Build and publish asvec #123
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Create Pre-Release | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: 'If this is a release what version is this for? If this is a pre-release what version are you developing toward?' | |
required: true | |
type: string | |
preRelease: | |
description: 'Create Pre-release? -SNAPSHOT-{COMMIT} will be appended to the version above.' | |
required: false | |
type: boolean | |
deletePrevBuild: | |
description: 'Cleanup existing pre-releases?' | |
required: false | |
type: boolean | |
jobs: | |
build: | |
outputs: | |
version: ${{ steps.save-version.outputs.version }} | |
rpm-version: ${{ steps.save-version.outputs.rpm-version }} | |
artifacts: ${{ steps.save-version.outputs.artifacts }} | |
rpm-artifacts: ${{ steps.save-version.outputs.rpm-artifacts }} | |
deb-artifacts: ${{ steps.save-version.outputs.deb-artifacts }} | |
zip-artifacts: ${{ steps.save-version.outputs.zip-artifacts }} | |
pkg-artifacts: ${{ steps.save-version.outputs.pkg-artifacts }} | |
sha-artifacts: ${{ steps.save-version.outputs.sha-artifacts }} | |
asc-artifacts: ${{ steps.save-version.outputs.asc-artifacts }} | |
runs-on: macos-13 | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: "Install Homebrew" | |
run: /bin/bash -c "NONINTERACTIVE=1 $(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" | |
- name: "Install Dependencies" | |
run: | | |
/usr/local/bin/brew install --overwrite python@3.11 || echo "I1.1" | |
/usr/local/bin/brew link --overwrite python@3.11 || echo "I1.2" | |
/usr/local/bin/brew install --overwrite dpkg zip make wget jq rpm || echo "I2" | |
/usr/local/bin/brew link --overwrite python@3.11 || echo "I1.3" | |
/usr/local/bin/brew install python-gdbm@3.11 || echo "I1.4" | |
/usr/local/bin/brew install python-tk@3.11 || echo "I1.5" | |
for i in dpkg zip make wget jq rpm python3.11; do command -v $i || exit 1; done | |
echo "Dependencies checked" | |
- name: Get go version from go.mod | |
run: | | |
echo "GO_VERSION=$(grep '^go ' go.mod | cut -d " " -f 2)" >> $GITHUB_ENV | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
check-latest: true | |
- name: "Install Packages.pkg for making macos PKG files" | |
run: | | |
wget http://s.sudre.free.fr/Software/files/Packages.dmg | |
hdiutil attach -mountpoint /Volumes/Packages Packages.dmg | |
cd /Volumes/Packages | |
sudo installer -pkg Install\ Packages.pkg -target / | |
- name: Tag Before Building | |
id: tag | |
if: inputs.version != '' | |
env: | |
TAG: ${{ inputs.version }} | |
SNAPSHOT: ${{ inputs.preRelease }} | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
echo "Tagging the repository with ${TAG}" | |
git config --global user.email "actions@github.com" | |
git config --global user.name "GitHub Actions" | |
if [ "${SNAPSHOT}" = "true" ]; then | |
COMMIT=$(git rev-parse --short HEAD) | |
TAG="${TAG}-SNAPSHOT-${COMMIT}" | |
fi | |
# Ensure the tag does not already exist | |
if ! gh release view "${TAG}" > /dev/null 2>&1; then | |
git tag -a "${TAG}" -m "Release ${TAG}" | |
git push origin "${TAG}" | |
echo "Tag ${TAG} created and pushed successfully." | |
else | |
echo "Tag ${TAG} already exists." | |
fi | |
- name: "Compile" | |
env: | |
ADDCOMMIT: ${{ inputs.preRelease }} | |
run: | | |
buildcmd="build-prerelease" | |
[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official" | |
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin | |
cd ~/work/asvec/asvec && make cleanall && make ${buildcmd} | |
- name: "Create linux packages" | |
env: | |
ADDCOMMIT: ${{ inputs.preRelease }} | |
run: | | |
buildcmd="build-prerelease" | |
[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official" | |
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin | |
cd ~/work/asvec/asvec && make pkg-linux | |
- name: "Create windows zips" | |
env: | |
ADDCOMMIT: ${{ inputs.preRelease }} | |
run: | | |
buildcmd="build-prerelease" | |
[ "${ADDCOMMIT}" = "false" ] && buildcmd="build-official" | |
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin | |
cd ~/work/asvec/asvec && make pkg-windows-zip | |
- name: "Print asvec version" | |
run: cd ~/work/asvec/asvec && ./bin/asvec-macos-amd64 --version | |
- name: "Prepare keychain for signing MacOS" | |
env: | |
keypw: ${{ secrets.APPLEUSERPW }} | |
INSTALLERP12: ${{ secrets.INSTALLERP12 }} | |
APPLICATIONP12: ${{ secrets.APPLICATIONP12 }} | |
run: | | |
set -e | |
security create-keychain -p mysecretpassword build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p mysecretpassword build.keychain | |
security set-keychain-settings build.keychain | |
security unlock-keychain -p mysecretpassword build.keychain | |
echo "$APPLICATIONP12" | base64 -d > app.p12 | |
echo "$INSTALLERP12" | base64 -d > install.p12 | |
security import app.p12 -k build.keychain -P $keypw -A | |
security import install.p12 -k build.keychain -P $keypw -A | |
security set-key-partition-list -S apple-tool:,apple: -s -k mysecretpassword build.keychain | |
- name: "Sign and build MacOS" | |
env: | |
xasvec_appleid: ${{ secrets.APPLEUSER }} | |
xasvec_applepw: ${{ secrets.APPLEAPPPW }} | |
xasvec_signer: ${{ secrets.APPLESIGNER }} | |
xasvec_installsigner: ${{ secrets.APPLEINSTALLSIGNER }} | |
xasvec_teamid: ${{ secrets.APPLETEAMID }} | |
run: | | |
set -e | |
export asvec_appleid="${xasvec_appleid}" | |
export asvec_applepw="${xasvec_applepw}" | |
export asvec_signer="${xasvec_signer}" | |
export asvec_installsigner="${xasvec_installsigner}" | |
export asvec_teamid="${xasvec_teamid}" | |
export PATH=$PATH:/usr/local/bin:/usr/local/go/bin && cd ~/work/asvec/asvec && make macos-build-all && make macos-notarize-all | |
- name: Save Version | |
id: save-version | |
run: | | |
VER=$(cat VERSION.md) | |
echo version=${VER} >> $GITHUB_OUTPUT | |
RPM_VER=$(echo ${VER} | sed 's/-/_/g') | |
echo rpm-verion=${RPM_VER} >> $GITHUB_OUTPUT | |
ARTIFACTS="asvec-linux-amd64-${VER}.deb asvec-linux-amd64-${RPM_VER}.rpm asvec-linux-amd64-${VER}.zip asvec-linux-arm64-${VER}.deb asvec-linux-arm64-${RPM_VER}.rpm asvec-linux-arm64-${VER}.zip asvec-macos-${VER}.pkg asvec-macos-amd64-${VER}.zip asvec-macos-arm64-${VER}.zip asvec-windows-amd64-${VER}.zip asvec-windows-arm64-${VER}.zip" | |
echo "artifacts=${ARTIFACTS}" >> $GITHUB_OUTPUT | |
RPM_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.rpm$' | tr '\n' ' ') | |
echo "rpm-artifacts=${RPM_ARTIFACTS}" >> $GITHUB_OUTPUT | |
DEB_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.deb$' | tr '\n' ' ') | |
echo "deb-artifacts=${DEB_ARTIFACTS}" >> $GITHUB_OUTPUT | |
ZIP_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.zip$' | tr '\n' ' ') | |
echo "zip-artifacts=${ZIP_ARTIFACTS}" >> $GITHUB_OUTPUT | |
PKG_ARTIFACTS=$(echo "${ARTIFACTS}" | tr ' ' '\n' | grep '\.pkg$' | tr '\n' ' ') | |
echo "pkg-artifacts=${PKG_ARTIFACTS}" >> $GITHUB_OUTPUT | |
SHA256_FILES=$(for pkg in ${ARTIFACTS}; do echo "${pkg}.sha256"; done | tr '\n' ' ') | |
echo "sha-artifacts=${SHA256_FILES}" >> $GITHUB_OUTPUT | |
ASC_FILES=$(for pkg in ${ARTIFACTS} ${SHA256_FILES}; do | |
if [[ ! "${pkg}" =~ \.rpm$ && ! "${pkg}" =~ \.deb$ ]]; then | |
echo "${pkg}.asc" | |
fi | |
done | tr '\n' ' ') | |
echo "asc-artifacts=${ASC_FILES}" >> $GITHUB_OUTPUT | |
- name: "Upload Artifacts" | |
uses: actions/upload-artifact@v4 | |
with: | |
name: asvec-artifacts | |
path: ~/work/asvec/asvec/bin/packages/asvec-* | |
sign: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: "Download Artifacts" | |
uses: actions/download-artifact@v4 | |
with: | |
name: asvec-artifacts | |
- name: setup GPG | |
uses: aerospike/shared-workflows/devops/setup-gpg@main | |
with: | |
gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} | |
gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }} | |
gpg-key-pass: ${{ secrets.GPG_PASS }} | |
gpg-key-name: "aerospike-inc" | |
- name: GPG Sign All Files | |
env: | |
GPG_TTY: no-tty | |
GPG_PASSPHRASE: ${{ secrets.GPG_PASS }} | |
run: | | |
rpm --addsign ${{needs.build.outputs.rpm-artifacts}} | |
rpm --checksig ${{needs.build.outputs.rpm-artifacts}} | |
dpkg-sig --sign builder ${{needs.build.outputs.deb-artifacts}} | |
dpkg-sig --verify ${{needs.build.outputs.deb-artifacts}} | |
for file in ${{needs.build.outputs.zip-artifacts}} ${{needs.build.outputs.pkg-artifacts}}; do | |
gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}" | |
gpg --verify "${file}.asc" "${file}" | |
done | |
- name: Create Checksums | |
run: | | |
for pkg in ${{needs.build.outputs.artifacts}}; do | |
shasum -a 256 $pkg > ${pkg}.sha256 | |
done | |
for file in ${{needs.build.outputs.sha-artifacts}}; do | |
gpg --detach-sign --no-tty --batch --yes --output "${file}.asc" --passphrase "$GPG_PASSPHRASE" "${file}" | |
gpg --verify "${file}.asc" "${file}" | |
done | |
- name: "Upload Artifacts" | |
uses: actions/upload-artifact@v4 | |
with: | |
name: asvec-artifacts | |
path: asvec-* | |
overwrite: true | |
pre-release: | |
needs: | |
- sign | |
- build | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Git checkout" | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: "Download Artifacts" | |
uses: actions/download-artifact@v4 | |
with: | |
name: asvec-artifacts | |
- name: "Create a new pre-release" | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
set -e | |
TAG=${{needs.build.outputs.version}} | |
FULLCOMMIT=$(git rev-parse HEAD) | |
gh release create -R github.com/aerospike/asvec --prerelease --target ${FULLCOMMIT} --title "Asvec - ${TAG}" ${TAG} ${{needs.build.outputs.artifacts}} ${{needs.build.outputs.sha-artifacts}} ${{needs.build.outputs.asc-artifacts}} | |
- name: "Delete previous pre-release" | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
DELPREV: ${{ inputs.deletePrevBuild }} | |
run: | | |
if [ "${DELPREV}" = "true" ]; then | |
set -e | |
gh release list -R github.com/aerospike/asvec -L 100 | grep Pre-release | awk -F'\t' '{print $3}' | while read -r line; do | |
if [ "$line" != "${{needs.build.outputs.version}}" ]; then | |
if [[ "$line" == "${{ inputs.version }}-SNAPSHOT-"* ]]; then | |
echo "Removing $line" | |
gh release delete "$line" -R github.com/aerospike/asvec --yes --cleanup-tag | |
fi | |
fi | |
done | |
fi |