From ee1961857239c22a71f2a64ae96747ef8fa21e9a Mon Sep 17 00:00:00 2001 From: rsora Date: Tue, 11 Feb 2020 16:18:24 +0100 Subject: [PATCH 1/5] Migrate release creation responsibility from goreleaser to GH actions --- .github/workflows/release.yaml | 120 +++++++++++++++++++++++++++++-- .goreleaser.yml | 124 +++++++++++++++------------------ gon.config.hcl | 10 +++ 3 files changed, 182 insertions(+), 72 deletions(-) create mode 100644 gon.config.hcl diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index cac5a20e6a5..0370ec92c7f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -6,7 +6,8 @@ on: - '[0-9].[0-9].[0-9]*' jobs: - publish-release: + + create-release-artifacts: runs-on: ubuntu-latest container: @@ -16,13 +17,120 @@ jobs: - $PWD/go:/go steps: - - name: checkout + - name: Checkout uses: actions/checkout@v1 - - name: build + - name: Build + run: goreleaser + + - name: Upload artifacts + uses: actions/upload-artifact@v1 + with: + name: dist + path: dist + + notarize-macos: + runs-on: macos-latest + needs: create-release-artifacts + + steps: + - name: Checkout + uses: actions/checkout@v1 + + - name: Download artifacts + uses: actions/download-artifact@v1 + with: + name: dist + + - name: Get the current release tag + id: get_tag + run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//} + + - name: Download Gon + run: | + wget -q https://github.com/mitchellh/gon/releases/download/v0.2.2/gon_0.2.2_macos.zip + unzip gon_0.2.2_macos.zip -d /usr/local/bin + rm -f gon_0.2.2_macos.zip + + - name: Notarize binary, re-package it and update checksum env: - GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + TAG: ${{ steps.get_tag.outputs.VERSION }} + AC_USERNAME: ${{ secrets.AC_USERNAME }} + AC_PASSWORD: ${{ secrets.AC_PASSWORD }} + # This step performs the following: + # 1. Download keychain from GH secrets and decode it from base64 + # 2. Add the keychain to the system keychains and unlock it + # 3. Call Gon to start notarization process (using AC_USERNAME and AC_PASSWORD) + # 4. Repackage the signed binary replaced in place by Gon (ignoring the output zip file) + # 5. Recalculate package checksum and replace it in the goreleaser nnnnnn-checksums.txt file + # 6. Remove the keychain from disk + run: | + echo "${{ secrets.KEYCHAIN }}" | base64 --decode > ~/Library/Keychains/apple-developer.keychain-db + security list-keychains -s ~/Library/Keychains/apple-developer.keychain-db + security unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" ~/Library/Keychains/apple-developer.keychain-db + gon gon.config.hcl + tar -czvf dist/arduino-cli_${TAG}_macOS_64bit.tar.gz \ + -C dist/arduino_cli_osx_darwin_amd64/ arduino-cli \ + -C ../../ LICENSE.txt + CLI_CHECKSUM=$(shasum -a 256 dist/arduino-cli_${TAG}_macOS_64bit.tar.gz | cut -d " " -f 1) + perl -pi -w -e "s/.*arduino-cli_${TAG}_macOS_64bit.tar.gz/${CLI_CHECKSUM} arduino-cli_${TAG}_macOS_64bit.tar.gz/g;" dist/*-checksums.txt + rm -f apple-developer.keychain-db + + - name: Upload artifacts + uses: actions/upload-artifact@v1 + with: + name: dist + path: dist + + create-release: + runs-on: ubuntu-latest + needs: notarize-macos + + steps: + - name: Checkout + uses: actions/checkout@v1 + + - name: Download artifact + uses: actions/download-artifact@v1 + with: + name: dist + + - name: Read CHANGELOG + id: changelog + run: | + body=$(cat dist/CHANGELOG.md) + body="${body//'%'/'%25'}" + body="${body//$'\n'/'%0A'}" + body="${body//$'\r'/'%0D'}" + echo $body + echo "::set-output name=BODY::$body" + + - name: Create Github Release + id: create_release + uses: actions/create-release@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ github.ref }} + release_name: ${{ github.ref }} + body: ${{ steps.changelog.outputs.BODY }} + draft: false + prerelease: false + + - name: Upload binaries to release + uses: svenstaro/upload-release-action@v1-release + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: dist/* + tag: ${{ github.ref }} + file_glob: true + + - name: Downloads upload + uses: docker://plugins/s3 + env: + PLUGIN_SOURCE: 'dist/*' + PLUGIN_TARGET: '/arduino-cli/__tmp/' + PLUGIN_STRIP_PREFIX: 'dist/' + PLUGIN_BUCKET: 'arduino-downloads-prod-beagle' AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: 'us-east-1' - run: goreleaser diff --git a/.goreleaser.yml b/.goreleaser.yml index ef70eaac986..c9dc2c48f3c 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -6,7 +6,7 @@ snapshot: name_template: '{{ .Env.PACKAGE_NAME_PREFIX }}-{{ time "20060102" }}' release: - prerelease: auto + disable: true changelog: filters: @@ -34,66 +34,66 @@ builds: ldflags: - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} - - # ARM - id: arduino_cli_arm - binary: arduino-cli - env: - - CGO_ENABLED=1 - - CC=/usr/arm-linux-gnueabi/bin/cc - goos: - - linux - goarch: - - arm - goarm: - - 6 - ldflags: - - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} - - "-extldflags '-static'" + # ARM + id: arduino_cli_arm + binary: arduino-cli + env: + - CGO_ENABLED=1 + - CC=/usr/arm-linux-gnueabi/bin/cc + goos: + - linux + goarch: + - arm + goarm: + - 6 + ldflags: + - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} + - "-extldflags '-static'" - - # ARMv7 - id: arduino_cli_armv7 - binary: arduino-cli - env: - - CGO_ENABLED=1 - - CC=/usr/arm-linux-gnueabihf/bin/cc - goos: - - linux - goarch: - - arm - goarm: - - 7 - ldflags: - - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} - - "-extldflags '-static'" + # ARMv7 + id: arduino_cli_armv7 + binary: arduino-cli + env: + - CGO_ENABLED=1 + - CC=/usr/arm-linux-gnueabihf/bin/cc + goos: + - linux + goarch: + - arm + goarm: + - 7 + ldflags: + - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} + - "-extldflags '-static'" - - # ARM64 - id: arduino_cli_arm64 - binary: arduino-cli - env: - - CGO_ENABLED=1 - - CC=/usr/aarch64-linux-gnu/bin/cc - goos: - - linux - goarch: - - arm64 - ldflags: - - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} - - "-extldflags '-static'" + # ARM64 + id: arduino_cli_arm64 + binary: arduino-cli + env: + - CGO_ENABLED=1 + - CC=/usr/aarch64-linux-gnu/bin/cc + goos: + - linux + goarch: + - arm64 + ldflags: + - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} + - "-extldflags '-static'" - - # All the other platforms - id: arduino_cli - binary: arduino-cli - env: - - CGO_ENABLED=0 - goos: - - linux - - windows - goarch: - - amd64 - - 386 - ldflags: - - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} - - "-extldflags '-static'" + # All the other platforms + id: arduino_cli + binary: arduino-cli + env: + - CGO_ENABLED=0 + goos: + - linux + - windows + goarch: + - amd64 + - 386 + ldflags: + - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} + - "-extldflags '-static'" archives: - @@ -112,11 +112,3 @@ archives: windows: Windows files: - LICENSE.txt - -blob: - - - provider: s3 - bucket: arduino-downloads-prod-beagle - ids: - - arduino_cli - folder: "{{ .ProjectName }}" diff --git a/gon.config.hcl b/gon.config.hcl new file mode 100644 index 00000000000..35196e5b34c --- /dev/null +++ b/gon.config.hcl @@ -0,0 +1,10 @@ +source = ["dist/arduino_cli_osx_darwin_amd64/arduino-cli"] +bundle_id = "cc.arduino.arduino-cli" + +sign { + application_identity = "Developer ID Application: ARDUINO SA (7KT7ZWMCJT)" +} + +zip { + output_path = "arduino-cli.zip" +} From 81ffc7032734011c7e4a9fb69d4630f94f00ce60 Mon Sep 17 00:00:00 2001 From: rsora Date: Tue, 11 Feb 2020 16:22:33 +0100 Subject: [PATCH 2/5] replace s3 pointer with secret --- .github/workflows/nightly.yaml | 2 +- .github/workflows/release.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml index 905280e3eab..09d9f133101 100644 --- a/.github/workflows/nightly.yaml +++ b/.github/workflows/nightly.yaml @@ -30,6 +30,6 @@ jobs: PLUGIN_SOURCE: 'dist/*' PLUGIN_TARGET: '/arduino-cli/nightly' PLUGIN_STRIP_PREFIX: 'dist/' - PLUGIN_BUCKET: 'arduino-downloads-prod-beagle' + PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 0370ec92c7f..7035cbf2828 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -129,8 +129,8 @@ jobs: uses: docker://plugins/s3 env: PLUGIN_SOURCE: 'dist/*' - PLUGIN_TARGET: '/arduino-cli/__tmp/' + PLUGIN_TARGET: '/arduino-cli/' PLUGIN_STRIP_PREFIX: 'dist/' - PLUGIN_BUCKET: 'arduino-downloads-prod-beagle' + PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From edbb1e7feae2b8eb23d159514587d7a81a60d2d9 Mon Sep 17 00:00:00 2001 From: rsora Date: Tue, 11 Feb 2020 16:31:10 +0100 Subject: [PATCH 3/5] Cosmetics on .goreleaser.yml --- .goreleaser.yml | 114 ++++++++++++++++++++++++------------------------ 1 file changed, 57 insertions(+), 57 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index c9dc2c48f3c..c63832d5ce7 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -34,66 +34,66 @@ builds: ldflags: - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} - - # ARM - id: arduino_cli_arm - binary: arduino-cli - env: - - CGO_ENABLED=1 - - CC=/usr/arm-linux-gnueabi/bin/cc - goos: - - linux - goarch: - - arm - goarm: - - 6 - ldflags: - - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} - - "-extldflags '-static'" + # ARM + id: arduino_cli_arm + binary: arduino-cli + env: + - CGO_ENABLED=1 + - CC=/usr/arm-linux-gnueabi/bin/cc + goos: + - linux + goarch: + - arm + goarm: + - 6 + ldflags: + - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} + - "-extldflags '-static'" - - # ARMv7 - id: arduino_cli_armv7 - binary: arduino-cli - env: - - CGO_ENABLED=1 - - CC=/usr/arm-linux-gnueabihf/bin/cc - goos: - - linux - goarch: - - arm - goarm: - - 7 - ldflags: - - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} - - "-extldflags '-static'" + # ARMv7 + id: arduino_cli_armv7 + binary: arduino-cli + env: + - CGO_ENABLED=1 + - CC=/usr/arm-linux-gnueabihf/bin/cc + goos: + - linux + goarch: + - arm + goarm: + - 7 + ldflags: + - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} + - "-extldflags '-static'" - - # ARM64 - id: arduino_cli_arm64 - binary: arduino-cli - env: - - CGO_ENABLED=1 - - CC=/usr/aarch64-linux-gnu/bin/cc - goos: - - linux - goarch: - - arm64 - ldflags: - - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} - - "-extldflags '-static'" + # ARM64 + id: arduino_cli_arm64 + binary: arduino-cli + env: + - CGO_ENABLED=1 + - CC=/usr/aarch64-linux-gnu/bin/cc + goos: + - linux + goarch: + - arm64 + ldflags: + - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} + - "-extldflags '-static'" - - # All the other platforms - id: arduino_cli - binary: arduino-cli - env: - - CGO_ENABLED=0 - goos: - - linux - - windows - goarch: - - amd64 - - 386 - ldflags: - - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} - - "-extldflags '-static'" + # All the other platforms + id: arduino_cli + binary: arduino-cli + env: + - CGO_ENABLED=0 + goos: + - linux + - windows + goarch: + - amd64 + - 386 + ldflags: + - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} + - "-extldflags '-static'" archives: - From 5cfc6837e342a44f9406f403b4e350ba85fc0702 Mon Sep 17 00:00:00 2001 From: rsora Date: Tue, 11 Feb 2020 16:34:27 +0100 Subject: [PATCH 4/5] Cosmetics on .goreleaser.yml again --- .goreleaser.yml | 54 ++++++++++++++++++++++++------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index c63832d5ce7..e02897be7a6 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -38,62 +38,62 @@ builds: id: arduino_cli_arm binary: arduino-cli env: - - CGO_ENABLED=1 - - CC=/usr/arm-linux-gnueabi/bin/cc + - CGO_ENABLED=1 + - CC=/usr/arm-linux-gnueabi/bin/cc goos: - - linux + - linux goarch: - - arm + - arm goarm: - - 6 + - 6 ldflags: - - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} - - "-extldflags '-static'" + - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} + - "-extldflags '-static'" - # ARMv7 id: arduino_cli_armv7 binary: arduino-cli env: - - CGO_ENABLED=1 - - CC=/usr/arm-linux-gnueabihf/bin/cc + - CGO_ENABLED=1 + - CC=/usr/arm-linux-gnueabihf/bin/cc goos: - - linux + - linux goarch: - - arm + - arm goarm: - - 7 + - 7 ldflags: - - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} - - "-extldflags '-static'" + - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} + - "-extldflags '-static'" - # ARM64 id: arduino_cli_arm64 binary: arduino-cli env: - - CGO_ENABLED=1 - - CC=/usr/aarch64-linux-gnu/bin/cc + - CGO_ENABLED=1 + - CC=/usr/aarch64-linux-gnu/bin/cc goos: - - linux + - linux goarch: - - arm64 + - arm64 ldflags: - - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} - - "-extldflags '-static'" + - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} + - "-extldflags '-static'" - # All the other platforms id: arduino_cli binary: arduino-cli env: - - CGO_ENABLED=0 + - CGO_ENABLED=0 goos: - - linux - - windows + - linux + - windows goarch: - - amd64 - - 386 + - amd64 + - 386 ldflags: - - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} - - "-extldflags '-static'" + - -s -w -X github.com/arduino/arduino-cli/version.versionString={{.Tag}} -X github.com/arduino/arduino-cli/version.commit={{ .ShortCommit }} + - "-extldflags '-static'" archives: - From a7ea63a29483d0efa4403384024fd1506d3fcd29 Mon Sep 17 00:00:00 2001 From: rsora Date: Wed, 12 Feb 2020 10:07:27 +0100 Subject: [PATCH 5/5] Cleanup and cosmetics --- .github/workflows/release.yaml | 8 +++----- gon.config.hcl | 4 ---- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7035cbf2828..d2e4757209e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -61,9 +61,8 @@ jobs: # 1. Download keychain from GH secrets and decode it from base64 # 2. Add the keychain to the system keychains and unlock it # 3. Call Gon to start notarization process (using AC_USERNAME and AC_PASSWORD) - # 4. Repackage the signed binary replaced in place by Gon (ignoring the output zip file) + # 4. Repackage the signed binary replaced in place by Gon # 5. Recalculate package checksum and replace it in the goreleaser nnnnnn-checksums.txt file - # 6. Remove the keychain from disk run: | echo "${{ secrets.KEYCHAIN }}" | base64 --decode > ~/Library/Keychains/apple-developer.keychain-db security list-keychains -s ~/Library/Keychains/apple-developer.keychain-db @@ -74,7 +73,6 @@ jobs: -C ../../ LICENSE.txt CLI_CHECKSUM=$(shasum -a 256 dist/arduino-cli_${TAG}_macOS_64bit.tar.gz | cut -d " " -f 1) perl -pi -w -e "s/.*arduino-cli_${TAG}_macOS_64bit.tar.gz/${CLI_CHECKSUM} arduino-cli_${TAG}_macOS_64bit.tar.gz/g;" dist/*-checksums.txt - rm -f apple-developer.keychain-db - name: Upload artifacts uses: actions/upload-artifact@v1 @@ -117,7 +115,7 @@ jobs: draft: false prerelease: false - - name: Upload binaries to release + - name: Upload release files on Github uses: svenstaro/upload-release-action@v1-release with: repo_token: ${{ secrets.GITHUB_TOKEN }} @@ -125,7 +123,7 @@ jobs: tag: ${{ github.ref }} file_glob: true - - name: Downloads upload + - name: Upload release files on Arduino downloads servers uses: docker://plugins/s3 env: PLUGIN_SOURCE: 'dist/*' diff --git a/gon.config.hcl b/gon.config.hcl index 35196e5b34c..41a6cadb604 100644 --- a/gon.config.hcl +++ b/gon.config.hcl @@ -4,7 +4,3 @@ bundle_id = "cc.arduino.arduino-cli" sign { application_identity = "Developer ID Application: ARDUINO SA (7KT7ZWMCJT)" } - -zip { - output_path = "arduino-cli.zip" -}