Skip to content
Snippets Groups Projects
Commit eda2b7b2 authored by Alexander Berezovsky's avatar Alexander Berezovsky Committed by Juan Diego Gonzalez
Browse files

Add GHA capability to release Apple ARM 


Support other CLI major versions
Major Build-Sign-Upload workflow refactor

Co-authored-by: default avatarShwetha Gururaj <gururajsh@vmware.com>
Co-authored-by: default avatarJuan Diego Gonzalez <gojuan@vmware.com>
Signed-off-by: default avatarJuan Diego Gonzalez <gojuan@vmware.com>
parent 2855a1b8
No related branches found
Tags v8.4.0
No related merge requests found
Hide whitespace changes
Inline Side-by-side
.github/workflows/build-sign-upload.yml
+ 422
235
View file @ eda2b7b2
name: Build-Sign-Upload name: Build-Sign-Upload
# List of env variables
# GitHub Actions specific
#
# ACTIONS_RUNNER_DEBUG
# ACTIONS_STEP_DEBUG
#
# AWS credentials
# To upload artifacts to S3 for CLAW
#
# AWS_ACCESS_KEY_ID
# AWS_REGION
# AWS_S3_BUCKET
# AWS_SECRET_ACCESS_KEY
#
# GitHub details
# To publish release draft
#
# GIT_DEPLOY_HOMEBREW_TAP
# GIT_RELEASE_TARGET_REPO
# GIT_REPO_ACCESS_TOKEN
#
# Signing keys
#
# SIGNING_KEY_GPG
# SIGNING_KEY_GPG_ID
# SIGNING_KEY_GPG_PASSPHRASE
#
# SIGNING_KEY_MAC_ID
# SIGNING_KEY_MAC_PASSPHRASE
# SIGNING_KEY_MAC_PFX
#
# SIGNING_KEY_WINDOWS_ID
# SIGNING_KEY_WINDOWS_PASSPHRASE
# SIGNING_KEY_WINDOWS_PFX
on: on:
push: push:
tags: tags:
- 'v7.*'
- 'v8.*' - 'v8.*'
branches:
- "gh-actions-*"
permissions: permissions:
contents: read contents: read
...@@ -16,14 +55,47 @@ defaults: ...@@ -16,14 +55,47 @@ defaults:
shell: bash shell: bash
jobs: jobs:
# test:
# environment: DEV
# runs-on: ubuntu-latest
# steps:
# - name: Setup upterm session
# env:
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
# AWS_REGION: ${{ secrets.AWS_REGION }}
# AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# GIT_RELEASE_TARGET_REPO: ${{ secrets.GIT_RELEASE_TARGET_REPO }}
# GIT_REPO_ACCESS_TOKEN: ${{ secrets.GIT_REPO_ACCESS_TOKEN }}
# SIGNING_KEY_GPG: ${{ secrets.SIGNING_KEY_GPG }}
# SIGNING_KEY_GPG_ID: ${{ secrets.SIGNING_KEY_GPG_ID }}
# SIGNING_KEY_GPG_PASSPHRASE: ${{ secrets.SIGNING_KEY_GPG_PASSPHRASE }}
# SIGNING_KEY_MAC_ID: ${{ secrets.SIGNING_KEY_MAC_ID }}
# SIGNING_KEY_MAC_PASSPHRASE: ${{ secrets.SIGNING_KEY_MAC_PASSPHRASE }}
# SIGNING_KEY_MAC_PFX: ${{ secrets.SIGNING_KEY_MAC_PFX }}
# SIGNING_KEY_WINDOWS_ID: ${{ secrets.SIGNING_KEY_WINDOWS_ID }}
# SIGNING_KEY_WINDOWS_PASSPHRASE: ${{ secrets.SIGNING_KEY_WINDOWS_PASSPHRASE }}
# SIGNING_KEY_WINDOWS_PFX: ${{ secrets.SIGNING_KEY_WINDOWS_PFX }}
# SIGNING_TEST_CA_MAC: ${{ secrets.SIGNING_TEST_CA_MAC }}
# if: always()
# uses: lhotari/action-upterm@v1
# timeout-minutes: 60
setup: setup:
name: Setup name: Setup
# needs: test
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: ${{ github.action_repository != 'cloudfoundry/cli' }} if: ${{ github.action_repository != 'cloudfoundry/cli' }}
outputs: outputs:
secrets-environment: ${{ steps.set-secrets-environment.outputs.secrets-environment }} secrets-environment: ${{ steps.set-secrets-environment.outputs.secrets-environment }}
build-version: ${{ steps.set-build-version.outputs.build-version }} go-version: ${{ steps.set-go-version.outputs.go-version }}
go-version: ${{ steps.set-go-version.outputs.go-version }}
version-build: ${{ steps.parse-semver.outputs.version-build }}
version-major: ${{ steps.parse-semver.outputs.version-major }}
version-minor: ${{ steps.parse-semver.outputs.version-minor }}
version-patch: ${{ steps.parse-semver.outputs.version-patch }}
steps: steps:
# note the key must be 'id' and not 'name' here, to be accessed via the steps.<step> syntax above # note the key must be 'id' and not 'name' here, to be accessed via the steps.<step> syntax above
...@@ -34,18 +106,26 @@ jobs: ...@@ -34,18 +106,26 @@ jobs:
- name: Checkout cli - name: Checkout cli
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Check if BUILD_VERSION matches tag ${{ github.ref }} - name: Check if VERSION_BUILD matches tag ${{ github.ref }}
run: | run: |
echo "Git Ref: ${{ github.ref }}" echo "Git Ref: ${{ github.ref }}"
echo "BUILD_VERSION: $(cat BUILD_VERSION)" echo "VERSION_BUILD: $(cat BUILD_VERSION)"
exit 0 exit 0
- name: Set build version - name: Parse semver
id: set-build-version id: parse-semver
run: | run: |
version=$(cat BUILD_VERSION) VERSION=$(cat BUILD_VERSION)
echo "::set-output name=build-version::$version" VERSION="${VERSION#[vV]}"
VERSION_MINOR="${VERSION#*.}"
VERSION_MINOR="${VERSION_MINOR%.*}"
echo "::set-output name=version-build::${VERSION}"
echo "::set-output name=version-major::${VERSION%%\.*}"
echo "::set-output name=version-minor::${VERSION_MINOR}"
echo "::set-output name=version-patch::${VERSION##*.}"
- name: Set go version - name: Set go version
id: set-go-version id: set-go-version
...@@ -59,96 +139,6 @@ jobs: ...@@ -59,96 +139,6 @@ jobs:
# uses: lhotari/action-upterm@v1 # uses: lhotari/action-upterm@v1
# timeout-minutes: 60 # timeout-minutes: 60
test-rpm-package:
name: Test RPM Artifacts
needs: build-linux
runs-on: ubuntu-latest
container:
image: fedora
steps:
- name: Download Signed Linux Packages
uses: actions/download-artifact@v2
with:
name: cf-cli-linux-rpm-packages
- name: Display structure of downloaded files
run: ls -R
- name: Test RPMs
run: |
rpm -q --qf 'FN:\t%{FILENAMES}\nNAME:\t%{NAME}\nPGP:\t%{SIGPGP:pgpsig}\nGPG:\t%{SIGGPG:pgpsig}\n' -p *.rpm
test-deb-package:
name: Test Debian Artifacts
needs: build-linux
runs-on: ubuntu-latest
container:
image: ubuntu
steps:
- name: Download Signed Linux Packages
uses: actions/download-artifact@v2
with:
name: cf-cli-linux-deb-packages
- name: Display structure of downloaded files
run: |
ls -R
ls *.deb | xargs -n1 dpkg --info
test-macos:
name: Test macOS Artifacts
needs: build-macos
runs-on: macos-latest
steps:
- name: Download Signed macOS Packages
uses: actions/download-artifact@v2
with:
name: cf-cli-macos-packages
- name: Inspect macOS packages
run: |
ls -R
pkgutil --check-signature *
test-windows:
name: Test Windows Artifacts
needs: build-windows
runs-on: windows-latest
defaults:
run:
shell: pwsh
steps:
- name: Download Signed Windows Binaries
uses: actions/download-artifact@v2
with:
name: cf-cli-windows-binaries
- name: Inspect Windows packages
run: |
Get-AuthenticodeSignature -Verbose -ErrorAction Stop .\cf-cli_win32.exe
Get-AuthenticodeSignature -Verbose -ErrorAction Stop .\cf-cli_winx64.exe
- name: Download Signed Windows Binaries
uses: actions/download-artifact@v2
with:
name: cf-cli-windows-packages
- name: Inspect Windows files
run: |
Get-ChildItem -Force
- name: View installer signature
run: |
Expand-Archive -DestinationPath winx64 -Path cf8-cli-installer_*_winx64.zip
Expand-Archive -DestinationPath win32 -Path cf8-cli-installer_*_win32.zip
Get-AuthenticodeSignature -Verbose -ErrorAction Stop ".\winx64\cf8_installer.exe"
Get-AuthenticodeSignature -Verbose -ErrorAction Stop ".\win32\cf8_installer.exe"
build-linux: build-linux:
name: Build Linux name: Build Linux
needs: needs:
...@@ -157,13 +147,14 @@ jobs: ...@@ -157,13 +147,14 @@ jobs:
environment: ${{ needs.setup.outputs.secrets-environment }} environment: ${{ needs.setup.outputs.secrets-environment }}
env: env:
BUILD_VERSION: ${{ needs.setup.outputs.build-version }} VERSION_BUILD: ${{ needs.setup.outputs.version-build }}
VERSION_MAJOR: ${{ needs.setup.outputs.version-major }}
steps: steps:
- name: Get Build Version - name: Get Build Version
id: get_build_version id: get_build_version
run: echo "BUILD_VERSION $BUILD_VERSION" run: echo "VERSION_BUILD $VERSION_BUILD"
- name: Checkout cli - name: Checkout cli
uses: actions/checkout@v2 uses: actions/checkout@v2
...@@ -224,21 +215,21 @@ jobs: ...@@ -224,21 +215,21 @@ jobs:
$SIGNING_KEY_GPG_ID $SIGNING_KEY_GPG_ID
EOF EOF
RPM_VERSION=${BUILD_VERSION//-/_} RPM_VERSION=${VERSION_BUILD//-/_}
mkdir -pv $root/packaged mkdir -pv $root/packaged
echo "Build 32-bit RedHat package" echo "Build 32-bit RedHat package"
( (
pushd cli-ci/ci/installers/rpm pushd cli-ci/ci/installers/rpm
cp $root/out/cf-cli_linux_i686 cf8 cp $root/out/cf-cli_linux_i686 cf${VERSION_MAJOR}
cp ../../license/NOTICE . cp ../../license/NOTICE .
