Build and publish asvec #126

Workflow file for this run

.github/workflows/create-prerelease.yml at 516e30b

	name: Build asvec

	on:
	workflow_dispatch:
	inputs:
	version:
	description: 'If this is a release what version is this for? If this is a pre-release what version are you developing toward?'
	required: true
	type: string
	preRelease:
	description: 'Create Pre-release? -SNAPSHOT-{COMMIT} will be appended to the version above.'
	required: false
	type: boolean
	deletePrevBuild:
	description: 'Cleanup existing pre-releases?'
	required: false
	type: boolean
	env:
	JFROG_CLI_BUILD_NAME: 'asvec'
	JFROG_CLI_LOG_LEVEL: DEBUG
	JFROG_CLI_BUILD_PROJECT: 'ecosystem'
	ARTIFACT_NAME: 'asvec'

	jobs:
	build:
	outputs:
	version: ${{ steps.parse-version.outputs.version }}
	is-snapshot: ${{ steps.parse-version.outputs.is-snapshot }}
	rpm-version: ${{ steps.save-version.outputs.rpm-version }}
	artifacts: ${{ steps.save-version.outputs.artifacts }}
	rpm-artifacts: ${{ steps.save-version.outputs.rpm-artifacts }}
	deb-artifacts: ${{ steps.save-version.outputs.deb-artifacts }}
	zip-artifacts: ${{ steps.save-version.outputs.zip-artifacts }}
	pkg-artifacts: ${{ steps.save-version.outputs.pkg-artifacts }}
	sha-artifacts: ${{ steps.save-version.outputs.sha-artifacts }}
	asc-artifacts: ${{ steps.save-version.outputs.asc-artifacts }}
	runs-on: macos-13
	steps:
	- name: 'Git checkout'
	uses: actions/checkout@v3
	with:
	fetch-depth: 0

	- name: 'Extract Version and Snapshot'
	id: parse-version
	run: \|
	# Default to version from workflow_dispatch or tag
	if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
	# Manual build: Use version input
	TAG="${{ inputs.version }}"
	echo "Triggered manually with version: ${TAG}"
	elif [[ "${{ github.event_name }}" == "push" ]]; then
	# Push event: Extract tag from GITHUB_REF
	TAG=${GITHUB_REF#refs/tags/}
	echo "Triggered by push with tag: ${TAG}"
	else
	echo "Unsupported event: ${{ github.event_name }}"
	exit 1
	fi

	# Remove "v" prefix to get the version
	VERSION=${TAG#v}

	# Check if it's a snapshot
	if [[ "$VERSION" == -SNAPSHOT- ]]; then
	SNAPSHOT="true"
	else
	SNAPSHOT="false"
	fi

	# Output the results
	echo "VERSION=${VERSION}" >> $GITHUB_ENV
	echo "SNAPSHOT=${SNAPSHOT}" >> $GITHUB_ENV
	echo "version=${VERSION}" >> $GITHUB_OUTPUT
	echo "is-snapshot=${SNAPSHOT}" >> $GITHUB_OUTPUT

	- name: setup jfrog
	uses: jfrog/setup-jfrog-cli@v4
	env:
	JF_URL: https://aerospike.jfrog.io
	JF_ACCESS_TOKEN: ${{ secrets.JFROG_ACCESS_TOKEN }}
	JF_PROJECT: ${{ env.JFROG_CLI_BUILD_PROJECT }}
	- name: 'Alias go to jf go'
	run: \|
	# This will set up jf go build instead of go build. This lets us also include build number and build name
	# for jfrog builds.
	# Write the function to a script using a heredoc
	cat << EOF > ~/go-setup.sh
	#!/bin/bash
	go() {
	if [[ "\$1" == "build" ]]; then
	shift
	jf go build --build-name=$JFROG_CLI_BUILD_NAME --build-number=$VERSION --project=$JFROG_CLI_BUILD_PROJECT "\$@"
	else
	command go "\$@"
	fi
	}
	EOF
	chmod +x ~/go-setup.sh
	- name: 'Install Homebrew'
	run: /bin/bash -c "NONINTERACTIVE=1 $(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
	- name: 'Install Dependencies'
	run: \|
	/usr/local/bin/brew install --overwrite [email protected] \|\| echo "I1.1"
	/usr/local/bin/brew link --overwrite [email protected] \|\| echo "I1.2"
	/usr/local/bin/brew install --overwrite dpkg zip make wget jq rpm \|\| echo "I2"
	/usr/local/bin/brew link --overwrite [email protected] \|\| echo "I1.3"
	/usr/local/bin/brew install [email protected] \|\| echo "I1.4"
	/usr/local/bin/brew install [email protected] \|\| echo "I1.5"
	for i in dpkg zip make wget jq rpm python3.11; do command -v $i \|\| exit 1; done
	echo "Dependencies checked"

