Multibuild #111
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Multibuild | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| main_build_only: | |
| description: "Run non-dockerx builds only" | |
| required: true | |
| default: false | |
| type: boolean | |
| permissions: # added using https://github.com/step-security/secure-repo | |
| contents: read | |
| jobs: | |
| verify_tags: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - uses: ./.github/composite/verify_cli_tags | |
| main_build: | |
| needs: verify_tags | |
| runs-on: ${{ matrix.os }} | |
| defaults: | |
| run: | |
| working-directory: ./packages/dart/sshnoports | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macOS-latest, windows-latest] | |
| include: | |
| - os: ubuntu-latest | |
| output-name: sshnp-linux-x64 | |
| ext: '' | |
| bundle: 'shell' | |
| - os: macOS-latest | |
| output-name: sshnp-macos-x64 | |
| ext: '' | |
| bundle: 'shell' | |
| - os: macos-14 | |
| output-name: sshnp-macos-arm64 | |
| ext: '' | |
| bundle: 'shell' | |
| - os: windows-latest | |
| output-name: sshnp-windows-x64 | |
| ext: '.exe' | |
| bundle: 'windows' | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - uses: dart-lang/setup-dart@ca7e6fee45ffbd82b555a7ebfc236d2c86439f5b # v1.6.1 | |
| # create directories need for build | |
| - run: mkdir sshnp | |
| - run: mkdir tarball | |
| - if: ${{ matrix.os != 'windows-latest' }} | |
| run: mkdir sshnp/debug | |
| # compile binaries | |
| - run: dart pub get | |
| - run: dart run build_runner build --delete-conflicting-outputs | |
| - run: dart compile exe bin/activate_cli.dart -v -o sshnp/at_activate${{ matrix.ext }} | |
| - run: dart compile exe bin/sshnp.dart -v -o sshnp/sshnp${{ matrix.ext }} | |
| - if: ${{ matrix.os != 'windows-latest' }} | |
| run: dart compile exe bin/sshnpd.dart -v -o sshnp/sshnpd${{ matrix.ext }} | |
| - run: dart compile exe bin/srv.dart -v -o sshnp/srv${{ matrix.ext }} | |
| - if: ${{ matrix.os != 'windows-latest' }} | |
| run: dart compile exe bin/srvd.dart -v -o sshnp/srvd${{ matrix.ext }} | |
| - if: ${{ matrix.os != 'windows-latest' }} | |
| run: dart compile exe bin/srvd.dart -D ENABLE_SNOOP=true -v -o sshnp/debug/srvd${{ matrix.ext }} | |
| # copy additional bundle items to build | |
| - run: cp -r bundles/core/* sshnp/ | |
| - run: cp -r bundles/${{ matrix.bundle }}/* sshnp/ | |
| - run: cp LICENSE sshnp | |
| # codesign for apple | |
| - if: ${{ matrix.os == 'macOS-latest' || matrix.os == 'macos-14'}} | |
| env: | |
| MACOS_CODESIGN_CERT: ${{ secrets.MACOS_CODESIGN_CERT }} | |
| MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }} | |
| MACOS_KEYCHAIN_PASSWORD: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }} | |
| run: | | |
| CERT_PATH=$RUNNER_TEMP/codesign.cer | |
| KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
| # import certificate | |
| echo -n "$MACOS_CODESIGN_CERT" | base64 --decode -o $CERT_PATH | |
| # create temporary keychain | |
| security create-keychain -p "$MACOS_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
| security unlock-keychain -p "$MACOS_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
| # import certificate to keychain | |
| security import $CERT_PATH -A -t cert -f pkcs7 -k $KEYCHAIN_PATH | |
| security list-keychain -d user -s $KEYCHAIN_PATH | |
| # Do codesign | |
| codesign \ | |
| --timestamp \ | |
