Build #40

Workflow file for this run

	name: Build

	on:
	workflow_run:
	workflows: ["test"]
	branches: [main]
	types:
	- completed

	permissions:
	contents: write
	pull-requests: write
	packages: write

	jobs:
	check_release:
	if: ${{ github.event.workflow_run.conclusion == 'success' }}
	runs-on: ubuntu-latest
	outputs:
	release_created: ${{ steps.release_please.outputs.release_created }}
	release_tag: ${{ steps.release_please.outputs.tag_name }}
	steps:
	- name: Run release please
	uses: google-github-actions/release-please-action@v4
	id: release_please
	with:
	token: ${{ secrets.GITHUB_TOKEN }}
	build:
	needs: check_release
	runs-on: ubuntu-latest
	strategy:
	matrix:
	arch: [amd64,arm,arm64]
	steps:
	- name: Checkout source
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: Set up environment
	run: \|
	echo "APPVERSION=$(git describe --tags --abbrev=0)-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
	echo "BUILD_ENV=build/env.${{ matrix.arch }}" >> $GITHUB_ENV
	- name: Set app version for release
	if: ${{ needs.check_release.outputs.release_created }}
	run: echo "APPVERSION=${{ needs.check_release.outputs.release_tag }}" >> $GITHUB_ENV
	- name: Add ${{ matrix.arch }} package repos
	if: ${{ matrix.arch != 'amd64' }}
	id: enable_multiarch
	run: \|
	source ${BUILD_ENV}
	sudo dpkg --add-architecture ${PKG_ARCH}
	sudo sed -i 's\|^deb\s\|deb [arch=amd64] \|g' /etc/apt/sources.list
	sudo tee -a /etc/apt/sources.list << EOF
	deb [arch=${PKG_ARCH}] http://ports.ubuntu.com/ubuntu-ports/ jammy main
	#deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy main
	deb [arch=${PKG_ARCH}] http://ports.ubuntu.com/ubuntu-ports/ jammy-updates main
	#deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy-updates main
	deb [arch=${PKG_ARCH}] http://ports.ubuntu.com/ubuntu-ports/ jammy-security main
	#deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy-security main
	EOF
	- name: Install build dependencies
	id: install_packages
	run: >
	source ${BUILD_ENV} &&
	sudo apt-get update > ${RUNNER_TEMP}/apt-update.log &&
	sudo apt-get -y install desktop-file-utils gcc ${CC_PKG}
	libgl1-mesa-dev:${PKG_ARCH} xserver-xorg-dev:${PKG_ARCH}
	libxcursor-dev:${PKG_ARCH} libxrandr-dev:${PKG_ARCH}
	libxinerama-dev:${PKG_ARCH} libxi-dev:${PKG_ARCH}
	libgl1-mesa-dev:${PKG_ARCH} libxxf86vm-dev:${PKG_ARCH}
	> ${RUNNER_TEMP}/apt-install.log
	env:
	DEBIAN_FRONTEND: noninteractive
	- name: Setup Go
	id: setup_go
	uses: actions/setup-go@v5
	with:
	go-version: '^1.22'
	- name: Install Go dependencies
	id: install_go_deps
	run: \|
	go install golang.org/x/tools/cmd/stringer@latest
	go install github.com/fyne-io/fyne-cross@latest
	go install golang.org/x/text/cmd/gotext@latest
	go install github.com/matryer/moq@latest
	go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest
	- name: Build ${{ matrix.arch }} binary
	id: build_binary
	run: \|
	source ${BUILD_ENV}
	echo ARCH: ${MATRIX_ARCH} CC: ${CC} GOARCH: ${GOARCH} PKG_CONFIG_PATH: ${PKG_CONFIG_PATH}
	go generate -v ./...
	go build -v -o dist/go-hass-agent-${{ matrix.arch }}
	env:
	CGO_ENABLED: 1
	MATRIX_ARCH: ${{ matrix.arch }}
	- name: Build with fyne-cross
	id: build_fyne_cross
	run: \|
	fyne-cross linux -arch=${{ matrix.arch }} -name go-hass-agent \
	-icon internal/agent/ui/assets/logo-pretty.png -release
	mv fyne-cross/dist/linux-${{ matrix.arch }}/go-hass-agent.tar.xz \
	fyne-cross/dist/linux-${{ matrix.arch }}/go-hass-agent-${{ matrix.arch }}.tar.xz
	- name: Create packages
	id: nfpm_package
	run: \|
	source ${BUILD_ENV}
	nfpm package --config .nfpm.yaml --packager rpm --target dist
	nfpm package --config .nfpm.yaml --packager deb --target dist
	nfpm package --config .nfpm.yaml --packager archlinux --target dist
	- name: Install cosign
	id: cosign_install
	uses: sigstore/[email protected]
	with:
	cosign-release: 'v2.2.2'
	- name: Sign artifacts with cosign
	id: cosign_sign
	run: \|
