Generate Fleet Desktop targets for Orbit

Release fleetd 1.36.0 #310

Workflow file for this run

.github/workflows/generate-desktop-targets.yml at 36b44ae

	name: Generate Fleet Desktop targets for Orbit

	on:
	push:
	branches:
	- main
	paths:
	# The workflow can be triggered by modifying FLEET_DESKTOP_VERSION env.
	- '.github/workflows/generate-desktop-targets.yml'
	pull_request:
	paths:
	# The workflow can be triggered by modifying FLEET_DESKTOP_VERSION env.
	- '.github/workflows/generate-desktop-targets.yml'
	workflow_dispatch:

	defaults:
	run:
	# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
	shell: bash

	env:
	FLEET_DESKTOP_VERSION: 1.36.0

	permissions:
	contents: read

	jobs:
	desktop-macos:
	# Set macOS version to '13' (previously was macos-12, and it was deprecated) for
	# building the binary. This ensures compatibility with macOS version 13 and
	# later, avoiding runtime errors on systems using macOS 13 or newer.
	runs-on: macos-13
	steps:

	- name: Harden Runner
	uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3

	- name: Install Go
	uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
	with:
	go-version-file: 'go.mod'

	- name: Import signing keys
	env:
	APPLE_APPLICATION_CERTIFICATE: ${{ secrets.APPLE_APPLICATION_CERTIFICATE }}
	APPLE_APPLICATION_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_APPLICATION_CERTIFICATE_PASSWORD }}
	KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
	run: \|
	echo "$APPLE_APPLICATION_CERTIFICATE" \| base64 --decode > certificate.p12
	security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
	security default-keychain -s build.keychain
	security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
	security import certificate.p12 -k build.keychain -P $APPLE_APPLICATION_CERTIFICATE_PASSWORD -T /usr/bin/codesign
	security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
	security find-identity -vv
	rm certificate.p12

	- name: Generate desktop.app.tar.gz
	env:
	AC_USERNAME: ${{ secrets.APPLE_USERNAME }}
	AC_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
	AC_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
	CODESIGN_IDENTITY: 51049B247B25B3119FAE7E9C0CC4375A43E47237
	run: \|
	AC_USERNAME=$AC_USERNAME \
	AC_PASSWORD=$AC_PASSWORD \
	AC_TEAM_ID=$AC_TEAM_ID \
	FLEET_DESKTOP_APPLE_AUTHORITY=$CODESIGN_IDENTITY \
	FLEET_DESKTOP_NOTARIZE=true \
	FLEET_DESKTOP_VERSION=$FLEET_DESKTOP_VERSION \
	make desktop-app-tar-gz

	- name: Upload desktop.app.tar.gz
	uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # 4.3.3
	with:
	name: desktop.app.tar.gz
	path: desktop.app.tar.gz

	desktop-windows:
	runs-on: ubuntu-latest
	steps:

	- name: Harden Runner
	uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3

	- name: Install Go
	uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
	with:
	go-version-file: 'go.mod'

	- name: Generate fleet-desktop.exe
	run: \|
	FLEET_DESKTOP_VERSION=$FLEET_DESKTOP_VERSION \
	make desktop-windows

	- name: Upload fleet-desktop.exe
	uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # 4.3.3
	with:
	name: unsigned-windows
	path: fleet-desktop.exe

	code-sign-windows:
	needs: desktop-windows
	uses: ./.github/workflows/code-sign-windows.yml
	with:
	filename: fleet-desktop.exe
	upload_name: fleet-desktop.exe
	secrets:
	DIGICERT_KEYLOCKER_CERTIFICATE: ${{ secrets.DIGICERT_KEYLOCKER_CERTIFICATE }}
	DIGICERT_KEYLOCKER_PASSWORD: ${{ secrets.DIGICERT_KEYLOCKER_PASSWORD }}
	DIGICERT_KEYLOCKER_HOST_URL: ${{ secrets.DIGICERT_KEYLOCKER_HOST_URL }}
	DIGICERT_API_KEY: ${{ secrets.DIGICERT_API_KEY }}
	DIGICERT_KEYLOCKER_CERTIFICATE_FINGERPRINT: ${{ secrets.DIGICERT_KEYLOCKER_CERTIFICATE_FINGERPRINT }}

	desktop-linux:
	runs-on: ubuntu-latest
	steps:

	- name: Harden Runner
	uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3

	- name: Install Go
	uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
	with:
	go-version-file: 'go.mod'

	- name: Generate desktop.tar.gz
	run: \|
	FLEET_DESKTOP_VERSION=$FLEET_DESKTOP_VERSION \
	make desktop-linux

	- name: Upload desktop.tar.gz
	uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # 4.3.3
	with:
	name: desktop.tar.gz
	path: desktop.tar.gz

	desktop-linux-arm64:
	runs-on: ubuntu-latest
	steps:

	- name: Harden Runner
	uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3

	- name: Install Go
	uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
	with:
	go-version-file: 'go.mod'

	- name: Generate desktop.tar.gz
	run: \|
	FLEET_DESKTOP_VERSION=$FLEET_DESKTOP_VERSION \
	make desktop-linux-arm64

	- name: Upload desktop.tar.gz
	uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # 4.3.3
	with:
	name: desktop-arm64.tar.gz
	path: desktop.tar.gz

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release fleetd 1.36.0 #310

Workflow file

Release fleetd 1.36.0 #310

Jobs

Run details

Workflow file for this run