	- name: Get go version from go.mod
	run: \|
	echo "GO_VERSION=$(grep '^go ' go.mod \| cut -d " " -f 2)" >> $GITHUB_ENV
	- uses: actions/setup-go@v4
	with:
	go-version: ${{ env.GO_VERSION }}
	check-latest: true
	- name: 'Install Packages.pkg for making macos PKG files'
	run: \|
	wget http://s.sudre.free.fr/Software/files/Packages.dmg
	hdiutil attach -mountpoint /Volumes/Packages Packages.dmg
	cd /Volumes/Packages
	sudo installer -pkg Install\ Packages.pkg -target /

	- name: 'Compile'
	env:
	ADDCOMMIT: ${{ steps.parse-version.outputs.is-snapshot }}
	run: \|
	~/go-setup.sh
	buildcmd="build-prerelease"
	[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official"
	export PATH=$PATH:/usr/local/bin:/usr/local/go/bin
	cd ~/work/asvec/asvec && make cleanall && make ${buildcmd}
	- name: 'Create linux packages'
	env:
	ADDCOMMIT: ${{ steps.parse-version.outputs.is-snapshot }}
	run: \|
	buildcmd="build-prerelease"
	[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official"
	export PATH=$PATH:/usr/local/bin:/usr/local/go/bin
	cd ~/work/asvec/asvec && make pkg-linux
	- name: 'Create windows zips'
	env:
	ADDCOMMIT: ${{ steps.parse-version.outputs.is-snapshot }}
	run: \|
	buildcmd="build-prerelease"
	[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official"
	export PATH=$PATH:/usr/local/bin:/usr/local/go/bin
	cd ~/work/asvec/asvec && make pkg-windows-zip
	- name: 'Print asvec version'
	run: cd ~/work/asvec/asvec && ./bin/asvec-macos-amd64 --version
	- name: 'Prepare keychain for signing MacOS'
	env:
	keypw: ${{ secrets.APPLEUSERPW }}
	INSTALLERP12: ${{ secrets.INSTALLERP12 }}
	APPLICATIONP12: ${{ secrets.APPLICATIONP12 }}
	run: \|
	set -e
	security create-keychain -p mysecretpassword build.keychain
	security default-keychain -s build.keychain
	security unlock-keychain -p mysecretpassword build.keychain
	security set-keychain-settings build.keychain
	security unlock-keychain -p mysecretpassword build.keychain
	echo "$APPLICATIONP12" \| base64 -d > app.p12
	echo "$INSTALLERP12" \| base64 -d > install.p12
	security import app.p12 -k build.keychain -P $keypw -A
	security import install.p12 -k build.keychain -P $keypw -A
	security set-key-partition-list -S apple-tool:,apple: -s -k mysecretpassword build.keychain
	- name: 'Sign and build MacOS'
	env:
	xasvec_appleid: ${{ secrets.APPLEUSER }}
	xasvec_applepw: ${{ secrets.APPLEAPPPW }}
	xasvec_signer: ${{ secrets.APPLESIGNER }}
	xasvec_installsigner: ${{ secrets.APPLEINSTALLSIGNER }}
	xasvec_teamid: ${{ secrets.APPLETEAMID }}
	run: \|
	set -e
	export asvec_appleid="${xasvec_appleid}"
	export asvec_applepw="${xasvec_applepw}"
	export asvec_signer="${xasvec_signer}"
	export asvec_installsigner="${xasvec_installsigner}"
	export asvec_teamid="${xasvec_teamid}"
	export PATH=$PATH:/usr/local/bin:/usr/local/go/bin && cd ~/work/asvec/asvec && make macos-build-all && make macos-notarize-all
	- name: Save Version
	id: save-version
	run: \|
	VER=$(cat VERSION.md)
	echo version=${VER} >> $GITHUB_OUTPUT

	RPM_VER=$(echo ${VER} \| sed 's/-/_/g')
	echo rpm-verion=${RPM_VER} >> $GITHUB_OUTPUT

