-
Notifications
You must be signed in to change notification settings - Fork 13
391 lines (337 loc) · 13 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
name: Build
on:
push:
branches:
- "*"
- "*/*"
release:
# Note that edited doesn't trigger when the prerelease flag is changed.
# You also have to change the description slightly, if you want to change a
# prerelease to a release.
types: [ published, edited ]
workflow_dispatch:
inputs:
sign_macos:
description: Sign the macOS binary
type: boolean
required: true
default: false
sign_windows:
description: Sign the Windows binary
type: boolean
required: true
default: false
jobs:
build_jag:
strategy:
matrix:
# Use macos-13, since it's still intel based.
# When changing to a different macos-version, also update the
# signing job below.
container: [ ubuntu-latest, ubuntu-20.04, macos-13, windows-latest ]
runs-on: ${{ matrix.container }}
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: "1.22"
- name: Build jag
shell: bash
run: |
if [[ "${{ github.event_name }}" = "release" ]]; then
export JAG_BUILD_RELEASE=1
fi
RUNNER_OS=$(echo ${{ runner.os }} | tr '[:upper:]' '[:lower:]')
if [[ $RUNNER_OS = "windows" ]]; then
make JAG_BINARY=$RUNNER_OS/jag.exe jag
else
make JAG_BINARY=$RUNNER_OS/jag jag
fi
if [[ $RUNNER_OS = "linux" ]]; then
GOOS=linux GOARCH=arm make JAG_BINARY=$RUNNER_OS-arm/jag jag
GOOS=linux GOARCH=arm64 make JAG_BINARY=$RUNNER_OS-arm64/jag jag
fi
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: jag-build-${{ matrix.container }}
path: |
build/linux/
build/linux-arm/
build/linux-arm64/
build/macos/
build/windows/
- name: Create archive Linux
if: runner.os == 'Linux'
working-directory: ./build/linux
run: |
tar -czf jag.tgz jag
- name: Create archive Linux ARM
if: runner.os == 'Linux'
working-directory: ./build/linux-arm
run: |
tar -czf jag-arm.tgz jag
- name: Create archive Linux ARM64
if: runner.os == 'Linux'
working-directory: ./build/linux-arm64
run: |
tar -czf jag-arm64.tgz jag
- name: Check version number
if: (github.event_name == 'release') && (runner.os == 'Linux')
working-directory: ./build/linux
# Check that the version numbers match.
# This is a sanity check to ensure that tools/prepare_release.sh was called.
run: |
./jag --no-analytics version | head -n1 | grep --fixed-strings "${{ github.event.release.tag_name }}"
- name: Sign Windows binary
if: runner.os == 'Windows' && (github.event_name == 'release' || inputs.sign_windows)
uses: toitlang/action-code-sign@5da128f4fb4f719c1b667867815f6c31e743b111 # v1.1.0
with:
certificate: ${{ secrets.DIGICERT_CERTIFICATE }}
api-key: ${{ secrets.DIGICERT_API_KEY }}
certificate-password: ${{ secrets.DIGICERT_PASSWORD }}
certificate-fingerprint: ${{ secrets.DIGICERT_FINGERPRINT }}
keypair-alias: ${{ vars.DIGICERT_KEYPAIR_ALIAS }}
path: build/windows/jag.exe
- name: Build Windows Zip
if: runner.os == 'Windows'
working-directory: ./build/windows
run: |
powershell Compress-Archive -Force jag.exe jag.zip
- name: Version number
if: (github.event_name == 'release') && (runner.os == 'Windows')
id: version
shell: powershell
run: |
$versionV = "${{ github.event.release.tag_name }}"
$version = $versionV.Substring(1)
echo "version=$version" >> $env:GITHUB_OUTPUT
- name: Build Windows installer
if: (github.event_name == 'release') && (runner.os == 'Windows')
shell: powershell
run: |
& tools\windows_installer\build.bat ${{ steps.version.outputs.version }} $PWD\build\windows\jag.exe $PWD\jag_installer_x64.exe
move $PWD\jag_installer_x64.exe build/windows/jag_installer_x64.exe
- name: Sign Windows installer
if: (github.event_name == 'release') && (runner.os == 'Windows')
uses: toitlang/action-code-sign@5da128f4fb4f719c1b667867815f6c31e743b111 # v1.1.0
with:
certificate: ${{ secrets.DIGICERT_CERTIFICATE }}
api-key: ${{ secrets.DIGICERT_API_KEY }}
certificate-password: ${{ secrets.DIGICERT_PASSWORD }}
certificate-fingerprint: ${{ secrets.DIGICERT_FINGERPRINT }}
keypair-alias: ${{ vars.DIGICERT_KEYPAIR_ALIAS }}
path: build/windows/jag_installer_x64.exe
- name: Prepare Windows release upload
if: (github.event_name == 'release') && (runner.os == 'Windows')
working-directory: ./build/windows
shell: bash
run: |
mkdir release
cp jag_installer_x64.exe release
cp jag_installer_x64.exe release/jag_installer.exe
# The filename 'jag_windows.zip' is used by the esp-idf installer.
# See https://github.com/espressif/idf-env/blob/681ec4a5056336e3a4573ceda3d7b27976ba3951/src/toit.rs#L18
cp jag.zip release/jag_windows.zip
- name: Upload Windows release files
if: (github.event_name == 'release') && (runner.os == 'Windows')
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: build/windows/release/*
file_glob: true
tag: ${{ github.event.release.tag_name }}
overwrite: true
- name: Download winget binary
if: (github.event_name == 'release') && (runner.os == 'Windows')
run: |
iwr https://aka.ms/wingetcreate/latest -OutFile wingetcreate.exe
- name: Update manifest
if: (github.event_name == 'release') && (runner.os == 'Windows')
run: |
.\wingetcreate.exe update Toit.Jaguar -s -v ${{ steps.version.outputs.version }} -u https://github.com/toitlang/jaguar/releases/download/${{ github.event.release.tag_name }}/jag_installer_x64.exe -t ${{ secrets.WINGET_JAGUAR_PAT }}
- name: Prepare Linux release upload
if: (github.event_name == 'release') && (matrix.container == 'ubuntu-20.04')
working-directory: ./build
shell: bash
run: |
mkdir release
cp linux/jag.tgz release/jag_linux.tgz
cp linux-arm/jag-arm.tgz release/jag_linux_arm.tgz
cp linux-arm64/jag-arm64.tgz release/jag_linux_arm64.tgz
- name: Upload Linux release files
if: (github.event_name == 'release') && (matrix.container == 'ubuntu-20.04')
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: build/release/*
file_glob: true
tag: ${{ github.event.release.tag_name }}
overwrite: true
sign_jag_macos:
runs-on: macos-latest
needs: [build_jag]
if: github.event_name == 'release' || inputs.sign_macos
steps:
- uses: actions/checkout@v4
- name: Install dependencies
run: |
set -e
brew install create-dmg
brew install zip
- uses: actions/download-artifact@v4
with:
name: jag-build-macos-13
path: build
- name: Setup binary rights
run: |
chmod +x build/macos/jag
- name: Sign and notarize
uses: toitlang/[email protected]
with:
certificate: ${{ secrets.MACOS_CERTIFICATE }}
certificate-password: ${{ secrets.MACOS_CERTIFICATE_PWD }}
username: ${{ secrets.AC_USERNAME }}
password: ${{ secrets.AC_PASSWORD }}
apple-team-id: ${{ vars.MACOS_TEAM_ID}}
app-path: build/macos/jag
- name: Create a DMG
run: |
# Use an empty directory as source so we don't accidentally add other files than the
# jag binary.
set -e
mkdir empty
create-dmg \
--volname "jag" \
--add-file jag build/macos/jag 0 0 \
build/macos/jag.dmg \
empty
- name: Sign DMG
uses: toitlang/[email protected]
with:
certificate: ${{ secrets.MACOS_CERTIFICATE }}
certificate-password: ${{ secrets.MACOS_CERTIFICATE_PWD }}
username: ${{ secrets.AC_USERNAME }}
password: ${{ secrets.AC_PASSWORD }}
apple-team-id: ${{ vars.MACOS_TEAM_ID }}
app-path: build/macos/jag.dmg
- name: Create a ZIP
run: |
zip -j build/macos/jag.zip build/macos/jag
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: jag-macos
path: build/macos/
- name: Upload jag macOS (zip)
if: github.event_name == 'release'
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: build/macos/jag.zip
tag: ${{ github.event.release.tag_name }}
asset_name: jag_macos.zip
overwrite: true
- name: Upload jag macOS (dmg)
if: github.event_name == 'release'
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: build/macos/jag.dmg
tag: ${{ github.event.release.tag_name }}
asset_name: jag.dmg
overwrite: true
build_assets:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.19
- name: Download SDK
run: |
make download-sdk
- name: Build assets
run: |
make assets
tar -czf build/assets.tar.gz -C ./build -h assets
- name: Upload assets
if: github.event_name == 'release'
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: build/assets.tar.gz
tag: ${{ github.event.release.tag_name }}
overwrite: true
file_glob: true
AUR:
name: Update AUR packages
runs-on: ubuntu-latest
needs: [build_jag]
if: github.event_name == 'release' && !github.event.release.prerelease
steps:
- uses: actions/checkout@v4
- name: Version number
id: version
shell: bash
run: |
VERSION_WITH_V="${{ github.event.release.tag_name }}"
VERSION=${VERSION_WITH_V#v}
echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Ssh
env:
AUR_SSH_KEY: ${{ secrets.AUR_SSH_KEY }}
run: |
echo "$AUR_SSH_KEY" > ${{ github.workspace }}/aur_ssh_key
chmod 600 ${{ github.workspace }}/aur_ssh_key
mkdir -p $HOME/.ssh
echo "Host aur.archlinux.org" >> $HOME/.ssh/config
echo " IdentityFile ${{ github.workspace }}/aur_ssh_key" >> $HOME/.ssh/config
echo " User aur" >> $HOME/.ssh/config
ssh-keyscan -H aur.archlinux.org > $HOME/.ssh/known_hosts
- name: Fetch AUR packages
run: |
git clone ssh://[email protected]/jaguar.git
git clone ssh://[email protected]/jaguar-bin.git
- name: Git
run: |
cd ${{ github.workspace }}/jaguar
git config user.email "[email protected]"
git config user.name "Leon Gungadin Mogensen"
cd ${{ github.workspace }}/jaguar-bin
git config user.email "[email protected]"
git config user.name "Leon Gungadin Mogensen"
- name: Update jaguar package
# We are using our own fork to work around
# https://github.com/hapakaien/archlinux-package-action/issues/32.
uses: toitlang/archlinux-package-action@main
with:
path: jaguar
pkgver: ${{ steps.version.outputs.version }}
pkgrel: 1
updpkgsums: true
srcinfo: true
# Workaround for https://github.com/hapakaien/archlinux-package-action/issues/23.
aur: true
- name: Update jaguar-bin package
uses: toitlang/archlinux-package-action@main
with:
path: jaguar-bin
pkgver: ${{ steps.version.outputs.version }}
pkgrel: 1
updpkgsums: true
srcinfo: true
- name: Upload
run: |
cat ${{ github.workspace }}/jaguar/PKGBUILD
cat ${{ github.workspace }}/jaguar/.SRCINFO
cat ${{ github.workspace }}/jaguar-bin/PKGBUILD
cat ${{ github.workspace }}/jaguar-bin/.SRCINFO
cd ${{ github.workspace }}/jaguar
git commit -am "Update to version ${{ github.event.release.tag_name }}"
git push origin master
cd ${{ github.workspace }}/jaguar-bin
git commit -am "Update to version ${{ github.event.release.tag_name }}"
git push origin master