attempt reusable sign-binary workflow #77

Workflow file for this run

.github/workflows/dev-release.yml at 2ea0a24

	name: Create Dev Releases

	on:
	push:
	branches:
	- main
	- 'preview-**'
	pull_request:

	jobs:
	package:
	uses: ./.github/workflows/pkg-binary.yml
	strategy:
	fail-fast: false
	matrix:
	arch:
	- x64
	- arm64
	os:
	- linux
	- macos
	- win
	fatcore:
	- false
	# - true
	with:
	arch: ${{ matrix.arch }}
	edge: true
	fatcore: ${{ matrix.fatcore }}
	filename: lando-${{ matrix.os }}-${{ matrix.arch }}-${{ github.sha }}${{ matrix.fatcore == false && '-slim' \|\| '' }}
	node-version: "20"
	os: ${{ matrix.os }}

	sign:
	uses: ./.github/workflows/sign-binary.yml
	needs:
	- package
	strategy:
	fail-fast: false
	matrix:
	file:
	# - lando-linux-arm64-${{ github.sha }}
	# - lando-macos-arm64-${{ github.sha }}
	# - lando-win-arm64-${{ github.sha }}.exe

	# - lando-linux-x64-${{ github.sha }}
	# - lando-macos-x64-${{ github.sha }}
	# - lando-win-x64-${{ github.sha }}.exe

	# - lando-linux-arm64-${{ github.sha }}-slim
	# - lando-macos-arm64-${{ github.sha }}-slim
	# - lando-win-arm64-${{ github.sha }}-slim.exe

	- lando-linux-x64-${{ github.sha }}-slim
	- lando-macos-x64-${{ github.sha }}-slim
	- lando-win-x64-${{ github.sha }}-slim.exe

	with:
	download-pattern: packaged-lando-*
	file: ${{ matrix.file }}
	secrets:
	apple-notary-user: ${{ secrets.APPLE_NOTARY_USER }}
	apple-notary-password: ${{ secrets.APPLE_NOTARY_PASSWORD }}
	certificate-data: ${{ contains(matrix.file, 'macos') && secrets.APPLE_CERT_DATA \|\| secrets.KEYLOCKER_CLIENT_CERT }}
	certificate-password: ${{ contains(matrix.file, 'macos') && secrets.APPLE_CERT_PASSWORD \|\| secrets.KEYLOCKER_CLIENT_CERT_PASSWORD }}
	keylocker-api-key: ${{ secrets.KEYLOCKER_API_KEY }}
	keylocker-cert-sha1-hash: ${{ secrets.KEYLOCKER_CERT_SHA1_HASH }}
	keylocker-keypair-alias: ${{ secrets.KEYLOCKER_KEYPAIR_ALIAS }}

	release-binary:
	uses: ./.github/workflows/release-binary.yml
	needs:
	- sign
	strategy:
	fail-fast: false
	matrix:
	file:
	# - source: lando-linux-arm64-${{ github.sha }}
	# destination: lando-linux-arm64-${{ github.ref_name }}
	# - source: lando-macos-arm64-${{ github.sha }}
	# destination: lando-macos-arm64-${{ github.ref_name }}
	# - source: lando-win-arm64-${{ github.sha }}.exe
	# destination: lando-win-arm64-${{ github.ref_name }}.exe

	# - source: lando-linux-x64-${{ github.sha }}
	# destination: lando-linux-x64-${{ github.ref_name }}
	# - source: lando-macos-x64-${{ github.sha }}
	# destination: lando-macos-x64-${{ github.ref_name }}
	# - source: lando-win-x64-${{ github.sha }}.exe
	# destination: lando-win-x64-${{ github.ref_name }}.exe

	# - source: lando-linux-arm64-${{ github.sha }}-slim
	# destination: lando-linux-arm64-${{ github.ref_name }}-slim
	# - source: lando-macos-arm64-${{ github.sha }}-slim
	# destination: lando-macos-arm64-${{ github.ref_name }}-slim
	# - source: lando-win-arm64-${{ github.sha }}-slim.exe
	# destination: lando-win-arm64-${{ github.ref_name }}-slim.exe

	- source: lando-linux-x64-${{ github.sha }}-slim
	destination: lando-linux-x64-${{ github.ref_name }}-slim
	- source: lando-macos-x64-${{ github.sha }}-slim
	destination: lando-macos-x64-${{ github.ref_name }}-slim
	- source: lando-win-x64-${{ github.sha }}-slim.exe
	destination: lando-win-x64-${{ github.ref_name }}-slim.exe
	with:
	destination: ${{ matrix.destination }}
	download-pattern: signed-lando-*
	source: ${{ matrix.source }}

	# - name: Configure S3 Credentials
	# uses: aws-actions/configure-aws-credentials@v4
	# with:
	# aws-access-key-id: ${{ secrets.S3_ACCESS_KEY_ID }}
	# aws-secret-access-key: ${{ secrets.S3_SECRET_ACCESS_KEY }}
	# aws-region: us-east-1
	# - name: Upload dev releases to S3
	# shell: bash
	# run: \|
	# aws s3 sync releases s3://files.lando.dev
	# aws s3 sync releases s3://files.lando.dev/cli
	# aws s3 sync releases s3://files.lando.dev/core
	# - name: Upload to artifacts
	# uses: actions/upload-artifact@v4
	# with:
	# retention-days: 1
	# name: ${{ matrix.key }}
	# overwrite: true
	# path: releases/*

	# verify:
	# runs-on: ubuntu-24.04
	# needs:
	# - sign
	# env:
	# TERM: xterm
	# steps:
	# - name: Checkout code
	# uses: actions/checkout@v4
	# - name: Download for checksumming
	# uses: actions/download-artifact@v4
	# with:
	# path: artifacts
	# - name: Combine artifacts
	# run: \|
	# mkdir -p dist
	# find "artifacts" -mindepth 2 -maxdepth 2 -type f -exec mv {} "dist" \;
	# ls -lsa dist
	# - name: Checksum artifacts
	# run: ./scripts/generate-checksums.sh --directory dist --output sha256sum.txt --show
	# - name: Configure S3 Credentials
	# uses: aws-actions/configure-aws-credentials@v4
	# with:
	# aws-access-key-id: ${{ secrets.S3_ACCESS_KEY_ID }}
	# aws-secret-access-key: ${{ secrets.S3_SECRET_ACCESS_KEY }}
	# aws-region: us-east-1
	# - name: Upload Checksums to S3
	# shell: bash
	# run: \|
	# aws s3 cp sha256sum.txt s3://files.lando.dev/sha256sum-${{ github.ref_name }}.txt
	# aws s3 cp sha256sum.txt s3://files.lando.dev/cli/sha256sum-${{ github.ref_name }}.txt
	# aws s3 cp sha256sum.txt s3://files.lando.dev/core/sha256sum-${{ github.ref_name }}.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

attempt reusable sign-binary workflow #77

Workflow file

attempt reusable sign-binary workflow #77

Jobs

Run details

Workflow file for this run