Added `debug check` command to check if a combination of board/progra… #70

Workflow file for this run

.github/workflows/release-go-task.yml at ce6bb98

	# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/release-go-task.md
	name: Release

	env:
	# As defined by the Taskfile's PROJECT_NAME variable
	PROJECT_NAME: arduino-cli
	# As defined by the Taskfile's DIST_DIR variable
	DIST_DIR: dist
	# The project's folder on Arduino's download server for uploading builds
	AWS_PLUGIN_TARGET: /arduino-cli/
	ARTIFACT_NAME: dist

	on:
	push:
	tags:
	- "v[0-9]+.[0-9]+.[0-9]+*"

	jobs:
	create-release-artifacts:
	outputs:
	version: ${{ steps.get-version.outputs.version }}
	runs-on: ubuntu-latest

	strategy:
	matrix:
	os:
	- Windows_32bit
	- Windows_64bit
	- Linux_32bit
	- Linux_64bit
	- Linux_ARMv6
	- Linux_ARMv7
	- Linux_ARM64
	- macOS_64bit
	- macOS_ARM64

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Create changelog
	# Avoid creating the same changelog for each os
	if: matrix.os == 'Windows_32bit'
	uses: arduino/create-changelog@v1
	with:
	tag-regex: '^v[0-9]+\.[0-9]+\.[0-9]+.*$'
	filter-regex: '^\[(skip\|changelog)[ ,-](skip\|changelog)\].*'
	case-insensitive-regex: true
	changelog-file-path: "${{ env.DIST_DIR }}/CHANGELOG.md"

	- name: Install Task
	uses: arduino/setup-task@v1
	with:
	repo-token: ${{ secrets.GITHUB_TOKEN }}
	version: 3.x

	- name: Build
	run: task dist:${{ matrix.os }}

	- name: Output Version
	id: get-version
	run: echo "version=$(task general:get-version)" >> $GITHUB_OUTPUT

	- name: Upload artifacts
	uses: actions/upload-artifact@v3
	with:
	if-no-files-found: error
	name: ${{ env.ARTIFACT_NAME }}
	path: ${{ env.DIST_DIR }}

	notarize-macos:
	name: Notarize ${{ matrix.artifact.name }}
	runs-on: macos-latest
	needs: create-release-artifacts

	env:
	GON_CONFIG_PATH: gon.config.hcl

	strategy:
	matrix:
	artifact:
	- name: darwin_amd64
	path: "macOS_64bit.tar.gz"
	- name: darwin_arm64
	path: "macOS_ARM64.tar.gz"

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Download artifacts
	uses: actions/download-artifact@v3
	with:
	name: ${{ env.ARTIFACT_NAME }}
	path: ${{ env.DIST_DIR }}

	- name: Import Code-Signing Certificates
	env:
	KEYCHAIN: "sign.keychain"
	INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12"
	KEYCHAIN_PASSWORD: keychainpassword # Arbitrary password for a keychain that exists only for the duration of the job, so not secret
	run: \|
	echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" \| base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}"
	security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
	security default-keychain -s "${{ env.KEYCHAIN }}"
	security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
	security import \
	"${{ env.INSTALLER_CERT_MAC_PATH }}" \
	-k "${{ env.KEYCHAIN }}" \
	-f pkcs12 \
	-A \
	-T "/usr/bin/codesign" \
	-P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}"
	security set-key-partition-list \
	-S apple-tool:,apple: \
	-s \
	-k "${{ env.KEYCHAIN_PASSWORD }}" \
	"${{ env.KEYCHAIN }}"

	- name: Install gon for code signing and app notarization
	run: \|
	wget -q https://github.com/Bearer/gon/releases/download/v0.0.27/gon_macos.zip
	unzip gon_macos.zip -d /usr/local/bin

