Build #45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
workflow_run: | |
workflows: ["test"] | |
branches: [main] | |
types: | |
- completed | |
permissions: | |
contents: write | |
pull-requests: write | |
packages: write | |
jobs: | |
check_release: | |
if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
runs-on: ubuntu-latest | |
outputs: | |
release_created: ${{ steps.release_please.outputs.release_created }} | |
release_tag: ${{ steps.release_please.outputs.tag_name }} | |
steps: | |
- name: Run release please | |
uses: google-github-actions/release-please-action@v4 | |
id: release_please | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
build: | |
needs: check_release | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
arch: [amd64,arm,arm64] | |
steps: | |
- name: Checkout source | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up environment | |
run: | | |
echo "APPVERSION=$(git describe --tags --abbrev=0)-$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
echo "BUILD_ENV=build/env.${{ matrix.arch }}" >> $GITHUB_ENV | |
- name: Set app version for release | |
if: ${{ needs.check_release.outputs.release_created }} | |
run: echo "APPVERSION=${{ needs.check_release.outputs.release_tag }}" >> $GITHUB_ENV | |
- name: Add ${{ matrix.arch }} package repos | |
if: ${{ matrix.arch != 'amd64' }} | |
id: enable_multiarch | |
run: | | |
source ${BUILD_ENV} | |
sudo dpkg --add-architecture ${PKG_ARCH} | |
sudo sed -i 's|^deb\s|deb [arch=amd64] |g' /etc/apt/sources.list | |
sudo tee -a /etc/apt/sources.list << EOF | |
deb [arch=${PKG_ARCH}] http://ports.ubuntu.com/ubuntu-ports/ jammy main | |
#deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy main | |
deb [arch=${PKG_ARCH}] http://ports.ubuntu.com/ubuntu-ports/ jammy-updates main | |
#deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy-updates main | |
deb [arch=${PKG_ARCH}] http://ports.ubuntu.com/ubuntu-ports/ jammy-security main | |
#deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy-security main | |
EOF | |
- name: Install build dependencies | |
id: install_packages | |
run: > | |
source ${BUILD_ENV} && | |
sudo apt-get update > ${RUNNER_TEMP}/apt-update.log && | |
sudo apt-get -y install desktop-file-utils gcc ${CC_PKG} | |
libgl1-mesa-dev:${PKG_ARCH} xserver-xorg-dev:${PKG_ARCH} | |
libxcursor-dev:${PKG_ARCH} libxrandr-dev:${PKG_ARCH} | |
libxinerama-dev:${PKG_ARCH} libxi-dev:${PKG_ARCH} | |
libgl1-mesa-dev:${PKG_ARCH} libxxf86vm-dev:${PKG_ARCH} | |
> ${RUNNER_TEMP}/apt-install.log | |
env: | |
DEBIAN_FRONTEND: noninteractive | |
- name: Setup Go | |
id: setup_go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: '^1.22' | |
- name: Install Go dependencies | |
id: install_go_deps | |
run: | | |
go install golang.org/x/tools/cmd/stringer@latest | |
go install github.com/fyne-io/fyne-cross@latest | |
go install golang.org/x/text/cmd/gotext@latest | |
go install github.com/matryer/moq@latest | |
go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest | |
- name: Build ${{ matrix.arch }} binary | |
id: build_binary | |
run: | | |
source ${BUILD_ENV} | |
echo ARCH: ${MATRIX_ARCH} CC: ${CC} GOARCH: ${GOARCH} PKG_CONFIG_PATH: ${PKG_CONFIG_PATH} | |
go generate -v ./... | |
go build -v -o dist/go-hass-agent-${{ matrix.arch }} | |
env: | |
CGO_ENABLED: 1 | |
MATRIX_ARCH: ${{ matrix.arch }} | |
- name: Build with fyne-cross | |
id: build_fyne_cross | |
run: | | |
fyne-cross linux -arch=${{ matrix.arch }} -name go-hass-agent \ | |
-icon internal/agent/ui/assets/logo-pretty.png -release | |
