Skip to content

Build

Build #73

Workflow file for this run

name: Build
on:
workflow_run:
workflows: ["test"]
branches: [main]
types:
- completed
permissions:
contents: read
jobs:
check_release:
permissions:
contents: write
pull-requests: write
if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-latest
outputs:
release_created: ${{ steps.release_please.outputs.release_created }}
release_tag: ${{ steps.release_please.outputs.tag_name }}
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
config: ${{ vars.PERMISSIONS_CONFIG }}
- name: Run release please
uses: google-github-actions/release-please-action@v4
id: release_please
with:
token: ${{ secrets.GITHUB_TOKEN }}
build:
needs: check_release
permissions:
contents: write
runs-on: ubuntu-latest
strategy:
matrix:
arch: [amd64,arm,arm64]
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
config: ${{ vars.PERMISSIONS_CONFIG }}
- name: Checkout source
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up environment
run: |
echo "APPVERSION=$(git describe --tags --abbrev=0)-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
echo "BUILD_ENV=build/env.${{ matrix.arch }}" >> $GITHUB_ENV
- name: Set app version for release
if: ${{ needs.check_release.outputs.release_created }}
run: echo "APPVERSION=${{ needs.check_release.outputs.release_tag }}" >> $GITHUB_ENV
- name: Add ${{ matrix.arch }} package repos
if: ${{ matrix.arch != 'amd64' }}
id: enable_multiarch
run: |
source ${BUILD_ENV}
sudo dpkg --add-architecture ${PKG_ARCH}
sudo sed -i 's|^deb\s|deb [arch=amd64] |g' /etc/apt/sources.list
sudo tee -a /etc/apt/sources.list << EOF
deb [arch=${PKG_ARCH}] http://ports.ubuntu.com/ubuntu-ports/ jammy main
#deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy main
deb [arch=${PKG_ARCH}] http://ports.ubuntu.com/ubuntu-ports/ jammy-updates main
#deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy-updates main
deb [arch=${PKG_ARCH}] http://ports.ubuntu.com/ubuntu-ports/ jammy-security main
#deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy-security main
EOF
- name: Install build dependencies
id: install_packages
run: >
source ${BUILD_ENV} &&
sudo apt-get update > ${RUNNER_TEMP}/apt-update.log &&
sudo apt-get -y install desktop-file-utils gcc ${CC_PKG}
libgl1-mesa-dev:${PKG_ARCH} xserver-xorg-dev:${PKG_ARCH}
libxcursor-dev:${PKG_ARCH} libxrandr-dev:${PKG_ARCH}
libxinerama-dev:${PKG_ARCH} libxi-dev:${PKG_ARCH}
libgl1-mesa-dev:${PKG_ARCH} libxxf86vm-dev:${PKG_ARCH}
> ${RUNNER_TEMP}/apt-install.log
env:
DEBIAN_FRONTEND: noninteractive
- name: Setup Go
id: setup_go
uses: actions/setup-go@v5
with:
go-version: '^1.22'
- name: Install Go dependencies
id: install_go_deps
run: |
go install golang.org/x/tools/cmd/stringer@latest
go install github.com/fyne-io/fyne-cross@latest
go install golang.org/x/text/cmd/gotext@latest
go install github.com/matryer/moq@latest
go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest
- name: Build ${{ matrix.arch }} binary
id: build_binary
run: |
source ${BUILD_ENV}
echo ARCH: ${MATRIX_ARCH} CC: ${CC} GOARCH: ${GOARCH} PKG_CONFIG_PATH: ${PKG_CONFIG_PATH}
go generate -v ./...
go build -v -o dist/go-hass-agent-${{ matrix.arch }}
env:
CGO_ENABLED: 1
MATRIX_ARCH: ${{ matrix.arch }}
- name: Build with fyne-cross
id: build_fyne_cross
run: |
fyne-cross linux -arch=${{ matrix.arch }} -name go-hass-agent \
-icon internal/agent/ui/assets/logo-pretty.png -release
mv fyne-cross/dist/linux-${{ matrix.arch }}/go-hass-agent.tar.xz \
fyne-cross/dist/linux-${{ matrix.arch }}/go-hass-agent-${{ matrix.arch }}.tar.xz
