re-vendor for flatpak #116
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Package | |
on: | |
push: | |
branches: | |
- 'ncgo' | |
paths: | |
- 'VERSION' | |
permissions: | |
contents: write | |
defaults: | |
run: | |
shell: bash | |
env: | |
RELEASE: ${{ github.run_number }} | |
CGO_ENABLED: 0 | |
JSIGN_VERSION: '6.0' | |
JSIGN_SHA256: '05ca18d4ab7b8c2183289b5378d32860f0ea0f3bdab1f1b8cae5894fb225fa8a' | |
INCLUDE_ALL_ARM: 'false' # if set to false, only build ARM for darwin | |
jobs: | |
build_windows: | |
runs-on: windows-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up Go | |
uses: WillAbides/setup-go-faster@a0ff5217a7d2567ed6ff1aa2b7d8f9d58173b2c9 # v1.14.0 | |
with: | |
go-version-file: 'go.mod' | |
- name: Read version | |
run: | | |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV | |
- name: Copy syso files | |
run: | | |
cp -r pkg/windows/syso/* . | |
- name: Build AMD64 | |
run: >- | |
go build | |
-trimpath -p 4 | |
-ldflags="-H=windowsgui -s -w -X main.version=${VERSION}" | |
-o bin/pinnacle-windows-amd64.exe | |
. | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 | |
with: | |
credentials_json: ${{ secrets.GCP_CREDENTIALS }} | |
- name: Set up Google Cloud SDK | |
uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0 | |
- name: Download jsign | |
run: | | |
set -eux | |
url="https://github.com/ebourg/jsign/releases/download/${JSIGN_VERSION}/jsign-${JSIGN_VERSION}.jar" | |
sha256="${JSIGN_SHA256}" | |
curl -sSL ${url} -o jsign.jar | |
echo ${sha256} jsign.jar | sha256sum -c - | |
- name: Decode certificate | |
run: | | |
echo "${{ secrets.CERTFILE_BASE64 }}" | base64 --decode > pinnacle-certificate.pem | |
- name: Sign AMD64 binary | |
run: >- | |
java -jar jsign.jar | |
--storetype GOOGLECLOUD | |
--storepass "$(gcloud auth print-access-token)" | |
--keystore "${{ secrets.GCP_KEYSTORE }}" | |
--alias "${{ secrets.GCP_KEY_ALIAS }}" | |
--certfile pinnacle-certificate.pem | |
--tsmode RFC3161 | |
--tsaurl http://timestamp.globalsign.com/tsa/r6advanced1 | |
bin/pinnacle-windows-amd64.exe | |
- name: Upload artifact | |
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 | |
with: | |
name: windows-binaries | |
path: bin | |
retention-days: 1 | |
if-no-files-found: error | |
build_linux: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up Go | |
uses: WillAbides/setup-go-faster@a0ff5217a7d2567ed6ff1aa2b7d8f9d58173b2c9 # v1.14.0 | |
with: | |
go-version-file: 'go.mod' | |
- name: Read version | |
run: | | |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV | |
- name: Build Linux AMD64 | |
run: >- | |
env | |
CGO_ENABLED=0 | |
GOARCH=amd64 | |
go build -trimpath -p 4 | |
-ldflags="-s -w -X main.version=${VERSION}" | |
-o bin/pinnacle-linux-amd64 | |
. | |
- name: Build ARM64 | |
if: env.INCLUDE_ALL_ARM == 'true' | |
run: >- | |
env | |
GOARCH=arm64 | |
CC="zig cc -target aarch64-linux-gnu -isystem /usr/include -L/usr/lib/aarch64-linux-gnu -Wl,-s" | |
CXX="zig c++ -target aarch64-linux-gnu -isystem /usr/include -L/usr/lib/aarch64-linux-gnu -Wl,-s" | |
go build -trimpath -p 4 | |
-ldflags="-X main.version=${VERSION}" | |
-o bin/pinnacle-linux-arm64 | |
. | |