mv fyne-cross/dist/linux-${{ matrix.arch }}/go-hass-agent.tar.xz \ | |
fyne-cross/dist/linux-${{ matrix.arch }}/go-hass-agent-${{ matrix.arch }}.tar.xz | |
- name: Create packages | |
id: nfpm_package | |
run: | | |
source ${BUILD_ENV} | |
nfpm package --config .nfpm.yaml --packager rpm --target dist | |
nfpm package --config .nfpm.yaml --packager deb --target dist | |
nfpm package --config .nfpm.yaml --packager archlinux --target dist | |
- name: Install cosign | |
id: cosign_install | |
uses: sigstore/[email protected] | |
with: | |
cosign-release: 'v2.2.2' | |
- name: Sign artifacts with cosign | |
id: cosign_sign | |
run: | | |
shopt -s nullglob | |
echo Need to sign dist/*.{rpm,deb,zst} fyne-cross/dist/linux-${{ matrix.arch }}/*.tar.xz | |
for artifact in dist/*.{rpm,deb,zst} fyne-cross/dist/linux-${{ matrix.arch }}/*.tar.xz; do | |
echo Signing ${artifact} | |
cosign --verbose=true sign-blob --yes --key cosign.key --output-signature=${artifact}.sig ${artifact} | |
done | |
env: | |
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }} | |
- name: Upload build artifacts | |
id: upload_artifacts | |
if: ${{ ! needs.check_release.outputs.release_created }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: build-${{ matrix.arch }}-${{ github.sha }} | |
path: | | |
dist | |
fyne-cross/dist/linux-${{ matrix.arch }} | |
- name: Upload release artifacts | |
id: upload_release | |
if: ${{ needs.check_release.outputs.release_created }} | |
run: > | |
gh release upload ${{ needs.check_release.outputs.release_tag }} dist/*.{rpm,deb,zst,sig} | |
gh release upload ${{ needs.check_release.outputs.release_tag }} fyne-cross/dist/linux-${{ matrix.arch }}/* | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
build_container: | |
needs: check_release | |
runs-on: ubuntu-20.04 | |
env: | |
REGISTRY: ghcr.io | |
IMAGE: ${{ github.repository }} | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up environment | |
run: | | |
echo "APPVERSION=$(git describe --tags --abbrev=0)-$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
- name: Set app version for release | |
if: ${{ needs.check_release.outputs.release_created }} | |
run: echo "APPVERSION=${{ needs.check_release.outputs.release_tag }}" >> $GITHUB_ENV | |
- name: Log in to the Container registry | |
id: registry_login | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get Docker metadata | |
id: docker_metadata | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ env.REGISTRY }}/${{ env.IMAGE }} | |
tags: | | |
type=raw,value=latest | |
type=edge | |
type=sha | |
type=ref,event=branch | |
type=ref,event=pr | |
type=schedule | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }} | |
type=raw,value=${{ env.APPVERSION }} | |
- name: Build container image | |
id: build_image | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
push: true | |
tags: ${{ steps.docker_metadata.outputs.tags }} | |
labels: ${{ steps.docker_metadata.outputs.labels }} | |
- name: Check and install cosign | |
uses: sigstore/[email protected] | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
with: | |
cosign-release: 'v2.2.2' | |
- name: Sign image with a key | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
env: | |
DIGEST: ${{ steps.build_image.outputs.digest }} | |
TAGS: ${{ steps.docker_metadata.outputs.tags }} | |
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }} | |
run: | | |
images="" | |
for tag in ${TAGS}; do | |
images+="${tag}@${DIGEST} " | |
done | |
cosign --verbose=true sign --yes --key cosign.key \ | |
-a "repo=${{ github.repository }}" \ | |
-a "ref=${{ github.ref }}" \ | |
${images} | |