1.5.3 #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Package | |
on: | |
push: | |
branches: | |
- 'master' | |
- 'test/**' | |
paths: | |
- 'VERSION' | |
permissions: | |
contents: write | |
defaults: | |
run: | |
shell: bash | |
env: | |
RELEASE: ${{ github.run_number }} | |
SENTRY: ${{ secrets.SENTRY_DSN }} | |
CGO_ENABLED: 1 | |
ZIG_VERSION: '0.11.0' | |
ZIG_SHA256: '2d00e789fec4f71790a6e7bf83ff91d564943c5ee843c5fd966efc474b423047' | |
JSIGN_VERSION: '6.0' | |
JSIGN_SHA256: '05ca18d4ab7b8c2183289b5378d32860f0ea0f3bdab1f1b8cae5894fb225fa8a' | |
INCLUDE_WIN_ARM: 'false' | |
jobs: | |
build_windows_linux: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: Add ARM64 repository | |
run: | | |
sudo sed -i -E 's|^deb ([^ ]+) (.*)$|deb [arch=amd64] \1 \2\ndeb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports/ \2|' /etc/apt/sources.list | |
sudo dpkg --add-architecture arm64 | |
- name: Install dependencies | |
run: >- | |
sudo apt-get update && | |
sudo apt-get install -y | |
libgl-dev | |
libx11-dev | |
libxrandr-dev | |
libxxf86vm-dev | |
libxi-dev | |
libxcursor-dev | |
libxinerama-dev | |
libxkbcommon-dev | |
libgl-dev:arm64 | |
libx11-dev:arm64 | |
libxrandr-dev:arm64 | |
libxxf86vm-dev:arm64 | |
libxi-dev:arm64 | |
libxcursor-dev:arm64 | |
libxinerama-dev:arm64 | |
libxkbcommon-dev:arm64 | |
- name: Set up Go | |
uses: WillAbides/setup-go-faster@a0ff5217a7d2567ed6ff1aa2b7d8f9d58173b2c9 # v1.14.0 | |
with: | |
go-version-file: 'go.mod' | |
- name: Read version | |
run: | | |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV | |
- name: Set up Zig | |
run: | | |
PATH=/usr/local/zig:${PATH} | |
echo "PATH=${PATH}" >> $GITHUB_ENV | |
set -eux | |
url="https://ziglang.org/download/${ZIG_VERSION}/zig-linux-x86_64-${ZIG_VERSION}.tar.xz" | |
sha256="${ZIG_SHA256}" | |
curl -sSL ${url} -o zig.tar.xz | |
echo ${sha256} zig.tar.xz | sha256sum -c - | |
sudo tar -C /usr/local -Jxvf zig.tar.xz | |
sudo mv /usr/local/zig-* /usr/local/zig | |
rm zig.tar.xz | |
zig version | |
- name: Build Linux AMD64 | |
run: >- | |
env | |
GOARCH=amd64 | |
go build -trimpath | |
-ldflags="-s -w -X main.version=${VERSION} -X main.sentryDSN=${SENTRY}" | |
-o bin/pinnacle-linux-amd64 | |
. | |
- name: Build Linux ARM64 | |
run: >- | |
env | |
GOARCH=arm64 | |
CC="zig cc -target aarch64-linux-gnu -isystem /usr/include -L/usr/lib/aarch64-linux-gnu -Wl,-s" | |
CXX="zig c++ -target aarch64-linux-gnu -isystem /usr/include -L/usr/lib/aarch64-linux-gnu -Wl,-s" | |
go build -trimpath | |
-ldflags="-X main.version=${VERSION} -X main.sentryDSN=${SENTRY}" | |
-o bin/pinnacle-linux-arm64 | |
. | |
- name: Copy syso files | |
run: | | |
cp -r pkg/windows/syso/* . | |
- name: Build Windows AMD64 | |
run: >- | |
env | |
GOARCH=amd64 | |
GOOS=windows | |
CC="zig cc -target x86_64-windows-gnu -Wl,--subsystem,windows -Wl,-s" | |
CXX="zig c++ -target x86_64-windows-gnu -Wl,--subsystem,windows -Wl,-s" | |
go build -trimpath | |
-ldflags="-H=windowsgui -X main.version=${VERSION} -X main.sentryDSN=${SENTRY}" | |
-o bin/pinnacle-windows-amd64.exe | |
. | |
- name: Build Windows ARM64 | |
if: env.INCLUDE_WIN_ARM == 'true' | |
run: >- | |
env | |
GOARCH=arm64 | |
GOOS=windows | |
CC="zig cc -target aarch64-windows-gnu -isystem /usr/include -L/usr/lib/-windows-gnu -Wl,--subsystem,windows -Wl,-s" | |
CXX="zig c++ -target aarch64-windows-gnu -isystem /usr/include -L/usr/lib/aarch64-windows-gnu -Wl,--subsystem,windows -Wl,-s" | |
go build -trimpath | |
-ldflags "-H=windowsgui -X main.version=${VERSION} -X main.sentryDSN=${SENTRY}" | |
-o bin/pinnacle-windows-arm64.exe | |
. | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 | |
with: | |
credentials_json: ${{ secrets.GCP_CREDENTIALS }} | |
- name: Set up Google Cloud SDK | |
uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0 | |
- name: Download jsign | |
run: | | |
set -eux | |
url="https://github.com/ebourg/jsign/releases/download/${JSIGN_VERSION}/jsign-${JSIGN_VERSION}.jar" | |
sha256="${JSIGN_SHA256}" | |
curl -sSL ${url} -o jsign.jar | |
echo ${sha256} jsign.jar | sha256sum -c - | |
- name: Decode certificate | |
run: | | |
echo "${{ secrets.CERTFILE_BASE64 }}" | base64 --decode > pinnacle-certificate.pem | |
- name: Sign Windows AMD64 binary | |
run: >- | |
java -jar jsign.jar | |
--storetype GOOGLECLOUD | |
--storepass "$(gcloud auth print-access-token)" | |
--keystore "${{ secrets.GCP_KEYSTORE }}" | |
--alias "${{ secrets.GCP_KEY_ALIAS }}" | |
--certfile pinnacle-certificate.pem | |
--tsmode RFC3161 | |
--tsaurl http://timestamp.globalsign.com/tsa/r6advanced1 | |
bin/pinnacle-windows-amd64.exe | |
- name: Sign Windows ARM64 binary | |
if: env.INCLUDE_WIN_ARM == 'true' | |
run: >- | |
java -jar jsign.jar | |
--storetype GOOGLECLOUD | |
--storepass "$(gcloud auth print-access-token)" | |
--keystore "${{ secrets.GCP_KEYSTORE }}" | |
--alias "${{ secrets.GCP_KEY_ALIAS }}" | |
--certfile pinnacle-certificate.pem | |
--tsmode RFC3161 | |
--tsaurl http://timestamp.globalsign.com/tsa/r6advanced1 | |
bin/pinnacle-windows-arm64.exe | |
- name: Upload artifact | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: windows-linux-binaries | |
path: bin | |
retention-days: 1 | |
build_macos: | |
runs-on: macos-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: Set up Go | |
uses: WillAbides/setup-go-faster@a0ff5217a7d2567ed6ff1aa2b7d8f9d58173b2c9 # v1.14.0 | |
with: | |
go-version-file: 'go.mod' | |
- name: Read version | |
run: | | |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV | |
- name: Build AMD64 | |
run: >- | |
env | |
GOARCH=amd64 | |
GOOS=darwin | |
go build -trimpath -buildmode=pie | |
-ldflags="-s -w -X main.version=${VERSION} -X main.sentryDSN=${SENTRY}" | |
-o bin/pinnacle-darwin-amd64 | |
. | |
- name: Build ARM64 | |
run: >- | |
env | |
GOARCH=arm64 | |
GOOS=darwin | |
go build -trimpath -buildmode=pie | |
-ldflags="-s -w -X main.version=${VERSION} -X main.sentryDSN=${SENTRY}" | |
-o bin/pinnacle-darwin-arm64 | |
. | |
- name: Upload artifact | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: macos-binaries | |
path: bin | |
retention-days: 1 | |
package_windows: | |
runs-on: windows-latest | |
needs: build_windows_linux | |
steps: | |
- name: Checkout .iss files | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
sparse-checkout: | | |
pkg/windows | |
VERSION | |
- name: Download binaries | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
with: | |
name: windows-linux-binaries | |
path: bin | |
- name: Read version | |
run: | | |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV | |
- name: Prepare AMD64 ISS | |
run: | | |
AMD_ISS=pkg/windows/iss/PackagePinnacle-amd64.iss | |
sed -i "s/#define MyAppVersion \"1.0.0\"/#define MyAppVersion \"${VERSION}\"/" "$AMD_ISS" | |
echo "AMD_ISS=${AMD_ISS}" >> $GITHUB_ENV | |
- name: Prepare ARM64 ISS | |
if: env.INCLUDE_WIN_ARM == 'true' | |
run: | | |
ARM_ISS=pkg/windows/iss/PackagePinnacle-arm64.iss | |
sed -i "s/#define MyAppVersion \"1.0.0\"/#define MyAppVersion \"${VERSION}\"/" "$ARM_ISS" | |
echo "ARM_ISS=${ARM_ISS}" >> $GITHUB_ENV | |
- name: Package AMD64 with InnoSetup | |
run: | | |
iscc.exe "$AMD_ISS" | |
- name: Package ARM64 with InnoSetup | |
if: env.INCLUDE_WIN_ARM == 'true' | |
run: | | |
iscc.exe "$ARM_ISS" | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 | |
with: | |
credentials_json: ${{ secrets.GCP_CREDENTIALS }} | |
- name: Set up Google Cloud SDK | |
uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0 | |
- name: Download jsign | |
run: | | |
set -eux | |
url="https://github.com/ebourg/jsign/releases/download/${JSIGN_VERSION}/jsign-${JSIGN_VERSION}.jar" | |
sha256="${JSIGN_SHA256}" | |
curl -sSL ${url} -o jsign.jar | |
echo ${sha256} jsign.jar | sha256sum -c - | |
- name: Decode certificate | |
run: | | |
echo "${{ secrets.CERTFILE_BASE64 }}" | base64 --decode > pinnacle-certificate.pem | |
- name: Sign AMD64 installer | |
run: >- | |
java -jar jsign.jar | |
--storetype GOOGLECLOUD | |
--storepass "$(gcloud auth print-access-token)" | |
--keystore "${{ secrets.GCP_KEYSTORE }}" | |
--alias "${{ secrets.GCP_KEY_ALIAS }}" | |
--certfile pinnacle-certificate.pem | |
--tsmode RFC3161 | |
--tsaurl http://timestamp.globalsign.com/tsa/r6advanced1 | |
"build/out/AlpineClientSetup-${VERSION}-x86_64.exe" | |
- name: Sign ARM64 installer | |
if: env.INCLUDE_WIN_ARM == 'true' | |
run: >- | |
java -jar jsign.jar | |
--storetype GOOGLECLOUD | |
--storepass "$(gcloud auth print-access-token)" | |
--keystore "${{ secrets.GCP_KEYSTORE }}" | |
--alias "${{ secrets.GCP_KEY_ALIAS }}" | |
--certfile pinnacle-certificate.pem | |
--tsmode RFC3161 | |
--tsaurl http://timestamp.globalsign.com/tsa/r6advanced1 | |
"build/out/AlpineClientSetup-${VERSION}-ARM64.exe" | |
- name: Upload artifact | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: windows-installers | |
path: build/out | |
retention-days: 1 | |
package_linux: | |
runs-on: [ ubuntu-latest ] | |
needs: build_windows_linux | |
steps: | |
- name: Checkout pkg files | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
sparse-checkout: | | |
pkg/linux | |
VERSION | |
- name: Download binaries | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
with: | |
name: windows-linux-binaries | |
path: bin | |
- name: Install dependencies | |
run: >- | |
sudo apt-get update && | |
sudo apt-get install -y | |
rpm | |
debhelper | |
devscripts | |
dpkg-dev | |
- name: Read version | |
run: | | |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV | |
- name: Prepare for packaging | |
run: | | |
# Edit version in specs/control files | |
sed -i "s/^Version:.*/Version: ${VERSION}/" pkg/linux/rpm/SPECS/pinnacle.spec | |
sed -i "s/^Release:.*/Release: ${RELEASE}/" pkg/linux/rpm/SPECS/pinnacle.spec | |
sed -i "s/^Version:.*/Version: ${VERSION}-${RELEASE}/" pkg/linux/deb/DEBIAN/control | |
# Set up rpmbuild/debbuild file tree | |
mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS} | |
mkdir -p ~/debbuild/alpine-client/{DEBIAN,usr/bin,usr/share/applications,usr/share/pixmaps} | |
# Copy resources | |
cp -r pkg/linux/rpm/* ~/rpmbuild/ | |
cp -r pkg/linux/deb/* ~/debbuild/alpine-client/ | |
# Copy binaries | |
cp bin/pinnacle-linux-amd64 ~/rpmbuild/SOURCES/ | |
cp bin/pinnacle-linux-amd64 ~/debbuild/alpine-client/usr/bin/alpine-client | |
# Make binaries executable | |
chmod +x ~/rpmbuild/SOURCES/pinnacle-linux-amd64 | |
chmod +x ~/debbuild/alpine-client/usr/bin/alpine-client | |
# Create output folder | |
mkdir -p build/out | |
- name: Package AMD64 RPM | |
run: >- | |
rpmbuild -bb | |
~/rpmbuild/SPECS/pinnacle.spec | |
--define "_rpmdir build/out" | |
--target=x86_64 | |
- name: Package AMD64 DEB | |
run: >- | |
dpkg-deb -Zgzip | |
--build ~/debbuild/alpine-client | |
"build/out/alpine-client_${VERSION}-${RELEASE}_amd64.deb" | |
- name: Swap AMD64 binary for ARM64 | |
run: | | |
# Remove amd64 binaries | |
rm -f ~/rpmbuild/SOURCES/pinnacle-darwin-amd64 | |
rm -f ~/debbuild/alpine-client/usr/bin/alpine-client | |
# Edit arch & binary name in spec/control files | |
sed -i -e 's/linux-amd64/linux-arm64/g' -e 's/x86_64/aarch64/g' ~/rpmbuild/SPECS/pinnacle.spec | |
sed -i 's/amd64/arm64/g' ~/debbuild/alpine-client/DEBIAN/control | |
# Copy arm64 binaries | |
cp bin/pinnacle-linux-arm64 ~/rpmbuild/SOURCES/ | |
cp bin/pinnacle-linux-arm64 ~/debbuild/alpine-client/usr/bin/alpine-client | |
# Make binaries executable | |
chmod +x ~/rpmbuild/SOURCES/pinnacle-linux-arm64 | |
chmod +x ~/debbuild/alpine-client/usr/bin/alpine-client | |
- name: Package ARM64 RPM | |
run: >- | |
rpmbuild -bb | |
~/rpmbuild/SPECS/pinnacle.spec | |
--define "_rpmdir build/out" | |
--target=aarch64 | |
- name: Package ARM64 DEB | |
run: >- | |
dpkg-deb -Zgzip | |
--build ~/debbuild/alpine-client | |
"build/out/alpine-client_${VERSION}-${RELEASE}_arm64.deb" | |
- name: Tidy artifact | |
run: | | |
cp -r build/out/x86_64/* build/out/ | |
rm -rf build/out/x86_64 | |
cp -r build/out/aarch64/* build/out/ | |
rm -rf build/out/aarch64 | |
- name: Upload artifact | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: linux-installers | |
path: build/out | |
retention-days: 1 | |
package_macos: | |
runs-on: macos-latest | |
needs: build_macos | |
steps: | |
- name: Checkout pkg/darwin | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
sparse-checkout: | | |
pkg/darwin | |
VERSION | |
- name: Download binaries | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
with: | |
name: macos-binaries | |
path: bin | |
- name: Read version | |
run: | | |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV | |
- name: Set up environment | |
run: | | |
# Set env variables for paths | |
APP="pkg/darwin/Alpine Client.app/Contents" | |
# Create necessary folders | |
mkdir "${APP}/MacOS" | |
mkdir -p build/out/ | |
# Replace version in Info.plist files | |
sed -i '' "s/<string>1.0.0<\/string>/<string>${VERSION}<\/string>/" "${APP}/Info.plist" | |
# Move compiled binary | |
cp bin/pinnacle-darwin-amd64 "${APP}/MacOS/pinnacle-darwin-amd64" | |
# Set permissions | |
chmod +x "${APP}/MacOS/pinnacle-darwin-amd64" | |
# Export APP env for later | |
echo "APP=${APP}" >> $GITHUB_ENV | |
- name: Package AMD64 | |
run: >- | |
pkgbuild | |
--root pkg/darwin | |
--identifier com.alpineclient.pinnacle | |
--version "${VERSION}" | |
--install-location /Applications | |
"build/out/AlpineClientSetup-${VERSION}-x86_64.pkg" | |
- name: Swap AMD64 binary for ARM64 | |
run: | | |
rm -f "${APP}/MacOS/pinnacle-darwin-amd64" | |
cp bin/pinnacle-darwin-arm64 "${APP}/MacOS/pinnacle-darwin-arm64" | |
sed -i '' 's/amd64/arm64/g' "${APP}/Info.plist" | |
chmod +x "${APP}/MacOS/pinnacle-darwin-arm64" | |
- name: Package ARM64 | |
run: >- | |
pkgbuild | |
--root pkg/darwin | |
--identifier com.alpineclient.pinnacle | |
--version "${VERSION}" | |
--install-location /Applications | |
"build/out/AlpineClientSetup-${VERSION}-ARM64.pkg" | |
- name: Upload artifact | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: macos-installers | |
path: build/out | |
retention-days: 1 | |
create_github_release: | |
needs: [ package_windows, package_linux, package_macos ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout version file | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
sparse-checkout: | | |
VERSION | |
- name: Read version | |
run: | | |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV | |
- name: Download | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
with: | |
path: all | |
- name: Reorganize artifacts | |
run: | | |
mkdir -p merged/{binaries,installers} | |
# Combine binaries | |
cp -r all/windows-linux-binaries/* merged/binaries/ | |
cp -r all/macos-binaries/* merged/binaries/ | |
# Combine installers | |
cp -r all/windows-installers/* merged/installers/ | |
cp -r all/macos-installers/* merged/installers/ | |
cp -r all/linux-installers/* merged/installers/ | |
- name: Upload | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: all-artifacts-${{ env.RELEASE }} | |
path: merged | |
compression-level: 9 | |
retention-days: 90 | |
- name: Create release | |
if: github.ref == 'refs/heads/master' | |
uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.4 | |
with: | |
tag_name: ${{ env.VERSION }} | |
name: ${{ env.VERSION }} | |
files: | | |
merged/installers/* | |
merged/binaries/* | |
fail_on_unmatched_files: true | |
prerelease: false | |
make_latest: true | |
draft: false | |
create_sentry_release: | |
needs: create_github_release | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/master' | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
with: | |
fetch-depth: 0 | |
- name: Read version | |
run: | | |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV | |
- name: Create sentry.io release | |
uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # v1.7.0 | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
SENTRY_PROJECT: pinnacle | |
with: | |
environment: production | |
version: ${{ env.VERSION }} |