Skip to content

Multibuild

Multibuild #109

Workflow file for this run

name: Multibuild
on:
workflow_dispatch:
inputs:
main_build_only:
description: "Run non-dockerx builds only"
required: true
default: false
type: boolean
permissions: # added using https://github.com/step-security/secure-repo
contents: read
jobs:
verify_tags:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: ./.github/composite/verify_cli_tags
main_build:
needs: verify_tags
runs-on: ${{ matrix.os }}
defaults:
run:
working-directory: ./packages/dart/sshnoports
strategy:
matrix:
os: [ubuntu-latest, macOS-latest, windows-latest]
include:
- os: ubuntu-latest
output-name: sshnp-linux-x64
ext: ''
bundle: 'shell'
- os: macOS-latest
output-name: sshnp-macos-x64
ext: ''
bundle: 'shell'
- os: macos-14
output-name: sshnp-macos-arm64
ext: ''
bundle: 'shell'
- os: windows-latest
output-name: sshnp-windows-x64
ext: '.exe'
bundle: 'windows'
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dart-lang/setup-dart@ca7e6fee45ffbd82b555a7ebfc236d2c86439f5b # v1.6.1
# create directories need for build
- run: mkdir sshnp
- run: mkdir tarball
- if: ${{ matrix.os != 'windows-latest' }}
run: mkdir sshnp/debug
# compile binaries
- run: dart pub get
- run: dart run build_runner build --delete-conflicting-outputs
- run: dart compile exe bin/activate_cli.dart -v -o sshnp/at_activate${{ matrix.ext }}
- run: dart compile exe bin/sshnp.dart -v -o sshnp/sshnp${{ matrix.ext }}
- if: ${{ matrix.os != 'windows-latest' }}
run: dart compile exe bin/sshnpd.dart -v -o sshnp/sshnpd${{ matrix.ext }}
- run: dart compile exe bin/srv.dart -v -o sshnp/srv${{ matrix.ext }}
- if: ${{ matrix.os != 'windows-latest' }}
run: dart compile exe bin/srvd.dart -v -o sshnp/srvd${{ matrix.ext }}
- if: ${{ matrix.os != 'windows-latest' }}
run: dart compile exe bin/srvd.dart -D ENABLE_SNOOP=true -v -o sshnp/debug/srvd${{ matrix.ext }}
# copy additional bundle items to build
- run: cp -r bundles/core/* sshnp/
- run: cp -r bundles/${{ matrix.bundle }}/* sshnp/
- run: cp LICENSE sshnp
# codesign for apple
- if: ${{ matrix.os == 'macOS-latest' || matrix.os == 'macos-14'}}
env:
MACOS_CODESIGN_CERT: ${{ secrets.MACOS_CODESIGN_CERT }}
MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }}
MACOS_KEYCHAIN_PASSWORD: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }}
run: |
CERT_PATH=$RUNNER_TEMP/codesign.cer
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate
echo -n "$MACOS_CODESIGN_CERT" | base64 --decode -o $CERT_PATH
# create temporary keychain
security create-keychain -p "$MACOS_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$MACOS_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERT_PATH -A -t cert -f pkcs7 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
# Do codesign
codesign \
--timestamp \
--prefix \
--identifier \
--entitlements ./tools/templates/entitlements.plist \
--options=runtime \
-s "$MACOS_SIGNING_IDENTITY"
-v \
sshnp/{ssh*,srv,srvd,at_activate,debug/srvd}
# Verify signatures
codesign -vvv --deep --strict /sshnp/{ssh*,srv,srvd,at_activate,debug/srvd}
# zip the build
- if: ${{ matrix.os == 'macOS-latest' || matrix.os == 'macos-14'}}
run: ditto -c -k --keepParent sshnp tarball/${{ matrix.output-name }}.zip
- if: ${{ matrix.os == 'ubuntu-latest' }}
run: tar -cvzf tarball/${{ matrix.output-name }}.tgz sshnp
- if: ${{ matrix.os == 'windows-latest' }}
run: zip -r -q tarball/${{ matrix.output-name }}.zip sshnp
# Notarize the build
- if: ${{ matrix.os == 'macOS-latest' || matrix.os == 'macos-14'}}
env:
MACOS_APPLE_ID: ${{ secrets.MACOS_APPLE_ID }}
MACOS_TEAM_ID: ${{ secrets.MACOS_TEAM_ID }}
MACOS_APPLE_ID_PASSWORD: ${{ secrets.MACOS_APPLE_ID_PASSWORD }}
run: |
xcrun notarytool submit tarball/${{ matrix.output-name }}.zip \
--apple-id "$MACOS_APPLE_ID" \
--team-id "$MACOS_TEAM_ID" \
--password "$MACOS_APPLE_ID_PASSWORD" \
--wait
# upload the build
- uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
with:
name: ${{ matrix.output-name }}
path: ./packages/dart/sshnoports/tarball
if-no-files-found: error
other_build:
if: ${{ ! inputs.main_build_only }}
needs: verify_tags
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./packages/dart
strategy:
matrix:
platform: [linux/arm/v7, linux/arm64, linux/riscv64]
include:
- platform: linux/arm/v7
output-name: sshnp-linux-arm
- platform: linux/arm64
output-name: sshnp-linux-arm64
- platform: linux/riscv64
output-name: sshnp-linux-riscv64
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- run: |
docker buildx build -t atsigncompany/sshnptarball -f sshnoports/tools/Dockerfile.package \
--platform ${{ matrix.platform }} -o type=tar,dest=bins.tar .
- run: mkdir tarballs
- run: tar -xvf bins.tar -C tarballs
- uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
with:
name: ${{ matrix.output-name }}-upload
path: ./packages/dart/tarballs/${{ matrix.output-name }}.tgz
if-no-files-found: error
notify_on_completion:
needs: [x64_build, other_build]

Check failure on line 167 in .github/workflows/multibuild.yaml

View workflow run for this annotation

GitHub Actions / Multibuild

Invalid workflow file

The workflow is not valid. .github/workflows/multibuild.yaml (Line: 167, Col: 13): Job 'notify_on_completion' depends on unknown job 'x64_build'.
runs-on: ubuntu-latest
steps:
- name: Google Chat Notification
uses: Co-qn/google-chat-notification@3691ccf4763537d6e544bc6cdcccc1965799d056 # v1
with:
name: SSH no ports binaries were built by GitHub Action ${{ github.run_number }}
url: ${{ secrets.GOOGLE_CHAT_WEBHOOK }}
status: ${{ job.status }}
notify_on_failure:
if: failure()
needs: [main_build, other_build]
runs-on: ubuntu-latest
steps:
- name: Google Chat Notification
uses: Co-qn/google-chat-notification@3691ccf4763537d6e544bc6cdcccc1965799d056 # v1
with:
name: SSH no ports binaries build FAILED by GitHub Action ${{ github.run_number }}
url: ${{ secrets.GOOGLE_CHAT_WEBHOOK }}
status: ${{ job.status }}