v1.9.4 (#1210) #21
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
tags: | |
- 'v[0-9]+.[0-9]+.[0-9]*' | |
name: Create release and upload binaries | |
jobs: | |
build-linux: | |
name: Build Linux/BSD All | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '1.22' | |
check-latest: true | |
- name: Build | |
run: | | |
make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" release-linux release-freebsd release-openbsd release-netbsd | |
mkdir release | |
mv build/*.tar.gz release | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: linux-latest | |
path: release | |
build-windows: | |
name: Build Windows | |
runs-on: windows-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '1.22' | |
check-latest: true | |
- name: Build | |
run: | | |
echo $Env:GITHUB_REF.Substring(11) | |
mkdir build\windows-amd64 | |
$Env:GOARCH = "amd64" | |
go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-amd64\nebula.exe ./cmd/nebula-service | |
go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-amd64\nebula-cert.exe ./cmd/nebula-cert | |
mkdir build\windows-arm64 | |
$Env:GOARCH = "arm64" | |
go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-arm64\nebula.exe ./cmd/nebula-service | |
go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-arm64\nebula-cert.exe ./cmd/nebula-cert | |
mkdir build\dist\windows | |
mv dist\windows\wintun build\dist\windows\ | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: windows-latest | |
path: build | |
build-darwin: | |
name: Build Universal Darwin | |
env: | |
HAS_SIGNING_CREDS: ${{ secrets.AC_USERNAME != '' }} | |
runs-on: macos-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '1.22' | |
check-latest: true | |
- name: Import certificates | |
if: env.HAS_SIGNING_CREDS == 'true' | |
uses: Apple-Actions/import-codesign-certs@v3 | |
with: | |
p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }} | |
p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }} | |
- name: Build, sign, and notarize | |
env: | |
AC_USERNAME: ${{ secrets.AC_USERNAME }} | |
AC_PASSWORD: ${{ secrets.AC_PASSWORD }} | |
run: | | |
rm -rf release | |
mkdir release | |
make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" service build/darwin-amd64/nebula build/darwin-amd64/nebula-cert | |
make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" service build/darwin-arm64/nebula build/darwin-arm64/nebula-cert | |
lipo -create -output ./release/nebula ./build/darwin-amd64/nebula ./build/darwin-arm64/nebula | |
lipo -create -output ./release/nebula-cert ./build/darwin-amd64/nebula-cert ./build/darwin-arm64/nebula-cert | |
if [ -n "$AC_USERNAME" ]; then | |
codesign -s "10BC1FDDEB6CE753550156C0669109FAC49E4D1E" -f -v --timestamp --options=runtime -i "net.defined.nebula" ./release/nebula | |
codesign -s "10BC1FDDEB6CE753550156C0669109FAC49E4D1E" -f -v --timestamp --options=runtime -i "net.defined.nebula-cert" ./release/nebula-cert | |
fi | |
zip -j release/nebula-darwin.zip release/nebula-cert release/nebula | |
if [ -n "$AC_USERNAME" ]; then | |
xcrun notarytool submit ./release/nebula-darwin.zip --team-id "576H3XS7FP" --apple-id "$AC_USERNAME" --password "$AC_PASSWORD" --wait | |
fi | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: darwin-latest | |
path: ./release/* | |
build-docker: | |
name: Create and Upload Docker Images | |
# Technically we only need build-linux to succeed, but if any platforms fail we'll | |
# want to investigate and restart the build | |
needs: [build-linux, build-darwin, build-windows] | |
runs-on: ubuntu-latest | |
env: | |
HAS_DOCKER_CREDS: ${{ vars.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }} | |
# XXX It's not possible to write a conditional here, so instead we do it on every step | |
#if: ${{ env.HAS_DOCKER_CREDS == 'true' }} | |
steps: | |
# Be sure to checkout the code before downloading artifacts, or they will | |
# be overwritten | |
- name: Checkout code | |
if: ${{ env.HAS_DOCKER_CREDS == 'true' }} | |
uses: actions/checkout@v4 | |
- name: Download artifacts | |
if: ${{ env.HAS_DOCKER_CREDS == 'true' }} | |
uses: actions/download-artifact@v4 | |
with: | |
name: linux-latest | |
path: artifacts | |
- name: Login to Docker Hub | |
if: ${{ env.HAS_DOCKER_CREDS == 'true' }} | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ vars.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Set up Docker Buildx | |
if: ${{ env.HAS_DOCKER_CREDS == 'true' }} | |
uses: docker/setup-buildx-action@v3 | |
- name: Build and push images | |
if: ${{ env.HAS_DOCKER_CREDS == 'true' }} | |
env: | |
DOCKER_IMAGE_REPO: ${{ vars.DOCKER_IMAGE_REPO || 'nebulaoss/nebula' }} | |
DOCKER_IMAGE_TAG: ${{ vars.DOCKER_IMAGE_TAG || 'latest' }} | |
run: | | |
mkdir -p build/linux-{amd64,arm64} | |
tar -zxvf artifacts/nebula-linux-amd64.tar.gz -C build/linux-amd64/ | |
tar -zxvf artifacts/nebula-linux-arm64.tar.gz -C build/linux-arm64/ | |
docker buildx build . --push -f docker/Dockerfile --platform linux/amd64,linux/arm64 --tag "${DOCKER_IMAGE_REPO}:${DOCKER_IMAGE_TAG}" --tag "${DOCKER_IMAGE_REPO}:${GITHUB_REF#refs/tags/v}" | |
release: | |
name: Create and Upload Release | |
needs: [build-linux, build-darwin, build-windows] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: artifacts | |
- name: Zip Windows | |
run: | | |
cd artifacts/windows-latest | |
cp windows-amd64/* . | |
zip -r nebula-windows-amd64.zip nebula.exe nebula-cert.exe dist | |
cp windows-arm64/* . | |
zip -r nebula-windows-arm64.zip nebula.exe nebula-cert.exe dist | |
- name: Create sha256sum | |
run: | | |
cd artifacts | |
for dir in linux-latest darwin-latest windows-latest | |
do | |
( | |
cd $dir | |
if [ "$dir" = windows-latest ] | |
then | |
sha256sum <windows-amd64/nebula.exe | sed 's=-$=nebula-windows-amd64.zip/nebula.exe=' | |
sha256sum <windows-amd64/nebula-cert.exe | sed 's=-$=nebula-windows-amd64.zip/nebula-cert.exe=' | |
sha256sum <windows-arm64/nebula.exe | sed 's=-$=nebula-windows-arm64.zip/nebula.exe=' | |
sha256sum <windows-arm64/nebula-cert.exe | sed 's=-$=nebula-windows-arm64.zip/nebula-cert.exe=' | |
sha256sum nebula-windows-amd64.zip | |
sha256sum nebula-windows-arm64.zip | |
elif [ "$dir" = darwin-latest ] | |
then | |
sha256sum <nebula-darwin.zip | sed 's=-$=nebula-darwin.zip=' | |
sha256sum <nebula | sed 's=-$=nebula-darwin.zip/nebula=' | |
sha256sum <nebula-cert | sed 's=-$=nebula-darwin.zip/nebula-cert=' | |
else | |
for v in *.tar.gz | |
do | |
sha256sum $v | |
tar zxf $v --to-command='sh -c "sha256sum | sed s=-$='$v'/$TAR_FILENAME="' | |
done | |
fi | |
) | |
done | sort -k 2 >SHASUM256.txt | |
- name: Create Release | |
id: create_release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
cd artifacts | |
gh release create \ | |
--verify-tag \ | |
--title "Release ${{ github.ref_name }}" \ | |
"${{ github.ref_name }}" \ | |
SHASUM256.txt *-latest/*.zip *-latest/*.tar.gz |