Storage Advisor CLI Release #22
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Storage Advisor CLI Release | |
| on: | |
| release: | |
| types: [created] | |
| permissions: | |
| contents: write | |
| packages: write | |
| jobs: | |
| releases-matrix: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| # build and publish in parallel: linux/386, linux/amd64, linux/arm64, windows/386, windows/amd64, darwin/amd64, darwin/arm64 | |
| goos: [linux, windows, darwin] | |
| goarch: ["386", amd64, arm64] | |
| exclude: | |
| - goarch: "386" | |
| goos: darwin | |
| - goarch: arm64 | |
| goos: windows | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: wangyoucao577/go-release-action@v1 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| goos: ${{ matrix.goos }} | |
| goarch: ${{ matrix.goarch }} | |
| goversion: 1.20.13 | |
| project_path: "./tools/storage-advisor/src" | |
| binary_name: "storage-advisor" | |
| - name: Find build folder | |
| id: build-folder | |
| run: echo "BUILD_ARTIFACTS_FOLDER=build-artifacts-$(date +%s)" >> "$GITHUB_OUTPUT" | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| path: tools/storage-advisor/src/${{ steps.build-folder.outputs.BUILD_ARTIFACTS_FOLDER }} | |
| notarize: | |
| needs: releases-matrix | |
| runs-on: macos-latest | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| - name: Obtain release name | |
| id: release-id | |
| run: echo "RELEASE_TAG=$(jq -r .release.tag_name ${GITHUB_EVENT_PATH})" >> "$GITHUB_OUTPUT" | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v3 | |
| # with: | |
| # pattern: storage-advisor-${{ steps.release-id.outputs.RELEASE_TAG }}-darwin-amd64.tar.gz | |
| - name: List | |
| run: ls -l | |
| - uses: dsaltares/fetch-gh-release-asset@cdaf216b2a5baa0f20eecbf460912cc9947f2577 | |
| with: | |
| version: tags/${{ steps.release-id.outputs.RELEASE_TAG }} | |
| file: storage-advisor-${{ steps.release-id.outputs.RELEASE_TAG }}-darwin-amd64.tar.gz | |
| - name: Sign | |
| env: # Or as an environment variable | |
| DEVELOPER_ID_APPLICATION_P12: ${{ secrets.DEVELOPER_ID_APPLICATION_P12 }} | |
| DEVELOPER_ID_APPLICATION_P12_PWD: ${{ secrets.DEVELOPER_ID_APPLICATION_P12_PWD }} | |
| run: | | |
| tar -xzf storage-advisor-${{ steps.release-id.outputs.RELEASE_TAG }}-darwin-amd64.tar.gz | |
| KEYCHAIN_NAME=$(LC_CTYPE=C openssl rand -base64 18 | tr -dc 'a-zA-Z' | head -c 16) | |
| KEYCHAIN_PASSWORD=$(LC_CTYPE=C openssl rand -base64 18 | tr -dc 'a-zA-Z' | head -c 16) | |
| security create-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_NAME}" | |
| security unlock-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_NAME}" | |
| curl -O https://www.apple.com/appleca/AppleIncRootCertificate.cer | |
| security import AppleIncRootCertificate.cer -t cert -k "${KEYCHAIN_NAME}" -T /usr/bin/codesign -T /usr/bin/xcodebuild | |
| curl -O https://www.apple.com/certificateauthority/DeveloperIDCA.cer | |
| security import DeveloperIDCA.cer -t cert -k "${KEYCHAIN_NAME}" -T /usr/bin/codesign -T /usr/bin/xcodebuild | |
| rm AppleIncRootCertificate.cer DeveloperIDCA.cer | |
| echo "$DEVELOPER_ID_APPLICATION_P12" | base64 -d > signing_cert.p12 | |
| security import signing_cert.p12 -P "$DEVELOPER_ID_APPLICATION_P12_PWD" -k "${KEYCHAIN_NAME}" -T /usr/bin/codesign -T /usr/bin/xcodebuild | |
| rm signing_cer | |
| security set-keychain-settings $KEYCHAIN_NAME | |
| security set-key-partition-list -S apple-tool:,apple: -s -k "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_N | |
| # we need to add our new keychain to user search list to use the certificate | |
| keychainNames=(); | |
| for keychain in $(security list-keychains -d user) | |
| do | |
| basename=$(basename "$keychain") | |
| keychainName=${basename::${#basename}-4} | |
| keychainNames+=("$keychainName") | |
| done | |
| security -v list-keychains -s "${keychainNames[@]}" $KEYCHAIN_NAME | |
| codesign -s 98A9FF12B0FCCCEEDE752C824A2A7E189B5AEEAE -o runtime -v storage-advisor | |
| security -v delete-keychain $KEYCHAIN_NAME | |