upload artifacts + uses: actions/upload-artifact@v2 + with: + if-no-files-found: error + name: ${{ env.ARTIFACT_NAME }} + path: ${{ env.DIST_DIR }} + + notarize-macos: + runs-on: macos-latest + needs: create-release-artifacts + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Download artifacts + uses: actions/download-artifact@v2 + with: + name: ${{ env.ARTIFACT_NAME }} + path: ${{ env.DIST_DIR }} + + - name: Import Code-Signing Certificates + env: + KEYCHAIN: "sign.keychain" + INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12" + KEYCHAIN_PASSWORD: keychainpassword # Arbitrary password for a keychain that exists only for the duration of the job, so not secret + run: | + echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}" + security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" + security default-keychain -s "${{ env.KEYCHAIN }}" + security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" + security import \ + "${{ env.INSTALLER_CERT_MAC_PATH }}" \ + -k "${{ env.KEYCHAIN }}" \ + -f pkcs12 \ + -A \ + -T "/usr/bin/codesign" \ + -P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}" + security set-key-partition-list \ + -S apple-tool:,apple: \ + -s \ + -k "${{ env.KEYCHAIN_PASSWORD }}" \ + "${{ env.KEYCHAIN }}" + + - name: Install gon for code signing and app notarization + run: | + wget -q https://github.com/mitchellh/gon/releases/download/v0.2.3/gon_macos.zip + unzip gon_macos.zip -d /usr/local/bin + + - name: Sign and notarize binary + env: + AC_USERNAME: ${{ secrets.AC_USERNAME }} + AC_PASSWORD: ${{ secrets.AC_PASSWORD }} + run: | + gon gon.config.hcl + + - name: Re-package binary and update checksum + # This step performs the following: + # 1. Repackage the signed binary replaced in place by Gon (ignoring the output zip file) + # 2. Recalculate package checksum and replace it in the nnnnnn-checksums.txt file + run: | + # GitHub's upload/download-artifact@v2 actions don't preserve file permissions, + # so we need to add execution permission back until the action is made to do this. + chmod +x ${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_osx_darwin_amd64/${{ env.PROJECT_NAME }} + TAG="${GITHUB_REF/refs\/tags\//}" + tar -czvf "${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_${TAG}_macOS_64bit.tar.gz" \ + -C ${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_osx_darwin_amd64/ ${{ env.PROJECT_NAME }} \ + -C ../../ LICENSE.txt + CHECKSUM="$(shasum -a 256 ${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_${TAG}_macOS_64bit.tar.gz | cut -d " " -f 1)" + perl \ + -pi \ + -w \ + -e "s/.*${{ env.PROJECT_NAME }}_${TAG}_macOS_64bit.tar.gz/${CHECKSUM} ${{ env.PROJECT_NAME }}_${TAG}_macOS_64bit.tar.gz/g;" \ + ${{ env.DIST_DIR }}/*-checksums.txt + + - name: Upload artifacts + uses: actions/upload-artifact@v2 + with: + if-no-files-found: error + name: ${{ env.ARTIFACT_NAME }} + path: ${{ env.DIST_DIR }} + + create-release: + runs-on: ubuntu-latest + needs: notarize-macos + + steps: + - name: Download artifact + uses: actions/download-artifact@v2 + with: + name: ${{ env.ARTIFACT_NAME }} + path: ${{ env.DIST_DIR }} + + - name: Identify Prerelease + # This is a workaround while waiting for create-release action + # to implement auto pre-release based on tag + id: prerelease + run: | + wget -q -P /tmp