	ARTIFACTS="asvec-linux-amd64-${VER}.deb asvec-linux-amd64-${RPM_VER}.rpm asvec-linux-amd64-${VER}.zip asvec-linux-arm64-${VER}.deb asvec-linux-arm64-${RPM_VER}.rpm asvec-linux-arm64-${VER}.zip asvec-macos-${VER}.pkg asvec-macos-amd64-${VER}.zip asvec-macos-arm64-${VER}.zip asvec-windows-amd64-${VER}.zip asvec-windows-arm64-${VER}.zip"
	echo "artifacts=${ARTIFACTS}" >> $GITHUB_OUTPUT

	RPM_ARTIFACTS=$(echo "${ARTIFACTS}" \| tr ' ' '\n' \| grep '\.rpm$' \| tr '\n' ' ')
	echo "rpm-artifacts=${RPM_ARTIFACTS}" >> $GITHUB_OUTPUT

	DEB_ARTIFACTS=$(echo "${ARTIFACTS}" \| tr ' ' '\n' \| grep '\.deb$' \| tr '\n' ' ')
	echo "deb-artifacts=${DEB_ARTIFACTS}" >> $GITHUB_OUTPUT

	ZIP_ARTIFACTS=$(echo "${ARTIFACTS}" \| tr ' ' '\n' \| grep '\.zip$' \| tr '\n' ' ')
	echo "zip-artifacts=${ZIP_ARTIFACTS}" >> $GITHUB_OUTPUT

	PKG_ARTIFACTS=$(echo "${ARTIFACTS}" \| tr ' ' '\n' \| grep '\.pkg$' \| tr '\n' ' ')
	echo "pkg-artifacts=${PKG_ARTIFACTS}" >> $GITHUB_OUTPUT

	SHA256_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.sha256"; done \| tr '\n' ' ')
	echo "sha-artifacts=${SHA256_FILES}" >> $GITHUB_OUTPUT

	ASC_FILES=$(for pkg in ${ARTIFACTS} ${SHA256_FILES}; do
	if [[ ! "${pkg}" =~ \.rpm$ && ! "${pkg}" =~ \.deb$ ]]; then
	echo "${pkg}.asc"
	fi
	done \| tr '\n' ' ')
	echo "asc-artifacts=${ASC_FILES}" >> $GITHUB_OUTPUT

	- name: 'Upload Artifacts'
	uses: actions/upload-artifact@v4
	with:
	name: asvec-artifacts
	path: ~/work/asvec/asvec/bin/packages/asvec-*

	sign:
	needs: build
	runs-on: ubuntu-latest
	steps:
	- name: 'Git checkout'
	uses: actions/checkout@v3
	with:
	fetch-depth: 0
	- name: 'Download Artifacts'
	uses: actions/download-artifact@v4
	with:
	name: asvec-artifacts
	- name: setup GPG
	uses: aerospike/shared-workflows/devops/setup-gpg@main
	with:
	gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
	gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }}
	gpg-key-pass: ${{ secrets.GPG_PASS }}
	gpg-key-name: 'aerospike-inc'

	- name: GPG Sign All Files
	env:
	GPG_TTY: no-tty
	GPG_PASSPHRASE: ${{ secrets.GPG_PASS }}
	run: \|
	rpm --addsign ${{needs.build.outputs.rpm-artifacts}}
	rpm --checksig ${{needs.build.outputs.rpm-artifacts}}

	dpkg-sig --sign builder ${{needs.build.outputs.deb-artifacts}}
	dpkg-sig --verify ${{needs.build.outputs.deb-artifacts}}

	for file in ${{needs.build.outputs.zip-artifacts}} ${{needs.build.outputs.pkg-artifacts}}; do
	gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}"
	gpg --verify "${file}.asc" "${file}"
	done

	- name: Create Checksums
	run: \|
	for pkg in ${{needs.build.outputs.artifacts}}; do
	shasum -a 256 $pkg > ${pkg}.sha256
	done

	for file in ${{needs.build.outputs.sha-artifacts}}; do
	gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}"
	gpg --verify "${file}.asc" "${file}"
	done
	- name: 'Upload Artifacts'
	uses: actions/upload-artifact@v4
	with:
	name: asvec-artifacts
	path: asvec-*
	overwrite: true

