Build and publish asvec #115
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Create Pre-Release | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: 'If this is a release what version is this for? If this is a pre-release what version are you developing toward?' | |
required: true | |
type: string | |
preRelease: | |
description: 'Create Pre-release? -SNAPSHOT-{COMMIT} will be appended to the version above.' | |
required: false | |
type: boolean | |
deletePrevBuild: | |
description: 'Cleanup existing pre-releases?' | |
required: false | |
type: boolean | |
jobs: | |
build: | |
outputs: | |
version: ${{ steps.save-version.outputs.version }} | |
rpm-version: ${{ steps.save-version.outputs.rpm-version }} | |
artifacts: ${{ steps.save-version.outputs.artifacts }} | |
rpm-artifacts: ${{ steps.save-version.outputs.rpm-artifacts }} | |
deb-artifacts: ${{ steps.save-version.outputs.deb-artifacts }} | |
zip-artifacts: ${{ steps.save-version.outputs.zip-artifacts }} | |
pkg-artifacts: ${{ steps.save-version.outputs.pkg-artifacts }} | |
sha-artifacts: ${{ steps.save-version.outputs.sha-artifacts }} | |
asc-artifacts: ${{ steps.save-version.outputs.asc-artifacts }} | |
runs-on: macos-13 | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: "Install Homebrew" | |
run: /bin/bash -c "NONINTERACTIVE=1 $(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" | |
- name: "Install Dependencies" | |
run: | | |
/usr/local/bin/brew install --overwrite [email protected] || echo "I1.1" | |
/usr/local/bin/brew link --overwrite [email protected] || echo "I1.2" | |
/usr/local/bin/brew install --overwrite dpkg zip make wget jq rpm || echo "I2" | |
/usr/local/bin/brew link --overwrite [email protected] || echo "I1.3" | |
/usr/local/bin/brew install [email protected] || echo "I1.4" | |
/usr/local/bin/brew install [email protected] || echo "I1.5" | |
for i in dpkg zip make wget jq rpm python3.11; do command -v $i || exit 1; done | |
echo "Dependencies checked" | |
- name: Get go version from go.mod | |
run: | | |
echo "GO_VERSION=$(grep '^go ' go.mod | cut -d " " -f 2)" >> $GITHUB_ENV | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
check-latest: true | |
- name: "Install Packages.pkg for making macos PKG files" | |
run: | | |
wget http://s.sudre.free.fr/Software/files/Packages.dmg | |
hdiutil attach -mountpoint /Volumes/Packages Packages.dmg | |
cd /Volumes/Packages | |
sudo installer -pkg Install\ Packages.pkg -target / | |
- name: Tag Before Building | |
if: inputs.version != '' | |
env: | |
TAG: ${{ inputs.version }} | |
SNAPSHOT: ${{ inputs.preRelease }} | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
echo "Tagging the repository with ${TAG}" | |
git config --global user.email "[email protected]" | |
git config --global user.name "GitHub Actions" | |
if [ "${SNAPSHOT}" = "true" ]; then | |
COMMIT=$(git rev-parse --short HEAD) | |
TAG="${TAG}-SNAPSHOT-${COMMIT}" | |
fi | |
# Ensure the tag does not already exist | |
if ! gh release view "${TAG}" > /dev/null 2>&1; then | |
git tag -a "${TAG}" -m "Release ${TAG}" | |
git push origin "${TAG}" | |
echo "Tag ${TAG} created and pushed successfully." | |
else | |
echo "Tag ${TAG} already exists." | |
fi | |
- name: "Compile" | |
env: | |
ADDCOMMIT: ${{ inputs.preRelease }} | |
run: | | |
buildcmd="build-prerelease" | |
[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official" | |
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin | |
cd ~/work/asvec/asvec && make cleanall && make ${buildcmd} | |
- name: "Create linux packages" | |
env: | |
ADDCOMMIT: ${{ inputs.preRelease }} | |
run: | | |
buildcmd="build-prerelease" | |
[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official" | |
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin | |
cd ~/work/asvec/asvec && make pkg-linux | |
- name: "Create windows zips" | |
env: | |
ADDCOMMIT: ${{ inputs.preRelease }} | |
run: | | |
buildcmd="build-prerelease" | |
[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official" | |
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin | |
cd ~/work/asvec/asvec && make pkg-windows-zip | |
- name: "Print asvec version" | |
run: cd ~/work/asvec/asvec && ./bin/asvec-macos-amd64 --version | |
- name: "Prepare keychain for signing MacOS" | |
env: | |
keypw: ${{ secrets.APPLEUSERPW }} | |
INSTALLERP12: ${{ secrets.INSTALLERP12 }} | |
APPLICATIONP12: ${{ secrets.APPLICATIONP12 }} | |
run: | | |
set -e | |
security create-keychain -p mysecretpassword build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p mysecretpassword build.keychain | |
security set-keychain-settings build.keychain | |
security unlock-keychain -p mysecretpassword build.keychain | |
echo "$APPLICATIONP12" | base64 -d > app.p12 | |
echo "$INSTALLERP12" | base64 -d > install.p12 | |
security import app.p12 -k build.keychain -P $keypw -A | |
security import install.p12 -k build.keychain -P $keypw -A | |
security set-key-partition-list -S apple-tool:,apple: -s -k mysecretpassword build.keychain | |
- name: "Sign and build MacOS" | |
env: | |
xasvec_appleid: ${{ secrets.APPLEUSER }} | |
xasvec_applepw: ${{ secrets.APPLEAPPPW }} | |
xasvec_signer: ${{ secrets.APPLESIGNER }} | |
xasvec_installsigner: ${{ secrets.APPLEINSTALLSIGNER }} | |
xasvec_teamid: ${{ secrets.APPLETEAMID }} | |
run: | | |
set -e | |
export asvec_appleid="${xasvec_appleid}" | |
export asvec_applepw="${xasvec_applepw}" | |
export asvec_signer="${xasvec_signer}" | |
export asvec_installsigner="${xasvec_installsigner}" | |
export asvec_teamid="${xasvec_teamid}" | |
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin && cd ~/work/asvec/asvec && make macos-build-all && make macos-notarize-all | |
- name: Save Version | |
id: save-version | |
run: | | |
VER=$(cat VERSION.md) | |
echo version=${VER} >> $GITHUB_OUTPUT | |
RPM_VER=$(echo ${VER} | sed 's/-/_/g') | |
echo rpm-verion=${RPM_VER} >> $GITHUB_OUTPUT | |
ARTIFACTS="asvec-linux-amd64-${VER}.deb asvec-linux-amd64-${RPM_VER}.rpm asvec-linux-amd64-${VER}.zip asvec-linux-arm64-${VER}.deb asvec-linux-arm64-${RPM_VER}.rpm asvec-linux-arm64-${VER}.zip asvec-macos-${VER}.pkg asvec-macos-amd64-${VER}.zip asvec-macos-arm64-${VER}.zip asvec-windows-amd64-${VER}.zip asvec-windows-arm64-${VER}.zip" | |
echo "artifacts=${ARTIFACTS}" >> $GITHUB_OUTPUT | |
RPM_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.rpm$' | tr '\n' ' ') | |
echo "rpm-artifacts=${RPM_ARTIFACTS}" >> $GITHUB_OUTPUT | |
DEB_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.deb$' | tr '\n' ' ') | |
echo "deb-artifacts=${DEB_ARTIFACTS}" >> $GITHUB_OUTPUT | |
ZIP_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.zip$' | tr '\n' ' ') | |
