-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CI: update workflows to use Azure Trusted Signing
Signed-off-by: Nicola Murino <[email protected]>
- Loading branch information
Showing
3 changed files
with
134 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,6 +5,10 @@ on: | |
| branches: [main] | ||
| pull_request: | ||
|
|
||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
|
|
||
| env: | ||
| GO_VERSION: '1.23' | ||
|
|
||
|
|
@@ -25,10 +29,7 @@ jobs: | |
|
|
||
| - name: Build | ||
| run: | | ||
| sudo apt-get update -q -y | ||
| sudo apt-get install -q -y osslsigncode | ||
| go install github.com/tc-hib/go-winres@latest | ||
| GIT_COMMIT=`git describe --always --dirty` | ||
| LATEST_TAG=$(git describe --tags $(git rev-list --tags --max-count=1)) | ||
| NUM_COMMITS_FROM_TAG=$(git rev-list ${LATEST_TAG}.. --count) | ||
|
|
@@ -37,40 +38,77 @@ jobs: | |
| mkdir bin | ||
| go-winres simply --arch amd64 --product-version $VERSION-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo plugin eventsearch" --product-name "SFTPGo plugin eventsearch" --copyright "AGPL-3.0" --original-filename sftpgo-plugin-eventsearch-windows-x86_64.exe --icon res/icon.ico | ||
| CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o sftpgo-plugin-eventsearch-windows-x86_64.exe | ||
| CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-eventsearch-windows-x86_64.exe | ||
| go-winres simply --arch arm64 --product-version $VERSION-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo plugin eventsearch" --product-name "SFTPGo plugin eventsearch" --copyright "AGPL-3.0" --original-filename sftpgo-plugin-eventsearch-windows-arm64.exe --icon res/icon.ico | ||
| CGO_ENABLED=0 GOOS=windows GOARCH=arm64 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o sftpgo-plugin-eventsearch-windows-arm64.exe | ||
| CGO_ENABLED=0 GOOS=windows GOARCH=arm64 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-eventsearch-windows-arm64.exe | ||
| go-winres simply --arch 386 --product-version $VERSION-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo plugin eventsearch" --product-name "SFTPGo plugin eventsearch" --copyright "AGPL-3.0" --original-filename sftpgo-plugin-eventsearch-windows-x86.exe --icon res/icon.ico | ||
| CGO_ENABLED=0 GOOS=windows GOARCH=386 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o sftpgo-plugin-eventsearch-windows-x86.exe | ||
| if [ "${{ github.event_name }}" = "pull_request" ]; then | ||
| mv sftpgo-plugin-eventsearch-windows-x86_64.exe bin/ | ||
| mv sftpgo-plugin-eventsearch-windows-arm64.exe bin/ | ||
| mv sftpgo-plugin-eventsearch-windows-x86.exe bin/ | ||
| else | ||
| echo $CERT_DATA | base64 --decode > cert.pfx | ||
| osslsigncode sign -pkcs12 cert.pfx -pass $CERT_PASS -n "SFTPGo plugin eventsearch" -i "https://github.com/sftpgo/sftpgo-plugin-eventsearch" -ts "http://timestamp.sectigo.com" -h sha2 -in sftpgo-plugin-eventsearch-windows-x86_64.exe -out bin/sftpgo-plugin-eventsearch-windows-x86_64.exe | ||
| osslsigncode sign -pkcs12 cert.pfx -pass $CERT_PASS -n "SFTPGo plugin eventsearch" -i "https://github.com/sftpgo/sftpgo-plugin-eventsearch" -ts "http://timestamp.sectigo.com" -h sha2 -in sftpgo-plugin-eventsearch-windows-arm64.exe -out bin/sftpgo-plugin-eventsearch-windows-arm64.exe | ||
| osslsigncode sign -pkcs12 cert.pfx -pass $CERT_PASS -n "SFTPGo plugin eventsearch" -i "https://github.com/sftpgo/sftpgo-plugin-eventsearch" -ts "http://timestamp.sectigo.com" -h sha2 -in sftpgo-plugin-eventsearch-windows-x86.exe -out bin/sftpgo-plugin-eventsearch-windows-x86.exe | ||
| rm -f cert.pfx | ||
| fi | ||
| CGO_ENABLED=0 GOOS=windows GOARCH=386 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-eventsearch-windows-x86.exe | ||
| CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-eventsearch-linux-amd64 | ||
| CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-eventsearch-linux-arm64 | ||
| CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=7 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-eventsearch-linux-armv7 | ||
| CGO_ENABLED=0 GOOS=linux GOARCH=ppc64le go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-eventsearch-linux-ppc64le | ||
| CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-eventsearch-darwin-amd64 | ||
| CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-eventsearch-darwin-arm64 | ||
| shell: bash | ||
| env: | ||
| CERT_DATA: ${{ secrets.CERT_DATA }} | ||