	shopt -s nullglob
	echo Need to sign dist/.{rpm,deb,zst} fyne-cross/dist/linux-${{ matrix.arch }}/.tar.xz
	for artifact in dist/.{rpm,deb,zst} fyne-cross/dist/linux-${{ matrix.arch }}/.tar.xz; do
	echo Signing ${artifact}
	cosign --verbose=true sign-blob --yes --key cosign.key --output-signature=${artifact}.sig ${artifact}
	done
	env:
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
	- name: Upload build artifacts
	id: upload_artifacts
	if: ${{ ! needs.check_release.outputs.release_created }}
	uses: actions/upload-artifact@v4
	with:
	name: build-${{ matrix.arch }}-${{ github.sha }}
	path: \|
	dist
	fyne-cross/dist/linux-${{ matrix.arch }}
	- name: Upload release artifacts
	id: upload_release
	if: ${{ needs.check_release.outputs.release_created }}
	run: >
	gh release upload ${{ needs.check_release.outputs.release_tag }} dist/*.{rpm,deb,zst,sig}
	gh release upload ${{ needs.check_release.outputs.release_tag }} fyne-cross/dist/linux-${{ matrix.arch }}/*
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	build_container:
	needs: check_release
	runs-on: ubuntu-20.04
	env:
	REGISTRY: ghcr.io
	REGISTRY_USER: ${{ github.actor }}
	REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
	IMAGE: ${{ github.repository }}
	steps:
	- name: Checkout repo
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: Set up environment
	run: \|
	echo "APPVERSION=$(git describe --tags --abbrev=0)-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
	- name: Set app version for release
	if: ${{ needs.check_release.outputs.release_created }}
	run: echo "APPVERSION=${{ needs.check_release.outputs.release_tag }}" >> $GITHUB_ENV
	- name: Install/Cache dependencies
	run: \|
	sudo apt-get update > ${RUNNER_TEMP}/apt-update.log &&
	sudo apt-get -y install qemu-user-static > ${RUNNER_TEMP}/apt-install.log
	- name: Get Docker metadata
	id: docker_metadata
	uses: docker/metadata-action@v5
	with:
	images: \|
	${{ env.REGISTRY }}/${{ env.IMAGE }}
	tags: \|
	type=raw,value=latest
	type=edge
	type=sha
	type=ref,event=branch
	type=ref,event=pr
	type=schedule
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
	- name: Build container image
	id: build_image
	uses: redhat-actions/buildah-build@v2
	with:
	archs: amd64
	image: ${{ env.IMAGE }}
	tags: ${{ steps.docker_metadata.outputs.tags }} ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.APPVERSION }}
	labels: ${{ steps.docker_metadata.outputs.labels }}
	containerfiles: Dockerfile
	layers: false
	oci: true
	- name: Push to Container Registry
	id: push_image
	uses: redhat-actions/push-to-registry@v2
	if: github.event_name == 'push' && github.ref == 'refs/heads/main'
	with:
	username: ${{ env.REGISTRY_USER }}
	password: ${{ env.REGISTRY_PASSWORD }}
	tags: ${{ steps.build_image.outputs.tags }}
	extra-args: \|
	--disable-content-trust
	- name: Login to Container Registry
	uses: redhat-actions/podman-login@v1
	if: github.event_name == 'push' && github.ref == 'refs/heads/main'
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ env.REGISTRY_USER }}
	password: ${{ env.REGISTRY_PASSWORD }}
	- name: Check and install cosign
	uses: sigstore/[email protected]
	if: github.event_name == 'push' && github.ref == 'refs/heads/main'
	with:
	cosign-release: 'v2.2.2'
	- name: Sign image with a key
	if: github.event_name == 'push' && github.ref == 'refs/heads/main'
	env:
	DIGEST: ${{ steps.push_image.outputs.digest }}
	TAGS: ${{ steps.docker_metadata.outputs.tags }} ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.APPVERSION }}
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
	run: \|
	images=""
	for tag in ${TAGS}; do
	images+="${tag}@${DIGEST} "
	done
	cosign --verbose=true sign --yes --key cosign.key \
	-a "repo=${{ github.repository }}" \
	-a "ref=${{ github.ref }}" \
	${images}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build #40

Workflow file

Build #40

Jobs

Run details

Workflow file for this run