Skip to content

Merge pull request #534 from ptarmiganlabs/release-please--branches--… #175

Merge pull request #534 from ptarmiganlabs/release-please--branches--…

Merge pull request #534 from ptarmiganlabs/release-please--branches--… #175

name: release-please
on:
workflow_dispatch:
push:
branches:
- master
jobs:
release-please:
runs-on: ubuntu-latest
outputs:
release_created: ${{ steps.release.outputs.release_created }}
release_tag_name: ${{ steps.release.outputs.tag_name }}
release_upload_url: ${{ steps.release.outputs.upload_url }}
env:
GITHUB_REF: ${{ github.ref }}
GITHUB_TOKEN: ${{ secrets.PAT }}
DIST_FILE_NAME: butler-sos
steps:
- name: Show github.ref
run: echo "$GITHUB_REF"
- uses: google-github-actions/release-please-action@v3
id: release
if: github.repository_owner == 'ptarmiganlabs'
with:
command: manifest
# release-type: node
# package-name: butler-sos
# changelog-types: '[{"type":"feat","section":"Features","hidden":false},{"type":"fix","section":"Bug Fixes","hidden":false},{"type":"chore","section":"Miscellaneous","hidden":false},{"type":"refactor","section":"Refactoring","hidden":false},{"type":"docs","section":"Documentation","hidden":false}]'
# default-branch: master
# monorepo-tags: false
# fork: false
# clean: true
- name: Show output from Release-Please
if: always()
env:
RELEASE_PLEASE_OUTPUT: ${{ toJSON(steps.release.outputs) }}
run: echo "$RELEASE_PLEASE_OUTPUT"
- name: Show output from Release-Please
if: ${{ steps.release.outputs.release_created }}
run: |
echo "releases_created: ${{ steps.release.outputs.releases_created }}"
echo "release_created : ${{ steps.release.outputs.release_created }}"
echo "draft : ${{ steps.release.outputs.draft }}"
echo "path : ${{ steps.release.outputs.path }}"
echo "upload_url : ${{ steps.release.outputs.upload_url }}"
echo "html_url : ${{ steps.release.outputs.html_url }}"
echo "tag_name : ${{ steps.release.outputs.tag_name }}"
echo "major : ${{ steps.release.outputs.major }}"
echo "minor : ${{ steps.release.outputs.minor }}"
echo "patch : ${{ steps.release.outputs.patch }}"
echo "sha : ${{ steps.release.outputs.sha }}"
echo "pr : ${{ steps.release.outputs.pr }}"
- name: Checkout repository
if: github.repository_owner == 'ptarmiganlabs'
uses: actions/checkout@v3
- name: Install dependencies
run: |
pwd
ls -la
npm install
- name: Run Snyk to check for vulnerabilities
if: github.repository_owner == 'ptarmiganlabs'
uses: snyk/actions/node@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --file=./package.json --sarif-file-output=./snyk.sarif
# command: monitor
- name: Upload Snyk result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ./snyk.sarif
- name: Install tool for creating stand-alone executables
if: ${{ steps.release.outputs.release_created }}
run: |
npm install -g pkg
npm i -g @vercel/ncc
- name: Package stand-alone binaries
if: ${{ steps.release.outputs.release_created }}
# mkdir release/alpine
# pkg --output release/alpine/${DIST_FILE_NAME} -t node16-alpine-x64 index.js
run: |
pwd
ls -la
mkdir build
mkdir build/linux
mkdir build/macos
mkdir build/win
ncc build -o build/lib -e enigma.js ./src/bundle.js
pkg --config package.json --output build/macos/${DIST_FILE_NAME} -t node16-macos-x64 ./build/lib/index.js --compress GZip
pkg --config package.json --output build/win/${DIST_FILE_NAME}.exe -t node16-win-x64 ./build/lib/index.js --compress GZip
pkg --config package.json --output build/linux/${DIST_FILE_NAME} -t node16-linux-x64 ./build/lib/index.js --compress GZip
- name: Debug
if: ${{ steps.release.outputs.release_created }}
run: |
pwd
ls -la
ls -la build
ls -la build/macos
ls -la build/win
ls -la build/linux
mkdir ghaction-virustotal