cp ../../license/LICENSE-WITH-3RD-PARTY-LICENSES LICENSE cp ../../license/LICENSE-WITH-3RD-PARTY-LICENSES LICENSE
cp ../completion/cf8 cf8.bash cp ../completion/cf${VERSION_MAJOR} cf${VERSION_MAJOR}.bash
echo "Version: ${RPM_VERSION}" > cf-cli.spec echo "Version: ${RPM_VERSION}" > cf-cli.spec
cat cf8-cli.spec.template >> cf-cli.spec cat cf${VERSION_MAJOR}-cli.spec.template >> cf-cli.spec
rpmbuild --target i386 --define "_topdir $(pwd)/build" -bb cf-cli.spec rpmbuild --target i386 --define "_topdir $(pwd)/build" -bb cf-cli.spec
mv build/RPMS/i386/cf8-cli*.rpm $root/packaged/cf8-cli-installer_${BUILD_VERSION}_i686.rpm mv build/RPMS/i386/cf${VERSION_MAJOR}-cli*.rpm $root/packaged/cf${VERSION_MAJOR}-cli-installer_${VERSION_BUILD}_i686.rpm
popd popd
) )
...@@ -246,14 +237,14 @@ jobs: ...@@ -246,14 +237,14 @@ jobs:
echo "Build 64-bit RedHat package" echo "Build 64-bit RedHat package"
( (
pushd cli-ci/ci/installers/rpm pushd cli-ci/ci/installers/rpm
cp $root/out/cf-cli_linux_x86-64 cf8 cp $root/out/cf-cli_linux_x86-64 cf${VERSION_MAJOR}
cp ../../license/NOTICE . cp ../../license/NOTICE .
cp ../../license/LICENSE-WITH-3RD-PARTY-LICENSES LICENSE cp ../../license/LICENSE-WITH-3RD-PARTY-LICENSES LICENSE
cp ../completion/cf8 cf8.bash cp ../completion/cf${VERSION_MAJOR} cf${VERSION_MAJOR}.bash
echo "Version: ${RPM_VERSION}" > cf-cli.spec echo "Version: ${RPM_VERSION}" > cf-cli.spec
cat cf8-cli.spec.template >> cf-cli.spec cat cf${VERSION_MAJOR}-cli.spec.template >> cf-cli.spec
rpmbuild --target x86_64 --define "_topdir $(pwd)/build" -bb cf-cli.spec rpmbuild --target x86_64 --define "_topdir $(pwd)/build" -bb cf-cli.spec
mv build/RPMS/x86_64/cf8-cli*.rpm $root/packaged/cf8-cli-installer_${BUILD_VERSION}_x86-64.rpm mv build/RPMS/x86_64/cf${VERSION_MAJOR}-cli*.rpm $root/packaged/cf${VERSION_MAJOR}-cli-installer_${VERSION_BUILD}_x86-64.rpm
popd popd
) )
...@@ -269,23 +260,27 @@ jobs: ...@@ -269,23 +260,27 @@ jobs:
- name: Sign RedHat Packages - name: Sign RedHat Packages
env: env:
SIGNING_KEY_GPG_ID: ${{ secrets.SIGNING_KEY_GPG_ID }} SIGNING_KEY_GPG_ID: ${{ secrets.SIGNING_KEY_GPG_ID }}
SIGNING_KEY_GPG_PASSPHRASE: ${{ secrets.SIGNING_KEY_GPG_PASSPHRASE }} SIGNING_KEY_GPG_PASSPHRASE: ${{ secrets.SIGNING_KEY_GPG_PASSPHRASE }}
run: | run: |
set -ex set -ex
set -o pipefail set -o pipefail
SUFFIX=8
mkdir signed-redhat-installer mkdir signed-redhat-installer
cat<< EOF >~/.rpmmacros cat<< EOF >~/.rpmmacros
%_signature gpg
%_gpg_name $SIGNING_KEY_GPG_ID %_gpg_name $SIGNING_KEY_GPG_ID
%_gpgbin /usr/bin/gpg2
%__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs --batch --verbose --no-armor \
--passphrase "$SIGNING_KEY_GPG_PASSPHRASE" --no-secmem-warning -u "%{_gpg_name}" \
-sbo %{__signature_filename} --digest-algo sha256 %{__plaintext_filename}
EOF EOF
cp packaged/cf*.rpm signed-redhat-installer/ cp packaged/cf*.rpm signed-redhat-installer/
# TODO: consider to add --key-id #TODO: consider to add --key-id
#TODO: DEV shim
rpmsign --addsign signed-redhat-installer/*.rpm rpmsign --addsign signed-redhat-installer/*.rpm
- name: Print RPM Signature - name: Print RPM Signature
...@@ -301,6 +296,9 @@ jobs: ...@@ -301,6 +296,9 @@ jobs:
- name: Build Debian Packages - name: Build Debian Packages
env:
VERSION_BUILD: ${{ needs.setup.outputs.version-build }}
VERSION_MAJOR: ${{ needs.setup.outputs.version-major }}
run: | run: |
set -ex set -ex
set -o pipefail set -o pipefail
...@@ -314,30 +312,30 @@ jobs: ...@@ -314,30 +312,30 @@ jobs:
SIZE="$(BLOCKSIZE=1000 du $root/out/cf-cli_linux_i686 | cut -f 1)" SIZE="$(BLOCKSIZE=1000 du $root/out/cf-cli_linux_i686 | cut -f 1)"
pushd cli-ci/ci/installers/deb pushd cli-ci/ci/installers/deb
mkdir -p cf/usr/bin cf/usr/share/doc/cf8-cli/ cf/DEBIAN cf/usr/share/bash-completion/completions mkdir -p cf/usr/bin cf/usr/share/doc/cf${VERSION_MAJOR}-cli/ cf/DEBIAN cf/usr/share/bash-completion/completions
cp copyright_preamble cf/DEBIAN/copyright cp copyright_preamble cf/DEBIAN/copyright
sed 's/^$/ ./' $root/LICENSE >> cf/DEBIAN/copyright sed 's/^$/ ./' $root/LICENSE >> cf/DEBIAN/copyright
cat copyright_comment_header >> cf/DEBIAN/copyright cat copyright_comment_header >> cf/DEBIAN/copyright
sed 's/^$/ ./' ../../license/3RD-PARTY-LICENSES >> cf/DEBIAN/copyright sed 's/^$/ ./' ../../license/3RD-PARTY-LICENSES >> cf/DEBIAN/copyright
cp cf/DEBIAN/copyright cf/usr/share/doc/cf8-cli/copyright cp cf/DEBIAN/copyright cf/usr/share/doc/cf${VERSION_MAJOR}-cli/copyright
cp ../../license/NOTICE cf/usr/share/doc/cf8-cli cp ../../license/NOTICE cf/usr/share/doc/cf${VERSION_MAJOR}-cli
cp ../../license/LICENSE-WITH-3RD-PARTY-LICENSES cf/usr/share/doc/cf8-cli/LICENSE cp ../../license/LICENSE-WITH-3RD-PARTY-LICENSES cf/usr/share/doc/cf${VERSION_MAJOR}-cli/LICENSE
cp control_v8.template cf/DEBIAN/control cp control_v8.template cf/DEBIAN/control
echo "Installed-Size: ${SIZE}" >> cf/DEBIAN/control echo "Installed-Size: ${SIZE}" >> cf/DEBIAN/control
echo "Version: ${BUILD_VERSION}" >> cf/DEBIAN/control echo "Version: ${VERSION_BUILD}" >> cf/DEBIAN/control
echo "Architecture: i386" >> cf/DEBIAN/control echo "Architecture: i386" >> cf/DEBIAN/control
cp ../completion/cf8 cf/usr/share/bash-completion/completions/cf8 cp ../completion/cf${VERSION_MAJOR} cf/usr/share/bash-completion/completions/cf${VERSION_MAJOR}
cp $root/out/cf-cli_linux_i686 cf/usr/bin/cf8 cp $root/out/cf-cli_linux_i686 cf/usr/bin/cf${VERSION_MAJOR}
ln -frs cf/usr/bin/cf8 cf/usr/bin/cf ln -frs cf/usr/bin/cf${VERSION_MAJOR} cf/usr/bin/cf
fakeroot dpkg --build cf cf8-cli-installer_${BUILD_VERSION}_i686.deb fakeroot dpkg --build cf cf${VERSION_MAJOR}-cli-installer_${VERSION_BUILD}_i686.deb
mv cf8-cli-installer_${BUILD_VERSION}_i686.deb $root/packaged-deb mv cf${VERSION_MAJOR}-cli-installer_${VERSION_BUILD}_i686.deb $root/packaged-deb
rm -rf cf rm -rf cf
popd popd
) )
...@@ -347,30 +345,30 @@ jobs: ...@@ -347,30 +345,30 @@ jobs:
SIZE="$(BLOCKSIZE=1000 du $root/out/cf-cli_linux_x86-64 | cut -f 1)" SIZE="$(BLOCKSIZE=1000 du $root/out/cf-cli_linux_x86-64 | cut -f 1)"
pushd cli-ci/ci/installers/deb pushd cli-ci/ci/installers/deb
mkdir -p cf/usr/bin cf/usr/share/doc/cf8-cli/ cf/DEBIAN cf/usr/share/bash-completion/completions mkdir -p cf/usr/bin cf/usr/share/doc/cf${VERSION_MAJOR}-cli/ cf/DEBIAN cf/usr/share/bash-completion/completions
cp copyright_preamble cf/DEBIAN/copyright cp copyright_preamble cf/DEBIAN/copyright