# | |
# - name: Copy syso files | |
# run: | | |
# cp -r pkg/windows/syso/* . | |
# | |
# - name: Build Windows AMD64 | |
# run: >- | |
# env | |
# GOARCH=amd64 | |
# GOOS=windows | |
# CC="zig cc -target x86_64-windows-gnu -Wl,--subsystem,windows -Wl,-s" | |
# CXX="zig c++ -target x86_64-windows-gnu -Wl,--subsystem,windows -Wl,-s" | |
# go build -trimpath -buildmode=exe | |
# -ldflags="-H=windowsgui -X main.version=${VERSION}" | |
# -v | |
# -p 4 | |
# -o bin/pinnacle-windows-amd64.exe | |
# . | |
# | |
# - name: Build Windows ARM64 | |
# if: env.INCLUDE_ALL_ARM == 'true' | |
# run: >- | |
# env | |
# GOARCH=arm64 | |
# GOOS=windows | |
# CC="zig cc -target aarch64-windows-gnu -isystem /usr/include -L/usr/lib/-windows-gnu -Wl,--subsystem,windows -Wl,-s" | |
# CXX="zig c++ -target aarch64-windows-gnu -isystem /usr/include -L/usr/lib/aarch64-windows-gnu -Wl,--subsystem,windows -Wl,-s" | |
# go build -trimpath | |
# -ldflags "-H=windowsgui -X main.version=${VERSION}" | |
# -p 4 | |
# -o bin/pinnacle-windows-arm64.exe | |
# . | |
# | |
# - name: Authenticate with Google Cloud | |
# uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 | |
# with: | |
# credentials_json: ${{ secrets.GCP_CREDENTIALS }} | |
# | |
# - name: Set up Google Cloud SDK | |
# uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0 | |
# | |
# - name: Download jsign | |
# run: | | |
# set -eux | |
# url="https://github.com/ebourg/jsign/releases/download/${JSIGN_VERSION}/jsign-${JSIGN_VERSION}.jar" | |
# sha256="${JSIGN_SHA256}" | |
# curl -sSL ${url} -o jsign.jar | |
# echo ${sha256} jsign.jar | sha256sum -c - | |
# | |
# - name: Decode certificate | |
# run: | | |
# echo "${{ secrets.CERTFILE_BASE64 }}" | base64 --decode > pinnacle-certificate.pem | |
# | |
# - name: Sign Windows AMD64 binary | |
# run: >- | |
# java -jar jsign.jar | |
# --storetype GOOGLECLOUD | |
# --storepass "$(gcloud auth print-access-token)" | |
# --keystore "${{ secrets.GCP_KEYSTORE }}" | |
# --alias "${{ secrets.GCP_KEY_ALIAS }}" | |
# --certfile pinnacle-certificate.pem | |
# --tsmode RFC3161 | |
# --tsaurl http://timestamp.globalsign.com/tsa/r6advanced1 | |
# bin/pinnacle-windows-amd64.exe | |
# | |
# - name: Sign Windows ARM64 binary | |
# if: env.INCLUDE_ALL_ARM == 'true' | |
# run: >- | |
# java -jar jsign.jar | |
# --storetype GOOGLECLOUD | |
# --storepass "$(gcloud auth print-access-token)" | |
# --keystore "${{ secrets.GCP_KEYSTORE }}" | |
# --alias "${{ secrets.GCP_KEY_ALIAS }}" | |
# --certfile pinnacle-certificate.pem | |
# --tsmode RFC3161 | |
# --tsaurl http://timestamp.globalsign.com/tsa/r6advanced1 | |
# bin/pinnacle-windows-arm64.exe | |
- name: Upload artifact | |
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 | |
with: | |
name: linux-binaries | |
path: bin | |
retention-days: 1 | |
if-no-files-found: error | |
build_macos: | |
runs-on: macos-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Set up Go | |
uses: WillAbides/setup-go-faster@a0ff5217a7d2567ed6ff1aa2b7d8f9d58173b2c9 # v1.14.0 | |
with: | |
go-version-file: 'go.mod' | |
- name: Read version | |
run: | | |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV | |
- name: Build AMD64 | |
run: >- | |
env | |
GOARCH=amd64 | |
GOOS=darwin | |
CGO_ENABLED=0 | |
go build -trimpath -buildmode=pie -p 3 | |
-ldflags="-s -w -X main.version=${VERSION}" | |
-o bin/pinnacle-darwin-amd64 | |
. | |
- name: Build ARM64 | |
run: >- | |
env | |
GOARCH=arm64 | |
GOOS=darwin | |
CGO_ENABLED=0 | |
go build -trimpath -buildmode=pie -p 3 | |
-ldflags="-s -w -X main.version=${VERSION}" | |
-o bin/pinnacle-darwin-arm64 | |
. | |
- name: Upload artifact | |
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 | |
with: | |
name: macos-binaries | |
path: bin | |
retention-days: 1 | |
if-no-files-found: error | |
package_windows: | |
runs-on: windows-latest | |
needs: [ build_windows ] | |
steps: | |
- name: Checkout .iss files | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
sparse-checkout: | | |
pkg/windows | |
VERSION | |
- name: Download binaries | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: windows-binaries | |
path: bin | |
- name: Read version | |
run: | | |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV | |
- name: Package AMD64 with InnoSetup | |
run: | | |
AMD_ISS=pkg/windows/iss/PackagePinnacle-amd64.iss | |
sed -i "s/#define MyAppVersion \"1.0.0\"/#define MyAppVersion \"${VERSION}\"/" "$AMD_ISS" | |
iscc.exe "$AMD_ISS" | |
- name: Authenticate with Google Cloud | |
uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 | |
with: | |
credentials_json: ${{ secrets.GCP_CREDENTIALS }} | |
- name: Set up Google Cloud SDK | |
uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0 | |
- name: Download jsign | |
run: | | |
set -eux | |
url="https://github.com/ebourg/jsign/releases/download/${JSIGN_VERSION}/jsign-${JSIGN_VERSION}.jar" | |
sha256="${JSIGN_SHA256}" | |
curl -sSL ${url} -o jsign.jar | |
echo ${sha256} jsign.jar | sha256sum -c - | |
- name: Decode certificate | |
run: | | |
echo "${{ secrets.CERTFILE_BASE64 }}" | base64 --decode > pinnacle-certificate.pem | |
- name: Sign AMD64 installer | |
run: >- | |
java -jar jsign.jar | |
--storetype GOOGLECLOUD | |
--storepass "$(gcloud auth print-access-token)" | |
--keystore "${{ secrets.GCP_KEYSTORE }}" | |
--alias "${{ secrets.GCP_KEY_ALIAS }}" | |
--certfile pinnacle-certificate.pem | |
--tsmode RFC3161 | |
--tsaurl http://timestamp.globalsign.com/tsa/r6advanced1 | |
"build/out/AlpineClientSetup-${VERSION}-x86_64.exe" | |
- name: Upload artifact | |
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 | |
with: | |
name: windows-installers | |
path: build/out | |
retention-days: 1 | |
if-no-files-found: error | |
package_linux: | |
runs-on: ubuntu-latest | |
needs: [ build_linux ] | |
steps: | |
- name: Checkout pkg files | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
sparse-checkout: | | |
pkg/linux | |
VERSION | |
- name: Download binaries | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: linux-binaries | |
path: bin | |
- name: Install dependencies | |
run: >- | |
sudo apt-get update && | |
sudo apt-get install -y | |
rpm | |
debhelper | |
devscripts | |
dpkg-dev | |
- name: Read version | |
run: | | |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV | |
- name: Prepare for packaging | |
run: | | |
# Edit version in spec/control files | |
sed -i "s/^Version:.*/Version: ${VERSION}/" pkg/linux/rpm/SPECS/pinnacle.spec | |
sed -i "s/^Release:.*/Release: ${RELEASE}/" pkg/linux/rpm/SPECS/pinnacle.spec | |
sed -i "s/^Version:.*/Version: ${VERSION}-${RELEASE}/" pkg/linux/deb/DEBIAN/control | |
# Set up rpmbuild/debbuild file tree | |
mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS} | |
mkdir -p ~/debbuild/alpine-client/{DEBIAN,usr/bin,usr/share/applications,usr/share/pixmaps} | |
# Copy resources | |
cp -r pkg/linux/rpm/* ~/rpmbuild/ | |
cp -r pkg/linux/deb/* ~/debbuild/alpine-client/ | |
# Copy binaries | |
cp bin/pinnacle-linux-amd64 ~/rpmbuild/SOURCES/ | |
cp bin/pinnacle-linux-amd64 ~/debbuild/alpine-client/usr/bin/alpine-client | |
# Make binaries executable | |
chmod +x ~/rpmbuild/SOURCES/pinnacle-linux-amd64 | |
chmod +x ~/debbuild/alpine-client/usr/bin/alpine-client | |
# Create output folder | |
mkdir -p build/out | |
- name: Package AMD64 RPM | |
run: >- | |
rpmbuild -bb | |
~/rpmbuild/SPECS/pinnacle.spec | |
--define "_rpmdir build/out" | |
--target=x86_64 | |
- name: Package AMD64 DEB | |
run: >- | |
dpkg-deb -Zgzip | |
--build ~/debbuild/alpine-client | |
"build/out/alpine-client_${VERSION}-${RELEASE}_amd64.deb" | |
- name: Tidy artifact | |
run: | | |
cp -r build/out/x86_64/* build/out/ | |
rm -rf build/out/x86_64 | |
- name: Upload artifact | |
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 | |
with: | |
name: linux-installers | |
path: build/out | |
retention-days: 1 | |
if-no-files-found: error | |
package_macos: | |
runs-on: macos-latest | |
needs: [ build_macos ] | |
steps: | |
- name: Checkout pkg/darwin | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
sparse-checkout: | | |
pkg/darwin | |
VERSION | |
- name: Download binaries | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: macos-binaries | |
path: bin | |
- name: Read version | |
run: | | |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV | |
- name: Set up environment | |
run: | | |
# Set env variables for paths | |
APP="pkg/darwin/Alpine Client.app/Contents" | |
# Create necessary folders | |
mkdir "${APP}/MacOS" | |
mkdir -p build/out/ | |
# Replace version in Info.plist file | |
sed -i '' "s/<string>1.0.0<\/string>/<string>${VERSION}<\/string>/" "${APP}/Info.plist" | |
# Move compiled binary | |
cp bin/pinnacle-darwin-amd64 "${APP}/MacOS/pinnacle-darwin-amd64" | |
# Set permissions | |
chmod +x "${APP}/MacOS/pinnacle-darwin-amd64" | |
# Export APP env for later | |
echo "APP=${APP}" >> $GITHUB_ENV | |
- name: Package AMD64 | |
run: >- | |
pkgbuild | |
--root pkg/darwin | |
--identifier com.alpineclient.pinnacle | |
--version "${VERSION}" | |
--install-location /Applications | |
"build/out/AlpineClientSetup-${VERSION}-x86_64.pkg" | |
- name: Swap AMD64 binary for ARM64 | |
run: | | |
rm -f "${APP}/MacOS/pinnacle-darwin-amd64" | |
cp bin/pinnacle-darwin-arm64 "${APP}/MacOS/pinnacle-darwin-arm64" | |
sed -i '' 's/amd64/arm64/g' "${APP}/Info.plist" | |
chmod +x "${APP}/MacOS/pinnacle-darwin-arm64" | |
- name: Package ARM64 | |
run: >- | |
pkgbuild | |
--root pkg/darwin | |
--identifier com.alpineclient.pinnacle | |
--version "${VERSION}" | |
--install-location /Applications | |
"build/out/AlpineClientSetup-${VERSION}-ARM64.pkg" | |
- name: Upload artifact | |
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 | |
with: | |
name: macos-installers | |
path: build/out | |
retention-days: 1 | |
if-no-files-found: error | |
create_github_release: | |
runs-on: ubuntu-latest | |
needs: [ package_windows, package_linux, package_macos ] | |
steps: | |
- name: Checkout version file | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
sparse-checkout: | | |
VERSION | |
- name: Read version | |
run: | | |
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV | |
- name: Download | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
path: all | |
- name: Reorganize artifacts | |
run: | | |
mkdir -p merged/{binaries,installers} | |
# Combine binaries | |
cp -r all/windows-binaries/* merged/binaries/ | |
cp -r all/linux-binaries/* merged/binaries/ | |
cp -r all/macos-binaries/* merged/binaries/ | |
# Combine installers | |
cp -r all/windows-installers/* merged/installers/ | |
cp -r all/macos-installers/* merged/installers/ | |
cp -r all/linux-installers/* merged/installers/ | |
- name: Upload | |
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 | |
with: | |
name: all-artifacts-ncgo-${{ env.RELEASE }} | |
path: merged | |
compression-level: 9 | |
retention-days: 90 | |
if-no-files-found: error |