Skip to content

Release

Release #334

Workflow file for this run

name: Release
on:
push:
tags:
- "[0-9]+.[0-9]+.[0-9]+*"
permissions:
contents: write
id-token: write # This is required for requesting the JWT
env:
# As defined by the Taskfile's PROJECT_NAME variable
PROJECT_NAME: arduino-cloud-agent
TARGET: "/CreateAgent/Stable/"
VERSION_TARGET: "arduino-create-static/agent-metadata/"
AWS_REGION: "us-east-1" # or https://github.com/aws/aws-cli/issues/5623
KEYCHAIN: "sign.keychain"
KEYCHAIN_PASSWORD: keychainpassword # Arbitrary password for a keychain that exists only for the duration of the job, so not secret
GON_CONFIG_PATH: gon.config.hcl
INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12"
AC_USERNAME: ${{ secrets.AC_USERNAME }} # used by gon
AC_PASSWORD: ${{ secrets.AC_PASSWORD }} # used by gon
AC_PROVIDER: ${{ secrets.AC_PROVIDER }} # used by gon
# See: https://github.com/actions/setup-go/tree/v3#readme
GO_VERSION: "1.21"
jobs:
# The build job is responsible for: configuring the environment, testing and compiling process
build:
outputs:
prerelease: ${{ steps.prerelease.outputs.IS_PRE }}
strategy:
matrix:
os: [ubuntu-20.04, windows-2019, macos-12]
arch: [amd64]
include:
- os: windows-2019
arch: 386
ext: ".exe"
- os: windows-2019
ext: ".exe"
defaults:
run:
shell: bash
# by default disable CGO, it's not needed (except on macos)
env:
CGO_ENABLED: 0
runs-on: ${{ matrix.os }}
environment: production
steps:
- name: Set env vars
run: |
echo "TAG_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
echo $(go env GOPATH)/bin >> $GITHUB_PATH
- name: Identify Prerelease
# This is a workaround while waiting for create-release action to implement auto pre-release based on tag
id: prerelease
run: |
curl -L -s https://github.com/fsaintjacques/semver-tool/archive/3.1.0.zip -o /tmp/3.1.0.zip
unzip -p /tmp/3.1.0.zip semver-tool-3.1.0/src/semver >/tmp/semver && chmod +x /tmp/semver
if [[ $(/tmp/semver get prerel ${GITHUB_REF/refs\/tags\//}) ]]; then echo "IS_PRE=true" >> $GITHUB_OUTPUT; fi
- name: Disable EOL conversions
run: git config --global core.autocrlf false
- name: Checkout
uses: actions/checkout@v4
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Install Go deps
run: go install github.com/sanbornm/go-selfupdate/...@latest
- name: Install Taskfile
uses: arduino/setup-task@v2
with:
version: "3.x"
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Build the Agent for linux
run: task go:build
if: matrix.os == 'ubuntu-20.04'
# the manifest is required by windows GUI apps, otherwise the binary will crash with: "Unable to create main window: TTM_ADDTOOL failed" (for reference https://github.com/lxn/walk/issues/28)
# rsrc will produce a *.syso file that should get automatically recognized by go build command and linked into an executable.
- name: Download tool to embed manifest in win binary
run: go install github.com/akavel/rsrc@latest
if: matrix.os == 'windows-2019'
# building the agent for win requires a different task because of an extra flag
- name: Build the Agent for win32
env:
GOARCH: 386 # 32bit architecture (for support)
run: task go:build-win
if: matrix.os == 'windows-2019' && matrix.arch == '386'
- name: Build the Agent for win64
run: task go:build-win # GOARCH=amd64 by default on the runners
if: matrix.os == 'windows-2019' && matrix.arch == 'amd64'
- name: Build the Agent for macos
env:
CGO_ENABLED: 1
MACOSX_DEPLOYMENT_TARGET: 10.15 # minimum supported version for mac
CGO_CFLAGS: -mmacosx-version-min=10.15
CGO_LDFLAGS: -mmacosx-version-min=10.15
run: task go:build
if: matrix.os == 'macos-12'
# this will create `public/` dir with compressed full bin (<version>/<os>-<arch>.gz) and a json file
- name: Create autoupdate files
run: go-selfupdate ${{ env.PROJECT_NAME }}${{ matrix.ext }} ${TAG_VERSION}
if: matrix.arch != '386' && steps.prerelease.outputs.IS_PRE != 'true'
# for now we do not distribute m1 build, this is a workaround for now
- name: Copy autoupdate file for darwin-arm64 (m1 arch)
working-directory: public/
run: |
cp darwin-amd64.json darwin-arm64.json
cp ${TAG_VERSION}/darwin-amd64.gz ${TAG_VERSION}/darwin-arm64.gz
if: matrix.os == 'macos-12' && steps.prerelease.outputs.IS_PRE != 'true'
- name: Create autoupdate files for win32
run: go-selfupdate -platform windows-${{ matrix.arch }} ${{ env.PROJECT_NAME }}${{ matrix.ext }} ${TAG_VERSION}
if: matrix.arch == '386' && matrix.os == 'windows-2019' && steps.prerelease.outputs.IS_PRE != 'true'
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-session-name: "github_${{ env.PROJECT_NAME }}"
aws-region: ${{ env.AWS_REGION }}
if: steps.prerelease.outputs.IS_PRE != 'true'
- name: Upload autoupdate files to Arduino downloads servers
run: |
aws s3 sync public/ s3://${{ secrets.DOWNLOADS_BUCKET }}${{ env.TARGET }}
if: steps.prerelease.outputs.IS_PRE != 'true'
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ env.PROJECT_NAME }}-${{ matrix.os }}-${{ matrix.arch }}
path: |
${{ env.PROJECT_NAME }}*
if-no-files-found: error
create-macos-bundle:
needs: build
# for now they are exaclty the same
strategy:
matrix:
arch: [amd64, arm64]
runs-on: macos-12
env:
EXE_PATH: "skel/ArduinoCreateAgent.app/Contents/MacOS/"
steps:
- name: Checkout
uses: actions/checkout@v4
with:
repository: "bcmi-labs/arduino-create-agent-installer" # the repo which contains the bundle structure and icons
token: ${{ secrets.ARDUINO_CREATE_AGENT_CI_PAT }}
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: ${{ env.PROJECT_NAME }}-macos-12-amd64 # if we want to support darwin-arm64 in the future for real this has to change.
path: ${{ env.EXE_PATH }}
- name: Remove placeholder file
run: rm -rf ${{ env.EXE_PATH }}.empty
# zip artifacts do not mantain executable permission
- name: Make executable
run: chmod -v +x ${{ env.EXE_PATH }}${{ env.PROJECT_NAME }}
- name: Rename executable to Arduino_Cloud_Agent
run: mv -v ${{ env.EXE_PATH }}${{ env.PROJECT_NAME }} ${{ env.EXE_PATH }}Arduino_Cloud_Agent
- name: get year
run: echo "YEAR=$(date "+%Y")" >> $GITHUB_ENV
- name: Generate Info.plist for MacOS
run: |
cat > skel/ArduinoCreateAgent.app/Contents/Info.plist <<EOF
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>CFBundlePackageType</key><string>APPL</string><key>CFBundleInfoDictionaryVersion</key><string>6.0</string>
<key>CFBundleIconFile</key> <string>AppIcon.icns</string>
<key>CFBundleName</key> <string>Arduino Cloud Agent</string>
<key>CFBundleExecutable</key> <string>Arduino_Cloud_Agent</string>
<key>CFBundleIdentifier</key> <string>create.arduino.cc</string>
<key>CFBundleVersion</key> <string>${GITHUB_REF##*/}</string>
<key>NSHumanReadableCopyright</key> <string>© Copyright ${{ env.YEAR }} Arduino LLC</string>
<key>CFBundleShortVersionString</key> <string>${GITHUB_REF##*/}</string>
<key>LSUIElement</key> <true/>
<!-- Needed for Apache Callback -->
<key>NSPrincipalClass</key><string>NSApplication</string>
<key>NSMainNibFile</key><string>MainMenu</string>
</dict></plist>
EOF
- name: Tar bundle to keep permissions
run: tar -cvf ArduinoCloudAgent.app_${{ matrix.arch }}.tar -C skel/ .
