release-go-crosscompile-task.md

"Release" workflow (Go, Task, Crosscompile)

Make a production release of the Go project using Golang crosscompile feature.

This is the version of the workflow for projects using the Task task runner tool.

Installation

Workflow

Install the release-go-crosscompile-task.yml GitHub Actions workflow to .github/workflows/

Assets

• Taskfile.yml - variables providing project-specific data to the build system.
  • Install to: repository root (or merge into the existing Taskfile.yml).
• DistTasks.yml - general purpose tasks for making production builds of Go projects using golang cross-compile.
  • Install to: repository root
• Installation script and documentation

Configuration

Taskfile

The following project-specific variables must be set in Taskfile.yml:

• PROJECT_NAME
• CONFIGURATION_PACKAGE

CONFIGURATION_PACKAGE must be set to the golang package containing the version metadata for the project. For example for the following file: https://github.com/arduino/mdns-discovery/blob/master/version/version.go the CONFIGURATION_PACKAGE field must be set to the value: github.com/arduino/mdns-discovery/version.

Workflow

The following project-specific variables must be set/configured in release-go-crosscompile-task.yml:

• PROJECT_NAME
• AWS_PLUGIN_TARGET
• GO_VERSION: version of Go used for development of the project, use at least GO 1.16 to be able to use 64-bit ARM architecture on macOS

AWS IAM Role

We need a special IAM Role to upload files on the S3 bucket. This IAM Role is able to generate short lived credentials with push access to specific S3 subpaths. To generate a new role for a new repository kindly ask DevOps (providing the repository link and path you need files on S3).

Repository secrets

The following repository secrets must be defined:

• INSTALLER_CERT_MAC_P12 - the Apple Developer ID signing certificate, exported in PKCS #12 format and then encoded into base64 as described here.
• INSTALLER_CERT_MAC_PASSWORD - the password used to encrypt the Apple Developer ID signing certificate during the export process.
• AC_USERNAME - the Apple ID username associated with the certificate.
• AC_PROVIDER - the App Store Connect provider via. You can use the ID of the certificate identity (e.g., 7KT7ZWMCJT) for this.
• AC_PASSWORD - App-specific password created for the Apple ID.
• DOWNLOADS_BUCKET - AWS bucket on the downloads server.

The following environment secrets must be defined under production environment:

• AWS_ROLE_TO_ASSUME - AWS role to generate temporary security credentials.

Readme badge

Markdown badge:

[![Release status](https://github.com/TODO_REPO_OWNER/TODO_REPO_NAME/actions/workflows/release-go-crosscompile-task.yml/badge.svg)](https://github.com/TODO_REPO_OWNER/TODO_REPO_NAME/actions/workflows/release-go-crosscompile-task.yml)

Replace the TODO_REPO_OWNER and TODO_REPO_NAME placeholders in the URLs with the final repository owner and name (example).

---

Asciidoc badge:

image:https://github.com/{repository-owner}/{repository-name}/actions/workflows/release-go-crosscompile-task.yml/badge.svg["Release status", link="https://github.com/{repository-owner}/{repository-name}/actions/workflows/release-go-crosscompile-task.yml"]

Define the {repository-owner} and {repository-name} attributes and use them throughout the readme (example).

Commit message

Add CI workflow to publish releases

On every push of a tag named with a version format:

- Build the project for all supported platforms.
- Sign and notarize the macOS builds.
- Create a GitHub release.
  - Builds and checksums are attached as release assets
  - A changelog generated from the commit history is added to the release description
  - If the tag has a pre-release version suffix, the GitHub release will be marked as a pre-release.
- Upload the builds to Arduino's downloads server.

PR message

On every push of a tag named with a version format:

- Build the project for all supported platforms.
- Use [gon](https://github.com/Bearer/gon) to sign and notarize the macOS builds.
- Create a [GitHub release](https://docs.github.com/repositories/releasing-projects-on-github/about-releases).
  - Builds and checksums are attached as release assets
  - A changelog generated by [`arduino/create-changelog`](https://github.com/arduino/create-changelog) from the commit history is added to the release description
  - If the tag has [a pre-release version suffix](https://semver.org/), the GitHub release will be marked as a pre-release.
- Upload the builds to Arduino's downloads server.