sed 's/^$/ ./' $root/LICENSE >> cf/DEBIAN/copyright sed 's/^$/ ./' $root/LICENSE >> cf/DEBIAN/copyright
cat copyright_comment_header >> cf/DEBIAN/copyright cat copyright_comment_header >> cf/DEBIAN/copyright
sed 's/^$/ ./' ../../license/3RD-PARTY-LICENSES >> cf/DEBIAN/copyright sed 's/^$/ ./' ../../license/3RD-PARTY-LICENSES >> cf/DEBIAN/copyright
cp cf/DEBIAN/copyright cf/usr/share/doc/cf8-cli/copyright cp cf/DEBIAN/copyright cf/usr/share/doc/cf${VERSION_MAJOR}-cli/copyright
cp ../../license/NOTICE cf/usr/share/doc/cf8-cli cp ../../license/NOTICE cf/usr/share/doc/cf${VERSION_MAJOR}-cli
cp ../../license/LICENSE-WITH-3RD-PARTY-LICENSES cf/usr/share/doc/cf8-cli/LICENSE cp ../../license/LICENSE-WITH-3RD-PARTY-LICENSES cf/usr/share/doc/cf${VERSION_MAJOR}-cli/LICENSE
cp control_v8.template cf/DEBIAN/control cp control_v8.template cf/DEBIAN/control
echo "Installed-Size: ${SIZE}" >> cf/DEBIAN/control echo "Installed-Size: ${SIZE}" >> cf/DEBIAN/control
echo "Version: ${BUILD_VERSION}" >> cf/DEBIAN/control echo "Version: ${VERSION_BUILD}" >> cf/DEBIAN/control
echo "Architecture: amd64" >> cf/DEBIAN/control echo "Architecture: amd64" >> cf/DEBIAN/control
cp ../completion/cf8 cf/usr/share/bash-completion/completions/cf8 cp ../completion/cf${VERSION_MAJOR} cf/usr/share/bash-completion/completions/cf${VERSION_MAJOR}
cp $root/out/cf-cli_linux_x86-64 cf/usr/bin/cf8 cp $root/out/cf-cli_linux_x86-64 cf/usr/bin/cf${VERSION_MAJOR}
ln -frs cf/usr/bin/cf8 cf/usr/bin/cf ln -frs cf/usr/bin/cf${VERSION_MAJOR} cf/usr/bin/cf
fakeroot dpkg --build cf cf8-cli-installer_${BUILD_VERSION}_x86-64.deb fakeroot dpkg --build cf cf${VERSION_MAJOR}-cli-installer_${VERSION_BUILD}_x86-64.deb
mv cf8-cli-installer_${BUILD_VERSION}_x86-64.deb $root/packaged-deb mv cf${VERSION_MAJOR}-cli-installer_${VERSION_BUILD}_x86-64.deb $root/packaged-deb
popd popd
) )
...@@ -394,17 +392,20 @@ jobs: ...@@ -394,17 +392,20 @@ jobs:
name: Build macOS name: Build macOS
needs: needs:
- setup - setup
env:
VERSION_BUILD: ${{ needs.setup.outputs.version-build }}
VERSION_MAJOR: ${{ needs.setup.outputs.version-major }}
runs-on: macos-latest runs-on: macos-latest
environment: ${{ needs.setup.outputs.secrets-environment }} environment: ${{ needs.setup.outputs.secrets-environment }}
steps: steps:
- name: Setup # - name: Setup
run: | # run: |
echo "BUILD_VERSION=${{ needs.setup.outputs.build-version }}" >> $GITHUB_ENV # echo "VERSION_BUILD=${{ needs.setup.outputs.version-build }}" >> $GITHUB_ENV
- name: Get Build Version - name: Get Build Version
id: get_build_version id: get_build_version
run: echo "BUILD_VERSION $BUILD_VERSION" run: echo "VERSION_BUILD $VERSION_BUILD"
- name: Checkout cli - name: Checkout cli
uses: actions/checkout@v2 uses: actions/checkout@v2
...@@ -471,7 +472,7 @@ jobs: ...@@ -471,7 +472,7 @@ jobs:
- name: Build macOS Binaries - name: Build macOS Binaries
run: | run: |
make out/cf-cli_osx make out/cf-cli_osx
make out/cf-cli_osx_arm make out/cf-cli_macosarm
- name: Store macOS Binaries - name: Store macOS Binaries
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
...@@ -480,7 +481,7 @@ jobs: ...@@ -480,7 +481,7 @@ jobs:
name: cf-cli-macos-binaries name: cf-cli-macos-binaries
path: out/cf-cli* path: out/cf-cli*
- name: Build macOS Installer - name: Build macOS x86 Installer
run: | run: |
set -ex set -ex
set -o pipefail set -o pipefail
...@@ -494,14 +495,49 @@ jobs: ...@@ -494,14 +495,49 @@ jobs:
SIZE="$(BLOCKSIZE=1000 du $root/out/cf-cli_osx | cut -f 1)" SIZE="$(BLOCKSIZE=1000 du $root/out/cf-cli_osx | cut -f 1)"
pushd cli-ci/ci/installers/osx_v8 pushd cli-ci/ci/installers/osx_v8
sed -i -e "s/VERSION/${BUILD_VERSION}/g" Distribution sed -i -e "s/VERSION/${VERSION_BUILD}/g" Distribution
sed -i -e "s/SIZE/${SIZE}/g" Distribution
mkdir -p cf-cli/usr/local/bin cf-cli/usr/local/share/doc/cf${VERSION_MAJOR}-cli
cp $root/out/cf-cli_osx cf-cli/usr/local/bin/cf${VERSION_MAJOR}
gln -frs cf-cli/usr/local/bin/cf${VERSION_MAJOR} cf-cli/usr/local/bin/cf
cp ../../license/NOTICE cf-cli/usr/local/share/doc/cf${VERSION_MAJOR}-cli
cp ../../license/LICENSE-WITH-3RD-PARTY-LICENSES cf-cli/usr/local/share/doc/cf${VERSION_MAJOR}-cli/LICENSE
chmod -R go-w cf-cli
pushd cf-cli
find usr | cpio -o --format=odc | gzip -c > ../Payload
popd
$root/bomutils/build/bin/ls4mkbom cf-cli | sed 's/1000\/1000/0\/80/' > bom_list
mkbom -i bom_list Bom
mv Bom Payload com.cloudfoundry.cf${VERSION_MAJOR}-cli.pkg
xar -c --compression none -f cf${VERSION_MAJOR}-cli-installer_osx.pkg com.cloudfoundry.cf${VERSION_MAJOR}-cli.pkg Distribution
mv cf${VERSION_MAJOR}-cli-installer_osx.pkg $root/packaged/cf${VERSION_MAJOR}-cli-installer_osx.pkg
popd
)
- name: Build macOS ARM Installer
run: |
set -ex
set -o pipefail
root=$PWD
mkdir -pv $root/packaged
echo "Build macOS ARM Installer"
(
SIZE="$(BLOCKSIZE=1000 du $root/out/cf-cli_macosarm | cut -f 1)"
pushd cli-ci/ci/installers/osx_v8
sed -i -e "s/VERSION/${VERSION_BUILD}/g" Distribution
sed -i -e "s/SIZE/${SIZE}/g" Distribution sed -i -e "s/SIZE/${SIZE}/g" Distribution
mkdir -p cf-cli/usr/local/bin cf-cli/usr/local/share/doc/cf8-cli mkdir -p cf-cli/usr/local/bin cf-cli/usr/local/share/doc/cf${VERSION_MAJOR}-cli
cp $root/out/cf-cli_osx cf-cli/usr/local/bin/cf8 cp $root/out/cf-cli_macosarm cf-cli/usr/local/bin/cf${VERSION_MAJOR}
gln -frs cf-cli/usr/local/bin/cf8 cf-cli/usr/local/bin/cf gln -frs cf-cli/usr/local/bin/cf${VERSION_MAJOR} cf-cli/usr/local/bin/cf
cp ../../license/NOTICE cf-cli/usr/local/share/doc/cf8-cli cp ../../license/NOTICE cf-cli/usr/local/share/doc/cf${VERSION_MAJOR}-cli
cp ../../license/LICENSE-WITH-3RD-PARTY-LICENSES cf-cli/usr/local/share/doc/cf8-cli/LICENSE cp ../../license/LICENSE-WITH-3RD-PARTY-LICENSES cf-cli/usr/local/share/doc/cf${VERSION_MAJOR}-cli/LICENSE
chmod -R go-w cf-cli chmod -R go-w cf-cli
pushd cf-cli pushd cf-cli
find usr | cpio -o --format=odc | gzip -c > ../Payload find usr | cpio -o --format=odc | gzip -c > ../Payload
...@@ -509,21 +545,18 @@ jobs: ...@@ -509,21 +545,18 @@ jobs:
$root/bomutils/build/bin/ls4mkbom cf-cli | sed 's/1000\/1000/0\/80/' > bom_list $root/bomutils/build/bin/ls4mkbom cf-cli | sed 's/1000\/1000/0\/80/' > bom_list
mkbom -i bom_list Bom mkbom -i bom_list Bom
mv Bom Payload com.cloudfoundry.cf8-cli.pkg mv Bom Payload com.cloudfoundry.cf${VERSION_MAJOR}-cli.pkg
xar -c --compression none -f cf8-cli-installer_osx.pkg com.cloudfoundry.cf8-cli.pkg Distribution xar -c --compression none -f cf${VERSION_MAJOR}-cli-installer_macosarm.pkg com.cloudfoundry.cf${VERSION_MAJOR}-cli.pkg Distribution
mv cf8-cli-installer_osx.pkg $root/packaged/cf8-cli-installer_osx.pkg mv cf${VERSION_MAJOR}-cli-installer_macosarm.pkg $root/packaged/cf${VERSION_MAJOR}-cli-installer_macosarm.pkg
popd popd
) )
- name: Load macos key - name: Load macos key
env: env:
SIGNING_TEST_CA_MAC: ${{ secrets.SIGNING_TEST_CA_MAC }} # SIGNING_TEST_CA_MAC: ${{ secrets.SIGNING_TEST_CA_MAC }}
SIGNING_KEYCHAIN_PASSPHRASE: ${{ secrets.SIGNING_KEYCHAIN_PASSPHRASE }} SIGNING_KEY_MAC_ID: ${{ secrets.SIGNING_KEY_MAC_ID }}
SIGNING_KEY_MAC: ${{ secrets.SIGNING_KEY_MAC }}
SIGNING_KEY_MAC_ID: ${{ secrets.SIGNING_KEY_MAC_ID }}
SIGNING_KEY_MAC_PASSPHRASE: ${{ secrets.SIGNING_KEY_MAC_PASSPHRASE }} SIGNING_KEY_MAC_PASSPHRASE: ${{ secrets.SIGNING_KEY_MAC_PASSPHRASE }}
SIGNING_KEY_MAC_PFX: ${{ secrets.SIGNING_KEY_MAC_PFX }} SIGNING_KEY_MAC_PFX: ${{ secrets.SIGNING_KEY_MAC_PFX }}
run: | run: |
echo -n "$SIGNING_KEY_MAC_PFX" | base64 --decode > mac-signing-key.p12 echo -n "$SIGNING_KEY_MAC_PFX" | base64 --decode > mac-signing-key.p12
...@@ -558,26 +591,35 @@ jobs: ...@@ -558,26 +591,35 @@ jobs:
- name: Sign macOS - name: Sign macOS
env: env:
SUFFIX: 8 VERSION_MAJOR: ${{ needs.setup.outputs.version-major }}
SIGNING_KEY_MAC_ID: ${{ secrets.SIGNING_KEY_MAC_ID }} SIGNING_KEY_MAC_ID: ${{ secrets.SIGNING_KEY_MAC_ID }}
SIGNING_KEY_MAC_PASSPHRASE: ${{ secrets.SIGNING_KEY_MAC_PASSPHRASE }} SIGNING_KEY_MAC_PASSPHRASE: ${{ secrets.SIGNING_KEY_MAC_PASSPHRASE }}
run: | run: |
root=$PWD root=$PWD
mkdir -pv signed-osx-installer mkdir -pv signed-macos-installer
#TODO: DEV shim
# cp \
productsign --timestamp \
--sign "$SIGNING_KEY_MAC_ID" \
"$root/packaged/cf${VERSION_MAJOR}-cli-installer_osx.pkg" \
"signed-macos-installer/cf${VERSION_MAJOR}-cli-installer_${VERSION_BUILD}_osx.pkg"
#TODO: DEV shim
# cp \
productsign --timestamp \ productsign --timestamp \
--sign "$SIGNING_KEY_MAC_ID" \ --sign "$SIGNING_KEY_MAC_ID" \
"$root/packaged/cf${SUFFIX}-cli-installer_osx.pkg" \ "$root/packaged/cf${VERSION_MAJOR}-cli-installer_macosarm.pkg" \
"signed-osx-installer/cf${SUFFIX}-cli-installer_${BUILD_VERSION}_osx.pkg" "signed-macos-installer/cf${VERSION_MAJOR}-cli-installer_${VERSION_BUILD}_macosarm.pkg"
- name: Store macOS Signed Packages - name: Store macOS Signed Packages
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
if-no-files-found: error if-no-files-found: error
name: cf-cli-macos-packages name: cf-cli-macos-packages
path: signed-osx-installer/*.pkg path: signed-macos-installer/*.pkg
build-windows: build-windows:
...@@ -589,6 +631,8 @@ jobs: ...@@ -589,6 +631,8 @@ jobs:
defaults: defaults:
run: run:
shell: pwsh shell: pwsh
env:
VERSION_MAJOR: ${{ needs.setup.outputs.version-major }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v2 uses: actions/checkout@v2
...@@ -612,20 +656,20 @@ jobs: ...@@ -612,20 +656,20 @@ jobs:
make out/cf-cli_winx64.exe make out/cf-cli_winx64.exe
- name: write windows cert - name: write windows cert
run: |
$pass = convertto-securestring -string "$env:SIGNING_KEY_WINDOWS_PASSPHRASE" -asplaintext
[convert]::frombase64string($env:SIGNING_KEY_WINDOWS_PFX) | set-content -path $env:runner_temp\cert.pfx -asbytestream
env: env:
SIGNING_KEY_WINDOWS_PFX: ${{ secrets.SIGNING_KEY_WINDOWS_PFX }}
SIGNING_KEY_WINDOWS_PASSPHRASE: ${{ secrets.SIGNING_KEY_WINDOWS_PASSPHRASE }} SIGNING_KEY_WINDOWS_PASSPHRASE: ${{ secrets.SIGNING_KEY_WINDOWS_PASSPHRASE }}
SIGNING_KEY_WINDOWS_PFX: ${{ secrets.SIGNING_KEY_WINDOWS_PFX }}
run: |
$pass = convertto-securestring -string "${env:SIGNING_KEY_WINDOWS_PASSPHRASE}" -asplaintext
[convert]::frombase64string(${env:SIGNING_KEY_WINDOWS_PFX}) | set-content -path $env:runner_temp\cert.pfx -asbytestream
- name: Sign windows binaries - name: Sign windows binaries
env:
SIGNING_KEY_WINDOWS_PASSPHRASE: ${{ secrets.SIGNING_KEY_WINDOWS_PASSPHRASE }}
run: | run: |
.\.github\win\sign-windows-binary.ps1 -BinaryFilePath out\cf-cli_win32.exe .\.github\win\sign-windows-binary.ps1 -BinaryFilePath out\cf-cli_win32.exe
.\.github\win\sign-windows-binary.ps1 -BinaryFilePath out\cf-cli_winx64.exe .\.github\win\sign-windows-binary.ps1 -BinaryFilePath out\cf-cli_winx64.exe
env:
SIGNING_KEY_WINDOWS_PASSPHRASE: ${{ secrets.SIGNING_KEY_WINDOWS_PASSPHRASE }}
- name: View binary signatures - name: View binary signatures
run: | run: |
...@@ -667,49 +711,52 @@ jobs: ...@@ -667,49 +711,52 @@ jobs:
- name: Run innosetup - name: Run innosetup
run: | run: |
mkdir "$env:RUNNER_TEMP\winx64" mkdir "${env:RUNNER_TEMP}\winx64"
.\.github\win\run-innosetup.ps1 -InnoSetupConfig ".github\win\windows-installer-v8-x64.iss" -CfBinary "out\cf-cli_winx64.exe" -InstallerOutput "$env:RUNNER_TEMP\winx64\cf8_installer.exe" .\.github\win\run-innosetup.ps1 -InnoSetupConfig ".github\win\windows-installer-v8-x64.iss" -CfBinary "out\cf-cli_winx64.exe" -InstallerOutput "${env:RUNNER_TEMP}\winx64\cf${env:VERSION_MAJOR}_installer.exe"
mkdir "$env:RUNNER_TEMP\win32" mkdir "${env:RUNNER_TEMP}\win32"
.\.github\win\run-innosetup.ps1 -InnoSetupConfig ".github\win\windows-installer-v8-x86.iss" -CfBinary "out\cf-cli_win32.exe" -InstallerOutput "$env:RUNNER_TEMP\win32\cf8_installer.exe" .\.github\win\run-innosetup.ps1 -InnoSetupConfig ".github\win\windows-installer-v8-x86.iss" -CfBinary "out\cf-cli_win32.exe" -InstallerOutput "${env:RUNNER_TEMP}\win32\cf${env:VERSION_MAJOR}_installer.exe"
- name: Sign windows installer - name: Sign windows installer
run: |
.\.github\win\sign-windows-binary.ps1 -BinaryFilePath "$env:RUNNER_TEMP\winx64\cf8_installer.exe"
.\.github\win\sign-windows-binary.ps1 -BinaryFilePath "$env:RUNNER_TEMP\win32\cf8_installer.exe"
env: env:
SIGNING_KEY_WINDOWS_PASSPHRASE: ${{ secrets.SIGNING_KEY_WINDOWS_PASSPHRASE }} SIGNING_KEY_WINDOWS_PASSPHRASE: ${{ secrets.SIGNING_KEY_WINDOWS_PASSPHRASE }}
run: |
.\.github\win\sign-windows-binary.ps1 -BinaryFilePath "${env:RUNNER_TEMP}\winx64\cf${env:VERSION_MAJOR}_installer.exe"
.\.github\win\sign-windows-binary.ps1 -BinaryFilePath "${env:RUNNER_TEMP}\win32\cf${env:VERSION_MAJOR}_installer.exe"
- name: View installer signature - name: View installer signature
run: | run: |
Get-AuthenticodeSignature -Verbose -ErrorAction Stop "$env:RUNNER_TEMP\winx64\cf8_installer.exe" Get-AuthenticodeSignature -Verbose -ErrorAction Stop "${env:RUNNER_TEMP}\winx64\cf${env:VERSION_MAJOR}_installer.exe"
Get-AuthenticodeSignature -Verbose -ErrorAction Stop "$env:RUNNER_TEMP\win32\cf8_installer.exe" Get-AuthenticodeSignature -Verbose -ErrorAction Stop "${env:RUNNER_TEMP}\win32\cf${env:VERSION_MAJOR}_installer.exe"
- name: Arrange files for upload - name: Arrange files for upload
# note the -Path flag takes comma-delimited args # note the -Path flag takes comma-delimited args
run: | run: |
Copy-Item -Destination "$env:RUNNER_TEMP\winx64" -Path .github\win\LICENSE,.github\win\NOTICE Copy-Item -Destination "${env:RUNNER_TEMP}\winx64" -Path .github\win\LICENSE,.github\win\NOTICE
Copy-Item -Destination "$env:RUNNER_TEMP\win32" -Path .github\win\LICENSE,.github\win\NOTICE Copy-Item -Destination "${env:RUNNER_TEMP}\win32" -Path .github\win\LICENSE,.github\win\NOTICE
- name: Zip windows artifact - name: Zip windows artifact
run: | run: |
# strip leading v to go from tag -> semver # strip leading v to go from tag -> semver
$installer_release_version="$(cat BUILD_VERSION)".Replace("v", "") $installer_release_version="$(cat BUILD_VERSION)".Replace("v", "")
pushd "$env:RUNNER_TEMP\winx64" pushd "${env:RUNNER_TEMP}\winx64"
$installer_zip_filename="$env:RUNNER_TEMP\cf8-cli-installer_${installer_release_version}_winx64.zip" $installer_zip_filename="${env:RUNNER_TEMP}\cf${env:VERSION_MAJOR}-cli-installer_${installer_release_version}_winx64.zip"
Compress-Archive -DestinationPath "$installer_zip_filename" -Path * Compress-Archive -DestinationPath "$installer_zip_filename" -Path *
popd popd
pushd "$env:RUNNER_TEMP\win32" pushd "${env:RUNNER_TEMP}\win32"
$installer_zip_filename="$env:RUNNER_TEMP\cf8-cli-installer_${installer_release_version}_win32.zip" $installer_zip_filename="${env:RUNNER_TEMP}\cf${env:VERSION_MAJOR}-cli-installer_${installer_release_version}_win32.zip"
Compress-Archive -DestinationPath "$installer_zip_filename" -Path * Compress-Archive -DestinationPath "$installer_zip_filename" -Path *
popd popd
Get-ChildItem "$env:RUNNER_TEMP" Get-ChildItem "${env:RUNNER_TEMP}"
# - name: Setup tmate session
# uses: mxschmitt/action-tmate@v3
- name: Save installer and dist files as a GitHub Action Artifact - name: Save installer and dist files as a GitHub Action Artifact
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v2
with: with:
name: cf-cli-windows-packages name: cf-cli-windows-packages
if-no-files-found: error if-no-files-found: error
path: ${{ runner.temp }}/cf8-cli-installer*win*.zip path: ${{ runner.temp }}/cf${{ needs.setup.outputs.version-major }}-cli-installer*win*.zip
################################# #################################
######## Release Section ######## ######## Release Section ########
...@@ -717,20 +764,25 @@ jobs: ...@@ -717,20 +764,25 @@ jobs:
s3-upload: s3-upload:
name: Upload Artifacts to S3 bucket name: Upload Artifacts to S3 bucket
if: ${{ github.ref_type == 'tag' }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: needs:
- test-rpm-package - setup
- test-deb-package - test-rpm-package
- test-macos - test-deb-package
- test-windows - test-macos
environment: PROD - test-windows
environment: ${{ needs.setup.outputs.secrets-environment }}
permissions: permissions:
actions: read actions: read
contents: read contents: read
env:
VERSION_BUILD: ${{ needs.setup.outputs.version-build }}
VERSION_MAJOR: ${{ needs.setup.outputs.version-major }}
steps: steps:
- name: Checkout cli - name: Checkout cli
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: get semver version - name: get semver version
# set environment var for subsequent steps. see: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable # set environment var for subsequent steps. see: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable
run: | run: |
...@@ -742,7 +794,9 @@ jobs: ...@@ -742,7 +794,9 @@ jobs:
with: with:
path: signed # download all artifacts to 'signed/' path: signed # download all artifacts to 'signed/'
- name: Archive linux binaries for upload - name: Archive nix binaries for upload
env:
INSTALLER_RELEASE_VERSION: ${{ env.INSTALLER_RELEASE_VERSION }}
run: | run: |
prepare_legal() { prepare_legal() {
...@@ -751,57 +805,62 @@ jobs: ...@@ -751,57 +805,62 @@ jobs:
} }
prepare_artifacts() { prepare_artifacts() {
chmod +x cf8 chmod +x cf${VERSION_MAJOR}
ln -s cf8 cf ln -s cf${VERSION_MAJOR} cf
prepare_legal prepare_legal
} }
prepare_win_artifacts() { prepare_win_artifacts() {
cp cf8.exe cf.exe cp cf${VERSION_MAJOR}.exe cf.exe
prepare_legal prepare_legal
} }
pushd signed pushd signed
mkdir linux_i686 linux_x86-64 mkdir linux_i686 linux_x86-64
mv cf-cli-linux-binaries/cf-cli_linux_i686 linux_i686/cf8 mv cf-cli-linux-binaries/cf-cli_linux_i686 linux_i686/cf${VERSION_MAJOR}
mv cf-cli-linux-binaries/cf-cli_linux_x86-64 linux_x86-64/cf8 mv cf-cli-linux-binaries/cf-cli_linux_x86-64 linux_x86-64/cf${VERSION_MAJOR}
pushd linux_i686 pushd linux_i686
prepare_artifacts prepare_artifacts
tar -cvzf cf8-cli_${INSTALLER_RELEASE_VERSION}_linux_i686.tgz * tar -cvzf cf${VERSION_MAJOR}-cli_${INSTALLER_RELEASE_VERSION}_linux_i686.tgz *
popd popd
pushd linux_x86-64 pushd linux_x86-64
prepare_artifacts prepare_artifacts
tar -cvzf cf8-cli_${INSTALLER_RELEASE_VERSION}_linux_x86-64.tgz * tar -cvzf cf${VERSION_MAJOR}-cli_${INSTALLER_RELEASE_VERSION}_linux_x86-64.tgz *
popd popd
mkdir osx mkdir osx
mv cf-cli-macos-binaries/cf-cli_osx osx/cf8 mv cf-cli-macos-binaries/cf-cli_osx osx/cf${VERSION_MAJOR}
pushd osx pushd osx
prepare_artifacts prepare_artifacts
tar -cvzf cf8-cli_${INSTALLER_RELEASE_VERSION}_osx.tgz * tar -cvzf cf${VERSION_MAJOR}-cli_${INSTALLER_RELEASE_VERSION}_osx.tgz *
popd
mkdir macosarm
mv cf-cli-macos-binaries/cf-cli_macosarm macosarm/cf${VERSION_MAJOR}
pushd macosarm
prepare_artifacts
tar -cvzf cf${VERSION_MAJOR}-cli_${INSTALLER_RELEASE_VERSION}_macosarm.tgz *
popd popd
mkdir win32 winx64 mkdir win32 winx64
mv cf-cli-windows-binaries/cf-cli_win32.exe win32/cf8.exe mv cf-cli-windows-binaries/cf-cli_win32.exe win32/cf${VERSION_MAJOR}.exe
mv cf-cli-windows-binaries/cf-cli_winx64.exe winx64/cf8.exe mv cf-cli-windows-binaries/cf-cli_winx64.exe winx64/cf${VERSION_MAJOR}.exe
pushd win32 pushd win32
prepare_win_artifacts prepare_win_artifacts