# - name: Compress binaries
# if: ${{ steps.release.outputs.release_created }}
# # zip release-zip/${DIST_FILE_NAME}-alpine.zip release/alpine/${DIST_FILE_NAME}
# # zip release-zip/${DIST_FILE_NAME}-macos.zip release/macos/${DIST_FILE_NAME}
# run: |
# ls -la
# mkdir release-zip
# zip --junk-paths release-zip/${DIST_FILE_NAME}-linux.zip release/linux/${DIST_FILE_NAME}
# zip --junk-paths release-zip/${DIST_FILE_NAME}-win.zip release/win/${DIST_FILE_NAME}.exe
# - name: Debug
# if: ${{ steps.release.outputs.release_created }}
# run: |
# ls -la
# ls -la release
# ls -la release/macos
- name: VirusTotal Scan
if: ${{ steps.release.outputs.release_created }}
uses: crazy-max/ghaction-virustotal@v3
with:
vt_api_key: ${{ secrets.VIRUSTOTAL_API_KEY }}
request_rate: 4
files: |
./build/macos/*
./build/win/*
./build/linux/*
- name: Debug
if: ${{ steps.release.outputs.release_created }}
run: |
ls -la ghaction-virustotal
- name: Upload macOS build artifacts
if: ${{ steps.release.outputs.release_created }}
uses: actions/upload-artifact@v3
with:
name: binaries-macos
path: build/macos/*
- name: Upload Linux build artifacts
if: ${{ steps.release.outputs.release_created }}
uses: actions/upload-artifact@v3
with:
name: binaries-linux
path: build/linux/*
- name: Upload Windows build artifacts
if: ${{ steps.release.outputs.release_created }}
uses: actions/upload-artifact@v3
with:
name: binaries-win
path: build/win/*
# - name: Upload to existing release
# if: ${{ steps.release.outputs.release_created }}
# uses: ncipollo/release-action@v1
# with:
# allowUpdates: true
# omitBodyDuringUpdate: true
# omitNameDuringUpdate: true
# # artifactContentType: application/zip
# artifactContentType: raw
# draft: true
# tag: ${{ steps.release.outputs.tag_name }}
# artifacts: release-zip/*
# token: ${{ github.token }}
release-macos:
needs: release-please
# runs-on: macos-latest
runs-on:
- self-hosted
- x64
- macos
- sp53
# timeout-minutes: 15
if: ${{ needs.release-please.outputs.release_created }}
env:
DIST_FILE_NAME: butler-sos
steps:
- name: Release tag and upload url from previous job
run: |
echo ${{ needs.release-please.outputs.release_tag_name }}
echo ${{ needs.release-please.outputs.release_upload_url }}
- name: Checkout
uses: actions/checkout@v3
- name: Setup node
uses: actions/setup-node@v3
with:
node-version: lts/*
- name: Download-Binaries
uses: actions/download-artifact@v3
with:
name: binaries-macos
path: release-macos/
- name: Make binary executable
run: |
chmod +x release-macos/${DIST_FILE_NAME}
# Needed for GitHub hosted runner
# For self-hosted runner the cert must either be installed manually, or the code below run once and then disabled.
# - name: Import Code-Signing Certificates
# uses: Apple-Actions/import-codesign-certs@v1
# with:
# # The certificates in a PKCS12 file encoded as a base64 string
# p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
# # The password used to import the PKCS12 file.
# p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
# - name: Install gon via HomeBrew for code signing and app notarization
# run: |
# brew tap mitchellh/gon
# brew install mitchellh/gon/gon
- name: Debug
run: |
ls -la
ls -la ./release-macos
- name: Sign the mac binaries with Gon
env:
AC_USERNAME: ${{ secrets.AC_USERNAME }}
AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
AC_APP_IDENTITY: ${{ secrets.AC_APP_IDENTITY }}
run: |
pwd
ls -la
gon ./release-config/gon.json
- name: Change name of zip file
run: |
pwd
ls -la
ls -la ./release-macos
mv ./release-macos/${{ env.DIST_FILE_NAME }}-macos.zip ./release-macos/${{ env.DIST_FILE_NAME }}-${{ needs.release-please.outputs.release_tag_name }}-macos.zip
- name: Debug
run: |
ls -la
ls -la ./release-macos
- name: Upload to existing release
uses: ncipollo/release-action@v1
with:
allowUpdates: true
omitBodyDuringUpdate: true
omitNameDuringUpdate: true
artifactContentType: raw
# artifactContentType: application/zip
draft: true
tag: ${{ needs.release-please.outputs.release_tag_name }}
artifacts: ./release-macos/${{ env.DIST_FILE_NAME }}-${{ needs.release-please.outputs.release_tag_name }}-macos.zip