| --prefix \ | |
| --identifier \ | |
| --entitlements ./tools/templates/entitlements.plist \ | |
| --options=runtime \ | |
| --keychain $KEYCHAIN_PATH \ | |
| -s "$MACOS_SIGNING_IDENTITY" | |
| -v \ | |
| sshnp/{ssh*,srv,srvd,at_activate,debug/srvd} | |
| # Verify signatures | |
| codesign -vvv --deep --strict /sshnp/{ssh*,srv,srvd,at_activate,debug/srvd} | |
| # zip the build | |
| - if: ${{ matrix.os == 'macOS-latest' || matrix.os == 'macos-14'}} | |
| run: ditto -c -k --keepParent sshnp tarball/${{ matrix.output-name }}.zip | |
| - if: ${{ matrix.os == 'ubuntu-latest' }} | |
| run: tar -cvzf tarball/${{ matrix.output-name }}.tgz sshnp | |
| - if: ${{ matrix.os == 'windows-latest' }} | |
| run: zip -r -q tarball/${{ matrix.output-name }}.zip sshnp | |
| # Notarize the build | |
| - if: ${{ matrix.os == 'macOS-latest' || matrix.os == 'macos-14'}} | |
| env: | |
| MACOS_APPLE_ID: ${{ secrets.MACOS_APPLE_ID }} | |
| MACOS_TEAM_ID: ${{ secrets.MACOS_TEAM_ID }} | |
| MACOS_APPLE_ID_PASSWORD: ${{ secrets.MACOS_APPLE_ID_PASSWORD }} | |
| run: | | |
| xcrun notarytool submit tarball/${{ matrix.output-name }}.zip \ | |
| --apple-id "$MACOS_APPLE_ID" \ | |
| --team-id "$MACOS_TEAM_ID" \ | |
| --password "$MACOS_APPLE_ID_PASSWORD" \ | |
| --wait | |
| # upload the build | |
| - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 | |
| with: | |
| name: ${{ matrix.output-name }} | |
| path: ./packages/dart/sshnoports/tarball | |
| if-no-files-found: error | |
| other_build: | |
| if: ${{ ! inputs.main_build_only }} | |
| needs: verify_tags | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./packages/dart | |
| strategy: | |
| matrix: | |
| platform: [linux/arm/v7, linux/arm64, linux/riscv64] | |
| include: | |
| - platform: linux/arm/v7 | |
| output-name: sshnp-linux-arm | |
| - platform: linux/arm64 | |
| output-name: sshnp-linux-arm64 | |
| - platform: linux/riscv64 | |
| output-name: sshnp-linux-riscv64 | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 | |
| - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 | |
| - run: | | |
| docker buildx build -t atsigncompany/sshnptarball -f sshnoports/tools/Dockerfile.package \ | |
| --platform ${{ matrix.platform }} -o type=tar,dest=bins.tar . | |
| - run: mkdir tarballs | |
| - run: tar -xvf bins.tar -C tarballs | |
| - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 | |
| with: | |
| name: ${{ matrix.output-name }}-upload | |
| path: ./packages/dart/tarballs/${{ matrix.output-name }}.tgz | |
| if-no-files-found: error | |
| notify_on_completion: | |
| needs: [main_build, other_build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Google Chat Notification | |
| uses: Co-qn/google-chat-notification@3691ccf4763537d6e544bc6cdcccc1965799d056 # v1 | |
| with: | |
| name: SSH no ports binaries were built by GitHub Action ${{ github.run_number }} | |
| url: ${{ secrets.GOOGLE_CHAT_WEBHOOK }} | |
| status: ${{ job.status }} | |
| notify_on_failure: | |
| if: failure() | |
| needs: [main_build, other_build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Google Chat Notification | |
| uses: Co-qn/google-chat-notification@3691ccf4763537d6e544bc6cdcccc1965799d056 # v1 | |
| with: | |
| name: SSH no ports binaries build FAILED by GitHub Action ${{ github.run_number }} | |
| url: ${{ secrets.GOOGLE_CHAT_WEBHOOK }} | |
| status: ${{ job.status }} |