-
Notifications
You must be signed in to change notification settings - Fork 0
218 lines (202 loc) Β· 10.6 KB
/
create-prerelease.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
name: Build and Create Pre-Release
on:
workflow_dispatch:
inputs:
version:
description: 'If this is a release what version is this for? If this is a pre-release what version are you developing toward?'
required: true
type: string
preRelease:
description: 'Create Pre-release? -SNAPSHOT-{COMMIT} will be appended to the version above.'
required: false
type: boolean
deletePrevBuild:
description: 'Cleanup existing pre-releases?'
required: false
type: boolean
jobs:
build-and-release:
runs-on: macos-13
steps:
- name: "Git checkout"
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: "Install Homebrew"
run: /bin/bash -c "NONINTERACTIVE=1 $(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
- name: "Install Dependencies"
run: |
/usr/local/bin/brew install --overwrite [email protected] || echo "I1.1"
/usr/local/bin/brew link --overwrite [email protected] || echo "I1.2"
/usr/local/bin/brew install --overwrite dpkg zip make wget jq rpm || echo "I2"
/usr/local/bin/brew link --overwrite [email protected] || echo "I1.3"
/usr/local/bin/brew install [email protected] || echo "I1.4"
/usr/local/bin/brew install [email protected] || echo "I1.5"
for i in dpkg zip make wget jq rpm python3.11; do command -v $i || exit 1; done
echo "Dependencies checked"
- name: Get go version from go.mod
run: |
echo "GO_VERSION=$(grep '^go ' go.mod | cut -d " " -f 2)" >> $GITHUB_ENV
- uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: "Install Packages.pkg for making macos PKG files"
run: |
wget http://s.sudre.free.fr/Software/files/Packages.dmg
hdiutil attach -mountpoint /Volumes/Packages Packages.dmg
cd /Volumes/Packages
sudo installer -pkg Install\ Packages.pkg -target /
- name: Tag Before Building
if: inputs.version != ''
env:
TAG: ${{ inputs.version }}
SNAPSHOT: ${{ inputs.preRelease }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "Tagging the repository with ${TAG}"
git config --global user.email "[email protected]"
git config --global user.name "GitHub Actions"
if [ "${SNAPSHOT}" = "true" ]; then
COMMIT=$(git rev-parse --short HEAD)
TAG="${TAG}-SNAPSHOT-${COMMIT}"
fi
# Ensure the tag does not already exist
if ! gh release view "${TAG}" > /dev/null 2>&1; then
git tag -a "${TAG}" -m "Release ${TAG}"
git push origin "${TAG}"
echo "Tag ${TAG} created and pushed successfully."
else
echo "Tag ${TAG} already exists."
fi
- name: "Compile"
env:
ADDCOMMIT: ${{ inputs.preRelease }}
run: |
buildcmd="build-prerelease"
[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official"
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin
cd ~/work/asvec/asvec && make cleanall && make ${buildcmd}
- name: "Create linux packages"
env:
ADDCOMMIT: ${{ inputs.preRelease }}
run: |
buildcmd="build-prerelease"
[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official"
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin
cd ~/work/asvec/asvec && make pkg-linux
- name: "Create windows zips"
env:
ADDCOMMIT: ${{ inputs.preRelease }}
run: |
buildcmd="build-prerelease"
[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official"
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin
cd ~/work/asvec/asvec && make pkg-windows-zip
- name: "Print asvec version"
run: cd ~/work/asvec/asvec && ./bin/asvec-macos-amd64 --version
- name: "Prepare keychain for signing MacOS"
env:
keypw: ${{ secrets.APPLEUSERPW }}
INSTALLERP12: ${{ secrets.INSTALLERP12 }}
APPLICATIONP12: ${{ secrets.APPLICATIONP12 }}
run: |
set -e
security create-keychain -p mysecretpassword build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p mysecretpassword build.keychain
security set-keychain-settings build.keychain
security unlock-keychain -p mysecretpassword build.keychain
echo "$APPLICATIONP12" | base64 -d > app.p12
echo "$INSTALLERP12" | base64 -d > install.p12