token: ${{ github.token }}
- name: Tidy up before existing
run: |
rm -r release-macos
release-linux:
needs: release-please
runs-on: ubuntu-latest
# timeout-minutes: 15
if: ${{ needs.release-please.outputs.release_created }}
env:
DIST_FILE_NAME: butler-sos
steps:
- name: Release tag and upload url from previous job
run: |
echo "tag_name : ${{ needs.release-please.outputs.release_tag_name }}"
echo "upload_url : ${{ needs.release-please.outputs.release_upload_url }}"
- name: Checkout
uses: actions/checkout@v3
- name: Setup node
uses: actions/setup-node@v3
with:
node-version: lts/*
- name: Download-Binaries
uses: actions/download-artifact@v3
with:
name: binaries-linux
path: release-linux/
- name: Make binary executable
run: |
chmod +x release-linux/${DIST_FILE_NAME}
- name: Compress into zip
run: |
pwd
ls -la
ls -la ./release-linux
cd release-linux
zip -9 -r ${{ env.DIST_FILE_NAME }}-${{ needs.release-please.outputs.release_tag_name }}-linux.zip ./${{ env.DIST_FILE_NAME }}
- name: Debug
run: |
pwd
ls -la
ls -la ./release-linux
- name: Upload to existing release
uses: ncipollo/release-action@v1
with:
allowUpdates: true
omitBodyDuringUpdate: true
omitNameDuringUpdate: true
artifactContentType: raw
# artifactContentType: application/zip
draft: true
tag: ${{ needs.release-please.outputs.release_tag_name }}
artifacts: ./release-linux/${{ env.DIST_FILE_NAME }}-${{ needs.release-please.outputs.release_tag_name }}-linux.zip
token: ${{ github.token }}
- name: Tidy up before existing
run: |
pwd
rm -r release-linux
release-win64:
needs: release-please
runs-on:
- self-hosted
- x64
- windows
- sp53
# timeout-minutes: 15
if: ${{ needs.release-please.outputs.release_created }}
env:
DIST_FILE_NAME: butler-sos
steps:
- name: Release tag and upload url from previous job
run: |
Write-Output 'tag_name : ${{ needs.release-please.outputs.release_tag_name }}'
Write-Output 'upload_url : ${{ needs.release-please.outputs.release_upload_url }}'
- name: Checkout
uses: actions/checkout@v3
- name: Setup node
uses: actions/setup-node@v3
with:
node-version: lts/*
- name: Download-Binaries
uses: actions/download-artifact@v3
with:
name: binaries-win
path: release-win/
- name: Sign the executable
env:
CODESIGN_PWD: ${{ secrets.WIN_CODESIGN_PWD}}
CODESIGN_INTERMEDIATE_BASE64: ${{ secrets.WIN_CODESIGN_INTERMEDIATE_BASE64 }}
CODESIGN_BASE64: ${{ secrets.WIN_CODESIGN_BASE64}}
run: |
New-Item -ItemType directory -Path certificate
Set-Content -Path certificate\certificate.txt -Value $env:CODESIGN_BASE64
certutil -decode certificate\certificate.txt certificate\certificate.pfx
Set-Content -Path certificate\intermediate.txt -Value $env:CODESIGN_INTERMEDIATE_BASE64
certutil -decode certificate\intermediate.txt certificate\intermediate.crt
& 'C:\Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x64/signtool.exe' sign /fd SHA256 /p $env:CODESIGN_PWD /ac certificate\intermediate.crt /f certificate\certificate.pfx /tr "http://timestamp.sectigo.com/rfc3161" /td sha256 release-win/butler-sos.exe
Remove-Item -Recurse -Force certificate
- name: Install dependencies and zip into release asset
run: |
cd release-win
dir
$compress = @{
Path = "."
CompressionLevel = "Fastest"
DestinationPath = "${{ env.DIST_FILE_NAME }}-${{ needs.release-please.outputs.release_tag_name }}-win.zip"
}
Compress-Archive @compress
- name: Debug
run: |
dir
dir ./release-win
- name: Upload to existing release
uses: ncipollo/release-action@v1
with:
allowUpdates: true
omitBodyDuringUpdate: true
omitNameDuringUpdate: true
artifactContentType: raw
# artifactContentType: application/zip
draft: true
tag: ${{ needs.release-please.outputs.release_tag_name }}
artifacts: release-win/${{ env.DIST_FILE_NAME }}-${{ needs.release-please.outputs.release_tag_name }}-win.zip
token: ${{ github.token }}
- name: Tidy up before existing
run: |
dir
Remove-Item -path ./release-win -recurse