Skip to content
Multibuild

Multibuild #128

Sign in to view logs

Multibuild

Multibuild #128

Workflow file for this run

.github/workflows/multibuild.yaml at e91358e
name: Multibuild
on:
workflow_dispatch:
inputs:
main_build_only:
description: "Run non-dockerx builds only"
required: true
default: false
type: boolean
permissions: # added using https://github.com/step-security/secure-repo
contents: read
jobs:
verify_tags:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: ./.github/composite/verify_cli_tags
main_build:
needs: verify_tags
runs-on: ${{ matrix.os }}
defaults:
run:
working-directory: ./packages/dart/sshnoports
strategy:
matrix:
os: [ubuntu-latest, macOS-latest, windows-latest]
include:
- os: ubuntu-latest
output-name: sshnp-linux-x64
ext: ''
bundle: 'shell'
- os: macOS-latest
output-name: sshnp-macos-x64
ext: ''
bundle: 'shell'
- os: macos-14
output-name: sshnp-macos-arm64
ext: ''
bundle: 'shell'
- os: windows-latest
output-name: sshnp-windows-x64
ext: '.exe'
bundle: 'windows'
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: dart-lang/setup-dart@fedb1266e91cf51be2fdb382869461a434b920a3 # v1.6.2
# create directories need for build
- run: mkdir sshnp
- run: mkdir tarball
- if: ${{ matrix.os != 'windows-latest' }}
run: mkdir sshnp/debug
# compile binaries
- run: dart pub get --enforce-lockfile
- run: dart run build_runner build --delete-conflicting-outputs
- run: dart compile exe bin/activate_cli.dart -v -o sshnp/at_activate${{ matrix.ext }}
- run: dart compile exe bin/sshnp.dart -v -o sshnp/sshnp${{ matrix.ext }}
- if: ${{ matrix.os != 'windows-latest' }}
run: dart compile exe bin/sshnpd.dart -v -o sshnp/sshnpd${{ matrix.ext }}
- run: dart compile exe bin/srv.dart -v -o sshnp/srv${{ matrix.ext }}
- if: ${{ matrix.os != 'windows-latest' }}
run: dart compile exe bin/srvd.dart -v -o sshnp/srvd${{ matrix.ext }}
- if: ${{ matrix.os != 'windows-latest' }}
run: dart compile exe bin/srvd.dart -D ENABLE_SNOOP=true -v -o sshnp/debug/srvd${{ matrix.ext }}
# copy additional bundle items to build
- run: cp -r bundles/core/* sshnp/
- run: cp -r bundles/${{ matrix.bundle }}/* sshnp/
- run: cp LICENSE sshnp
# codesign for apple
- if: ${{ matrix.os == 'macOS-latest' || matrix.os == 'macos-14'}}
name: Import certificates
env:
MACOS_CODESIGN_CERT: ${{ secrets.MACOS_CODESIGN_CERT }}
MACOS_CODESIGN_CERT_PASSWORD: ${{ secrets.MACOS_CODESIGN_CERT_PASSWORD }}
MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }}
MACOS_KEYCHAIN_PASSWORD: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }}
run: |
# Load certificate
CERT_PATH=$RUNNER_TEMP/noports-codesign.p12
echo -n "$MACOS_CODESIGN_CERT" | base64 --decode -o $CERT_PATH
# create temp keychain
KEYCHAIN_PATH=$RUNNER_TEMP/build.keychain
security create-keychain -p "$MACOS_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security default-keychain -s $KEYCHAIN_PATH
security unlock-keychain -p "$MACOS_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security import $CERT_PATH -k $KEYCHAIN_PATH -P "$MACOS_CODESIGN_CERT_PASSWORD" -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:apple,:,codesign: -s -k "$MACOS_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# codesign
/usr/bin/codesign \
--force \
-s "$MACOS_SIGNING_IDENTITY" \
--options=runtime \
--entitlements ./tools/templates/entitlements.plist \
--prefix "com.atsign." \
--timestamp \
-v \
sshnp/{ssh*,srv,srvd,at_activate,debug/srvd}
# zip the build
- if: ${{ matrix.os == 'macOS-latest' || matrix.os == 'macos-14'}}
run: ditto -c -k --keepParent sshnp tarball/${{ matrix.output-name }}.zip
- if: ${{ matrix.os == 'ubuntu-latest' }}
run: tar -cvzf tarball/${{ matrix.output-name }}.tgz sshnp
- if: ${{ matrix.os == 'windows-latest' }}
run: Compress-Archive -Path sshnp -Destination tarball/${{ matrix.output-name }}.zip
# Notarize the build
- if: ${{ matrix.os == 'macOS-latest' || matrix.os == 'macos-14'}}
env:
MACOS_APPLE_ID: ${{ secrets.MACOS_APPLE_ID }}
MACOS_TEAM_ID: ${{ secrets.MACOS_TEAM_ID }}
MACOS_APPLE_ID_PASSWORD: ${{ secrets.MACOS_APPLE_ID_PASSWORD }}
run: |
xcrun notarytool submit tarball/${{ matrix.output-name }}.zip \
--apple-id "$MACOS_APPLE_ID" \
--team-id "$MACOS_TEAM_ID" \
--password "$MACOS_APPLE_ID_PASSWORD" \
--wait
# upload the build
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: ${{ matrix.output-name }}-upload
path: ./packages/dart/sshnoports/tarball
if-no-files-found: error
other_build:
if: ${{ ! inputs.main_build_only }}
needs: verify_tags
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./packages/dart
strategy:
matrix:
platform: [linux/arm/v7, linux/arm64, linux/riscv64]
include:
- platform: linux/arm/v7
output-name: sshnp-linux-arm
- platform: linux/arm64
output-name: sshnp-linux-arm64
- platform: linux/riscv64
output-name: sshnp-linux-riscv64
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0
- run: |
docker buildx build -t atsigncompany/sshnptarball -f sshnoports/tools/Dockerfile.package \
--platform ${{ matrix.platform }} -o type=tar,dest=bins.tar .
- run: mkdir tarballs
- run: tar -xvf bins.tar -C tarballs
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: ${{ matrix.output-name }}-upload
path: ./packages/dart/tarballs/${{ matrix.output-name }}.tgz
if-no-files-found: error
universal_sh:
if: startsWith(github.ref, 'refs/tags/v')
defaults:
run:
working-directory: ./packages/dart/sshnoports/bundles
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- run: |
write_metadata() {
start_line="# SCRIPT METADATA"
end_line="# END METADATA"
file=$1
variable=$2
value=$3
sed -i'' "/$start_line/,/$end_line/;s/$variable=\".*\"/$variable=\"$value\"/" "$file"
}
REF=${{ github.ref }}
TAG=${REF:10}
write_metadata universal.sh sshnp_version "$TAG"
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: universal.sh
path: ./packages/dart/sshnoports/bundles/universal.sh
if-no-files-found: error
notify_on_completion:
needs: [main_build, other_build, universal_installer]

Check failure on line 187 in .github/workflows/multibuild.yaml

View workflow run for this annotation

GitHub Actions / Multibuild

Invalid workflow file 

The workflow is not valid. .github/workflows/multibuild.yaml (Line: 187, Col: 38): Job 'notify_on_completion' depends on unknown job 'universal_installer'. .github/workflows/multibuild.yaml (Line: 199, Col: 38): Job 'notify_on_failure' depends on unknown job 'universal_installer'.
runs-on: ubuntu-latest
steps:
- name: Google Chat Notification
uses: Co-qn/google-chat-notification@3691ccf4763537d6e544bc6cdcccc1965799d056 # v1
with:
name: SSH no ports binaries were built by GitHub Action ${{ github.run_number }}
url: ${{ secrets.GOOGLE_CHAT_WEBHOOK }}
status: ${{ job.status }}
notify_on_failure:
if: failure()
needs: [main_build, other_build, universal_installer]
runs-on: ubuntu-latest
steps:
- name: Google Chat Notification
uses: Co-qn/google-chat-notification@3691ccf4763537d6e544bc6cdcccc1965799d056 # v1
with:
name: SSH no ports binaries build FAILED by GitHub Action ${{ github.run_number }}
url: ${{ secrets.GOOGLE_CHAT_WEBHOOK }}
status: ${{ job.status }}