	- name: Write gon config to file
	# gon does not allow env variables in config file (https://github.com/mitchellh/gon/issues/20)
	run: \|
	cat > "${{ env.GON_CONFIG_PATH }}" <<EOF
	# See: https://github.com/Bearer/gon#configuration-file
	source = ["dist/arduino-cli_osx_${{ matrix.artifact.name }}/arduino-cli"]
	bundle_id = "cc.arduino.arduino-cli"

	sign {
	application_identity = "Developer ID Application: ARDUINO SA (7KT7ZWMCJT)"
	}

	# Ask Gon for zip output to force notarization process to take place.
	# The CI will ignore the zip output, using the signed binary only.
	zip {
	output_path = "unused.zip"
	}
	EOF

	- name: Sign and notarize binary
	env:
	AC_USERNAME: ${{ secrets.AC_USERNAME }}
	AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
	AC_PROVIDER: ${{ secrets.AC_PROVIDER }}
	run: \|
	gon "${{ env.GON_CONFIG_PATH }}"

	- name: Re-package binary
	working-directory: ${{ env.DIST_DIR }}
	# Repackage the signed binary replaced in place by Gon (ignoring the output zip file)
	run: \|
	# GitHub's upload/download-artifact@v2 actions don't preserve file permissions,
	# so we need to add execution permission back until the action is made to do this.
	chmod +x "${{ env.PROJECT_NAME }}_osx_${{ matrix.artifact.name }}/${{ env.PROJECT_NAME }}"
	TAG=${{ needs.create-release-artifacts.outputs.version }}
	PACKAGE_FILENAME="${{ env.PROJECT_NAME }}_${TAG}_${{ matrix.artifact.path }}"
	tar -czvf "$PACKAGE_FILENAME" \
	-C "${{ env.PROJECT_NAME }}_osx_${{ matrix.artifact.name }}/" "${{ env.PROJECT_NAME }}" \
	-C ../../ LICENSE.txt
	echo "PACKAGE_FILENAME=$PACKAGE_FILENAME" >> $GITHUB_ENV

	- name: Upload artifact
	uses: actions/upload-artifact@v3
	with:
	if-no-files-found: error
	name: ${{ env.ARTIFACT_NAME }}
	path: ${{ env.DIST_DIR }}/${{ env.PACKAGE_FILENAME }}

	create-windows-installer:
	runs-on: windows-latest
	needs: create-release-artifacts

	defaults:
	run:
	shell: bash

	env:
	INSTALLER_CERT_WINDOWS_PFX: "/tmp/cert.pfx"
	# We are hardcoding the path for signtool because is not present on the windows PATH env var by default.
	# Keep in mind that this path could change when upgrading to a new runner version
	# https://github.com/actions/runner-images/blob/main/images/win/Windows2022-Readme.md#installed-windows-sdks
	SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x86/signtool.exe"

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Download artifacts
	uses: actions/download-artifact@v3
	with:
	name: ${{ env.ARTIFACT_NAME }}
	path: ${{ env.DIST_DIR }}

	- name: Prepare PATH
	uses: microsoft/setup-msbuild@v1

	- name: Build MSI
	id: buildmsi
	run: \|
	TAG=${{ needs.create-release-artifacts.outputs.version }}
	WIX_TAG="${TAG%%-}" # removes "-rc" since wix is not happy with it, this only affects RCs builds (error CNDL0108)
	PACKAGE_FILENAME="${{ env.PROJECT_NAME }}_${TAG}_Windows_64bit"
	SOURCE_DIR="${GITHUB_WORKSPACE}/${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_windows_amd64/"
	MSBuild.exe ./installer/cli.wixproj -p:SourceDir="$SOURCE_DIR" -p:OutputPath="${GITHUB_WORKSPACE}/${{ env.DIST_DIR }}" -p:OutputName="$PACKAGE_FILENAME" -p:ProductVersion="$WIX_TAG"

	- name: Save Win signing certificate to file
	run: echo "${{ secrets.INSTALLER_CERT_WINDOWS_PFX }}" \| base64 --decode > ${{ env.INSTALLER_CERT_WINDOWS_PFX}}