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
if-no-files-found: error
name: ArduinoCloudAgent.app_${{ matrix.arch }}
path: ArduinoCloudAgent.app_${{ matrix.arch }}.tar
# The notarize-macos job will download the macos bundle from the previous job, sign, notarize and re-upload it, uploading it also on s3 download servers for the autoupdate.
notarize-macos:
name: Notarize bundle
# for now they are exaclty the same
strategy:
matrix:
arch: [amd64, arm64]
runs-on: macos-12
env:
GON_PATH: ${{ github.workspace }}/gon
needs: [build, create-macos-bundle]
environment: production
steps:
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: ArduinoCloudAgent.app_${{ matrix.arch }}
- name: un-Tar bundle
run: tar -xvf ArduinoCloudAgent.app_${{ matrix.arch }}.tar
- name: Import Code-Signing Certificates
run: |
echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}"
security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
security default-keychain -s "${{ env.KEYCHAIN }}"
security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
security import \
"${{ env.INSTALLER_CERT_MAC_PATH }}" \
-k "${{ env.KEYCHAIN }}" \
-f pkcs12 \
-A \
-T "/usr/bin/codesign" \
-P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}"
security set-key-partition-list \
-S apple-tool:,apple: \
-s \
-k "${{ env.KEYCHAIN_PASSWORD }}" \
"${{ env.KEYCHAIN }}"
- name: Install gon for code signing
uses: actions/checkout@v4
with:
repository: darkvertex/gon #this fork has support for --deep notarization
path: ${{ env.GON_PATH }}
ref: deep_sign_support
- name: Build gon
working-directory: ${{ env.GON_PATH }}/cmd/gon/
run: |
ls -lah
go build
mv gon /usr/local/bin
- name: Write gon config to file
# gon does not allow env variables in config file (https://github.com/mitchellh/gon/issues/20)
run: |
cat > "${{ env.GON_CONFIG_PATH }}" <<EOF
# See: https://github.com/mitchellh/gon#configuration-file
source = ["ArduinoCreateAgent.app"]
bundle_id = "cc.arduino.${{ env.PROJECT_NAME }}"
sign {
application_identity = "Developer ID Application: ARDUINO SA (7KT7ZWMCJT)"
deep = true
}
EOF
- name: Sign app bundle
run: gon -log-level=debug -log-json "${{ env.GON_CONFIG_PATH }}"
- name: Zip output app bundle
run: ditto -c -k ArduinoCreateAgent.app/ ArduinoCloudAgent.app_${{ matrix.arch }}_notarized.zip
- name: Remove gon used for code signing
run: |
rm /usr/local/bin/gon
rm ${{ env.GON_CONFIG_PATH }}
- name: Install gon for app notarization
run: |
wget -q https://github.com/Bearer/gon/releases/download/v0.0.27/gon_macos.zip
unzip gon_macos.zip -d /usr/local/bin
- name: Write gon config to file
run: |
cat > "${{ env.GON_CONFIG_PATH }}" <<EOF
# See: https://github.com/Bearer/gon#configuration-file
notarize {
path = "ArduinoCloudAgent.app_${{ matrix.arch }}_notarized.zip"
bundle_id = "cc.arduino.${{ env.PROJECT_NAME }}"
}
EOF
- name: Notarize app bundle
run: |
gon -log-level=debug -log-json "${{ env.GON_CONFIG_PATH }}"
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-session-name: "github_${{ env.PROJECT_NAME }}"
aws-region: ${{ env.AWS_REGION }}
if: ${{ needs.build.outputs.prerelease != 'true' }}
- name: Upload autoupdate bundle to Arduino downloads servers
run: aws s3 cp ArduinoCloudAgent.app_${{ matrix.arch }}_notarized.zip s3://${{ secrets.DOWNLOADS_BUCKET }}${{ env.TARGET }}${GITHUB_REF/refs\/tags\//}/ # the version should be created in th the build job
if: ${{ needs.build.outputs.prerelease != 'true' }}
- name: Generate json file used for the new autoupdate