https://github.com/fsaintjacques/semver-tool/archive/3.0.0.zip + unzip -p /tmp/3.0.0.zip semver-tool-3.0.0/src/semver >/tmp/semver && chmod +x /tmp/semver + if [[ "$(/tmp/semver get prerel "${GITHUB_REF/refs\/tags\//}")" ]]; then echo "::set-output name=IS_PRE::true"; fi + + - name: Create Github Release and upload artifacts + uses: ncipollo/release-action@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + bodyFile: ${{ env.DIST_DIR }}/CHANGELOG.md + draft: false + prerelease: ${{ steps.prerelease.outputs.IS_PRE }} + # NOTE: "Artifact is a directory" warnings are expected and don't indicate a problem + # (all the files we need are in the DIST_DIR root) + artifacts: ${{ env.DIST_DIR }}/* + + - name: Upload release files on Arduino downloads servers + uses: docker://plugins/s3 + env: + PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*" + PLUGIN_TARGET: ${{ env.AWS_PLUGIN_TARGET }} + PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/" + PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/DistTasks.yml b/DistTasks.yml new file mode 100644 index 00000000..222e9e1d --- /dev/null +++ b/DistTasks.yml @@ -0,0 +1,253 @@ +# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/release-go-task/DistTasks.yml +version: "3" + +# This taskfile is ideally meant to be project agnostic and could be dropped in +# on other Go projects with minimal or no changes. +# +# To use it simply add the following lines to your main taskfile: +# includes: +# dist: ./DistTasks.yml +# +# The following variables must be declared in the including taskfile for the +# build process to work correctly: +# * DIST_DIR: the folder that will contain the final binaries and packages +# * PROJECT_NAME: the name of the project, used in package name +# * VERSION: the version of the project, used in package name and checksum file +# * LD_FLAGS: flags used at build time +# +# The project MUST contain a LICENSE.txt file in the root folder or packaging will fail. + +vars: + CONTAINER: "docker.elastic.co/beats-dev/golang-crossbuild" + GO_VERSION: "1.16.4" + CHECKSUM_FILE: "{{.VERSION}}-checksums.txt" + +tasks: + all: + desc: Build for distribution for all platforms + cmds: + - task: Windows_32bit + - task: Windows_64bit + - task: Linux_32bit + - task: Linux_64bit + - task: Linux_ARMv6 + - task: Linux_ARMv7 + - task: Linux_ARM64 + - task: macOS_64bit + + Windows_32bit: + desc: Builds Windows 32 bit binaries + dir: "{{.DIST_DIR}}" + cmds: + - | + docker run -v `pwd`/..:/home/build -w /home/build \ + -e CGO_ENABLED=1 \ + {{.CONTAINER}}:{{.CONTAINER_TAG}} \ + --build-cmd "{{.BUILD_COMMAND}}" \ + -p "{{.BUILD_PLATFORM}}" + + zip {{.PACKAGE_NAME}} {{.PLATFORM_DIR}}/{{.PROJECT_NAME}}.exe ../LICENSE.txt -j + sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} + + vars: + PLATFORM_DIR: "{{.PROJECT_NAME}}_windows_386" + BUILD_COMMAND: "go build -o {{.DIST_DIR}}/{{.PLATFORM_DIR}}/{{.PROJECT_NAME}}.exe {{.LDFLAGS}}" + BUILD_PLATFORM: "windows/386" + CONTAINER_TAG: "{{.GO_VERSION}}-main" + PACKAGE_PLATFORM: "Windows_32bit" + PACKAGE_NAME: "{{.PROJECT_NAME}}_{{.VERSION}}_{{.PACKAGE_PLATFORM}}.zip" + + Windows_64bit: + desc: Builds Windows 64 bit binaries + dir: "{{.DIST_DIR}}" + cmds: + - | + docker run -v `pwd`/..:/home/build -w /home/build \ + -e CGO_ENABLED=1 \ + {{.CONTAINER}}:{{.CONTAINER_TAG}} \ + --build-cmd "{{.BUILD_COMMAND}}" \ + -p "{{.BUILD_PLATFORM}}" + + zip {{.PACKAGE_NAME}} {{.PLATFORM_DIR}}/{{.PROJECT_NAME}}.exe ../LICENSE.txt -j + sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} + + vars: + PLATFORM_DIR: "{{.PROJECT_NAME}}_windows_amd64" + BUILD_COMMAND: "go build -o {{.DIST_DIR}}/{{.PLATFORM_DIR}}/{{.PROJECT_NAME}}.exe {{.LDFLAGS}}" + BUILD_PLATFORM: "windows/amd64" + CONTAINER_TAG: "{{.GO_VERSION}}-main" + PACKAGE_PLATFORM: "Windows_64bit" + PACKAGE_NAME: "{{.PROJECT_NAME}}_{{.VERSION}}_{{.PACKAGE_PLATFORM}}.zip" + + Linux_32bit: + desc: Builds Linux 32 bit binaries + dir: "{{.DIST_DIR}}" + cmds: + - | + docker run -v `pwd`/..:/home/build -w /home/build \ + -e CGO_ENABLED=1 \ + {{.CONTAINER}}:{{.CONTAINER_TAG}} \ + --build-cmd "{{.BUILD_COMMAND}}" \ + -p "{{.BUILD_PLATFORM}}" + + tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} + sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} + + vars: + PLATFORM_DIR: "{{.PROJECT_NAME}}_linux_amd32" + BUILD_COMMAND: "go build -o {{.DIST_DIR}}/{{.PLATFORM_DIR}}/{{.PROJECT_NAME}} {{.LDFLAGS}}" + BUILD_PLATFORM: "linux/386" + CONTAINER_TAG: "{{.GO_VERSION}}-main" + PACKAGE_PLATFORM: "Linux_32bit" + PACKAGE_NAME: "{{.PROJECT_NAME}}_{{.VERSION}}_{{.PACKAGE_PLATFORM}}.tar.gz" + + Linux_64bit: + desc: Builds Linux 64 bit binaries + dir: "{{.DIST_DIR}}" + cmds: + - | + docker run -v `pwd`/..:/home/build -w /home/build \ + -e CGO_ENABLED=1 \ + {{.CONTAINER}}:{{.CONTAINER_TAG}} \ + --build-cmd "{{.BUILD_COMMAND}}" \ + -p "{{.BUILD_PLATFORM}}" + + tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} + sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} + + vars: + PLATFORM_DIR: "{{.PROJECT_NAME}}_linux_amd64" + BUILD_COMMAND: "go build -o {{.DIST_DIR}}/{{.PLATFORM_DIR}}/{{.PROJECT_NAME}} {{.LDFLAGS}}" + BUILD_PLATFORM: "linux/amd64" + CONTAINER_TAG: "{{.GO_VERSION}}-main" + PACKAGE_PLATFORM: "Linux_64bit" + PACKAGE_NAME: "{{.PROJECT_NAME}}_{{.VERSION}}_{{.PACKAGE_PLATFORM}}.tar.gz" + + Linux_ARMv7: + desc: Builds Linux ARMv7 binaries + dir: "{{.DIST_DIR}}" + cmds: + - | + docker run -v `pwd`/..:/home/build -w /home/build \ + -e CGO_ENABLED=1 \ + {{.CONTAINER}}:{{.CONTAINER_TAG}} \ + --build-cmd "{{.BUILD_COMMAND}}" \ + -p "{{.BUILD_PLATFORM}}" + + tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} + sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} + + vars: + PLATFORM_DIR: "{{.PROJECT_NAME}}_linux_arm_7" + BUILD_COMMAND: "go build -o {{.DIST_DIR}}/{{.PLATFORM_DIR}}/{{.PROJECT_NAME}} {{.LDFLAGS}}" + BUILD_PLATFORM: "linux/armv7" + CONTAINER_TAG: "{{.GO_VERSION}}-armhf" + PACKAGE_PLATFORM: "Linux_ARMv7" + PACKAGE_NAME: "{{.PROJECT_NAME}}_{{.VERSION}}_{{.PACKAGE_PLATFORM}}.tar.gz" + + Linux_ARMv6: + desc: Builds Linux ARMv6 binaries + dir: "{{.DIST_DIR}}" + cmds: + - | + docker run -v `pwd`/..:/home/build -w /home/build \ + -e CGO_ENABLED=1 \ + {{.CONTAINER}}:{{.CONTAINER_TAG}} \ + --build-cmd "{{.BUILD_COMMAND}}" \ + -p "{{.BUILD_PLATFORM}}" + + tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} + sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} + + vars: + PLATFORM_DIR: "{{.PROJECT_NAME}}_linux_arm_6" + BUILD_COMMAND: "go build -o {{.DIST_DIR}}/{{.PLATFORM_DIR}}/{{.PROJECT_NAME}} {{.LDFLAGS}}" + BUILD_PLATFORM: "linux/armv6" + # We are experiencing the following error with ARMv6 build: + # + # # github.com/arduino/arduino-cli + # net(.text): unexpected relocation type 296 (R_ARM_V4BX) + # panic: runtime error: invalid memory address or nil pointer dereference + # [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x51ae53] + # + # goroutine 1 [running]: + # cmd/link/internal/loader.(*Loader).SymName(0xc000095c00, 0x0, 0xc0000958d8, 0x5a0ac) + # /usr/local/go/src/cmd/link/internal/loader/loader.go:684 +0x53 + # cmd/link/internal/ld.dynrelocsym2(0xc000095880, 0x5a0ac) + # /usr/local/go/src/cmd/link/internal/ld/data.go:777 +0x295 + # cmd/link/internal/ld.(*dodataState).dynreloc2(0xc007df9800, 0xc000095880) + # /usr/local/go/src/cmd/link/internal/ld/data.go:794 +0x89 + # cmd/link/internal/ld.(*Link).dodata2(0xc000095880, 0xc007d00000, 0x60518, 0x60518) + # /usr/local/go/src/cmd/link/internal/ld/data.go:1434 +0x4d4 + # cmd/link/internal/ld.Main(0x8729a0, 0x4, 0x8, 0x1, 0xd, 0xe, 0x0, 0x0, 0x6d7737, 0x12, ...) + # /usr/local/go/src/cmd/link/internal/ld/main.go:302 +0x123a + # main.main() + # /usr/local/go/src/cmd/link/main.go:68 +0x1dc + # Error: failed building for linux/armv6: exit status 2 + # + # This seems to be a problem in the go builder 1.16.x that removed support for the R_ARM_V4BX instruction: + # https://github.com/golang/go/pull/44998 + # https://groups.google.com/g/golang-codereviews/c/yzN80xxwu2E + # + # Until there is a fix released we must use a recent gcc for Linux_ARMv6 build, so for this + # build we select the debian10 based container. + CONTAINER_TAG: "{{.GO_VERSION}}-armel-debian10" + PACKAGE_PLATFORM: "Linux_ARMv6" + PACKAGE_NAME: "{{.PROJECT_NAME}}_{{.VERSION}}_{{.PACKAGE_PLATFORM}}.tar.gz" + + Linux_ARM64: + desc: Builds Linux ARM64 binaries + dir: "{{.DIST_DIR}}" + cmds: + - | + docker run -v `pwd`/..:/home/build -w /home/build \ + -e CGO_ENABLED=1 \ + {{.CONTAINER}}:{{.CONTAINER_TAG}} \ + --build-cmd "{{.BUILD_COMMAND}}" \ + -p "{{.BUILD_PLATFORM}}" + + tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} + sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} + + vars: + PLATFORM_DIR: "{{.PROJECT_NAME}}_linux_arm_64" + BUILD_COMMAND: "go build -o {{.DIST_DIR}}/{{.PLATFORM_DIR}}/{{.PROJECT_NAME}} {{.LDFLAGS}}" + BUILD_PLATFORM: "linux/arm64" + CONTAINER_TAG: "{{.GO_VERSION}}-arm" + PACKAGE_PLATFORM: "Linux_ARM64" + PACKAGE_NAME: "{{.PROJECT_NAME}}_{{.VERSION}}_{{.PACKAGE_PLATFORM}}.tar.gz" + + macOS_64bit: + desc: Builds Mac OS X 64 bit binaries + dir: "{{.DIST_DIR}}" + cmds: + - | + docker run -v `pwd`/..:/home/build -w /home/build \ + -e CGO_ENABLED=1 \ + {{.CONTAINER}}:{{.CONTAINER_TAG}} \ + --build-cmd "{{.BUILD_COMMAND}}" \ + -p "{{.BUILD_PLATFORM}}" + + tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} + sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} + + vars: + PLATFORM_DIR: "{{.PROJECT_NAME}}_osx_darwin_amd64" + BUILD_COMMAND: "go build -o {{.DIST_DIR}}/{{.PLATFORM_DIR}}/{{.PROJECT_NAME}} {{.LDFLAGS}}" + BUILD_PLATFORM: "darwin/amd64" + # We are experiencing the following error with macOS_64bit build: + # + # Undefined symbols for architecture x86_64: + # "_clock_gettime", referenced from: + # _runtime.walltime_trampoline in go.o + # ld: symbol(s) not found for architecture x86_64 + # clang: error: linker command failed with exit code 1 (use -v to see invocation) + # + # The reason seems that go 1.16.x use a macos API which is available since 10.12 + # https://github.com/techknowlogick/xgo/issues/100#issuecomment-780894190 + # + # To compile it we need an SDK >=10.12 so we use the debian10 based container that + # has the SDK 10.14 installed. + CONTAINER_TAG: "{{.GO_VERSION}}-darwin-debian10" + PACKAGE_PLATFORM: "macOS_64bit" + PACKAGE_NAME: "{{.PROJECT_NAME}}_{{.VERSION}}_{{.PACKAGE_PLATFORM}}.tar.gz" diff --git a/Taskfile.yml b/Taskfile.yml index 51f8662b..98b4acbe 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -1,6 +1,9 @@ # See: https://taskfile.dev/#/usage version: "3" +includes: + dist: ./DistTasks.yml + vars: # Path of the project's primary Go module: DEFAULT_GO_MODULE_PATH: ./ @@ -13,6 +16,27 @@ vars: # `-ldflags` flag to use for `go test` command # TODO: define flag if required by the project, or leave empty if not needed. TEST_LDFLAGS: + # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/release-go-task/Taskfile.yml + PROJECT_NAME: "arduino-cloud-cli" + DIST_DIR: "dist" + # build vars + COMMIT: + sh: echo "$(git log --no-show-signature -n 1 --format=%h)" + TIMESTAMP: + sh: echo "$(date -u +"%Y-%m-%dT%H:%M:%SZ")" + TIMESTAMP_SHORT: + sh: echo "{{now | date "20060102"}}" + TAG: + sh: echo "$(git tag --points-at=HEAD 2> /dev/null | head -n1)" + VERSION: "{{if .NIGHTLY}}nightly-{{.TIMESTAMP_SHORT}}{{else if .TAG}}{{.TAG}}{{else}}{{.PACKAGE_NAME_PREFIX}}git-snapshot{{end}}" + CONFIGURATION_PACKAGE: github.com/arduino/arduino-cloud-cli/version + LDFLAGS: >- + -ldflags + ' + -X {{.CONFIGURATION_PACKAGE}}.Version={{.VERSION}} + -X {{.CONFIGURATION_PACKAGE}}.Commit={{.COMMIT}} + -X {{.CONFIGURATION_PACKAGE}}.Timestamp={{.TIMESTAMP}} + ' tasks: # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/go-task/Taskfile.yml From 8d12c620d160bcf1273abb58b1a4e3fbe67988b5 Mon Sep 17 00:00:00 2001 From: Paolo Calao Date: Mon, 27 Sep 2021 11:02:43 +0200 Subject: [PATCH 2/6] Disable upload to aws --- .github/workflows/release-go-task.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release-go-task.yml b/.github/workflows/release-go-task.yml index 6c6ca221..994d4052 100644 --- a/.github/workflows/release-go-task.yml +++ b/.github/workflows/release-go-task.yml @@ -155,12 +155,12 @@ jobs: # (all the files we need are in the DIST_DIR root) artifacts: ${{ env.DIST_DIR }}/* - - name: Upload release files on Arduino downloads servers - uses: docker://plugins/s3 - env: - PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*" - PLUGIN_TARGET: ${{ env.AWS_PLUGIN_TARGET }} - PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/" - PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + # - name: Upload release files on Arduino downloads servers + # uses: docker://plugins/s3 + # env: + # PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*" + # PLUGIN_TARGET: ${{ env.AWS_PLUGIN_TARGET }} + # PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/" + # PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} + # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From 02895b7bacff59911c533e5ed0a5ef378eaf33fa Mon Sep 17 00:00:00 2001 From: Paolo Calao Date: Mon, 27 Sep 2021 11:02:58 +0200 Subject: [PATCH 3/6] Enable macos notarization --- .github/workflows/release-go-task.yml | 4 ++-- .gon.hcl | 15 --------------- gon.config.hcl | 14 ++++++++++++++ 3 files