Build and attach artifacts #81
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and attach artifacts | |
| on: | |
| release: | |
| types: [ published ] | |
| jobs: | |
| build-and-publish-binaries: | |
| name: Build binaries (${{ matrix.os }}) | |
| strategy: | |
| matrix: | |
| include: | |
| - os: windows-latest | |
| test-binary: dist/filen-cli-win-x64.exe | |
| - os: ubuntu-latest | |
| - os: macos-latest | |
| test-binary: dist/filen-cli-macos-arm64 | |
| runs-on: ${{ matrix.os }} | |
| permissions: | |
| contents: write | |
| env: | |
| APPLE_DEVELOPER_ID_CERT: ${{ secrets.APPLE_DEVELOPER_ID_CERT }} | |
| APPLE_DEVELOPER_ID_CERT_PASS: ${{ secrets.APPLE_DEVELOPER_ID_CERT_PASS }} | |
| APPLE_NOTARIZE_ID: ${{ secrets.APPLE_NOTARIZE_ID }} | |
| APPLE_NOTARIZE_PASS: ${{ secrets.APPLE_NOTARIZE_PASS }} | |
| APPLE_NOTARIZE_TEAM_ID: ${{ secrets.APPLE_NOTARIZE_TEAM_ID }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Inject version | |
| uses: richardrigutins/replace-in-files@v2 | |
| with: | |
| files: "package.json" | |
| search-text: "\"version\": \"0.0.0\"" | |
| replacement-text: "\"version\": \"${{ github.event.release.tag_name }}\"" | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20.x" | |
| - run: npm ci | |
| - run: npm run package | |
| - name: Test binary | |
| if: ${{ matrix.test-binary }} | |
| run: ${{ matrix.test-binary }} help | |
| - name: (Debug) Copy binaries #todo remove | |
| if: ${{ matrix.os == 'macos-latest' }} | |
| run: cp dist/filen-cli-${{ github.event.release.tag_name }}-macos-arm64 dist/filen-cli-${{ github.event.release.tag_name }}-macos-arm64-copy | |
| - name: Codesign and notarize on macOS | |
| if: ${{ matrix.os == 'macos-latest' }} | |
| run: | | |
| # import certificate | |
| echo "$APPLE_DEVELOPER_ID_CERT" | base64 --decode > certificate.p12 | |
| security create-keychain -p actions build.keychain | |
| security import certificate.p12 -k ~/Library/Keychains/build.keychain -P "$APPLE_DEVELOPER_ID_CERT_PASS" -T /usr/bin/codesign | |
| security list-keychains -d user -s ~/Library/Keychains/build.keychain | |
| security set-keychain-settings -t 3600 -u ~/Library/Keychains/build.keychain | |
| security unlock-keychain -p actions ~/Library/Keychains/build.keychain | |
| security set-key-partition-list -S apple-tool:,apple: -s -k actions ~/Library/Keychains/build.keychain | |
| # codesign | |
| codesign --sign "Developer ID Application: Filen Cloud Dienste UG (haftungsbeschraenkt)" --options runtime --force --keychain ~/Library/Keychains/build.keychain dist/filen-cli-macos-arm64 | |
| # notarize | |
| /usr/bin/ditto -c -k --keepParent dist/filen-cli-macos-arm64 dist/filen-cli-macos-arm64.zip | |
| xcrun notarytool submit dist/filen-cli-macos-arm64.zip --apple-id $APPLE_NOTARIZE_ID --password $APPLE_NOTARIZE_PASS --team-id $APPLE_NOTARIZE_TEAM_ID --output-format json --wait 2>&1 | tee notarization_info.json | |
| id=$(cat notarization_info.json | jq -r '.id') | |
| xcrun notarytool log $id --apple-id $APPLE_NOTARIZE_ID --password $APPLE_NOTARIZE_PASS --team-id $APPLE_NOTARIZE_TEAM_ID | |
| # cleanup keychain | |
| security delete-keychain build.keychain | |
| rm -f certificate.p12 | |
| - name: Rename binaries to include release number | |
| run: node -e "['win-x64.exe', 'win-arm64.exe', 'linux-x64', 'linux-arm64', 'macos-x64', 'macos-arm64'].forEach(suffix => { if (fs.existsSync('dist/filen-cli-'+suffix)) { fs.renameSync('dist/filen-cli-'+suffix, 'dist/filen-cli-${{ github.event.release.tag_name }}-'+suffix) } })" | |
| - name: Attach binaries to release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: dist/filen-cli-${{ github.event.release.tag_name }}-* | |
| - name: (Debug) tmate #todo remove | |
| if: ${{ matrix.os == 'macos-latest' }} | |
| uses: mxschmitt/action-tmate@v3 | |
| build-and-publish-docker: | |
| name: Build Docker image | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event.release.prerelease == false }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Inject version | |
| uses: richardrigutins/replace-in-files@v2 | |
| with: | |
| files: "package.json" | |
| search-text: "\"version\": \"0.0.0\"" | |
| replacement-text: "\"version\": \"${{ github.event.release.tag_name }}\"" | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: filen/cli:latest,filen/cli:${{ github.event.release.tag_name }} |