run: |
cat > darwin-${{ matrix.arch }}-bundle.json <<EOF
{
"Version": "${GITHUB_REF/refs\/tags\//}",
"Sha256": "$(shasum -a 256 ArduinoCloudAgent.app_${{ matrix.arch }}_notarized.zip | awk '{print $1}' | xxd -r -p | base64)"
}
EOF
if: ${{ needs.build.outputs.prerelease != 'true' }}
- name: Upload autoupdate files to Arduino downloads servers
run: |
aws s3 cp darwin-${{ matrix.arch }}-bundle.json s3://${{ secrets.DOWNLOADS_BUCKET }}${{ env.TARGET }}
if: ${{ needs.build.outputs.prerelease != 'true' }}
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: ArduinoCloudAgent.app_${{ matrix.arch }}_notarized
path: ArduinoCloudAgent.app_${{ matrix.arch }}_notarized.zip
if-no-files-found: error
# This job is responsible for generating the installers (using installbuilder)
package:
needs: build
runs-on: ubuntu-20.04
env:
# vars used by installbuilder
INSTALLBUILDER_PATH: "/opt/installbuilder-23.11.0/bin/builder"
INSTALLER_VARS: "project.outputDirectory=$PWD project.version=${GITHUB_REF##*/} workspace=$PWD realname=Arduino_Cloud_Agent"
strategy:
fail-fast: false # if one os is failing continue nonetheless
matrix: # used to generate installers for different OS and not for runs-on
os: [ubuntu-20.04, windows-2019]
arch: [amd64]
include:
- os: ubuntu-20.04
platform-name: linux
installbuilder-name: linux-x64
installer-extension: .run
- os: windows-2019
arch: 386
platform-name: windows
installbuilder-name: windows
extension: .exe
installer-extension: .exe
- os: windows-2019
platform-name: windows
installbuilder-name: windows
extension: .exe
installer-extension: .exe
container:
image: floydpink/ubuntu-install-builder:23.11.0
steps:
- name: Checkout
uses: actions/checkout@v4
with:
repository: "bcmi-labs/arduino-create-agent-installer" # the repo which contains install.xml
token: ${{ secrets.ARDUINO_CREATE_AGENT_CI_PAT }}
ref: rename-to-cloud-agent
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: ${{ env.PROJECT_NAME }}-${{ matrix.os }}-${{ matrix.arch }}
path: artifacts/${{ matrix.platform-name }}/ # path expected by installbuilder
# zip artifacts do not mantain executable permission
- name: Make executable
run: chmod -v +x artifacts/${{ matrix.platform-name }}/${{ env.PROJECT_NAME }}*
if: matrix.os == 'ubuntu-20.04'
- name: Rename executable to Arduino_Cloud_Agent
run: mv -v artifacts/${{ matrix.platform-name }}/${{ env.PROJECT_NAME }}${{ matrix.extension }} artifacts/${{ matrix.platform-name }}/Arduino_Cloud_Agent${{ matrix.extension }}
- name: Save InstallBuilder license to file
run: echo "${{ secrets.INSTALLER_LICENSE }}" > /tmp/license.xml
- name: Launch Bitrock installbuilder
run: ${{ env.INSTALLBUILDER_PATH }} build installer.xml ${{ matrix.installbuilder-name }} --verbose --license /tmp/license.xml --setvars ${{ env.INSTALLER_VARS }} architecture=${{ matrix.arch }}
- name: Generate archive
run: tar -czvf ArduinoCloudAgent-${GITHUB_REF##*/}-${{ matrix.platform-name }}-${{ matrix.arch }}-installer.tar.gz ArduinoCloudAgent-${GITHUB_REF##*/}-${{ matrix.platform-name }}-${{ matrix.arch }}-installer${{matrix.installer-extension}}
if: matrix.os == 'ubuntu-20.04'
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: ArduinoCloudAgent-${{ matrix.platform-name }}-${{ matrix.arch }}
path: ArduinoCloudAgent*
if-no-files-found: error
# This job will sign the Windows installer
sign-windows:
runs-on: [self-hosted, windows-sign-pc]
needs: package
defaults:
run:
shell: bash
env:
INSTALLER_CERT_WINDOWS_CER: "/tmp/cert.cer"