security import app.p12 -k build.keychain -P $keypw -A
security import install.p12 -k build.keychain -P $keypw -A
security set-key-partition-list -S apple-tool:,apple: -s -k mysecretpassword build.keychain
- name: "Sign and build MacOS"
env:
xasvec_appleid: ${{ secrets.APPLEUSER }}
xasvec_applepw: ${{ secrets.APPLEAPPPW }}
xasvec_signer: ${{ secrets.APPLESIGNER }}
xasvec_installsigner: ${{ secrets.APPLEINSTALLSIGNER }}
xasvec_teamid: ${{ secrets.APPLETEAMID }}
run: |
set -e
export asvec_appleid="${xasvec_appleid}"
export asvec_applepw="${xasvec_applepw}"
export asvec_signer="${xasvec_signer}"
export asvec_installsigner="${xasvec_installsigner}"
export asvec_teamid="${xasvec_teamid}"
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin && cd ~/work/asvec/asvec && make macos-build-all && make macos-notarize-all
- name: Store Artifact in Env Var
run: |
echo VER=$(cat ../../VERSION.md) >> $GITHUB_ENV
echo RPM_VER=$(echo ${VER} | sed 's/-/_/g') >> $GITHUB_ENV
ARTIFACTS="asvec-linux-amd64-${VER}.deb asvec-linux-amd64-${RPM_VER}.rpm asvec-linux-amd64-${VER}.zip asvec-linux-arm64-${VER}.deb asvec-linux-arm64-${RPM_VER}.rpm asvec-linux-arm64-${VER}.zip asvec-macos-${VER}.pkg asvec-macos-amd64-${VER}.zip asvec-macos-arm64-${VER}.zip asvec-windows-amd64-${VER}.zip asvec-windows-arm64-${VER}.zip"
echo "ARTIFACTS=${ARTIFACTS}" >> $GITHUB_ENV
RPM_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.rpm$' | tr '\n' ' ')
echo "RPM_ARTIFACTS=${RPM_ARTIFACTS}" >> $GITHUB_ENV
DEB_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.deb$' | tr '\n' ' ')
echo "DEB_ARTIFACTS=${DEB_ARTIFACTS}" >> $GITHUB_ENV
ZIP_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.zip$' | tr '\n' ' ')
echo "ZIP_ARTIFACTS=${ZIP_ARTIFACTS}" >> $GITHUB_ENV
PKG_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.pkg$' | tr '\n' ' ')
echo "PKG_ARTIFACTS=${PKG_ARTIFACTS}" >> $GITHUB_ENV
SHA256_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.sha256"; done | tr '\n' ' ')
echo "SHA256_FILES=${SHA256_FILES}" >> $GITHUB_ENV
ASC_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.asc"; done | tr '\n' ' ')
echo "ASC_FILES=${ASC_FILES}" >> $GITHUB_ENV
- name: Create Checksums
run: |
cd ~/work/asvec/asvec/bin/packages
for pkg in ${ARTIFACTS}; do
shasum -a 256 $pkg > ${pkg}.sha256
done
- name: Install GPG
run: sudo apt-get update && sudo apt-get install ca-certificates && sudo apt-get install gnupg -y
- name: setup GPG
uses: aerospike/shared-workflows/devops/setup-gpg@pvinh-gpg-sign-example
with:
gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }}
gpg-key-pass: ${{ secrets.GPG_PASS }}
gpg-key-name: "aerospike-inc"
- name: GPG Sign All Files
env:
GPG_TTY: no-tty
GPG_PASSPHRASE: ${{ secrets.GPG_PASS }}
run: |
cd ~/work/asvec/asvec/bin/packages
rpm --addsign ${RPM_ARTIFACTS}
rpm --checksig ${RPM_ARTIFACTS}
depkg-sig --sign builder ${DEB_ARTIFACTS}
depkg-sig --verify ${DEB_ARTIFACTS}
for file in ${ZIP_ARTIFACTS} ${PKG_ARTIFACTS}; do
gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}"
gpg --verify "${file}.asc" "${file}"
done
- name: "Create a new pre-release"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -e
cd ~/work/asvec/asvec/bin/packages
TAG=${VER}
FULLCOMMIT=$(git rev-parse HEAD)
gh release create -R github.com/aerospike/asvec --notes-file ../../RELEASE.md --prerelease --target ${FULLCOMMIT} --title "Asvec - ${TAG}" ${TAG} ${ARTIFACTS} ${SHA256_FILES} ${ASC_FILES}
- name: "Delete previous pre-release"
env:
TAG: ${{ inputs.version }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DELPREV: ${{ inputs.deletePrevBuild }}
run: |
if [ "${DELPREV}" = "true" ]; then
set -e
gh release list -R github.com/aerospike/asvec -L 100 | grep Pre-release | awk -F'\t' '{print $3}' | while read -r line; do
if [ "$line" != "${TAG}" ]; then
if [[ "$line" == "${TAG}-SNAPSHOT-"* ]]; then
echo "Removing $line"
gh release delete "$line" -R github.com/aerospike/asvec --yes --cleanup-tag
fi
fi
done
fi