	- name: Sign MSI
	env:
	MSI_FILE: ${{ steps.buildmsi.outputs.msi }} # this comes from .installer/cli.wixproj
	CERT_PASSWORD: ${{ secrets.INSTALLER_CERT_WINDOWS_PASSWORD }}
	run: \|
	"${{ env.SIGNTOOL_PATH }}" sign -d "Arduino CLI" -f ${{ env.INSTALLER_CERT_WINDOWS_PFX}} -p ${{ env.CERT_PASSWORD }} -fd sha256 -tr http://timestamp.digicert.com -td SHA256 -v "${{ env.MSI_FILE }}"

	- name: Upload artifacts
	uses: actions/upload-artifact@v3
	env:
	MSI_FILE: ${{ steps.buildmsi.outputs.msi }}
	with:
	if-no-files-found: error
	name: ${{ env.ARTIFACT_NAME }}
	path: ${{ env.MSI_FILE }}

	create-release:
	runs-on: ubuntu-latest
	needs:
	- create-release-artifacts
	- notarize-macos
	- create-windows-installer

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Download artifact
	uses: actions/download-artifact@v3
	with:
	name: ${{ env.ARTIFACT_NAME }}
	path: ${{ env.DIST_DIR }}

	- name: Install Task
	uses: arduino/setup-task@v1
	with:
	repo-token: ${{ secrets.GITHUB_TOKEN }}
	version: 3.x

	- name: Collect proto files
	run: task protoc:collect

	- name: Add configuration JSON schema
	run: task dist:jsonschema

	- name: Create checksum file
	working-directory: ${{ env.DIST_DIR }}
	run: \|
	TAG=${{ needs.create-release-artifacts.outputs.version }}
	sha256sum ${{ env.PROJECT_NAME }}_${TAG}* > ${TAG}-checksums.txt

	- name: Identify Prerelease
	# This is a workaround while waiting for create-release action
	# to implement auto pre-release based on tag
	id: prerelease
	run: \|
	wget -q -P /tmp https://github.com/fsaintjacques/semver-tool/archive/3.0.0.zip
	unzip -p /tmp/3.0.0.zip semver-tool-3.0.0/src/semver >/tmp/semver && chmod +x /tmp/semver
	if [[ "$(/tmp/semver get prerel ${{ needs.create-release-artifacts.outputs.version }} )" ]]; then echo "IS_PRE=true" >> $GITHUB_OUTPUT; fi

	- name: Create Github Release and upload artifacts
	uses: ncipollo/release-action@v1
	with:
	token: ${{ secrets.GITHUB_TOKEN }}
	bodyFile: ${{ env.DIST_DIR }}/CHANGELOG.md
	draft: false
	prerelease: ${{ steps.prerelease.outputs.IS_PRE }}
	# NOTE: "Artifact is a directory" warnings are expected and don't indicate a problem
	# (all the files we need are in the DIST_DIR root)
	artifacts: ${{ env.DIST_DIR }}/*

	- name: Upload release files on Arduino downloads servers
	uses: docker://plugins/s3
	env:
	PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*"
	PLUGIN_TARGET: ${{ env.AWS_PLUGIN_TARGET }}
	PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/"
	PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	- name: Update Homebrew formula
	if: steps.prerelease.outputs.IS_PRE != 'true'
	uses: dawidd6/action-homebrew-bump-formula@v3
	with:
	token: ${{ secrets.ARDUINOBOT_GITHUB_TOKEN }}
	formula: arduino-cli

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Added `debug check` command to check if a combination of board/progra… #70

Workflow file

Added `debug check` command to check if a combination of board/progra… #70

Jobs

Run details

Workflow file for this run

Added debug check command to check if a combination of board/progra… #70

Workflow file

Workflow file for this run

Added `debug check` command to check if a combination of board/progra… #70