echo "zip-artifacts=${ZIP_ARTIFACTS}" >> $GITHUB_OUTPUT | |
PKG_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.pkg$' | tr '\n' ' ') | |
echo "pkg-artifacts=${PKG_ARTIFACTS}" >> $GITHUB_OUTPUT | |
SHA256_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.sha256"; done | tr '\n' ' ') | |
echo "sha-artifacts=${SHA256_FILES}" >> $GITHUB_OUTPUT | |
ASC_FILES=$(for pkg in ${ARTIFACTS}; do | |
if [[ ! "${pkg}" =~ \.rpm$ && ! "${pkg}" =~ \.deb$ ]]; then | |
echo "${pkg}.asc" | |
fi | |
done | tr '\n' ' ') | |
echo "asc-artifacts=${ASC_FILES}" >> $GITHUB_OUTPUT | |
- name: "Upload Artifacts" | |
uses: actions/upload-artifact@v4 | |
with: | |
name: asvec-artifacts | |
path: ~/work/asvec/asvec/bin/packages/asvec-* | |
sign: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: "Download Artifacts" | |
uses: actions/download-artifact@v4 | |
with: | |
name: asvec-artifacts | |
- name: setup GPG | |
uses: aerospike/shared-workflows/devops/setup-gpg@main | |
with: | |
gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} | |
gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }} | |
gpg-key-pass: ${{ secrets.GPG_PASS }} | |
gpg-key-name: "aerospike-inc" | |
- name: Create Checksums | |
run: | | |
# cd ~/work/asvec/asvec/bin/packages | |
for pkg in ${{needs.build.outputs.artifacts}}; do | |
shasum -a 256 $pkg > ${pkg}.sha256 | |
done | |
- name: GPG Sign All Files | |
env: | |
GPG_TTY: no-tty | |
GPG_PASSPHRASE: ${{ secrets.GPG_PASS }} | |
run: | | |
# cd ~/work/asvec/asvec/bin/packages | |
rpm --addsign ${{needs.build.outputs.rpm-artifacts}} | |
rpm --checksig ${{needs.build.outputs.rpm-artifacts}} | |
dpkg-sig --sign builder ${{needs.build.outputs.deb-artifacts}} | |
dpkg-sig --verify ${{needs.build.outputs.deb-artifacts}} | |
for file in ${{needs.build.outputs.zip-artifacts}} ${{needs.build.outputs.pkg-artifacts}}; do | |
gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}" | |
gpg --verify "${file}.asc" "${file}" | |
done | |
- name: "Upload Artifacts" | |
uses: actions/upload-artifact@v4 | |
with: | |
name: asvec-artifacts | |
path: asvec-* | |
overwrite: true | |
release: | |
needs: | |
- sign | |
- build | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: "Download Artifacts" | |
uses: actions/download-artifact@v4 | |
with: | |
name: asvec-artifacts | |
- name: "Create a new pre-release" | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
set -e | |
# cd ~/work/asvec/asvec/bin/packages | |
TAG=${{needs.build.outputs.version}} | |
FULLCOMMIT=$(git rev-parse HEAD) | |
gh release create -R github.com/aerospike/asvec --prerelease --target ${FULLCOMMIT} --title "Asvec - ${TAG}" ${TAG} ${{needs.build.outputs.artifacts}} ${{needs.build.outputs.sha-artifacts}} ${{needs.build.outputs.asc-artifacts}} | |
- name: "Delete previous pre-release" | |
env: | |
TAG: ${{ inputs.version }} | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
DELPREV: ${{ inputs.deletePrevBuild }} | |
run: | | |
if [ "${DELPREV}" = "true" ]; then | |
set -e | |
gh release list -R github.com/aerospike/asvec -L 100 | grep Pre-release | awk -F'\t' '{print $3}' | while read -r line; do | |
if [ "$line" != "${TAG}" ]; then | |
if [[ "$line" == "${TAG}-SNAPSHOT-"* ]]; then | |
echo "Removing $line" | |
gh release delete "$line" -R github.com/aerospike/asvec --yes --cleanup-tag | |
fi | |
fi | |
done | |
fi |