- name: Create packages
id: nfpm_package
run: |
source ${BUILD_ENV}
nfpm package --config .nfpm.yaml --packager rpm --target dist
nfpm package --config .nfpm.yaml --packager deb --target dist
nfpm package --config .nfpm.yaml --packager archlinux --target dist
- name: Install cosign
id: cosign_install
uses: sigstore/[email protected]
with:
cosign-release: 'v2.2.2'
- name: Sign artifacts with cosign
id: cosign_sign
run: |
shopt -s nullglob
echo Need to sign dist/*.{rpm,deb,zst} fyne-cross/dist/linux-${{ matrix.arch }}/*.tar.xz
for artifact in dist/*.{rpm,deb,zst} fyne-cross/dist/linux-${{ matrix.arch }}/*.tar.xz; do
echo Signing ${artifact}
cosign --verbose=true sign-blob --yes --key cosign.key --output-signature=${artifact}.sig ${artifact}
done
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
- name: Upload build artifacts
id: upload_artifacts
if: ${{ ! needs.check_release.outputs.release_created }}
uses: actions/upload-artifact@v4
with:
name: build-${{ matrix.arch }}-${{ github.sha }}
path: |
dist
fyne-cross/dist/linux-${{ matrix.arch }}
- name: Upload release artifacts
id: upload_release
if: ${{ needs.check_release.outputs.release_created }}
run: |
gh release upload ${{ needs.check_release.outputs.release_tag }} dist/*.{rpm,deb,zst,sig}
gh release upload ${{ needs.check_release.outputs.release_tag }} fyne-cross/dist/linux-${{ matrix.arch }}/*
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build_container:
needs: check_release
permissions:
contents: write
packages: write
runs-on: ubuntu-20.04
# strategy:
# matrix:
# platform:
# - linux/amd64
# - linux/arm/v7
# - linux/arm64
env:
REGISTRY: ghcr.io
IMAGE: ${{ github.repository }}
steps:
- uses: GitHubSecurityLab/actions-permissions/monitor@v1
with:
config: ${{ vars.PERMISSIONS_CONFIG }}
- name: Checkout repo
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up environment
run: |
echo "APPVERSION=$(git describe --tags --abbrev=0)-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
# platform=${{ matrix.platform }}
# echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- name: Set app version for release
if: ${{ needs.check_release.outputs.release_created }}
run: echo "APPVERSION=${{ needs.check_release.outputs.release_tag }}" >> $GITHUB_ENV
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v3
- name: Log in to the Container registry
id: registry_login
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Get Docker metadata
id: docker_metadata
uses: docker/metadata-action@v5
with:
images: |
${{ env.REGISTRY }}/${{ env.IMAGE }}
tags: |
type=raw,value=latest
type=edge
type=sha
type=ref,event=branch
type=ref,event=pr
type=schedule
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
type=raw,value=${{ env.APPVERSION }}
- name: Build container image
id: build_image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.docker_metadata.outputs.tags }}
labels: ${{ steps.docker_metadata.outputs.labels }}
- name: Check and install cosign
uses: sigstore/[email protected]
# if: github.event_name == 'push' && github.ref == 'refs/heads/main'
with:
cosign-release: 'v2.2.2'
- name: Sign image with a key
# if: github.event_name == 'push' && github.ref == 'refs/heads/main'
env:
DIGEST: ${{ steps.build_image.outputs.digest }}
TAGS: ${{ steps.docker_metadata.outputs.tags }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PWD }}
run: |
images=""
for tag in ${TAGS}; do
images+="${tag}@${DIGEST} "
done
cosign --verbose=true sign --yes --key cosign.key \
-a "repo=${{ github.repository }}" \
-a "ref=${{ github.ref }}" \
${images}