| CERT_PASS: ${{ secrets.CERT_PASS }} | ||
|
|
||
| - name: Upload build artifact | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: sftpgo-plugin-eventsearch | ||
| path: bin | ||
|
|
||
| sign-windows-binaries: | ||
| name: Sign Windows binaries | ||
| if: ${{ github.event_name != 'pull_request' }} | ||
| environment: signing | ||
| needs: [build] | ||
| runs-on: windows-latest | ||
|
|
||
| steps: | ||
| - name: Download artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: sftpgo-plugin-eventsearch | ||
| path: ${{ github.workspace }}/bin | ||
|
|
||
| - name: Azure login | ||
| uses: azure/login@v2 | ||
| with: | ||
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | ||
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | ||
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
|
|
||
| - name: Sign | ||
| uses: azure/[email protected] | ||
| with: | ||
| endpoint: https://eus.codesigning.azure.net/ | ||
| trusted-signing-account-name: nicola | ||
| certificate-profile-name: SFTPGo | ||
| files: | | ||
| ${{ github.workspace }}\bin\sftpgo-plugin-eventsearch-windows-x86_64.exe | ||
| ${{ github.workspace }}\bin\sftpgo-plugin-eventsearch-windows-arm64.exe | ||
| ${{ github.workspace }}\bin\sftpgo-plugin-eventsearch-windows-x86.exe | ||
| file-digest: SHA256 | ||
| timestamp-rfc3161: http://timestamp.acs.microsoft.com | ||
| timestamp-digest: SHA256 | ||
| exclude-environment-credential: true | ||
| exclude-workload-identity-credential: true | ||
| exclude-managed-identity-credential: true | ||
| exclude-shared-token-cache-credential: true | ||
| exclude-visual-studio-credential: true | ||
| exclude-visual-studio-code-credential: true | ||
| exclude-azure-cli-credential: false | ||
| exclude-azure-powershell-credential: true | ||
| exclude-azure-developer-cli-credential: true | ||
| exclude-interactive-browser-credential: true | ||
|
|
||
| - name: Upload build artifact | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: sftpgo-plugin-eventsearch | ||
| path: bin | ||
| overwrite: true | ||
|
|
||
| test-providers: | ||
| name: Test supported providers | ||
| runs-on: ubuntu-latest | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,6 +4,10 @@ on: | |
| push: | ||
| tags: 'v*' | ||
|
|
||
| permissions: | ||
| id-token: write | ||
| contents: write | ||
|
|
||
| env: | ||
| GO_VERSION: 1.23.3 | ||
|
|
||
|
|
@@ -24,26 +28,20 @@ jobs: | |
|
|
||
| - name: Build | ||
| run: | | ||
| sudo apt-get update -q -y | ||
| sudo apt-get install -q -y osslsigncode | ||
| go install github.com/tc-hib/go-winres@latest | ||
| VERSION=${GITHUB_REF/refs\/tags\//} | ||
| GIT_COMMIT=`git describe --always --dirty` | ||
| FILE_VERSION=${VERSION:1}.0 | ||
| mkdir bin | ||
| mkdir win | ||
| go-winres simply --arch amd64 --product-version $VERSION-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo plugin eventsearch" --product-name "SFTPGo plugin eventsearch" --copyright "AGPL-3.0" --original-filename sftpgo-plugin-eventsearch-windows-x86_64.exe --icon res/icon.ico | ||
| CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o sftpgo-plugin-eventsearch-windows-x86_64.exe | ||
| CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o win/sftpgo-plugin-eventsearch-windows-x86_64.exe | ||
| go-winres simply --arch amd64 --product-version $VERSION-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo plugin eventsearch" --product-name "SFTPGo plugin eventsearch" --copyright "AGPL-3.0" --original-filename sftpgo-plugin-eventsearch-windows-arm64.exe --icon res/icon.ico | ||
| CGO_ENABLED=0 GOOS=windows GOARCH=arm64 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o sftpgo-plugin-eventsearch-windows-arm64.exe | ||
| CGO_ENABLED=0 GOOS=windows GOARCH=arm64 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o win/sftpgo-plugin-eventsearch-windows-arm64.exe | ||
| go-winres simply --arch amd64 --product-version $VERSION-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo plugin eventsearch" --product-name "SFTPGo plugin eventsearch" --copyright "AGPL-3.0" --original-filename sftpgo-plugin-eventsearch-windows-x86.exe --icon res/icon.ico | ||
| CGO_ENABLED=0 GOOS=windows GOARCH=386 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o sftpgo-plugin-eventsearch-windows-x86.exe | ||
| echo $CERT_DATA | base64 --decode > cert.pfx | ||
| osslsigncode sign -pkcs12 cert.pfx -pass $CERT_PASS -n "SFTPGo plugin eventsearch" -i "https://github.com/sftpgo/sftpgo-plugin-eventsearch" -ts "http://timestamp.sectigo.com" -h sha2 -in sftpgo-plugin-eventsearch-windows-x86_64.exe -out bin/sftpgo-plugin-eventsearch-windows-x86_64.exe | ||
| osslsigncode sign -pkcs12 cert.pfx -pass $CERT_PASS -n "SFTPGo plugin eventsearch" -i "https://github.com/sftpgo/sftpgo-plugin-eventsearch" -ts "http://timestamp.sectigo.com" -h sha2 -in sftpgo-plugin-eventsearch-windows-arm64.exe -out bin/sftpgo-plugin-eventsearch-windows-arm64.exe | ||
| osslsigncode sign -pkcs12 cert.pfx -pass $CERT_PASS -n "SFTPGo plugin eventsearch" -i "https://github.com/sftpgo/sftpgo-plugin-eventsearch" -ts "http://timestamp.sectigo.com" -h sha2 -in sftpgo-plugin-eventsearch-windows-x86.exe -out bin/sftpgo-plugin-eventsearch-windows-x86.exe | ||
| rm -f cert.pfx *.exe *.syso | ||
| CGO_ENABLED=0 GOOS=windows GOARCH=386 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o win/sftpgo-plugin-eventsearch-windows-x86.exe | ||
| CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-eventsearch-linux-amd64 | ||
| CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-eventsearch-linux-arm64 | ||
|
|
@@ -52,16 +50,20 @@ jobs: | |
| CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-eventsearch-darwin-amd64 | ||
| CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -trimpath -ldflags "-s -w -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.commitHash=`git describe --always --dirty` -X github.com/sftpgo/sftpgo-plugin-eventsearch/cmd.buildDate=`date -u +%FT%TZ`" -o bin/sftpgo-plugin-eventsearch-darwin-arm64 | ||
| shell: bash | ||
| env: | ||
| CERT_DATA: ${{ secrets.CERT_DATA }} | ||
| CERT_PASS: ${{ secrets.CERT_PASS }} | ||
|
|
||
| - name: Upload Windows artifact | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: win | ||
| path: win | ||
| retention-days: 1 | ||
|
|
||
| - name: Prepare vendored sources | ||
| run: | | ||
| VERSION=${GITHUB_REF/refs\/tags\//} | ||
| go mod vendor | ||
| echo "${VERSION}" > VERSION.txt | ||
| tar --exclude=bin -cJvf sftpgo-plugin-eventsearch_${VERSION}_src_with_deps.tar.xz * | ||
| tar --exclude=bin --exclude=win -cJvf sftpgo-plugin-eventsearch_${VERSION}_src_with_deps.tar.xz * | ||
| - name: Create release | ||
| run: | | ||
|
|
@@ -72,3 +74,61 @@ jobs: | |
| gh release view "${VERSION}" | ||
| env: | ||
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | ||
|
|
||
| release-windows-binaries: | ||
| name: Release Windows binaries | ||
| environment: signing | ||
| needs: [build] | ||
| runs-on: windows-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Download artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: win | ||
|
|
||
| - name: Azure login | ||
| uses: azure/login@v2 | ||
| with: | ||
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | ||
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | ||
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
|
|
||
| - name: Sign | ||
| uses: azure/[email protected] | ||
| with: | ||
| endpoint: https://eus.codesigning.azure.net/ | ||
| trusted-signing-account-name: nicola | ||
| certificate-profile-name: SFTPGo | ||
| files: | | ||
| ${{ github.workspace }}\sftpgo-plugin-eventsearch-windows-x86_64.exe | ||
| ${{ github.workspace }}\sftpgo-plugin-eventsearch-windows-arm64.exe | ||
| ${{ github.workspace }}\sftpgo-plugin-eventsearch-windows-x86.exe | ||
| file-digest: SHA256 | ||
| timestamp-rfc3161: http://timestamp.acs.microsoft.com | ||
| timestamp-digest: SHA256 | ||
| exclude-environment-credential: true | ||
| exclude-workload-identity-credential: true | ||
| exclude-managed-identity-credential: true | ||
| exclude-shared-token-cache-credential: true | ||
| exclude-visual-studio-credential: true | ||
| exclude-visual-studio-code-credential: true | ||
| exclude-azure-cli-credential: false | ||
| exclude-azure-powershell-credential: true | ||
| exclude-azure-developer-cli-credential: true | ||
| exclude-interactive-browser-credential: true | ||
|
|
||
| - name: Upload to release | ||
| run: | | ||
| VERSION=${GITHUB_REF/refs\/tags\//} | ||
| gh release upload "${VERSION}" sftpgo-plugin-eventsearch-windows-x86_64.exe | ||
| gh release upload "${VERSION}" sftpgo-plugin-eventsearch-windows-arm64.exe | ||
| gh release upload "${VERSION}" sftpgo-plugin-eventsearch-windows-x86.exe | ||
| gh release view "${VERSION}" | ||
| shell: bash | ||
| env: | ||
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters