ci: update to checkout@v4 #294
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Binaries | |
| on: | |
| push: | |
| branches: | |
| - stage | |
| tags: | |
| - '**' | |
| pull_request: | |
| branches: | |
| - '**' | |
| concurrency: | |
| group: ${{ github.ref }}-${{ github.workflow }}-${{ github.event_name }} | |
| cancel-in-progress: true | |
| permissions: | |
| id-token: write | |
| contents: write | |
| jobs: | |
| build: | |
| name: Build Binaries | |
| runs-on: ${{ matrix.runs-on }} | |
| strategy: | |
| matrix: | |
| include: | |
| - runs-on: ubuntu-latest | |
| artifact-name: core-registry-cadt-linux-x64 | |
| build-command: npm run create-linux-x64-dist | |
| sqlite-path: ./node_modules/sqlite3/build/Release/ | |
| - runs-on: [Linux, ARM64] | |
| artifact-name: core-registry-cadt-linux-arm64 | |
| build-command: npm run create-linux-arm64-dist | |
| sqlite-path: ./node_modules/sqlite3/build/Release/ | |
| - runs-on: macos-latest | |
| artifact-name: core-registry-cadt-macos-x64 | |
| build-command: npm run create-mac-x64-dist | |
| sqlite-path: ./node_modules/sqlite3/build/Release/ | |
| - runs-on: windows-2019 | |
| artifact-name: core-registry-cadt-windows-x64 | |
| build-command: npm run create-win-x64-dist | |
| sqlite-path: .\node_modules\sqlite3\build\Release\ | |
| steps: | |
| - name: Clean workspace | |
| uses: Chia-Network/actions/clean-workspace@main | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node 20.x | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '20.16' | |
| - name: Install Husky | |
| run: npm install --save-dev husky | |
| - name: Ignore Husky where not compatible | |
| run: npm pkg delete scripts.prepare | |
| if: matrix.runs-on != 'windows-2019' | |
| - name: npm install | |
| run: | | |
| node --version | |
| npm install | |
| - name: npm cache clear --force | |
| run: npm cache clear --force | |
| - name: npm cache rm | |
| run: npm cache rm --force | |
| - name: npm cache verify | |
| run: npm cache verify | |
| - name: install global packages | |
| run: npm i -g @babel/cli @babel/preset-env pkg | |
| - name: create distributions | |
| run: ${{ matrix.build-command }} | |
| - name: Make binary executable | |
| run: | | |
| chmod +x dist/core-registry-cadt | |
| - name: Copy sqlite3 | |
| run: cp ${{ matrix.sqlite-path }}node_sqlite3.node ./dist/ | |
| - name: Test for secrets access | |
| id: check_secrets | |
| shell: bash | |
| run: | | |
| unset HAS_SIGNING_SECRET | |
| if [ -n "$SIGNING_SECRET" ]; then HAS_SIGNING_SECRET='true' ; fi | |
| echo "HAS_SIGNING_SECRET=${HAS_SIGNING_SECRET}" >> "$GITHUB_OUTPUT" | |
| env: | |
| SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}" | |
| # Windows Code Signing | |
| - name: Sign windows artifacts | |
| if: matrix.runs-on == 'windows-2019' && steps.check_secrets.outputs.HAS_SIGNING_SECRET | |
| uses: chia-network/actions/digicert/windows-sign@main | |
| with: | |
| sm_api_key: ${{ secrets.SM_API_KEY }} | |
| sm_client_cert_file_b64: ${{ secrets.SM_CLIENT_CERT_FILE_B64 }} | |
| sm_client_cert_password: ${{ secrets.SM_CLIENT_CERT_PASSWORD }} | |
| sm_code_signing_cert_sha1_hash: ${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }} | |
| file: ${{ github.workspace }}/dist/core-registry-cadt.exe | |
| # Mac .pkg build + sign | |
| - name: Import Apple installer signing certificate | |
| if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET | |
| uses: Apple-Actions/import-codesign-certs@v1 | |
| with: | |
| keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| p12-file-base64: ${{ secrets.APPLE_DEV_ID_INSTALLER }} | |
| p12-password: ${{ secrets.APPLE_DEV_ID_INSTALLER_PASS }} | |
| - name: Import Apple Application signing certificate | |
| if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET | |
| uses: Apple-Actions/import-codesign-certs@v1 | |
| with: | |
| create-keychain: false # Created when importing the first cert | |
| keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| p12-file-base64: ${{ secrets.APPLE_DEV_ID_APP }} | |
| p12-password: ${{ secrets.APPLE_DEV_ID_APP_PASS }} | |
| - name: Prep Build of Mac .pkg | |
| if: matrix.runs-on == 'macos-latest' | |
| run: | | |
| rm -rf ${{ github.workspace }}/build-scripts/macos/darwin/application || true | |
| cp -r ${{ github.workspace }}/dist ${{ github.workspace }}/build-scripts/macos/application | |
| - name: Sign Mac binaries | |
| if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET | |
| run: | | |
| echo "Signing the binaries" | |
| codesign -f -s "Developer ID Application: Chia Network Inc." --timestamp --options=runtime --entitlements ${{ github.workspace }}/build-scripts/macos/entitlements.mac.plist ${{ github.workspace }}/build-scripts/macos/application/core-registry-cadt | |
| codesign -f -s "Developer ID Application: Chia Network Inc." --timestamp ${{ github.workspace }}/build-scripts/macos/application/node_sqlite3.node | |
| - name: Build Mac .pkg | |
| if: matrix.runs-on == 'macos-latest' | |
| run: | | |
| # Makes the .pkg in ./build-scripts/macos/target/pkg | |
| echo "Building the .pkg" | |
| bash ${{ github.workspace }}/build-scripts/macos/build-macos.sh core-registry-cadt | |
| mkdir -p ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload | |
| cp ${{ github.workspace }}/build-scripts/macos/target/pkg/core-registry-cadt-macos-installer-x64.pkg ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload/core-registry-cadt-macos-installer-x64.pkg | |
| - name: Notarize Mac .pkg | |
| if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET | |
| run: | | |
| mkdir -p ${{ github.workspace }}/build-scripts/macos/target/pkg-signed | |
| echo "Signing the .pkg" | |
| productsign --sign "Developer ID Installer: Chia Network Inc." ${{ github.workspace }}/build-scripts/macos/target/pkg/core-registry-cadt-macos-installer-x64.pkg ${{ github.workspace }}/build-scripts/macos/target/pkg-signed/core-registry-cadt-macos-installer-x64.pkg | |
| echo "Notarizing the .pkg" | |
| xcrun notarytool submit \ | |
| --wait \ | |
| --apple-id "${{ secrets.APPLE_NOTARIZE_USERNAME }}" \ | |
| --password "${{ secrets.APPLE_NOTARIZE_PASSWORD }}" \ | |
| --team-id "${{ secrets.APPLE_TEAM_ID }}" \ | |
| "${{ github.workspace }}/build-scripts/macos/target/pkg-signed/core-registry-cadt-macos-installer-x64.pkg" | |
| rm -f ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload/* | |
| mv ${{ github.workspace }}/build-scripts/macos/target/pkg-signed/core-registry-cadt-macos-installer-x64.pkg ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload/ | |
| - name: Upload Mac Installer | |
| if: matrix.runs-on == 'macos-latest' | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: core-registry-cadt-mac-installer | |
| path: ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ${{ matrix.artifact-name }} | |
| path: ${{ github.workspace }}/dist | |
| debs: | |
| name: Build ${{ matrix.name }} deb | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| strategy: | |
| matrix: | |
| include: | |
| - name: core-registry-cadt-linux-x64 | |
| platform: amd64 | |
| - name: core-registry-cadt-linux-arm64 | |
| platform: arm64 | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Download Linux artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: ${{ matrix.name }} | |
| path: ${{ matrix.name }} | |
| - name: Get tag name | |
| id: tag-name | |
| run: | | |
| echo "TAGNAME=$(echo $GITHUB_REF | cut -d / -f 3)" >> $GITHUB_OUTPUT | |
| - name: Build .deb | |
| env: | |
| CADT_VERSION: ${{ steps.tag-name.outputs.TAGNAME }} | |
| PLATFORM: ${{ matrix.platform }} | |
| run: | | |
| pip install j2cli | |
| CLI_DEB_BASE="core-registry-cadt_${{ steps.tag-name.outputs.TAGNAME }}-1_${PLATFORM}" | |
| mkdir -p "deb/$CLI_DEB_BASE/opt/core-registry-cadt" | |
| mkdir -p "deb/$CLI_DEB_BASE/usr/bin" | |
| mkdir -p "deb/$CLI_DEB_BASE/etc/systemd/system" | |
| mkdir -p "deb/$CLI_DEB_BASE/DEBIAN" | |
| j2 -o "deb/$CLI_DEB_BASE/DEBIAN/control" build-scripts/deb/control.j2 | |
| cp -r ${{ matrix.name }}/* "deb/$CLI_DEB_BASE/opt/core-registry-cadt/" | |
| cp build-scripts/deb/[email protected] deb/$CLI_DEB_BASE/etc/systemd/system/[email protected] | |
| chmod +x deb/$CLI_DEB_BASE/opt/core-registry-cadt/core-registry-cadt | |
| ln -s ../../opt/core-registry-cadt/core-registry-cadt "deb/$CLI_DEB_BASE/usr/bin/core-registry-cadt" | |
| dpkg-deb --build --root-owner-group "deb/$CLI_DEB_BASE" | |
| - name: Upload deb | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ${{ matrix.name }}-deb | |
| path: ${{ github.workspace }}/deb/*.deb | |
| release: | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags/') | |
| needs: | |
| - debs | |
| steps: | |
| - name: Download Windows artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: core-registry-cadt-windows-x64 | |
| path: core-registry-cadt-windows-x64 | |
| - name: Download MacOS installer artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: core-registry-cadt-mac-installer | |
| path: core-registry-cadt-mac-installer | |
| - name: Download MacOS binary executable artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: core-registry-cadt-macos-x64 | |
| path: core-registry-cadt-macos-x64 | |
| - name: Download Linux x64 artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: core-registry-cadt-linux-x64 | |
| path: core-registry-cadt-linux-x64 | |
| - name: Download Linux ARM64 artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: core-registry-cadt-linux-arm64 | |
| path: core-registry-cadt-linux-arm64 | |
| - name: Download Linux x64 deb | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: core-registry-cadt-linux-x64-deb | |
| path: core-registry-cadt-linux-x64-deb | |
| - name: Download Linux arm64 deb | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: core-registry-cadt-linux-arm64-deb | |
| path: core-registry-cadt-linux-arm64-deb | |
| - name: Get tag name | |
| id: tag-name | |
| run: | | |
| echo "TAGNAME=$(echo $GITHUB_REF | cut -d / -f 3)" >>$GITHUB_OUTPUT | |
| - name: Create zips | |
| run: | | |
| zip -r core-registry-cadt-windows-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip core-registry-cadt-windows-x64 | |
| zip -r core-registry-cadt-macos-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip core-registry-cadt-mac-installer | |
| zip -r core-registry-cadt-linux-arm64-${{ steps.tag-name.outputs.TAGNAME }}.zip core-registry-cadt-linux-arm64 | |
| zip -r core-registry-cadt-linux-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip core-registry-cadt-linux-x64 | |
| zip -r core-registry-cadt-macos-binary-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip core-registry-cadt-macos-x64 | |
| - name: Release | |
| uses: softprops/[email protected] | |
| with: | |
| files: | | |
| core-registry-cadt-windows-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip | |
| core-registry-cadt-macos-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip | |
| core-registry-cadt-linux-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip | |
| core-registry-cadt-linux-arm64-${{ steps.tag-name.outputs.TAGNAME }}.zip | |
| core-registry-cadt-macos-binary-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip | |
| core-registry-cadt-linux-x64-deb/*.deb | |
| core-registry-cadt-linux-arm64-deb/*.deb | |
| - name: Get repo name | |
| id: repo-name | |
| run: | | |
| echo "REPO_NAME=$(echo "$GITHUB_REPOSITORY" | cut -d "/" -f 2)" >>$GITHUB_OUTPUT | |
| - name: Trigger apt repo update | |
| uses: Chia-Network/actions/github/glue@main | |
| with: | |
| json_data: '{"climate_tokenization_repo":"${{ steps.repo-name.outputs.REPO_NAME }}","application_name":"[\"core-registry-cadt\"]","release_version":"${{ steps.tag-name.outputs.TAGNAME }}","add_debian_version":"true","arm64":"available"}' | |
| glue_url: ${{ secrets.GLUE_API_URL }} | |
| glue_project: "climate-tokenization" | |
| glue_path: "trigger" |