forked from kopia/kopia
-
Notifications
You must be signed in to change notification settings - Fork 3
200 lines (198 loc) · 7.46 KB
/
make.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
name: Build
on:
pull_request:
branches: [ master ]
push:
# ci-sandbox is a branch dedicated to testing post-submit code.
branches: [ master, artifacts-pr ]
tags:
- v*
schedule:
# run on Mondays at 8AM
- cron: '0 8 * * 1'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
# environment variables shared between build steps
# do not include sensitive credentials and tokens here, instead pass them
# directly to tools that need them to limit the blast radius in case one of them
# becomes compromised and leaks credentials to external sites.
# required by Makefile
UNIX_SHELL_ON_WINDOWS: true
# set to true if Publish Artifacts should run
PUBLISH_ARTIFACTS: ${{ secrets.PUBLISH_ARTIFACTS }}
# where to publish releases for non-tagged commits
NON_TAG_RELEASE_REPO: ${{ secrets.NON_TAG_RELEASE_REPO }}
# RPM and APT packages GCS bucket/hostname.
PACKAGES_HOST: ${{ secrets.PACKAGES_HOST }}
jobs:
build:
strategy:
fail-fast: false
matrix:
os: [windows-latest, ubuntu-latest, macos-latest]
include:
- os: [self-hosted, ARM64]
# - os: [self-hosted, ARMHF]
name: Make
runs-on: ${{ matrix.os }}
continue-on-error: ${{ contains(matrix.os, 'self-hosted') }}
steps:
- name: Check out repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version-file: 'go.mod'
check-latest: true
id: go
if: ${{ !contains(matrix.os, 'ARMHF') }}
- name: Install GoLang for ARMHF
run: "echo /usr/local/go/bin >> $GITHUB_PATH; rm -rf /usr/local/go && mkdir -p /usr/local/go && curl -s -L https://go.dev/dl/go1.19.2.linux-armv6l.tar.gz | tar -C /usr/local -xz"
if: ${{ contains(matrix.os, 'ARMHF') }}
- name: Install Windows-specific packages
run: "choco install --no-progress -y make zip unzip curl"
if: ${{ contains(matrix.os, 'windows') }}
- name: Install macOS-specific packages
run: "sudo xcode-select -r"
if: ${{ contains(matrix.os, 'macos') }}
- name: Setup
run: make -j4 ci-setup
- name: Install macOS certificates
# install signing tools and credentials for macOS and Windows outside of main
# build process.
run: make macos-certificates
env:
# macOS signing certificate (base64-encoded), used by Electron Builder
CSC_LINK: ${{ secrets.CSC_LINK }}
CSC_KEYCHAIN: ${{ secrets.CSC_KEYCHAIN }}
CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }}
if: ${{ contains(matrix.os, 'macos') }}
- name: Install Windows signing tools
# install signing tools and credentials for macOS and Windows outside of main
# build process.
run: make windows-signing-tools
env:
# tool to install Windows signing certificate
WINDOWS_SIGNING_TOOLS_URL: ${{ secrets.WINDOWS_SIGNING_TOOLS_URL }}
WINDOWS_SIGN_TOOL: ${{ secrets.WINDOWS_SIGN_TOOL }}
if: ${{ contains(matrix.os, 'windows') }}
- name: Build
run: make ci-build
timeout-minutes: 40
env:
# Apple credentials for notarizaton, used by Electron Builder
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
KOPIA_UI_NOTARIZE: ${{ secrets.KOPIA_UI_NOTARIZE }}
# tool to install Windows signing certificate
WINDOWS_SIGN_USER: ${{ secrets.WINDOWS_SIGN_USER }}
WINDOWS_SIGN_AUTH: ${{ secrets.WINDOWS_SIGN_AUTH }}
WINDOWS_CERT_SHA1: ${{ secrets.WINDOWS_CERT_SHA1 }}
WINDOWS_SIGN_TOOL: ${{ secrets.WINDOWS_SIGN_TOOL }}
# macOS signing certificate (base64-encoded), used by Electron Builder
MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }}
- name: Upload Kopia Artifacts
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: kopia
path: |
dist/*.md
dist/*.rb
dist/*.zip
dist/*.tar.gz
dist/*.rpm
dist/*.deb
dist/*.exe
dist/kopia-ui/*.zip
dist/kopia-ui/*.tar.gz
dist/kopia-ui/*.dmg
dist/kopia-ui/*.rpm
dist/kopia-ui/*.deb
dist/kopia-ui/*.exe
dist/kopia-ui/*.AppImage
dist/kopia-ui/*.yml
if-no-files-found: ignore
if: ${{ !contains(matrix.os, 'self-hosted') }}
- name: Upload Kopia Binary
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: kopia_binaries
path: |
dist/*/kopia
dist/*/kopia.exe
dist/*/rclone
dist/*/rclone.exe
if-no-files-found: ignore
if: ${{ !contains(matrix.os, 'self-hosted') }}
publish:
name: Stage And Publish Artifacts
runs-on: ubuntu-latest
needs: build
if: github.event_name != 'pull_request' && github.repository == 'kopia/kopia'
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: Download Artifacts
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kopia
path: dist
- name: Download Kopia Binaries
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: kopia_binaries
path: dist_binaries
- name: Display structure of downloaded files
run: ls -lR dist/ dist_binaries/
- name: Install GPG Key
run: make ci-gpg-key
env:
GPG_KEYRING: ${{secrets.GPG_KEYRING}}
- name: Stage Release
run: make stage-release
- name: Push Github Release
run: make push-github-release
env:
GITHUB_TOKEN: ${{secrets.GH_TOKEN}}
- name: Install GCS Credentials
run: make ci-gcs-creds
env:
GCS_CREDENTIALS: ${{secrets.GCS_CREDENTIALS}}
- name: Publish APT
# this needs GCS credentials and GPG keys installed before.
run: make publish-apt
- name: Publish RPM
# this needs GCS credentials and GPG keys installed before.
run: make publish-rpm
- name: Publish Homebrew
# this only pushes to a GitHub repository.
run: make publish-homebrew
env:
GITHUB_TOKEN: ${{secrets.GH_TOKEN}}
- name: Publish Scoop
# this only pushes to a GitHub repository.
run: make publish-scoop
env:
GITHUB_TOKEN: ${{secrets.GH_TOKEN}}
- name: Publish Docker
run: make publish-docker
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Bump Homebrew formula
uses: dawidd6/action-homebrew-bump-formula@d3667e5ae14df19579e4414897498e3e88f2f458 # v3.10.0
# only bump formula for tags which don't contain '-'
# this excludes vx.y.z-rc1
if: github.ref_type == 'tag' && !contains(github.ref_name, '-')
with:
token: ${{ secrets.HOMEBREW_PUSH_TOKEN }}
formula: kopia