Make a production release of the Go with CGO enabled, using elastic docker containers.
This is the version of the workflow for projects using the Task task runner tool.
Install the release-go-task.yml GitHub Actions workflow to .github/workflows/
Taskfile.yml- variables providing project-specific data to the build system.- Install to: repository root (or merge into the existing
Taskfile.yml).
- Install to: repository root (or merge into the existing
DistTasks.yml- general purpose tasks for making production builds of Go projects using cgo and elastic docker containers.- Install to: repository root
- Installation script and documentation
The following project-specific variables must be set in Taskfile.yml:
PROJECT_NAMECONFIGURATION_PACKAGE
CONFIGURATION_PACKAGE must be set to the golang package containing the version metadata for the project. For example for the following file: https://github.com/arduino/mdns-discovery/blob/main/version/version.go the CONFIGURATION_PACKAGE field must be set to the value: github.com/arduino/mdns-discovery/version.
The following project-specific variables must be set in release-go-task.yml:
PROJECT_NAMEAWS_PLUGIN_TARGET
We need a special IAM Role to upload files on the S3 bucket. This IAM Role is able to generate short lived credentials with push access to specific S3 subpaths. To generate a new role for a new repository kindly ask DevOps (providing the repository link and path you need files on S3).
The following repository secrets must be defined:
INSTALLER_CERT_MAC_P12- the Apple Developer ID signing certificate, exported in PKCS #12 format and then encoded into base64 as described here.INSTALLER_CERT_MAC_PASSWORD- the password used to encrypt the Apple Developer ID signing certificate during the export process.AC_USERNAME- the Apple ID username associated with the certificate.AC_PROVIDER- the App Store Connect provider via. You can use the ID of the certificate identity (e.g.,7KT7ZWMCJT) for this.AC_PASSWORD- App-specific password created for the Apple ID.DOWNLOADS_BUCKET- AWS bucket on the downloads server.
The following environment secrets must be defined under production environment:
AWS_ROLE_TO_ASSUME- AWS role to generate temporary security credentials.
Markdown badge:
[](https://github.com/TODO_REPO_OWNER/TODO_REPO_NAME/actions/workflows/release-go-task.yml)Replace the TODO_REPO_OWNER and TODO_REPO_NAME placeholders in the URLs with the final repository owner and name (example).
Asciidoc badge:
image:https://github.com/{repository-owner}/{repository-name}/actions/workflows/release-go-task.yml/badge.svg["Release status", link="https://github.com/{repository-owner}/{repository-name}/actions/workflows/release-go-task.yml"]Define the {repository-owner} and {repository-name} attributes and use them throughout the readme (example).
Add CI workflow to publish releases
On every push of a tag named with a version format:
- Build the project for all supported platforms.
- Sign and notarize the macOS builds.
- Create a GitHub release.
- Builds and checksums are attached as release assets
- A changelog generated from the commit history is added to the release description
- If the tag has a pre-release version suffix, the GitHub release will be marked as a pre-release.
- Upload the builds to Arduino's downloads server.
On every push of a tag named with a version format:
- Build the project for all supported platforms.
- Use [gon](https://github.com/Bearer/gon) to sign and notarize the macOS builds.
- Create a [GitHub release](https://docs.github.com/repositories/releasing-projects-on-github/about-releases).
- Builds and checksums are attached as release assets
- A changelog generated by [`arduino/create-changelog`](https://github.com/arduino/create-changelog) from the commit history is added to the release description
- If the tag has [a pre-release version suffix](https://semver.org/), the GitHub release will be marked as a pre-release.
- Upload the builds to Arduino's downloads server.