cloudgrep/.github/workflows/release.yml at main · Miracle-Engineering/cloudgrep · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
name: Release

on:
  push:
    branches:
      - main
    tags:
      - "v*.*.*"

jobs:
  bumpr:
    runs-on: ubuntu-latest
    outputs:
      skip: ${{ steps.bumpr.outputs.skip }}
      next_version: ${{ steps.bumpr.outputs.next_version }}
    steps:
    - name: Checkout
      uses: actions/checkout@v3

    # Bump version on merging Pull Requests with specific labels.
    # (bump:major,bump:minor,bump:patch)
    - name: Bump version on merging PR
      id: bumpr
      uses: haya14busa/action-bumpr@v1

  build-linux:
    name: Build Linux Binaries
    runs-on: ubuntu-latest
    needs: [ bumpr ]
    if: "!needs.bumpr.outputs.skip"
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Get Tags
        run: git fetch --prune --unshallow --tags

      - name: Build Release Artifacts for Linux
        id: build
        run: |
          ./build.sh --debug --id linux-amd64 --id linux-arm64

      - name: Upload Linux artifacts
        uses: actions/upload-artifact@v3
        with:
          name: cloudgrep_linux
          path: ./bin/*.zip

  build-windows:
    name: Build Windows Binaries
    runs-on: ubuntu-latest
    needs: [ bumpr ]
    if: "!needs.bumpr.outputs.skip"
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Get Tags
        run: git fetch --prune --unshallow --tags

      - name: Build Release Artifacts for Windows
        id: build
        run: |
          ./build.sh --debug --id windows-amd64 --id windows-386

      - name: Upload Windows artifacts
        uses: actions/upload-artifact@v3
        with:
          name: cloudgrep_windows
          path: ./bin/*.zip

  build-macos:
    name: Build Darwin Binaries
    runs-on: ubuntu-latest
    needs: [ bumpr ]
    if: "!needs.bumpr.outputs.skip"
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Get Tags
        run: git fetch --prune --unshallow --tags

      - name: Build Release Artifacts for Darwin
        id: build
        run: |
          ./build.sh --debug --id darwin-amd64 --id darwin-arm64

      - name: Upload Darwin artifacts
        uses: actions/upload-artifact@v3
        with:
          name: cloudgrep_darwin
          path: ./bin/*.zip

  release:
    name: Create release
    needs: [bumpr,build-macos,build-linux,build-windows]
    if: "!needs.bumpr.outputs.skip"
    runs-on: macos-latest
    outputs:
      upload_url: ${{ steps.create_release.outputs.url }}

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Get tag name
        id: tag
        uses: haya14busa/action-cond@v1
        with:
          cond: "${{ startsWith(github.ref, 'refs/tags/') }}"
          if_true: ${{ github.ref }}
          if_false: ${{ needs.bumpr.outputs.next_version }}

      - name: Get Tags
        run: git fetch --prune --unshallow --tags

      # retrieve the darwin binaries built in the linux job
      - uses: actions/download-artifact@v2
        with:
          name: cloudgrep_linux

        # retrieve the darwin binaries built in the windows job
      - uses: actions/download-artifact@v2
        with:
          name: cloudgrep_windows

      # retrieve the darwin binaries built in the linux job
      - uses: actions/download-artifact@v2
        with:
          name: cloudgrep_darwin

      - run: |
          mkdir ./bin/
          ls -lh ./bin/
          mkdir -p ./bin/darwin_amd64
          mkdir -p ./bin/darwin_arm64
          mkdir -p ./bin/linux_amd64
          mkdir -p ./bin/linux_arm64
          mkdir -p ./bin/windows_amd64
          mkdir -p ./bin/windows_386
          ls -lh ./bin/
          unzip ./darwin_amd64.zip -d ./bin/darwin_amd64
          unzip ./darwin_arm64.zip -d ./bin/darwin_arm64
          unzip ./linux_amd64.zip -d ./bin/linux_amd64
          unzip ./linux_arm64.zip -d ./bin/linux_arm64
          unzip ./windows_amd64.zip -d ./bin/windows_amd64
          unzip ./windows_386.zip -d ./bin/windows_386
          rm -f ./*.zip
          ls -lh ./bin/

      - name: Import Code-Signing Certificates
        uses: Apple-Actions/import-codesign-certs@v1
        with:
          # The certificates in a PKCS12 file encoded as a base64 string
          p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
          # The password used to import the PKCS12 file.
          p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}

      - name: Install gon via HomeBrew for code signing and app notarization
        run: |
          brew tap mitchellh/gon
          brew install mitchellh/gon/gon

      - name: Run gon to notarize apps
        run: |
          mkdir -p ./dist
          gon gon_amd64.hcl
          gon gon_arm64.hcl
        env:
          AC_USERNAME: ${{ secrets.AC_USERNAME }}
          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}

      - name: Install GoReleaser
        uses: goreleaser/goreleaser-action@v3
        with:
          install-only: true
          distribution: goreleaser-pro
          version: latest

      - name: Create Release
        run: |
          ls -lh ./bin
          goreleaser release -f .goreleaser-release.yaml --rm-dist --debug
        env:
          GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }}
          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}