Skip to content
release

Merge pull request #84 from metalsoft-io/develop #201

Sign in to view logs

Merge pull request #84 from metalsoft-io/develop

Merge pull request #84 from metalsoft-io/develop #201

Workflow file for this run

.github/workflows/release.yml at ab95fcf
name: release
on:
push:
tags:
- "v*"
jobs:
build-linux-and-darwin:
strategy:
matrix:
GOOS: [linux, darwin]
runs-on: ubuntu-latest
environment: prod
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.21
#we get the release id from the git so we can identify the files in the cache (we use the cache to merge windows and linux/darwin builds)
- shell: bash
run: |
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
#save the cache
- id: cache
uses: actions/cache@v3
with:
path: dist/${{ matrix.GOOS }}
key: ${{ matrix.GOOS }}-${{ env.sha_short }}
#build the darwin and linux here notice the split option (requires pro license of goreleaser)
-
name: Build
uses: goreleaser/goreleaser-action@v5
with:
version: latest
distribution: goreleaser-pro
args: release --clean --split
env:
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
# GitHub sets this automatically
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
GOOS: ${{ matrix.GOOS }}
build-windows:
runs-on: windows-latest
environment: prod
steps:
-
name: Checkout
uses: actions/checkout@v2.3.4
-
name: Unshallow
run: git fetch --prune --unshallow
-
name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.21
- shell: bash
run: |
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- id: cache
uses: actions/cache@v3
with:
path: dist/windows
key: windows-${{ env.sha_short }}
enableCrossOsArchive: true
-
name: Build
uses: goreleaser/goreleaser-action@v5
with:
version: latest
distribution: goreleaser-pro
args: release --clean --split
env:
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
# GitHub sets this automatically
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
GOOS: windows
-
name: Setup certificate
shell: bash
run: |
echo "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | base64 --decode > /d/Certificate_pkcs12.p12
-
name: Set signing variables
shell: bash
run: |
echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV"
echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV"
echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH
echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH
-
name: Setup SSM KSP on windows latest
shell: cmd
run: |
curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi
msiexec /i smtools-windows-x64.msi /quiet /qn
smksp_registrar.exe list
smctl.exe keypair ls
C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user
smksp_cert_sync.exe
-
name: Signing using Signtool
shell: cmd
run: |
for /f "tokens=1,2 delims=,:{} " %%A in (dist/windows/artifacts.json) do @if "%%~A"=="path" @if %%~xB==.exe signtool.exe sign /sha1 ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }} /tr http://timestamp.digicert.com /td SHA256 /fd SHA256 "%%~B"
for /f "tokens=1,2 delims=,:{} " %%A in (dist/windows/artifacts.json) do @if "%%~A"=="path" @if %%~xB==.exe signtool.exe verify /v /pa "%%~B"
release:
runs-on: ubuntu-latest
environment: prod
needs:
- build-linux-and-darwin
- build-windows
steps:
-
name: Checkout
uses: actions/checkout@v2.3.4
-
name: Unshallow
run: git fetch --prune --unshallow
- uses: actions/setup-go@v3
with:
go-version: 1.21
cache: true
# copy the cashes from prepare
- shell: bash
run: |
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- uses: actions/cache@v3
with:
path: dist/linux
key: linux-${{ env.sha_short }}
- uses: actions/cache@v3
with:
path: dist/darwin
key: darwin-${{ env.sha_short }}
- uses: actions/cache@v3
with:
path: dist/windows
key: windows-${{ env.sha_short }}
enableCrossOsArchive: true
-
name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v5.0.0
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
-
name: Create SHA256 checksums, sign them and release
uses: goreleaser/goreleaser-action@v5
with:
version: latest
distribution: goreleaser-pro
args: continue --merge
env:
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
# GitHub sets this automatically
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
GH_TOKEN_ALEX_HOMEBREW_METALSOFT: ${{ secrets.GH_TOKEN_ALEX_HOMEBREW_METALSOFT }}