diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e6ff0566..400d4f65 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -12,249 +12,15 @@ on: concurrency: group: ${{ github.workflow }} + cancel-in-progress: false jobs: - test: - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 - with: - go-version: '1.21' - - name: Test - uses: ./.github/actions/test - docker: - runs-on: ubuntu-latest - needs: [ test ] - permissions: - packages: write - contents: read - steps: - - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - uses: docker/metadata-action@v5 - name: generate tags - id: meta - with: - images: ghcr.io/${{ github.repository }} - tags: | - type=ref,event=branch - type=sha,prefix= - type=semver,pattern={{version}} - - uses: docker/build-push-action@v5 - with: - context: . - platforms: linux/amd64,linux/arm64 - push: true - tags: ${{ steps.meta.outputs.tags }} - cache-from: type=gha - cache-to: type=gha,mode=max - build-linux: - runs-on: ubuntu-latest - needs: [ test ] - strategy: - matrix: - go-arch: [amd64, arm64] - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 - with: - go-version: '1.21' - - name: Setup - run: | - sudo apt update - go generate ./... - if [ ${{ matrix.go-arch }} == "arm64" ]; then - sudo apt install -y gcc-aarch64-linux-gnu - echo "CC=aarch64-linux-gnu-gcc" >> $GITHUB_ENV - fi - - name: Build ${{ matrix.go-arch }} - env: - CGO_ENABLED: 1 - GOOS: linux - GOARCH: ${{ matrix.go-arch }} - run: | - mkdir -p release - ZIP_OUTPUT=release/hostd_${GOOS}_${GOARCH}.zip - go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/hostd - cp README.md LICENSE bin/ - zip -qj $ZIP_OUTPUT bin/* - - uses: actions/upload-artifact@v4 - with: - name: hostd_linux_${{ matrix.go-arch }} - path: release/* - build-mac: - runs-on: macos-latest - needs: [ test ] - strategy: - matrix: - go-arch: [amd64, arm64] - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 - with: - go-version: '1.21' - - name: Setup - env: - APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} - APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} - APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} - APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} - APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} - APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} - APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} - run: | - # extract apple cert - APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12 - KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db - echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH - - # extract apple key - mkdir -p ~/private_keys - APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8 - echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH - - # create temp keychain - security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - security default-keychain -s $KEYCHAIN_PATH - security set-keychain-settings -lut 21600 $KEYCHAIN_PATH - security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - - # import keychain - security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH - security find-identity -v $KEYCHAIN_PATH -p codesigning - security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH - - # generate - go generate ./... - - # resync system clock https://github.com/actions/runner/issues/2996#issuecomment-1833103110 - sudo sntp -sS time.windows.com - - name: Build ${{ matrix.go-arch }} - env: - APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} - APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} - APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} - APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} - APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} - APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} - APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} - CGO_ENABLED: 1 - GOOS: darwin - GOARCH: ${{ matrix.go-arch }} - run: | - ZIP_OUTPUT=release/hostd_${GOOS}_${GOARCH}.zip - mkdir -p release - go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/hostd - cp README.md LICENSE bin/ - /usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/hostd - ditto -ck bin $ZIP_OUTPUT - xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT - - uses: actions/upload-artifact@v4 - with: - name: hostd_darwin_${{ matrix.go-arch }} - path: release/* - build-windows: - runs-on: windows-latest - needs: [ test ] - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 - with: - go-version: '1.21' - - name: Setup - shell: bash - run: | - dotnet tool install --global AzureSignTool - go generate ./... - - name: Build amd64 - env: - CGO_ENABLED: 1 - GOOS: windows - GOARCH: amd64 - shell: bash - run: | - mkdir -p release - ZIP_OUTPUT=release/hostd_${GOOS}_${GOARCH}.zip - go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/hostd - azuresigntool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v bin/hostd.exe - cp README.md LICENSE bin/ - 7z a $ZIP_OUTPUT ./bin/* - - uses: actions/upload-artifact@v4 - with: - name: hostd_windows_amd64 - path: release/* - combine-release-assets: - runs-on: ubuntu-latest - needs: [ build-linux, build-mac, build-windows ] - steps: - - name: Merge Artifacts - uses: actions/upload-artifact/merge@v4 - with: - name: hostd - - dispatch-homebrew: # only runs on full releases - if: startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-') - needs: [ build-mac ] - runs-on: ubuntu-latest - steps: - - name: Extract Tag Name - id: get_tag - run: echo "::set-output name=tag_name::${GITHUB_REF#refs/tags/}" - - - name: Dispatch - uses: peter-evans/repository-dispatch@v3 - with: - token: ${{ secrets.PAT_REPOSITORY_DISPATCH }} - repository: siafoundation/homebrew-sia - event-type: release-tagged - client-payload: > - { - "description": "hostd: The Next-Gen Sia Host", - "tag": "${{ steps.get_tag.outputs.tag_name }}", - "project": "hostd", - "workflow_id": "${{ github.run_id }}" - } - dispatch-linux: # always runs - needs: [ build-linux ] - runs-on: ubuntu-latest - steps: - - name: Build Dispatch Payload - id: get_payload - uses: actions/github-script@v7 - with: - script: | - const isRelease = context.ref.startsWith('refs/tags/v'), - isBeta = isRelease && context.ref.includes('-beta'), - tag = isRelease ? context.ref.replace('refs/tags/', '') : 'master'; - - let component = 'nightly'; - if (isBeta) { - component = 'beta'; - } else if (isRelease) { - component = 'main'; - } - - return { - description: "hostd: The Next-Gen Sia Host", - tag: tag, - project: "hostd", - workflow_id: context.runId, - component: component - }; - - - name: Dispatch - uses: peter-evans/repository-dispatch@v3 - with: - token: ${{ secrets.PAT_REPOSITORY_DISPATCH }} - repository: siafoundation/linux - event-type: release-tagged - client-payload: ${{ steps.get_payload.outputs.result }} \ No newline at end of file + publish: + uses: SiaFoundation/workflows/.github/workflows/go-publish.yml@master + secrets: inherit + with: + linux-build-args: -tags=timetzdata -trimpath -a -ldflags '-s -w -linkmode external -extldflags "-static"' + windows-build-args: -tags=timetzdata -trimpath -a -ldflags '-s -w -linkmode external -extldflags "-static"' + macos-build-args: -tags=timetzdata -trimpath -a -ldflags '-s -w' + cgo-enabled: 1 + project: hostd