Skip to content

1.5.3

1.5.3 #1

name: Build and Package
on:
push:
branches:
- 'master'
- 'test/**'
paths:
- 'VERSION'
permissions:
contents: write
defaults:
run:
shell: bash
env:
RELEASE: ${{ github.run_number }}
SENTRY: ${{ secrets.SENTRY_DSN }}
CGO_ENABLED: 1
ZIG_VERSION: '0.11.0'
ZIG_SHA256: '2d00e789fec4f71790a6e7bf83ff91d564943c5ee843c5fd966efc474b423047'
JSIGN_VERSION: '6.0'
JSIGN_SHA256: '05ca18d4ab7b8c2183289b5378d32860f0ea0f3bdab1f1b8cae5894fb225fa8a'
INCLUDE_WIN_ARM: 'false'
jobs:
build_windows_linux:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Add ARM64 repository
run: |
sudo sed -i -E 's|^deb ([^ ]+) (.*)$|deb [arch=amd64] \1 \2\ndeb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports/ \2|' /etc/apt/sources.list
sudo dpkg --add-architecture arm64
- name: Install dependencies
run: >-
sudo apt-get update &&
sudo apt-get install -y
libgl-dev
libx11-dev
libxrandr-dev
libxxf86vm-dev
libxi-dev
libxcursor-dev
libxinerama-dev
libxkbcommon-dev
libgl-dev:arm64
libx11-dev:arm64
libxrandr-dev:arm64
libxxf86vm-dev:arm64
libxi-dev:arm64
libxcursor-dev:arm64
libxinerama-dev:arm64
libxkbcommon-dev:arm64
- name: Set up Go
uses: WillAbides/setup-go-faster@a0ff5217a7d2567ed6ff1aa2b7d8f9d58173b2c9 # v1.14.0
with:
go-version-file: 'go.mod'
- name: Read version
run: |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV
- name: Set up Zig
run: |
PATH=/usr/local/zig:${PATH}
echo "PATH=${PATH}" >> $GITHUB_ENV
set -eux
url="https://ziglang.org/download/${ZIG_VERSION}/zig-linux-x86_64-${ZIG_VERSION}.tar.xz"
sha256="${ZIG_SHA256}"
curl -sSL ${url} -o zig.tar.xz
echo ${sha256} zig.tar.xz | sha256sum -c -
sudo tar -C /usr/local -Jxvf zig.tar.xz
sudo mv /usr/local/zig-* /usr/local/zig
rm zig.tar.xz
zig version
- name: Build Linux AMD64
run: >-
env
GOARCH=amd64
go build -trimpath
-ldflags="-s -w -X main.version=${VERSION} -X main.sentryDSN=${SENTRY}"
-o bin/pinnacle-linux-amd64
.
- name: Build Linux ARM64
run: >-
env
GOARCH=arm64
CC="zig cc -target aarch64-linux-gnu -isystem /usr/include -L/usr/lib/aarch64-linux-gnu -Wl,-s"
CXX="zig c++ -target aarch64-linux-gnu -isystem /usr/include -L/usr/lib/aarch64-linux-gnu -Wl,-s"
go build -trimpath
-ldflags="-X main.version=${VERSION} -X main.sentryDSN=${SENTRY}"
-o bin/pinnacle-linux-arm64
.
- name: Copy syso files
run: |
cp -r pkg/windows/syso/* .
- name: Build Windows AMD64
run: >-
env
GOARCH=amd64
GOOS=windows
CC="zig cc -target x86_64-windows-gnu -Wl,--subsystem,windows -Wl,-s"
CXX="zig c++ -target x86_64-windows-gnu -Wl,--subsystem,windows -Wl,-s"
go build -trimpath
-ldflags="-H=windowsgui -X main.version=${VERSION} -X main.sentryDSN=${SENTRY}"
-o bin/pinnacle-windows-amd64.exe
.
- name: Build Windows ARM64
if: env.INCLUDE_WIN_ARM == 'true'
run: >-
env
GOARCH=arm64
GOOS=windows
CC="zig cc -target aarch64-windows-gnu -isystem /usr/include -L/usr/lib/-windows-gnu -Wl,--subsystem,windows -Wl,-s"
CXX="zig c++ -target aarch64-windows-gnu -isystem /usr/include -L/usr/lib/aarch64-windows-gnu -Wl,--subsystem,windows -Wl,-s"
go build -trimpath
-ldflags "-H=windowsgui -X main.version=${VERSION} -X main.sentryDSN=${SENTRY}"
-o bin/pinnacle-windows-arm64.exe
.
- name: Authenticate with Google Cloud
uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
with:
credentials_json: ${{ secrets.GCP_CREDENTIALS }}
- name: Set up Google Cloud SDK
uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0
- name: Download jsign
run: |
set -eux
url="https://github.com/ebourg/jsign/releases/download/${JSIGN_VERSION}/jsign-${JSIGN_VERSION}.jar"
sha256="${JSIGN_SHA256}"
curl -sSL ${url} -o jsign.jar
echo ${sha256} jsign.jar | sha256sum -c -
- name: Decode certificate
run: |
echo "${{ secrets.CERTFILE_BASE64 }}" | base64 --decode > pinnacle-certificate.pem
- name: Sign Windows AMD64 binary
run: >-
java -jar jsign.jar
--storetype GOOGLECLOUD
--storepass "$(gcloud auth print-access-token)"
--keystore "${{ secrets.GCP_KEYSTORE }}"
--alias "${{ secrets.GCP_KEY_ALIAS }}"
--certfile pinnacle-certificate.pem
--tsmode RFC3161
--tsaurl http://timestamp.globalsign.com/tsa/r6advanced1
bin/pinnacle-windows-amd64.exe
- name: Sign Windows ARM64 binary
if: env.INCLUDE_WIN_ARM == 'true'
run: >-
java -jar jsign.jar
--storetype GOOGLECLOUD
--storepass "$(gcloud auth print-access-token)"
--keystore "${{ secrets.GCP_KEYSTORE }}"
--alias "${{ secrets.GCP_KEY_ALIAS }}"
--certfile pinnacle-certificate.pem
--tsmode RFC3161
--tsaurl http://timestamp.globalsign.com/tsa/r6advanced1
bin/pinnacle-windows-arm64.exe
- name: Upload artifact
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: windows-linux-binaries
path: bin
retention-days: 1
build_macos:
runs-on: macos-latest
steps:
- name: Checkout code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Set up Go
uses: WillAbides/setup-go-faster@a0ff5217a7d2567ed6ff1aa2b7d8f9d58173b2c9 # v1.14.0
with:
go-version-file: 'go.mod'
- name: Read version
run: |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV
- name: Build AMD64
run: >-
env
GOARCH=amd64
GOOS=darwin
go build -trimpath -buildmode=pie
-ldflags="-s -w -X main.version=${VERSION} -X main.sentryDSN=${SENTRY}"
-o bin/pinnacle-darwin-amd64
.
- name: Build ARM64
run: >-
env
GOARCH=arm64
GOOS=darwin
go build -trimpath -buildmode=pie
-ldflags="-s -w -X main.version=${VERSION} -X main.sentryDSN=${SENTRY}"
-o bin/pinnacle-darwin-arm64
.
- name: Upload artifact
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: macos-binaries
path: bin
retention-days: 1
package_windows:
runs-on: windows-latest
needs: build_windows_linux
steps:
- name: Checkout .iss files
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
sparse-checkout: |
pkg/windows
VERSION
- name: Download binaries
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: windows-linux-binaries
path: bin
- name: Read version
run: |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV
- name: Prepare AMD64 ISS
run: |
AMD_ISS=pkg/windows/iss/PackagePinnacle-amd64.iss
sed -i "s/#define MyAppVersion \"1.0.0\"/#define MyAppVersion \"${VERSION}\"/" "$AMD_ISS"
echo "AMD_ISS=${AMD_ISS}" >> $GITHUB_ENV
- name: Prepare ARM64 ISS
if: env.INCLUDE_WIN_ARM == 'true'
run: |
ARM_ISS=pkg/windows/iss/PackagePinnacle-arm64.iss
sed -i "s/#define MyAppVersion \"1.0.0\"/#define MyAppVersion \"${VERSION}\"/" "$ARM_ISS"
echo "ARM_ISS=${ARM_ISS}" >> $GITHUB_ENV
- name: Package AMD64 with InnoSetup
run: |
iscc.exe "$AMD_ISS"
- name: Package ARM64 with InnoSetup
if: env.INCLUDE_WIN_ARM == 'true'
run: |
iscc.exe "$ARM_ISS"
- name: Authenticate with Google Cloud
uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
with:
credentials_json: ${{ secrets.GCP_CREDENTIALS }}
- name: Set up Google Cloud SDK
uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0
- name: Download jsign
run: |
set -eux
url="https://github.com/ebourg/jsign/releases/download/${JSIGN_VERSION}/jsign-${JSIGN_VERSION}.jar"
sha256="${JSIGN_SHA256}"
curl -sSL ${url} -o jsign.jar
echo ${sha256} jsign.jar | sha256sum -c -
- name: Decode certificate
run: |
echo "${{ secrets.CERTFILE_BASE64 }}" | base64 --decode > pinnacle-certificate.pem
- name: Sign AMD64 installer
run: >-
java -jar jsign.jar
--storetype GOOGLECLOUD
--storepass "$(gcloud auth print-access-token)"
--keystore "${{ secrets.GCP_KEYSTORE }}"
--alias "${{ secrets.GCP_KEY_ALIAS }}"
--certfile pinnacle-certificate.pem
--tsmode RFC3161
--tsaurl http://timestamp.globalsign.com/tsa/r6advanced1
"build/out/AlpineClientSetup-${VERSION}-x86_64.exe"
- name: Sign ARM64 installer
if: env.INCLUDE_WIN_ARM == 'true'
run: >-
java -jar jsign.jar
--storetype GOOGLECLOUD
--storepass "$(gcloud auth print-access-token)"
--keystore "${{ secrets.GCP_KEYSTORE }}"
--alias "${{ secrets.GCP_KEY_ALIAS }}"
--certfile pinnacle-certificate.pem
--tsmode RFC3161
--tsaurl http://timestamp.globalsign.com/tsa/r6advanced1
"build/out/AlpineClientSetup-${VERSION}-ARM64.exe"
- name: Upload artifact
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: windows-installers
path: build/out
retention-days: 1
package_linux:
runs-on: [ ubuntu-latest ]
needs: build_windows_linux
steps:
- name: Checkout pkg files
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
sparse-checkout: |
pkg/linux
VERSION
- name: Download binaries
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: windows-linux-binaries
path: bin
- name: Install dependencies
run: >-
sudo apt-get update &&
sudo apt-get install -y
rpm
debhelper
devscripts
dpkg-dev
- name: Read version
run: |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV
- name: Prepare for packaging
run: |
# Edit version in specs/control files
sed -i "s/^Version:.*/Version: ${VERSION}/" pkg/linux/rpm/SPECS/pinnacle.spec
sed -i "s/^Release:.*/Release: ${RELEASE}/" pkg/linux/rpm/SPECS/pinnacle.spec
sed -i "s/^Version:.*/Version: ${VERSION}-${RELEASE}/" pkg/linux/deb/DEBIAN/control
# Set up rpmbuild/debbuild file tree
mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
mkdir -p ~/debbuild/alpine-client/{DEBIAN,usr/bin,usr/share/applications,usr/share/pixmaps}
# Copy resources
cp -r pkg/linux/rpm/* ~/rpmbuild/
cp -r pkg/linux/deb/* ~/debbuild/alpine-client/
# Copy binaries
cp bin/pinnacle-linux-amd64 ~/rpmbuild/SOURCES/
cp bin/pinnacle-linux-amd64 ~/debbuild/alpine-client/usr/bin/alpine-client
# Make binaries executable
chmod +x ~/rpmbuild/SOURCES/pinnacle-linux-amd64
chmod +x ~/debbuild/alpine-client/usr/bin/alpine-client
# Create output folder
mkdir -p build/out
- name: Package AMD64 RPM
run: >-
rpmbuild -bb
~/rpmbuild/SPECS/pinnacle.spec
--define "_rpmdir build/out"
--target=x86_64
- name: Package AMD64 DEB
run: >-
dpkg-deb -Zgzip
--build ~/debbuild/alpine-client
"build/out/alpine-client_${VERSION}-${RELEASE}_amd64.deb"
- name: Swap AMD64 binary for ARM64
run: |
# Remove amd64 binaries
rm -f ~/rpmbuild/SOURCES/pinnacle-darwin-amd64
rm -f ~/debbuild/alpine-client/usr/bin/alpine-client
# Edit arch & binary name in spec/control files
sed -i -e 's/linux-amd64/linux-arm64/g' -e 's/x86_64/aarch64/g' ~/rpmbuild/SPECS/pinnacle.spec
sed -i 's/amd64/arm64/g' ~/debbuild/alpine-client/DEBIAN/control
# Copy arm64 binaries
cp bin/pinnacle-linux-arm64 ~/rpmbuild/SOURCES/
cp bin/pinnacle-linux-arm64 ~/debbuild/alpine-client/usr/bin/alpine-client
# Make binaries executable
chmod +x ~/rpmbuild/SOURCES/pinnacle-linux-arm64
chmod +x ~/debbuild/alpine-client/usr/bin/alpine-client
- name: Package ARM64 RPM
run: >-
rpmbuild -bb
~/rpmbuild/SPECS/pinnacle.spec
--define "_rpmdir build/out"
--target=aarch64
- name: Package ARM64 DEB
run: >-
dpkg-deb -Zgzip
--build ~/debbuild/alpine-client
"build/out/alpine-client_${VERSION}-${RELEASE}_arm64.deb"
- name: Tidy artifact
run: |
cp -r build/out/x86_64/* build/out/
rm -rf build/out/x86_64
cp -r build/out/aarch64/* build/out/
rm -rf build/out/aarch64
- name: Upload artifact
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: linux-installers
path: build/out
retention-days: 1
package_macos:
runs-on: macos-latest
needs: build_macos
steps:
- name: Checkout pkg/darwin
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
sparse-checkout: |
pkg/darwin
VERSION
- name: Download binaries
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: macos-binaries
path: bin
- name: Read version
run: |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV
- name: Set up environment
run: |
# Set env variables for paths
APP="pkg/darwin/Alpine Client.app/Contents"
# Create necessary folders
mkdir "${APP}/MacOS"
mkdir -p build/out/
# Replace version in Info.plist files
sed -i '' "s/<string>1.0.0<\/string>/<string>${VERSION}<\/string>/" "${APP}/Info.plist"
# Move compiled binary
cp bin/pinnacle-darwin-amd64 "${APP}/MacOS/pinnacle-darwin-amd64"
# Set permissions
chmod +x "${APP}/MacOS/pinnacle-darwin-amd64"
# Export APP env for later
echo "APP=${APP}" >> $GITHUB_ENV
- name: Package AMD64
run: >-
pkgbuild
--root pkg/darwin
--identifier com.alpineclient.pinnacle
--version "${VERSION}"
--install-location /Applications
"build/out/AlpineClientSetup-${VERSION}-x86_64.pkg"
- name: Swap AMD64 binary for ARM64
run: |
rm -f "${APP}/MacOS/pinnacle-darwin-amd64"
cp bin/pinnacle-darwin-arm64 "${APP}/MacOS/pinnacle-darwin-arm64"
sed -i '' 's/amd64/arm64/g' "${APP}/Info.plist"
chmod +x "${APP}/MacOS/pinnacle-darwin-arm64"
- name: Package ARM64
run: >-
pkgbuild
--root pkg/darwin
--identifier com.alpineclient.pinnacle
--version "${VERSION}"
--install-location /Applications
"build/out/AlpineClientSetup-${VERSION}-ARM64.pkg"
- name: Upload artifact
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: macos-installers
path: build/out
retention-days: 1
create_github_release:
needs: [ package_windows, package_linux, package_macos ]
runs-on: ubuntu-latest
steps:
- name: Checkout version file
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
sparse-checkout: |
VERSION
- name: Read version
run: |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV
- name: Download
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
path: all
- name: Reorganize artifacts
run: |
mkdir -p merged/{binaries,installers}
# Combine binaries
cp -r all/windows-linux-binaries/* merged/binaries/
cp -r all/macos-binaries/* merged/binaries/
# Combine installers
cp -r all/windows-installers/* merged/installers/
cp -r all/macos-installers/* merged/installers/
cp -r all/linux-installers/* merged/installers/
- name: Upload
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: all-artifacts-${{ env.RELEASE }}
path: merged
compression-level: 9
retention-days: 90
- name: Create release
if: github.ref == 'refs/heads/master'
uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.4
with:
tag_name: ${{ env.VERSION }}
name: ${{ env.VERSION }}
files: |
merged/installers/*
merged/binaries/*
fail_on_unmatched_files: true
prerelease: false
make_latest: true
draft: false
create_sentry_release:
needs: create_github_release
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/master'
steps:
- name: Checkout code
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
- name: Read version
run: |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV
- name: Create sentry.io release
uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # v1.7.0
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: pinnacle
with:
environment: production
version: ${{ env.VERSION }}