From e3c08b4b1c7d62a7a5b65fe7b2d39080f009d89f Mon Sep 17 00:00:00 2001 From: Matteo Pologruto Date: Wed, 14 Sep 2022 11:02:32 +0200 Subject: [PATCH 1/4] Add support for MacOS arm64 build in the taskfile --- DistTasks.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/DistTasks.yml b/DistTasks.yml index 17b5e97..4f4cf5d 100644 --- a/DistTasks.yml +++ b/DistTasks.yml @@ -34,6 +34,7 @@ tasks: - task: Linux_ARMv7 - task: Linux_ARM64 - task: macOS_64bit + - task: macOS_ARM64 Windows_32bit: desc: Builds Windows 32 bit binaries @@ -251,3 +252,25 @@ tasks: CONTAINER_TAG: "{{.GO_VERSION}}-darwin-debian10" PACKAGE_PLATFORM: "macOS_64bit" PACKAGE_NAME: "{{.PROJECT_NAME}}_{{.VERSION}}_{{.PACKAGE_PLATFORM}}.tar.gz" + + macOS_ARM64: + desc: Builds Mac OS X ARM64 binaries + dir: "{{.DIST_DIR}}" + cmds: + - | + docker run -v `pwd`/..:/home/build -w /home/build \ + -e CGO_ENABLED=1 \ + {{.CONTAINER}}:{{.CONTAINER_TAG}} \ + --build-cmd "{{.BUILD_COMMAND}}" \ + -p "{{.BUILD_PLATFORM}}" + + tar cz -C {{.PLATFORM_DIR}} {{.PROJECT_NAME}} -C ../.. LICENSE.txt -f {{.PACKAGE_NAME}} + sha256sum {{.PACKAGE_NAME}} >> {{.CHECKSUM_FILE}} + + vars: + PLATFORM_DIR: "{{.PROJECT_NAME}}_osx_darwin_arm64" + BUILD_COMMAND: "go build -o {{.DIST_DIR}}/{{.PLATFORM_DIR}}/{{.PROJECT_NAME}} {{.LDFLAGS}}" + BUILD_PLATFORM: "darwin/arm64" + CONTAINER_TAG: "{{.GO_VERSION}}-darwin-arm64-debian10" + PACKAGE_PLATFORM: "macOS_ARM64" + PACKAGE_NAME: "{{.PROJECT_NAME}}_{{.VERSION}}_{{.PACKAGE_PLATFORM}}.tar.gz" From 6e8a384676caf2f52f2e301ae57808b673398a54 Mon Sep 17 00:00:00 2001 From: Matteo Pologruto Date: Wed, 14 Sep 2022 11:06:39 +0200 Subject: [PATCH 2/4] Update release-go-task workflow to handle darwin_arm64 notarization --- .github/workflows/release-go-task.yml | 123 +++++++++++++++++++++++++- 1 file changed, 122 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-go-task.yml b/.github/workflows/release-go-task.yml index 8ef8d8f..44896e0 100644 --- a/.github/workflows/release-go-task.yml +++ b/.github/workflows/release-go-task.yml @@ -48,10 +48,121 @@ jobs: if-no-files-found: error name: ${{ env.ARTIFACT_NAME }} path: ${{ env.DIST_DIR }} + + notarize-macos: + name: Notarize ${{ matrix.artifact.name }} + runs-on: macos-latest + needs: create-release-artifacts + outputs: + checksum-darwin_amd64: ${{ steps.re-package.outputs.checksum-darwin_amd64 }} + checksum-darwin_arm64: ${{ steps.re-package.outputs.checksum-darwin_arm64 }} + + env: + GON_CONFIG_PATH: gon.config.hcl + + strategy: + matrix: + artifact: + - name: darwin_amd64 + path: "macOS_64bit.tar.gz" + - name: darwin_arm64 + path: "macOS_ARM64.tar.gz" + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Download artifacts + uses: actions/download-artifact@v3 + with: + name: ${{ env.ARTIFACT_NAME }} + path: ${{ env.DIST_DIR }} + + - name: Import Code-Signing Certificates + env: + KEYCHAIN: "sign.keychain" + INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12" + KEYCHAIN_PASSWORD: keychainpassword # Arbitrary password for a keychain that exists only for the duration of the job, so not secret + run: | + echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}" + security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" + security default-keychain -s "${{ env.KEYCHAIN }}" + security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" + security import \ + "${{ env.INSTALLER_CERT_MAC_PATH }}" \ + -k "${{ env.KEYCHAIN }}" \ + -f pkcs12 \ + -A \ + -T "/usr/bin/codesign" \ + -P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}" + security set-key-partition-list \ + -S apple-tool:,apple: \ + -s \ + -k "${{ env.KEYCHAIN_PASSWORD }}" \ + "${{ env.KEYCHAIN }}" + + - name: Install gon for code signing and app notarization + run: | + wget -q https://github.com/mitchellh/gon/releases/download/v0.2.3/gon_macos.zip + unzip gon_macos.zip -d /usr/local/bin + + - name: Write gon config to file + # gon does not allow env variables in config file (https://github.com/mitchellh/gon/issues/20) + run: | + cat > "${{ env.GON_CONFIG_PATH }}" <> $GITHUB_ENV + echo "::set-output name=checksum-${{ matrix.artifact.name }}::$CHECKSUM_LINE" + + - name: Upload artifacts + uses: actions/upload-artifact@v3 + with: + if-no-files-found: error + name: ${{ env.ARTIFACT_NAME }} + path: ${{ env.DIST_DIR }}/${{ env.PACKAGE_FILENAME }} create-release: runs-on: ubuntu-latest - needs: create-release-artifacts + needs: notarize-macos steps: - name: Download artifact @@ -59,6 +170,16 @@ jobs: with: name: ${{ env.ARTIFACT_NAME }} path: ${{ env.DIST_DIR }} + + - name: Update checksum + run: | + declare -a checksum_lines=("${{ needs.notarize-macos.outputs.checksum-darwin_amd64 }}" "${{ needs.notarize-macos.outputs.checksum-darwin_arm64 }}") + for checksum_line in "${checksum_lines[@]}" + do + CHECKSUM=$(echo ${checksum_line} | cut -d " " -f 1) + PACKAGE_FILENAME=$(echo ${checksum_line} | cut -d " " -f 2) + perl -pi -w -e "s/.*${PACKAGE_FILENAME}/${CHECKSUM} ${PACKAGE_FILENAME}/g;" ${{ env.DIST_DIR }}/*-checksums.txt + done - name: Identify Prerelease # This is a workaround while waiting for create-release action From 95f1672b5dc730f71a9a7071b7eadfcd2e44fcbc Mon Sep 17 00:00:00 2001 From: Matteo Pologruto Date: Wed, 14 Sep 2022 11:26:05 +0200 Subject: [PATCH 3/4] Disable s3 push for testing --- .github/workflows/release-go-task.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release-go-task.yml b/.github/workflows/release-go-task.yml index 44896e0..c7dc2a2 100644 --- a/.github/workflows/release-go-task.yml +++ b/.github/workflows/release-go-task.yml @@ -201,12 +201,12 @@ jobs: # (all the files we need are in the DIST_DIR root) artifacts: ${{ env.DIST_DIR }}/* - - name: Upload release files on Arduino downloads servers - uses: docker://plugins/s3 - env: - PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*" - PLUGIN_TARGET: ${{ env.AWS_PLUGIN_TARGET }} - PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/" - PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + # - name: Upload release files on Arduino downloads servers + # uses: docker://plugins/s3 + # env: + # PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*" + # PLUGIN_TARGET: ${{ env.AWS_PLUGIN_TARGET }} + # PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/" + # PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} + # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From 8e570a3a69f1db454e47254b471ee0bd76c2a7f9 Mon Sep 17 00:00:00 2001 From: Matteo Pologruto Date: Wed, 14 Sep 2022 17:08:19 +0200 Subject: [PATCH 4/4] Restore s3 push --- .github/workflows/release-go-task.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release-go-task.yml b/.github/workflows/release-go-task.yml index c7dc2a2..44896e0 100644 --- a/.github/workflows/release-go-task.yml +++ b/.github/workflows/release-go-task.yml @@ -201,12 +201,12 @@ jobs: # (all the files we need are in the DIST_DIR root) artifacts: ${{ env.DIST_DIR }}/* - # - name: Upload release files on Arduino downloads servers - # uses: docker://plugins/s3 - # env: - # PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*" - # PLUGIN_TARGET: ${{ env.AWS_PLUGIN_TARGET }} - # PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/" - # PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} - # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + - name: Upload release files on Arduino downloads servers + uses: docker://plugins/s3 + env: + PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*" + PLUGIN_TARGET: ${{ env.AWS_PLUGIN_TARGET }} + PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/" + PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}