diff --git a/.github/actions/test/action.yml b/.github/actions/test/action.yml new file mode 100644 index 0000000..2e6436e --- /dev/null +++ b/.github/actions/test/action.yml @@ -0,0 +1,20 @@ +name: Test +description: Lints and tests siapfsd + +runs: + using: composite + steps: + - name: Configure git # required for golangci-lint on Windows + shell: bash + run: git config --global core.autocrlf false + - name: Generate + shell: bash + run: go generate ./... + - name: Lint + uses: golangci/golangci-lint-action@v3 + with: + skip-cache: true + - name: Test + uses: n8maninger/action-golang-test@v1 + with: + args: "-race;-tags=testing netgo" diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..1f1c26e --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,30 @@ +name: Main +on: + workflow_dispatch: + pull_request: + push: + branches: + - master + +jobs: + test: + runs-on: ${{ matrix.os }} + permissions: + contents: read + strategy: + matrix: + os: [ ubuntu-latest , macos-latest, windows-latest ] + go-version: [ '1.20', '1.21' ] + steps: + - name: Configure git + run: git config --global core.autocrlf false # required on Windows + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 + with: + go-version: ${{ matrix.go-version }} + - name: Test + uses: ./.github/actions/test + - name: Build + env: + CGO_ENABLED: 1 + run: go build -o bin/ ./cmd/siapfsd diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..e486e22 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,212 @@ +name: Publish + +# Controls when the action will run. +on: + # Triggers the workflow on new SemVer tags + push: + branches: + - master + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' + - 'v[0-9]+.[0-9]+.[0-9]+-**' + +jobs: + test: + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 + with: + go-version: 'stable' + - name: Test + uses: ./.github/actions/test + docker: + runs-on: ubuntu-latest + needs: [ test ] + permissions: + packages: write + contents: read + steps: + - uses: actions/checkout@v3 + - uses: docker/setup-qemu-action@v2 + - uses: docker/setup-buildx-action@v2 + - uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - uses: docker/metadata-action@v4 + name: generate tags + id: meta + with: + images: ghcr.io/${{ github.repository }} + tags: | + type=ref,event=branch + type=sha,prefix= + type=semver,pattern={{version}} + - uses: docker/build-push-action@v4 + with: + context: . + file: ./docker/Dockerfile + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.meta.outputs.tags }} + cache-from: type=gha + cache-to: type=gha,mode=max + build-linux: + runs-on: ubuntu-latest + needs: [ test ] + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 + with: + go-version: 'stable' + - name: Setup + run: | + sudo apt update + sudo apt install -y gcc-aarch64-linux-gnu + go generate ./... + - name: Build amd64 + env: + CGO_ENABLED: 1 + GOOS: linux + GOARCH: amd64 + run: | + mkdir -p release + ZIP_OUTPUT=release/siapfsd_${GOOS}_${GOARCH}.zip + go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/siapfsd + cp README.md LICENSE bin/ + zip -qj $ZIP_OUTPUT bin/* + - name: Build arm64 + env: + CGO_ENABLED: 1 + GOOS: linux + GOARCH: arm64 + CC: aarch64-linux-gnu-gcc + run: | + mkdir -p release + ZIP_OUTPUT=release/siapfsd_${GOOS}_${GOARCH}.zip + go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/siapfsd + cp README.md LICENSE bin/ + zip -qj $ZIP_OUTPUT bin/* + - uses: actions/upload-artifact@v3 + with: + name: siapfsd + path: release/ + build-mac: + runs-on: macos-latest + needs: [ test ] + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 + with: + go-version: 'stable' + - name: Setup + env: + APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} + APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} + APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} + APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} + APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} + APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} + APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} + run: | + # extract apple cert + APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12 + KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db + echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH + + # extract apple key + mkdir -p ~/private_keys + APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8 + echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH + + # create temp keychain + security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + security default-keychain -s $KEYCHAIN_PATH + security set-keychain-settings -lut 21600 $KEYCHAIN_PATH + security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH + + # import keychain + security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH + security find-identity -v $KEYCHAIN_PATH -p codesigning + security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH + + # generate + go generate ./... + - name: Build amd64 + env: + APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} + APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} + APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} + APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} + APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} + APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} + APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} + CGO_ENABLED: 1 + GOOS: darwin + GOARCH: amd64 + run: | + ZIP_OUTPUT=release/siapfsd_${GOOS}_${GOARCH}.zip + mkdir -p release + go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/siapfsd + cp README.md LICENSE bin/ + /usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/siapfsd + ditto -ck bin $ZIP_OUTPUT + xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT + - name: Build arm64 + env: + APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }} + APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }} + APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }} + APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }} + APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }} + APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }} + APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }} + CGO_ENABLED: 1 + GOOS: darwin + GOARCH: arm64 + run: | + ZIP_OUTPUT=release/siapfsd_${GOOS}_${GOARCH}.zip + mkdir -p release + go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/siapfsd + cp README.md LICENSE bin/ + /usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/siapfsd + ditto -ck bin $ZIP_OUTPUT + xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT + - uses: actions/upload-artifact@v3 + with: + name: siapfsd + path: release/ + build-windows: + runs-on: windows-latest + needs: [ test ] + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 + with: + go-version: 'stable' + - name: Setup + shell: bash + run: | + dotnet tool install --global AzureSignTool + go generate ./... + - name: Build amd64 + env: + CGO_ENABLED: 1 + GOOS: windows + GOARCH: amd64 + shell: bash + run: | + mkdir -p release + ZIP_OUTPUT=release/siapfsd_${GOOS}_${GOARCH}.zip + go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/siapfsd + azuresigntool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v bin/siapfsd.exe + cp README.md LICENSE bin/ + 7z a $ZIP_OUTPUT ./bin/* + - uses: actions/upload-artifact@v3 + with: + name: siapfsd + path: release/ \ No newline at end of file