# -y flag avoids the default behavior of derefencing the link, so we archive the symlink as-is # -y flag avoids the default behavior of derefencing the link, so we archive the symlink as-is
zip -y cf8-cli_${INSTALLER_RELEASE_VERSION}_win32.zip * zip -y cf${VERSION_MAJOR}-cli_${INSTALLER_RELEASE_VERSION}_win32.zip *
popd popd
pushd winx64 pushd winx64
prepare_win_artifacts prepare_win_artifacts
# -y flag avoids the default behavior of derefencing the link, so we archive the symlink as-is # -y flag avoids the default behavior of derefencing the link, so we archive the symlink as-is
zip -y cf8-cli_${INSTALLER_RELEASE_VERSION}_winx64.zip * zip -y cf${VERSION_MAJOR}-cli_${INSTALLER_RELEASE_VERSION}_winx64.zip *
popd popd
popd popd
env:
INSTALLER_RELEASE_VERSION: ${{ env.INSTALLER_RELEASE_VERSION }}
- name: Rearrange artifacts before upload - name: Rearrange artifacts before upload
run: | run: |
mkdir upload mkdir upload
cp -t upload \ cp -v -t upload \
signed/cf-cli-linux-rpm-packages/cf*rpm \ signed/cf-cli-linux-rpm-packages/cf*rpm \
signed/cf-cli-linux-deb-packages/cf*deb \ signed/cf-cli-linux-deb-packages/cf*deb \
signed/cf-cli-macos-packages/cf*pkg \ signed/cf-cli-macos-packages/cf*pkg \
...@@ -809,51 +868,73 @@ jobs: ...@@ -809,51 +868,73 @@ jobs:
signed/linux_i686/*tgz \ signed/linux_i686/*tgz \
signed/linux_x86-64/*tgz \ signed/linux_x86-64/*tgz \
signed/osx/*tgz \ signed/osx/*tgz \
signed/macosarm/*tgz \
signed/win32/*zip \ signed/win32/*zip \
signed/winx64/*zip signed/winx64/*zip
- name: Upload installers to CLAW S3 bucket - name: Upload installers to CLAW S3 bucket
if: ${{ github.ref_type == 'tag' }}
# forked for security considerations # forked for security considerations
uses: pivotalsoftware/s3-sync-action@v0.5.2 #pinned to no-default-region change uses: pivotalsoftware/s3-sync-action@v0.5.2 #pinned to no-default-region change
env: env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} DEST_DIR: "releases/v${{ env.INSTALLER_RELEASE_VERSION }}"
SOURCE_DIR: upload SOURCE_DIR: upload
DEST_DIR: "releases/v${{ env.INSTALLER_RELEASE_VERSION }}"
- name: list S3 for human verification - name: list S3 for human verification
uses: docker://amazon/aws-cli:latest uses: docker://amazon/aws-cli:latest
with: with:
args: s3 ls "${{ env.AWS_S3_BUCKET }}/releases/v${{ env.INSTALLER_RELEASE_VERSION }}/" args: s3 ls "${{ env.AWS_S3_BUCKET }}/releases/v${{ env.INSTALLER_RELEASE_VERSION }}/"
env: env:
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
INSTALLER_RELEASE_VERSION: ${{ env.INSTALLER_RELEASE_VERSION }} INSTALLER_RELEASE_VERSION: ${{ env.INSTALLER_RELEASE_VERSION }}
# - name: SETUP UPTERM SESSION
# if: always()
# uses: lhotari/action-upterm@v1
# timeout-minutes: 60
# env:
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
# AWS_REGION: ${{ secrets.AWS_REGION }}
# AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# GIT_RELEASE_TARGET_REPO: ${{ secrets.GIT_RELEASE_TARGET_REPO }}
# GIT_REPO_ACCESS_TOKEN: ${{ secrets.GIT_REPO_ACCESS_TOKEN }}
# SIGNING_KEY_GPG: ${{ secrets.SIGNING_KEY_GPG }}
# SIGNING_KEY_GPG_ID: ${{ secrets.SIGNING_KEY_GPG_ID }}
# SIGNING_KEY_GPG_PASSPHRASE: ${{ secrets.SIGNING_KEY_GPG_PASSPHRASE }}
# SIGNING_KEY_MAC_ID: ${{ secrets.SIGNING_KEY_MAC_ID }}
# SIGNING_KEY_MAC_PASSPHRASE: ${{ secrets.SIGNING_KEY_MAC_PASSPHRASE }}
# SIGNING_KEY_MAC_PFX: ${{ secrets.SIGNING_KEY_MAC_PFX }}
# SIGNING_KEY_WINDOWS_ID: ${{ secrets.SIGNING_KEY_WINDOWS_ID }}
# SIGNING_KEY_WINDOWS_PASSPHRASE: ${{ secrets.SIGNING_KEY_WINDOWS_PASSPHRASE }}
# SIGNING_KEY_WINDOWS_PFX: ${{ secrets.SIGNING_KEY_WINDOWS_PFX }}
# SIGNING_TEST_CA_MAC: ${{ secrets.SIGNING_TEST_CA_MAC }}
- name: Instruct human to update CLAW - name: Instruct human to update CLAW
run: | run: |
echo "Please go to https://github.com/cloudfoundry/CLAW/blob/develop/claw-variables.yml and add the following line to the file:" echo "Please go to https://github.com/cloudfoundry/CLAW/blob/develop/claw-variables.yml and add the following line to the file:"
echo echo
echo "- ${INSTALLER_RELEASE_VERSION}" echo "- ${INSTALLER_RELEASE_VERSION}"
github-release-draft: github-release-draft:
name: Create GitHub Release Draft name: Create GitHub Release Draft
if: ${{ github.ref_type == 'tag' }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
environment: PROD
permissions: permissions:
actions: read actions: read
contents: write contents: write
needs: needs:
- test-rpm-package - setup
- test-deb-package - test-rpm-package
- test-macos - test-deb-package
- test-windows - test-macos
- test-windows
environment: ${{ needs.setup.outputs.secrets-environment }}
steps: steps:
- name: Download signed artifacts - name: Download signed artifacts
uses: actions/download-artifact@v2 uses: actions/download-artifact@v2
...@@ -863,9 +944,11 @@ jobs: ...@@ -863,9 +944,11 @@ jobs:
- name: Create draft release - name: Create draft release
uses: pivotalsoftware/action-gh-release@v1 uses: pivotalsoftware/action-gh-release@v1
with: with:
draft: true draft: true
repository: ${{ secrets.GIT_RELEASE_TARGET_REPO }} # repo to draft a release under, in <user>/<repo> format name: "DRAFT v${{ env.INSTALLER_RELEASE_VERSION }}"
token: ${{ secrets.GIT_REPO_ACCESS_TOKEN }} # only needed when pushing to a repo other than 'self' # tag_name: "v${{ env.INSTALLER_RELEASE_VERSION }}"
repository: ${{ secrets.GIT_RELEASE_TARGET_REPO }} # repo to draft a release under, in <user>/<repo> format
token: ${{ secrets.GIT_REPO_ACCESS_TOKEN }} # only needed when pushing to a repo other than 'self'
fail_on_unmatched_files: true fail_on_unmatched_files: true
files: | files: |
signed/cf-cli-linux-binaries/cf-cli* signed/cf-cli-linux-binaries/cf-cli*
...@@ -876,5 +959,109 @@ jobs: ...@@ -876,5 +959,109 @@ jobs:
signed/cf-cli-windows-binaries/cf-cli*.exe signed/cf-cli-windows-binaries/cf-cli*.exe
signed/cf-cli-windows-packages/*.zip signed/cf-cli-windows-packages/*.zip
test-rpm-package:
name: Test RPM Artifacts
needs:
- setup
- build-linux
environment: ${{ needs.setup.outputs.secrets-environment }}
runs-on: ubuntu-latest
container:
image: fedora
steps:
- name: Download Signed Linux Packages
uses: actions/download-artifact@v2
with:
name: cf-cli-linux-rpm-packages
- name: Display structure of downloaded files
run: ls -R
- name: Test RPMs
run: |
rpm -q --qf 'FN:\t%{FILENAMES}\nNAME:\t%{NAME}\nPGP:\t%{SIGPGP:pgpsig}\nGPG:\t%{SIGGPG:pgpsig}\n' -p *.rpm
test-deb-package:
name: Test Debian Artifacts
needs:
- setup
- build-linux
environment: ${{ needs.setup.outputs.secrets-environment }}
runs-on: ubuntu-latest
container:
image: ubuntu
steps:
- name: Download Signed Linux Packages
uses: actions/download-artifact@v2
with:
name: cf-cli-linux-deb-packages
- name: Display structure of downloaded files
run: |
ls -R
ls *.deb | xargs -n1 dpkg --info
test-macos:
name: Test macOS Artifacts
needs:
- setup
- build-macos
environment: ${{ needs.setup.outputs.secrets-environment }}
runs-on: macos-latest
steps:
- name: Download Signed macOS Packages
uses: actions/download-artifact@v2
with:
name: cf-cli-macos-packages
- name: Inspect macOS packages
run: |
ls -R
#TODO: DEV shim
pkgutil --check-signature *
test-windows:
name: Test Windows Artifacts
needs:
- setup
- build-windows
environment: ${{ needs.setup.outputs.secrets-environment }}
runs-on: windows-latest
defaults:
run:
shell: pwsh
env:
VERSION_MAJOR: ${{ needs.setup.outputs.version-major }}
steps:
- name: Download Signed Windows Binaries
uses: actions/download-artifact@v2
with:
name: cf-cli-windows-binaries
- name: Inspect Windows packages
run: |
Get-AuthenticodeSignature -Verbose -ErrorAction Stop .\cf-cli_win32.exe
Get-AuthenticodeSignature -Verbose -ErrorAction Stop .\cf-cli_winx64.exe
- name: Download Signed Windows Binaries
uses: actions/download-artifact@v2
with:
name: cf-cli-windows-packages
- name: Inspect Windows files
run: |
Get-ChildItem -Force
- name: View installer signature
run: |
Expand-Archive -DestinationPath winx64 -Path cf${env:VERSION_MAJOR}-cli-installer_*_winx64.zip
Expand-Archive -DestinationPath win32 -Path cf${env:VERSION_MAJOR}-cli-installer_*_win32.zip
Get-AuthenticodeSignature -Verbose -ErrorAction Stop ".\winx64\cf${env:VERSION_MAJOR}_installer.exe"
Get-AuthenticodeSignature -Verbose -ErrorAction Stop ".\win32\cf${env:VERSION_MAJOR}_installer.exe"
# vim: set sw=2 ts=2 sts=2 et tw=78 foldlevel=2 fdm=indent nospell: # vim: set sw=2 ts=2 sts=2 et tw=78 foldlevel=2 fdm=indent nospell:
.github/workflows/update-repos.yml
+ 38
15
View file @ eda2b7b2
...@@ -4,9 +4,8 @@ on: ...@@ -4,9 +4,8 @@ on:
workflow_dispatch: workflow_dispatch:
inputs: inputs:
build_version: build_version:
description: 'Build Version' description: 'build version format: 8.4.0'
required: true required: true
default: '8.3.0'
type: string type: string
permissions: permissions:
...@@ -38,6 +37,14 @@ jobs: ...@@ -38,6 +37,14 @@ jobs:
run: | run: |
version=$(cat BUILD_VERSION) version=$(cat BUILD_VERSION)
echo "::set-output name=build-version::$version" echo "::set-output name=build-version::$version"
echo "BUILD_VERSION=${version}" >> $GITHUB_ENV
- name: Test if CLAW serve this version
env:
CLAW_URL: https://packages.cloudfoundry.org
run: >
curl --head "${CLAW_URL}/stable?release=linux64-binary&version=${BUILD_VERSION}&source=test" 2>&1 |
grep --quiet --regexp 'HTTP.*302'
update-homebrew: update-homebrew:
name: Update Homebrew Repository name: Update Homebrew Repository
...@@ -46,6 +53,7 @@ jobs: ...@@ -46,6 +53,7 @@ jobs:
environment: ${{ needs.shared-values.outputs.secrets-environment }} environment: ${{ needs.shared-values.outputs.secrets-environment }}
env: env:
BUILD_VERSION: ${{ needs.shared-values.outputs.build-version }} BUILD_VERSION: ${{ needs.shared-values.outputs.build-version }}
CLAW_URL: https://packages.cloudfoundry.org
steps: steps:
- name: Checkout cli-ci - name: Checkout cli-ci
...@@ -64,34 +72,46 @@ jobs: ...@@ -64,34 +72,46 @@ jobs:
ssh-key: ${{ secrets.GIT_DEPLOY_HOMEBREW_TAP }} ssh-key: ${{ secrets.GIT_DEPLOY_HOMEBREW_TAP }}
- name: Setup - name: Setup
run: | run: >
mkdir cf8-cli-osx-tarball cf8-cli-linux-tarball mkdir
cf8-cli-osx-tarball
cf8-cli-macosarm-tarball
cf8-cli-linux-tarball
- name: Calculate checksums - name: Calculate checksums
run: | run: |
set -x set -x
curl -L "https://packages.cloudfoundry.org/stable?release=macosx64-binary&version=${BUILD_VERSION}&source=github-rel" \ curl -L "${CLAW_URL}/stable?release=macosx64-binary&version=${BUILD_VERSION}&source=github-rel" \
> cf8-cli-osx-tarball/cf8-cli_${BUILD_VERSION}_osx.tgz > cf8-cli-osx-tarball/cf8-cli_${BUILD_VERSION}_osx.tgz
# Because CLAW always returns 200 we have to check if we got archive # Because CLAW always returns 200 we have to check if we got archive
file cf8-cli-osx-tarball/cf8-cli_${BUILD_VERSION}_osx.tgz | grep -q gzip || exit 1 file cf8-cli-osx-tarball/cf8-cli_${BUILD_VERSION}_osx.tgz | grep -q gzip || exit 1
curl -L "https://packages.cloudfoundry.org/stable?release=linux64-binary&version=${BUILD_VERSION}&source=github-rel" \ curl -L "${CLAW_URL}/stable?release=macosarm-binary&version=${BUILD_VERSION}&source=github-rel" \
> cf8-cli-macosarm-tarball/cf8-cli_${BUILD_VERSION}_macosarm.tgz
file cf8-cli-macosarm-tarball/cf8-cli_${BUILD_VERSION}_macosarm.tgz | grep -q gzip || exit 1
curl -L "${CLAW_URL}/stable?release=linux64-binary&version=${BUILD_VERSION}&source=github-rel" \
> cf8-cli-linux-tarball/cf8-cli_${BUILD_VERSION}_linux64.tgz > cf8-cli-linux-tarball/cf8-cli_${BUILD_VERSION}_linux64.tgz
# Because CLAW always returns 200 we have to check if we got archive
file cf8-cli-linux-tarball/cf8-cli_${BUILD_VERSION}_linux64.tgz | grep -q gzip || exit 1 file cf8-cli-linux-tarball/cf8-cli_${BUILD_VERSION}_linux64.tgz | grep -q gzip || exit 1
pushd cf8-cli-osx-tarball pushd cf8-cli-osx-tarball
CLI_OSX_SHA256=$(shasum -a 256 cf8-cli_*_osx.tgz | cut -d ' ' -f 1) CLI_OSX_SHA256=$(shasum -a 256 cf8-cli_*_osx.tgz | cut -d ' ' -f 1)
popd popd
pushd cf8-cli-macosarm-tarball
CLI_MACOSARM_SHA256=$(shasum -a 256 cf8-cli_*_macosarm.tgz | cut -d ' ' -f 1)
popd
pushd cf8-cli-linux-tarball pushd cf8-cli-linux-tarball
CLI_LINUX_64_SHA256=$(shasum -a 256 cf8-cli_*_linux64.tgz | cut -d ' ' -f 1) CLI_LINUX_64_SHA256=$(shasum -a 256 cf8-cli_*_linux64.tgz | cut -d ' ' -f 1)
popd popd
echo "CLI_OSX_SHA256=${CLI_OSX_SHA256}" >> $GITHUB_ENV echo "CLI_OSX_SHA256=${CLI_OSX_SHA256}" >> $GITHUB_ENV
echo "CLI_MACOSARM_SHA256=${CLI_MACOSARM_SHA256}" >> $GITHUB_ENV
echo "CLI_LINUX_64_SHA256=${CLI_LINUX_64_SHA256}" >> $GITHUB_ENV echo "CLI_LINUX_64_SHA256=${CLI_LINUX_64_SHA256}" >> $GITHUB_ENV
- name: Generate Homebrew formula file - name: Generate Homebrew formula file
...@@ -107,15 +127,18 @@ jobs: ...@@ -107,15 +127,18 @@ jobs:
version '${BUILD_VERSION}' version '${BUILD_VERSION}'
if OS.mac? if OS.mac?