# We are hardcoding the path for signtool because is not present on the windows PATH env var by default.
# Keep in mind that this path could change when upgrading to a new runner version
SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.19041.0/x86/signtool.exe"
strategy:
matrix:
arch: [amd64, 386]
steps:
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: ArduinoCloudAgent-windows-${{ matrix.arch }}
- name: Save Win signing certificate to file
run: echo "${{ secrets.INSTALLER_CERT_WINDOWS_CER }}" | base64 --decode > ${{ env.INSTALLER_CERT_WINDOWS_CER}}
- name: Sign EXE
env:
CERT_PASSWORD: ${{ secrets.INSTALLER_CERT_WINDOWS_PASSWORD }}
CONTAINER_NAME: ${{ secrets.INSTALLER_CERT_WINDOWS_CONTAINER }}
# https://stackoverflow.com/questions/17927895/automate-extended-validation-ev-code-signing-with-safenet-etoken
run: |
"${{ env.SIGNTOOL_PATH }}" sign -d "Arduino Cloud Agent" -f ${{ env.INSTALLER_CERT_WINDOWS_CER}} -csp "eToken Base Cryptographic Provider" -k "[{{${{ env.CERT_PASSWORD }}}}]=${{ env.CONTAINER_NAME }}" -fd sha256 -tr http://timestamp.digicert.com -td SHA256 -v "ArduinoCloudAgent-${GITHUB_REF##*/}-windows-${{ matrix.arch }}-installer.exe"
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
if-no-files-found: error
name: ArduinoCloudAgent-windows-${{ matrix.arch }}-signed
path: ArduinoCloudAgent-*-windows-${{ matrix.arch }}-installer.exe
# This job will generate a dmg mac installer, sign/notarize it.
generate-sign-dmg:
needs: notarize-macos
strategy:
matrix:
arch: [amd64]
runs-on: macos-12
steps:
- name: Checkout repo with icons/background
uses: actions/checkout@v4
with:
repository: "bcmi-labs/arduino-create-agent-installer" # the repo which contains the icons/background
token: ${{ secrets.ARDUINO_CREATE_AGENT_CI_PAT }}
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: ArduinoCloudAgent.app_${{ matrix.arch }}_notarized
path: ArduinoCloudAgent.app
- name: unzip artifact
working-directory: ArduinoCloudAgent.app
run: |
unzip ArduinoCloudAgent.app_${{ matrix.arch }}_notarized.zip
rm ArduinoCloudAgent.app_${{ matrix.arch }}_notarized.zip
- name: Install create-dmg
run: brew install create-dmg
- name: Genarate DMG
run: |
create-dmg \
--volname "ArduinoCloudAgent" \
--background "installer_icons/background.tiff" \
--window-pos 200 120 \
--window-size 500 320 \
--icon-size 80 \
--icon "ArduinoCloudAgent.app" 125 150 \
--app-drop-link 375 150 \
"ArduinoCloudAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.dmg" \
"ArduinoCloudAgent.app"
- name: Import Code-Signing Certificates
run: |
echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}"
security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
security default-keychain -s "${{ env.KEYCHAIN }}"
security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
security import \
"${{ env.INSTALLER_CERT_MAC_PATH }}" \
-k "${{ env.KEYCHAIN }}" \
-f pkcs12 \
-A \
-T "/usr/bin/codesign" \
-P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}"
security set-key-partition-list \
-S apple-tool:,apple: \
-s \
-k "${{ env.KEYCHAIN_PASSWORD }}" \
"${{ env.KEYCHAIN }}"
- name: Install gon for code signing and app notarization
run: |
wget -q https://github.com/Bearer/gon/releases/download/v0.0.36/gon_macos.zip
unzip gon_macos.zip -d /usr/local/bin
- name: Write gon config to file
# gon does not allow env variables in config file (https://github.com/mitchellh/gon/issues/20)
run: |
cat > gon.config_installer.hcl <<EOF
source = ["ArduinoCloudAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.dmg"]
bundle_id = "cc.arduino.${{ env.PROJECT_NAME }}-installer"
sign {
application_identity = "Developer ID Application: ARDUINO SA (7KT7ZWMCJT)"
}
# Ask Gon for zip output to force notarization process to take place.
zip {
output_path = "ArduinoCloudAgent.app_${{ matrix.arch }}_notarized.zip"
}
EOF
- name: Code sign and notarize app
run: gon -log-level=debug -log-json gon.config_installer.hcl
# tar dmg file to keep executable permission
- name: Tar files to keep permissions
run: tar -cvf ArduinoCloudAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.tar ArduinoCloudAgent-${GITHUB_REF##*/}-osx-${{ matrix.arch }}-installer.dmg
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: ArduinoCloudAgent-osx-${{ matrix.arch }}
path: ArduinoCloudAgent*.tar
if-no-files-found: error
create-release:
runs-on: ubuntu-20.04
environment: production
needs: [build, generate-sign-dmg, sign-windows]
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0 # fetch all history for the create changelog step to work properly
- name: Download artifact
uses: actions/download-artifact@v4 # download all the artifacts
# mandatory step because upload-release-action does not support multiple folders
- name: prepare artifacts for the release
run: |
mkdir release
chmod -v +x ArduinoCloudAgent-linux-amd64/*.run
mv -v ArduinoCloudAgent-linux-amd64/* release/
cat ArduinoCloudAgent-osx-amd64/*.tar | tar -xvf - -i -C release/
rm -v release/._ArduinoCloudAgent*.dmg
mv -v ArduinoCloudAgent-windows*-signed/* release/
- name: VirusTotal Scan
id: virustotal_step
uses: crazy-max/ghaction-virustotal@v4
with:
vt_api_key: ${{ secrets.VIRUSTOTAL_API_KEY }}
update_release_body: false # `true` won't work because trigger type is not release
files: |
release/*.exe
${{ env.PROJECT_NAME }}-windows-2019-386/${{ env.PROJECT_NAME }}.exe
${{ env.PROJECT_NAME }}-windows-2019-amd64/${{ env.PROJECT_NAME }}.exe
- name: Create changelog
uses: arduino/create-changelog@v1
with:
tag-regex: '^[0-9]+\.[0-9]+\.[0-9]+.*$'
filter-regex: '^\[(skip|changelog)[ ,-](skip|changelog)\].*'
case-insensitive-regex: true
changelog-file-path: "CHANGELOG.md"
- name: Organize release body message #use sed to clean and format the output markdown style
id: release_body
run: |
echo "RBODY<<EOF" >> $GITHUB_OUTPUT
echo "$(cat CHANGELOG.md)" >> $GITHUB_OUTPUT
echo "<details close>" >> $GITHUB_OUTPUT
echo "<summary>VirusTotal analysis 🛡</summary>" >> $GITHUB_OUTPUT
echo "" >> $GITHUB_OUTPUT
echo "$(echo ${{ steps.virustotal_step.outputs.analysis}} | sed 's/release\///g' | sed 's/,/\n/g' | sed 's/^/- [/' | sed 's/=/](/' | sed 's/$/)/')" >> $GITHUB_OUTPUT
echo "</details>" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Create Github Release and upload artifacts
uses: ncipollo/release-action@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
body: ${{ steps.release_body.outputs.RBODY}}
draft: false
prerelease: ${{ needs.build.outputs.prerelease }}
# NOTE: "Artifact is a directory" warnings are expected and don't indicate a problem
# (all the files we need are in the DIST_DIR root)
artifacts: release/*
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-session-name: "github_${{ env.PROJECT_NAME }}"
aws-region: ${{ env.AWS_REGION }}
if: ${{ needs.build.outputs.prerelease != 'true' }}
- name: Upload release files on Arduino downloads servers
run: aws s3 sync release/ s3://${{ secrets.DOWNLOADS_BUCKET }}${{ env.TARGET }}
if: ${{ needs.build.outputs.prerelease != 'true' }}
- name: Update version file (used by frontend to trigger autoupdate and create filename)
run: |
echo {\"Version\": \"${GITHUB_REF##*/}\"} > /tmp/agent-version.json
# TODO remove this when we will have a new frontend
aws s3 cp /tmp/agent-version.json s3://${{ env.VERSION_TARGET }}
aws s3 cp /tmp/agent-version.json s3://${{ secrets.DOWNLOADS_BUCKET }}/agent-metadata/
if: ${{ needs.build.outputs.prerelease != 'true' }}