changed, 16 insertions(+), 17 deletions(-) delete mode 100644 .gon.hcl create mode 100644 gon.config.hcl diff --git a/.github/workflows/release-go-task.yml b/.github/workflows/release-go-task.yml index 994d4052..cbe797b0 100644 --- a/.github/workflows/release-go-task.yml +++ b/.github/workflows/release-go-task.yml @@ -69,7 +69,7 @@ jobs: INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12" KEYCHAIN_PASSWORD: keychainpassword # Arbitrary password for a keychain that exists only for the duration of the job, so not secret run: | - echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}" + echo "${{ secrets.MACOS_SIGN_CERTIFICATE_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}" security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" security default-keychain -s "${{ env.KEYCHAIN }}" security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" @@ -79,7 +79,7 @@ jobs: -f pkcs12 \ -A \ -T "/usr/bin/codesign" \ - -P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}" + -P "${{ secrets.MACOS_SIGN_CERTIFICATE_PASSWORD }}" security set-key-partition-list \ -S apple-tool:,apple: \ -s \ diff --git a/.gon.hcl b/.gon.hcl deleted file mode 100644 index 0e2e61a2..00000000 --- a/.gon.hcl +++ /dev/null @@ -1,15 +0,0 @@ -source = ["./arduino-cloud-cli"] -bundle_id = "dev.zmoog.arduino-cloud-cli" - -apple_id { - username = "maurizio.branca@gmail.com" - password = "@env:AC_PASSWORD" -} - -sign { - application_identity = "02B1797580ADB94948688199684FE9C75284D6D3" -} - -zip { - output_path = "./arduino-cloud-cli.zip" -} diff --git a/gon.config.hcl b/gon.config.hcl new file mode 100644 index 00000000..160d6371 --- /dev/null +++ b/gon.config.hcl @@ -0,0 +1,14 @@ +# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/general/gon.config.hcl +# See: https://github.com/mitchellh/gon#configuration-file +source = ["dist/arduino-cloud-cli_osx_darwin_amd64/arduino-cloud-cli"] +bundle_id = "cc.arduino.arduino-cloud-cli" + +sign { + application_identity = "Developer ID Application: ARDUINO SA (7KT7ZWMCJT)" +} + +# Ask Gon for zip output to force notarization process to take place. +# The CI will ignore the zip output, using the signed binary only. +zip { + output_path = "unused.zip" +} \ No newline at end of file From be4fd0348355ff185791949c9bfe4d3c4f124d7a Mon Sep 17 00:00:00 2001 From: Paolo Calao Date: Fri, 24 Sep 2021 16:53:26 +0200 Subject: [PATCH 4/6] Edit release archive (- license, + binaries) --- .github/workflows/release-go-task.yml | 6 +++++- DistTasks.yml | 25 +++++++++++++++++-------- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release-go-task.yml b/.github/workflows/release-go-task.yml index cbe797b0..821eefd5 100644 --- a/.github/workflows/release-go-task.yml +++ b/.github/workflows/release-go-task.yml @@ -9,6 +9,8 @@ env: # The project's folder on Arduino's download server for uploading builds AWS_PLUGIN_TARGET: TODO ARTIFACT_NAME: dist + # TODO: Remember to REMOVE binaries folder as soon as it is removed from the project + PROVISIONING_BINARIES_FOLDER: binaries on: push: @@ -102,6 +104,8 @@ jobs: # This step performs the following: # 1. Repackage the signed binary replaced in place by Gon (ignoring the output zip file) # 2. Recalculate package checksum and replace it in the nnnnnn-checksums.txt file + # TODO: Add again the LICENSE.txt as soon as we have it + # TODO: Remember to REMOVE binaries folder as soon as it is removed from the project ({{.PROVISIONING_BINARIES_FOLDER}}) run: | # GitHub's upload/download-artifact@v2 actions don't preserve file permissions, # so we need to add execution permission back until the action is made to do this. @@ -109,7 +113,7 @@ jobs: TAG="${GITHUB_REF/refs\/tags\//}" tar -czvf "${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_${TAG}_macOS_64bit.tar.gz" \ -C ${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_osx_darwin_amd64/ ${{ env.PROJECT_NAME }} \ - -C ../../ LICENSE.txt + -C ../../ ${{ env.PROVISIONING_BINARIES_FOLDER }} CHECKSUM="$(shasum -a 256 ${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_${TAG}_macOS_64bit.tar.gz | cut -d " " -f 1)" perl \ -pi \ diff --git a/DistTasks.yml b/DistTasks.yml index 222e9e1d..673ed690 100644 --- a/DistTasks.yml +++ b/DistTasks.yml @@ -14,6 +14,7 @@ version: "3" # * PROJECT_NAME: the name of the project, used in package name # * VERSION: the version of the project, used in package name and checksum file # * LD_FLAGS: flags used at build time +# * PROVISIONING_BINARIES_FOLDER: provisioning binaries folder. Remember to REMOVE binaries folder as soon as it is removed from the project # # The project MUST contain a LICENSE.txt file in the root folder or packaging will fail. @@ -38,6 +39,8 @@ tasks: Windows_32bit: desc: Builds Windows 32 bit binaries dir: "{{.DIST_DIR}}" + # TODO: Add LICENSE.txt to the archive when we have it + # TODO: Remember to REMOVE binaries folder as soon as it is removed from the project cmds: - | docker run -v `pwd`/..:/home/build -w /home/build \ @@ -46,7 +49,10 @@ tasks: --build-cmd "{{.BUILD_COMMAND}}" \ -p "{{.BUILD_PLATFORM}}" - zip {{.PACKAGE_NAME}} {{.PLATFORM_DIR}}/{{.PROJECT_NAME}}.exe ../LICENSE.txt -j + cp {{.PLATFORM_DIR}}/{{.PROJECT_NAME}}.exe ../ + cd .. + zip -r {{.DIST_DIR}}/{{.PACKAGE_NAME}} {{.PROJECT_NAME}}.exe {{.PROVISIONING_BINARIES_FOLDER}} + cd {{.DIST_DIR}} sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} vars: @@ -68,7 +74,10 @@ tasks: --build-cmd "{{.BUILD_COMMAND}}" \ -p "{{.BUILD_PLATFORM}}" - zip {{.PACKAGE_NAME}} {{.PLATFORM_DIR}}/{{.PROJECT_NAME}}.exe ../LICENSE.txt -j + cp {{.PLATFORM_DIR}}/{{.PROJECT_NAME}}.exe ../ + cd .. + zip -r {{.DIST_DIR}}/{{.PACKAGE_NAME}} {{.PROJECT_NAME}}.exe {{.PROVISIONING_BINARIES_FOLDER}} + cd {{.DIST_DIR}} sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} vars: @@ -90,7 +99,7 @@ tasks: --build-cmd "{{.BUILD_COMMAND}}" \ -p "{{.BUILD_PLATFORM}}" - tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} + tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. {{.PROVISIONING_BINARIES_FOLDER}} -f {{.PACKAGE_NAME}} sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} vars: @@ -112,7 +121,7 @@ tasks: --build-cmd "{{.BUILD_COMMAND}}" \ -p "{{.BUILD_PLATFORM}}" - tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} + tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. {{.PROVISIONING_BINARIES_FOLDER}} -f {{.PACKAGE_NAME}} sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} vars: @@ -134,7 +143,7 @@ tasks: --build-cmd "{{.BUILD_COMMAND}}" \ -p "{{.BUILD_PLATFORM}}" - tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} + tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. {{.PROVISIONING_BINARIES_FOLDER}} -f {{.PACKAGE_NAME}} sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} vars: @@ -156,7 +165,7 @@ tasks: --build-cmd "{{.BUILD_COMMAND}}" \ -p "{{.BUILD_PLATFORM}}" - tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} + tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. {{.PROVISIONING_BINARIES_FOLDER}} -f {{.PACKAGE_NAME}} sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} vars: @@ -206,7 +215,7 @@ tasks: --build-cmd "{{.BUILD_COMMAND}}" \ -p "{{.BUILD_PLATFORM}}" - tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} + tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. {{.PROVISIONING_BINARIES_FOLDER}} -f {{.PACKAGE_NAME}} sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} vars: @@ -228,7 +237,7 @@ tasks: --build-cmd "{{.BUILD_COMMAND}}" \ -p "{{.BUILD_PLATFORM}}" - tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} + tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. {{.PROVISIONING_BINARIES_FOLDER}} -f {{.PACKAGE_NAME}} sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} vars: From b78a5ec5ae2767c76473aeb5d3afdf41e92e752c Mon Sep 17 00:00:00 2001 From: Paolo Calao Date: Mon, 27 Sep 2021 12:33:41 +0200 Subject: [PATCH 5/6] Fix release version --- Taskfile.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/Taskfile.yml b/Taskfile.yml index 98b4acbe..df7a658e 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -10,9 +10,6 @@ vars: DEFAULT_GO_PACKAGES: sh: | echo $(cd {{default .DEFAULT_GO_MODULE_PATH .GO_MODULE_PATH}} && go list ./... | tr '\n' ' ' || echo '"ERROR: Unable to discover Go packages"') - # `-ldflags` flag to use for `go build` command - # TODO: define flag if required by the project, or leave empty if not needed. - LDFLAGS: # `-ldflags` flag to use for `go test` command # TODO: define flag if required by the project, or leave empty if not needed. TEST_LDFLAGS: @@ -33,9 +30,9 @@ vars: LDFLAGS: >- -ldflags ' - -X {{.CONFIGURATION_PACKAGE}}.Version={{.VERSION}} - -X {{.CONFIGURATION_PACKAGE}}.Commit={{.COMMIT}} - -X {{.CONFIGURATION_PACKAGE}}.Timestamp={{.TIMESTAMP}} + -X {{.CONFIGURATION_PACKAGE}}.versionString={{.VERSION}} + -X {{.CONFIGURATION_PACKAGE}}.commit={{ .COMMIT }} + -X {{.CONFIGURATION_PACKAGE}}.date={{.TIMESTAMP}} ' tasks: From 7c5aa98fad147a16e321e7a712d5c77d1297d882 Mon Sep 17 00:00:00 2001 From: Paolo Calao Date: Tue, 28 Sep 2021 15:33:01 +0200 Subject: [PATCH 6/6] Add todos --- .github/workflows/release-go-task.yml | 1 + .github/workflows/test-go-task.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/release-go-task.yml b/.github/workflows/release-go-task.yml index 821eefd5..df4c0079 100644 --- a/.github/workflows/release-go-task.yml +++ b/.github/workflows/release-go-task.yml @@ -159,6 +159,7 @@ jobs: # (all the files we need are in the DIST_DIR root) artifacts: ${{ env.DIST_DIR }}/* + # TODO # - name: Upload release files on Arduino downloads servers # uses: docker://plugins/s3 # env: diff --git a/.github/workflows/test-go-task.yml b/.github/workflows/test-go-task.yml index 1641b9ff..6b48fe76 100644 --- a/.github/workflows/test-go-task.yml +++ b/.github/workflows/test-go-task.yml @@ -93,6 +93,7 @@ jobs: GO_MODULE_PATH: ${{ matrix.module.path }} run: task go:test + # TODO # - name: Send unit tests coverage to Codecov # if: runner.os == 'Linux' # uses: codecov/codecov-action@v2