	pre-release:
	needs:
	- sign
	- build
	runs-on: ubuntu-latest
	steps:
	- name: 'Git checkout'
	uses: actions/checkout@v3
	with:
	fetch-depth: 0
	- name: 'Download Artifacts'
	uses: actions/download-artifact@v4
	with:
	name: asvec-artifacts
	- name: 'Create a new pre-release'
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	set -e
	TAG=${{needs.build.outputs.version}}
	FULLCOMMIT=$(git rev-parse HEAD)
	gh release create -R github.com/aerospike/asvec --prerelease --target ${FULLCOMMIT} --title "Asvec - ${TAG}" ${TAG} ${{needs.build.outputs.artifacts}} ${{needs.build.outputs.sha-artifacts}} ${{needs.build.outputs.asc-artifacts}}
	- name: 'Delete previous pre-release'
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	DELPREV: ${{ inputs.deletePrevBuild }}
	run: \|
	if [ "${DELPREV}" = "true" ]; then
	set -e
	gh release list -R github.com/aerospike/asvec -L 100 \| grep Pre-release \| awk -F'\t' '{print $3}' \| while read -r line; do
	if [ "$line" != "${{needs.build.outputs.version}}" ]; then
	if [[ "$line" == "${{ inputs.version }}-SNAPSHOT-"* ]]; then
	echo "Removing $line"
	gh release delete "$line" -R github.com/aerospike/asvec --yes --cleanup-tag
	fi
	fi
	done
	fi
	jfrog-release-bundle:
	needs:
	- sign
	- build
	runs-on: ubuntu-latest
	steps:
	- name: 'Git checkout'
	uses: actions/checkout@v3
	with:
	fetch-depth: 0
	- name: 'Download Artifacts'
	uses: actions/download-artifact@v4
	with:
	name: asvec-artifacts
	- name: setup jfrog
	uses: jfrog/setup-jfrog-cli@v4
	env:
	JF_URL: https://aerospike.jfrog.io
	JF_ACCESS_TOKEN: ${{ secrets.JFROG_ACCESS_TOKEN }}
	JF_PROJECT: ${{ env.JFROG_CLI_BUILD_PROJECT }}
	- name: "Upload deb builds to JFrog"
	run: \|
	find .
	for file in ${{needs.build.outputs.deb-artifacts}}; do
	if [[ "$file" == *.deb ]]; then
	arch=$(dpkg --info "$file" \| grep 'Architecture' \| awk '{print $2}')
	jf rt upload "$file" "${{env.JFROG_CLI_BUILD_PROJECT}}-deb-dev-local/${{ env.ARTIFACT_NAME }}/${{ needs.build.outputs.version }}/" \
	--build-name="${{ env.JFROG_CLI_BUILD_NAME }}-deb" --build-number="${{ needs.build.outputs.version }}" --project="${{env.JFROG_CLI_BUILD_PROJECT}}" \
	--target-props "deb.distribution=stable;deb.component=main;deb.architecture=${arch}" --deb "stable/main/${arch}"
	else
	echo "Skipping upload of $file as it does not match *.deb"
	fi
	done
	jfrog rt build-collect-env "${{ env.JFROG_CLI_BUILD_NAME }}-deb" "${{ needs.build.outputs.version }}"
	jfrog rt build-add-git "${{ env.JFROG_CLI_BUILD_NAME }}-deb" "${{ needs.build.outputs.version }}"
	jfrog rt build-publish "${{ env.JFROG_CLI_BUILD_NAME }}-deb" "${{ needs.build.outputs.version }}" --project="${{env.JFROG_CLI_BUILD_PROJECT}}"

	- name: "Upload rpm builds to JFrog"
	run: \|
	cd asvec-artifacts
	for file in *; do
	if [[ "$file" == *.rpm ]]; then
	arch=$(rpm -q --qf "%{ARCH}" -p "$file")
	jf rt upload "$file" "${{env.JFROG_CLI_BUILD_PROJECT}}-rpm-dev-local/${{ env.ARTIFACT_NAME }}/${{ needs.build.outputs.version }}/" \
	--build-name="${{ env.JFROG_CLI_BUILD_NAME }}-rpm" --build-number="${{ needs.build.outputs.version }}" --project="${{env.JFROG_CLI_BUILD_PROJECT}}" \
	--target-props "rpm.distribution=stable;rpm.component=main;rpm.architecture=$arch"
	else
	echo "Skipping upload of $file as it does not match *.rpm"
	fi
	done
	jfrog rt build-collect-env "${{ env.JFROG_CLI_BUILD_NAME }}-rpm" "${{ needs.build.outputs.version }}"
	jfrog rt build-add-git "${{ env.JFROG_CLI_BUILD_NAME }}-rpm" "${{ needs.build.outputs.version }}"
	jfrog rt build-publish "${{ env.JFROG_CLI_BUILD_NAME }}-rpm" "${{ needs.build.outputs.version }}" --project="${{env.JFROG_CLI_BUILD_PROJECT}}"
	# Our repositories currently don't support generic which would be needed for pkg and zip

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build and publish asvec #126

Workflow file

Build and publish asvec #126

Jobs

Run details

Workflow file for this run