url 'https://packages.cloudfoundry.org/homebrew/cf8-${BUILD_VERSION}.tgz' if Hardware::CPU.arm?
sha256 '${CLI_OSX_SHA256}' url '${CLAW_URL}/homebrew?arch=macosarm&version=${BUILD_VERSION}'
sha256 '${CLI_MACOSARM_SHA256}'
elsif
url '${CLAW_URL}/homebrew?arch=macosx64&version=${BUILD_VERSION}'
sha256 '${CLI_OSX_SHA256}'
end
elsif OS.linux? elsif OS.linux?
url 'https://packages.cloudfoundry.org/stable?release=linux64-binary&version=${BUILD_VERSION}&source=homebrew' url '${CLAW_URL}/stable?release=linux64-binary&version=${BUILD_VERSION}&source=homebrew'
sha256 '${CLI_LINUX_64_SHA256}' sha256 '${CLI_LINUX_64_SHA256}'
end end
depends_on :arch => :x86_64
def install def install
bin.install 'cf8' bin.install 'cf8'
bin.install_symlink 'cf8' => 'cf' bin.install_symlink 'cf8' => 'cf'
...@@ -275,8 +298,8 @@ jobs: ...@@ -275,8 +298,8 @@ jobs:
sudo apt update sudo apt update
sudo apt install -y wget gnupg sudo apt install -y wget gnupg
wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | sudo apt-key add - wget -q -O - ${CLAW_URL}/debian/cli.cloudfoundry.org.key | sudo apt-key add -
echo "deb https://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list echo "deb ${CLAW_URL}/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list
sudo apt update sudo apt update
sudo apt install -y cf8-cli sudo apt install -y cf8-cli
...@@ -400,7 +423,7 @@ jobs: ...@@ -400,7 +423,7 @@ jobs:
- name: Configure Custom CF Repository - name: Configure Custom CF Repository
run: | run: |
curl -sL -o /etc/yum.repos.d/cloudfoundry-cli.repo \ curl -sL -o /etc/yum.repos.d/cloudfoundry-cli.repo \
https://packages.cloudfoundry.org/fedora/cloudfoundry-cli.repo ${CLAW_URL}/fedora/cloudfoundry-cli.repo
- name: Install cf8-cli package - name: Install cf8-cli package
run: dnf install -y cf8-cli run: dnf install -y cf8-cli
......
Makefile
+ 2
2
View file @ eda2b7b2
...@@ -175,9 +175,9 @@ out/cf-cli_osx: $(GOSRC) ...@@ -175,9 +175,9 @@ out/cf-cli_osx: $(GOSRC)
GOARCH=amd64 GOOS=darwin go build \ GOARCH=amd64 GOOS=darwin go build \
-a -ldflags "$(LD_FLAGS)" -o out/cf-cli_osx . -a -ldflags "$(LD_FLAGS)" -o out/cf-cli_osx .
out/cf-cli_osx_arm: $(GOSRC) out/cf-cli_macosarm: $(GOSRC)
GOARCH=arm64 GOOS=darwin go build \ GOARCH=arm64 GOOS=darwin go build \
-a -ldflags "$(LD_FLAGS)" -o out/cf-cli_osx_arm . -a -ldflags "$(LD_FLAGS)" -o out/cf-cli_macosarm .
out/cf-cli_win32.exe: $(GOSRC) rsrc.syso out/cf-cli_win32.exe: $(GOSRC) rsrc.syso
GOARCH=386 GOOS=windows go build -tags="forceposix" -o out/cf-cli_win32.exe -ldflags "$(LD_FLAGS)" . GOARCH=386 GOOS=windows go build -tags="forceposix" -o out/cf-cli_win32.exe -ldflags "$(LD_FLAGS)" .
......
bin/generate-release-notes
+ 8
8
View file @ eda2b7b2
...@@ -9,22 +9,22 @@ Package Manager Installation ...@@ -9,22 +9,22 @@ Package Manager Installation
Installers Installers
---------- ----------
- Debian [64 bit](https://packages.cloudfoundry.org/stable?release=debian64&version=$VERSION&source=github-rel) / [32 bit](https://packages.cloudfoundry.org/stable?release=debian32&version=$VERSION&source=github-rel) (deb) - Debian [64 bit](https://packages.cloudfoundry.org/stable?release=debian64&version=${VERSION}&source=github-rel) / [32 bit](https://packages.cloudfoundry.org/stable?release=debian32&version=${VERSION}&source=github-rel) (deb)
- Redhat [64 bit](https://packages.cloudfoundry.org/stable?release=redhat64&version=$VERSION&source=github-rel) / [32 bit](https://packages.cloudfoundry.org/stable?release=redhat32&version=$VERSION&source=github-rel) (rpm) - Redhat [64 bit](https://packages.cloudfoundry.org/stable?release=redhat64&version=${VERSION}&source=github-rel) / [32 bit](https://packages.cloudfoundry.org/stable?release=redhat32&version=${VERSION}&source=github-rel) (rpm)
- Mac OS X [64 bit](https://packages.cloudfoundry.org/stable?release=macosx64&version=$VERSION&source=github-rel) (pkg) - macOS [64 bit](https://packages.cloudfoundry.org/stable?release=macosx64&version=${VERSION}&source=github-rel) / [arm](https://packages.cloudfoundry.org/stable?release=macosarm&version=${VERSION}&source=github-rel) (pkg)
- Windows [64 bit](https://packages.cloudfoundry.org/stable?release=windows64&version=$VERSION&source=github-rel) / [32 bit](https://packages.cloudfoundry.org/stable?release=windows32&version=$VERSION&source=github-rel) (zip) - Windows [64 bit](https://packages.cloudfoundry.org/stable?release=windows64&version=${VERSION}&source=github-rel) / [32 bit](https://packages.cloudfoundry.org/stable?release=windows32&version=${VERSION}&source=github-rel) (zip)
Binaries Binaries
-------- --------
- Linux [64 bit](https://packages.cloudfoundry.org/stable?release=linux64-binary&version=$VERSION&source=github-rel) / [32 bit](https://packages.cloudfoundry.org/stable?release=linux32-binary&version=$VERSION&source=github-rel) (tgz) - Linux [64 bit](https://packages.cloudfoundry.org/stable?release=linux64-binary&version=${VERSION}&source=github-rel) / [32 bit](https://packages.cloudfoundry.org/stable?release=linux32-binary&version=${VERSION}&source=github-rel) (tgz)
- Mac OS X [64 bit](https://packages.cloudfoundry.org/stable?release=macosx64-binary&version=$VERSION&source=github-rel) (tgz) - macOS [64 bit](https://packages.cloudfoundry.org/stable?release=macosx64-binary&version=${VERSION}&source=github-rel) / [arm](https://packages.cloudfoundry.org/stable?release=macosarm-binary&version=${VERSION}&source=github-rel) (tgz)
- Windows [64 bit](https://packages.cloudfoundry.org/stable?release=windows64-exe&version=$VERSION&source=github-rel) / [32 bit](https://packages.cloudfoundry.org/stable?release=windows32-exe&version=$VERSION&source=github-rel) (zip) - Windows [64 bit](https://packages.cloudfoundry.org/stable?release=windows64-exe&version=${VERSION}&source=github-rel) / [32 bit](https://packages.cloudfoundry.org/stable?release=windows32-exe&version=${VERSION}&source=github-rel) (zip)
Docker Docker
-------- --------
\`\`\`shell \`\`\`shell
docker pull cloudfoundry/cli:$VERSION docker pull cloudfoundry/cli:${VERSION}
\`\`\` \`\`\`
Change Log Change Log
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent