Skip to content

GitLab

A
arduino-cli
Unverified Commit c4d39e35 authored by per1234's avatar per1234 Committed by GitHub
Browse files
Options

[skip changelog] Sync "Release" workflow with template (#1395) 

We have assembled a collection of reusable GitHub Actions workflows:
https://github.com/arduino/tooling-project-assets
These workflows will be used in the repositories of all Arduino tooling projects.

Some minor improvements and standardizations have been made in the upstream "template" workflow, and those are introduced to this repository via this pull request.

Notable:

- Replace changelog file read, deprecated `actions/create-release`, and asset upload steps with the comprehensive `ncipollo/release-action` action
parent 2d88f113
Show whitespace changes
Inline Side-by-side
Showing with 58 additions and 59 deletions
.github/workflows/release.yaml .github/workflows/release-go-task.yml
View file @ c4d39e35
name: release # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/release-go-task.md
name: Release
env:
# As defined by the Taskfile's PROJECT_NAME variable
PROJECT_NAME: arduino-cli
# As defined by the Taskfile's DIST_DIR variable
DIST_DIR: dist
# The project's folder on Arduino's download server for uploading builds
AWS_PLUGIN_TARGET: /arduino-cli/
ARTIFACT_NAME: dist
on: on:
push: push:
...@@ -10,8 +20,8 @@ jobs: ...@@ -10,8 +20,8 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout repository
uses: actions/checkout@v1 uses: actions/checkout@v2
with: with:
fetch-depth: 0 fetch-depth: 0
...@@ -21,9 +31,9 @@ jobs: ...@@ -21,9 +31,9 @@ jobs:
tag-regex: '^[0-9]+\.[0-9]+\.[0-9]+.*$' tag-regex: '^[0-9]+\.[0-9]+\.[0-9]+.*$'
filter-regex: '^\[(skip|changelog)[ ,-](skip|changelog)\].*' filter-regex: '^\[(skip|changelog)[ ,-](skip|changelog)\].*'
case-insensitive-regex: true case-insensitive-regex: true
changelog-file-path: "dist/CHANGELOG.md" changelog-file-path: "${{ env.DIST_DIR }}/CHANGELOG.md"
- name: Install Taskfile - name: Install Task
uses: arduino/setup-task@v1 uses: arduino/setup-task@v1
with: with:
repo-token: ${{ secrets.GITHUB_TOKEN }} repo-token: ${{ secrets.GITHUB_TOKEN }}
...@@ -35,35 +45,46 @@ jobs: ...@@ -35,35 +45,46 @@ jobs:
- name: Upload artifacts - name: Upload artifacts
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: dist if-no-files-found: error
path: dist name: ${{ env.ARTIFACT_NAME }}
path: ${{ env.DIST_DIR }}
notarize-macos: notarize-macos:
runs-on: macos-latest runs-on: macos-latest
needs: create-release-artifacts needs: create-release-artifacts
steps: steps:
- name: Checkout - name: Checkout repository
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Download artifacts - name: Download artifacts
uses: actions/download-artifact@v2 uses: actions/download-artifact@v2
with: with:
name: dist name: ${{ env.ARTIFACT_NAME }}
# to ensure compatibility with v1 path: ${{ env.DIST_DIR }}
path: dist
- name: Import Code-Signing Certificates - name: Import Code-Signing Certificates
env: env:
KEYCHAIN: "sign.keychain" KEYCHAIN: "sign.keychain"
INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12" INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12"
KEYCHAIN_PASSWORD: keychainpassword # Arbitrary password for a keychain that exists only for the duration of the job, so not secret
run: | run: |
echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}" echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}"
security create-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
security default-keychain -s "${{ env.KEYCHAIN }}" security default-keychain -s "${{ env.KEYCHAIN }}"
security unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
security import "${{ env.INSTALLER_CERT_MAC_PATH }}" -k "${{ env.KEYCHAIN }}" -f pkcs12 -A -T /usr/bin/codesign -P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}" security import \
security set-key-partition-list -S apple-tool:,apple: -s -k "${{ secrets.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" "${{ env.INSTALLER_CERT_MAC_PATH }}" \
-k "${{ env.KEYCHAIN }}" \
-f pkcs12 \
-A \
-T "/usr/bin/codesign" \
-P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}"
security set-key-partition-list \
-S apple-tool:,apple: \
-s \
-k "${{ env.KEYCHAIN_PASSWORD }}" \
"${{ env.KEYCHAIN }}"
- name: Install gon for code signing and app notarization - name: Install gon for code signing and app notarization
run: | run: |
...@@ -82,46 +103,33 @@ jobs: ...@@ -82,46 +103,33 @@ jobs:
# 1. Repackage the signed binary replaced in place by Gon (ignoring the output zip file) # 1. Repackage the signed binary replaced in place by Gon (ignoring the output zip file)
# 2. Recalculate package checksum and replace it in the nnnnnn-checksums.txt file # 2. Recalculate package checksum and replace it in the nnnnnn-checksums.txt file
run: | run: |
# GitHub's upload/download-artifact@v1 actions don't preserve file permissions, # GitHub's upload/download-artifact@v2 actions don't preserve file permissions,
# so we need to add execution permission back until @v2 actions are released. # so we need to add execution permission back until the action is made to do this.
chmod +x dist/arduino-cli_osx_darwin_amd64/arduino-cli chmod +x ${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_osx_darwin_amd64/${{ env.PROJECT_NAME }}
TAG="${GITHUB_REF/refs\/tags\//}" TAG="${GITHUB_REF/refs\/tags\//}"
tar -czvf "dist/arduino-cli_${TAG}_macOS_64bit.tar.gz" \ tar -czvf "${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_${TAG}_macOS_64bit.tar.gz" \
-C dist/arduino-cli_osx_darwin_amd64/ arduino-cli \ -C ${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_osx_darwin_amd64/ ${{ env.PROJECT_NAME }} \
-C ../../ LICENSE.txt -C ../../ LICENSE.txt
CLI_CHECKSUM="$(shasum -a 256 "dist/arduino-cli_${TAG}_macOS_64bit.tar.gz" | cut -d " " -f 1)" CHECKSUM="$(shasum -a 256 ${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_${TAG}_macOS_64bit.tar.gz | cut -d " " -f 1)"
perl -pi -w -e "s/.*arduino-cli_${TAG}_macOS_64bit.tar.gz/${CLI_CHECKSUM} arduino-cli_${TAG}_macOS_64bit.tar.gz/g;" dist/*-checksums.txt perl -pi -w -e "s/.*${{ env.PROJECT_NAME }}_${TAG}_macOS_64bit.tar.gz/${CHECKSUM} ${{ env.PROJECT_NAME }}_${TAG}_macOS_64bit.tar.gz/g;" ${{ env.DIST_DIR }}/*-checksums.txt
- name: Upload artifacts - name: Upload artifacts
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: dist if-no-files-found: error
path: dist name: ${{ env.ARTIFACT_NAME }}
path: ${{ env.DIST_DIR }}
create-release: create-release:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: notarize-macos needs: notarize-macos
steps: steps:
- name: Checkout
uses: actions/checkout@v2
- name: Download artifact - name: Download artifact
uses: actions/download-artifact@v2 uses: actions/download-artifact@v2
with: with:
name: dist name: ${{ env.ARTIFACT_NAME }}
# to ensure compatibility with v1 path: ${{ env.DIST_DIR }}
path: dist
- name: Read CHANGELOG
id: changelog
run: |
body="$(cat dist/CHANGELOG.md)"
body="${body//'%'/'%25'}"
body="${body//$'\n'/'%0A'}"
body="${body//$'\r'/'%0D'}"
echo "$body"
echo "::set-output name=BODY::$body"
- name: Identify Prerelease - name: Identify Prerelease
# This is a workaround while waiting for create-release action # This is a workaround while waiting for create-release action
...@@ -132,32 +140,23 @@ jobs: ...@@ -132,32 +140,23 @@ jobs:
unzip -p /tmp/3.0.0.zip semver-tool-3.0.0/src/semver >/tmp/semver && chmod +x /tmp/semver unzip -p /tmp/3.0.0.zip semver-tool-3.0.0/src/semver >/tmp/semver && chmod +x /tmp/semver
if [[ "$(/tmp/semver get prerel "${GITHUB_REF/refs\/tags\//}")" ]]; then echo "::set-output name=IS_PRE::true"; fi if [[ "$(/tmp/semver get prerel "${GITHUB_REF/refs\/tags\//}")" ]]; then echo "::set-output name=IS_PRE::true"; fi
- name: Create Github Release - name: Create Github Release and upload artifacts
id: create_release uses: ncipollo/release-action@v1
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with: with:
tag_name: ${{ github.ref }} token: ${{ secrets.GITHUB_TOKEN }}
release_name: ${{ github.ref }} bodyFile: ${{ env.DIST_DIR }}/CHANGELOG.md
body: ${{ steps.changelog.outputs.BODY }}
draft: false draft: false
prerelease: ${{ steps.prerelease.outputs.IS_PRE }} prerelease: ${{ steps.prerelease.outputs.IS_PRE }}
# NOTE: "Artifact is a directory" warnings are expected and don't indicate a problem
- name: Upload release files on Github # (all the files we need are in the DIST_DIR root)
uses: svenstaro/upload-release-action@v2 artifacts: ${{ env.DIST_DIR }}/*
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: dist/*
tag: ${{ github.ref }}
file_glob: true
- name: Upload release files on Arduino downloads servers - name: Upload release files on Arduino downloads servers
uses: docker://plugins/s3 uses: docker://plugins/s3
env: env:
PLUGIN_SOURCE: "dist/*" PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*"
PLUGIN_TARGET: "/arduino-cli/" PLUGIN_TARGET: ${{ env.AWS_PLUGIN_TARGET }}
PLUGIN_STRIP_PREFIX: "dist/" PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/"
PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment