Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
[skip changelog] Sync "Publish Nightly Build" CI workflow with templa…
…te (#1394) * [skip changelog] Remove obsolete link footnotes from readme These have been replaced by more maintainable direct links. * [skip changelog] Sync "Publish Nightly Build" CI workflow with template We have assembled a collection of reusable GitHub Actions workflows: https://github.com/arduino/tooling-project-assets These workflows will be used in the repositories of all Arduino tooling projects. Some minor improvements and standardizations have been made in the upstream "template" workflow, and those are introduced to this repository via this pull request. Notable: - Improved failure reporting - Manual triggers to allow publishing on demand
- Loading branch information
Showing
with
160 additions
and 138 deletions.
- +0 −132 .github/workflows/nightly.yaml
- +156 −0 .github/workflows/publish-go-nightly-task.yml
- +1 −5 README.md
- +3 −1 gon.config.hcl
| @@ -0,0 +1,156 @@ | ||
| # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/publish-go-nightly-task.md | ||
| name: Publish Nightly Build | ||
|
|
||
| env: | ||
| # As defined by the Taskfile's PROJECT_NAME variable | ||
| PROJECT_NAME: arduino-cli | ||
| # As defined by the Taskfile's DIST_DIR variable | ||
| DIST_DIR: dist | ||
| # The project's folder on Arduino's download server for uploading builds | ||
| AWS_PLUGIN_TARGET: /arduino-cli/ | ||
| ARTIFACT_NAME: dist | ||
|
|
||
| # See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows | ||
| on: | ||
| schedule: | ||
| # run every day at 1AM | ||
| - cron: "0 1 * * *" | ||
| workflow_dispatch: | ||
| repository_dispatch: | ||
|
|
||
| jobs: | ||
| create-nightly-artifacts: | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v2 | ||
|
|
||
| - name: Install Task | ||
| uses: arduino/setup-task@v1 | ||
| with: | ||
| repo-token: ${{ secrets.GITHUB_TOKEN }} | ||
| version: 3.x | ||
|
|
||
| - name: Build | ||
| env: | ||
| NIGHTLY: true | ||
| run: task dist:all | ||
|
|
||
| - name: Upload artifacts | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| if-no-files-found: error | ||
| name: ${{ env.ARTIFACT_NAME }} | ||
| path: ${{ env.DIST_DIR }} | ||
|
|
||
| notarize-macos: | ||
| runs-on: macos-latest | ||
| needs: create-nightly-artifacts | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v2 | ||
|
|
||
| - name: Download artifacts | ||
| uses: actions/download-artifact@v2 | ||
| with: | ||
| name: ${{ env.ARTIFACT_NAME }} | ||
| path: ${{ env.DIST_DIR }} | ||
|
|
||
| - name: Import Code-Signing Certificates | ||
| env: | ||
| KEYCHAIN: "sign.keychain" | ||
| INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12" | ||
| KEYCHAIN_PASSWORD: keychainpassword # Arbitrary password for a keychain that exists only for the duration of the job, so not secret | ||
| run: | | ||
| echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}" | ||
| security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" | ||
| security default-keychain -s "${{ env.KEYCHAIN }}" | ||
| security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" | ||
| security import \ | ||
| "${{ env.INSTALLER_CERT_MAC_PATH }}" \ | ||
| -k "${{ env.KEYCHAIN }}" \ | ||
| -f pkcs12 \ | ||
| -A \ | ||
| -T /usr/bin/codesign \ | ||
| -P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}" | ||
| security set-key-partition-list \ | ||
| -S apple-tool:,apple: \ | ||
| -s \ | ||
| -k "${{ env.KEYCHAIN_PASSWORD }}" \ | ||
| "${{ env.KEYCHAIN }}" | ||
| - name: Install gon for code signing and app notarization | ||
| run: | | ||
| wget -q https://github.com/mitchellh/gon/releases/download/v0.2.3/gon_macos.zip | ||
| unzip gon_macos.zip -d /usr/local/bin | ||
| - name: Sign and notarize binary | ||
| env: | ||
| AC_USERNAME: ${{ secrets.AC_USERNAME }} | ||
| AC_PASSWORD: ${{ secrets.AC_PASSWORD }} | ||
| run: | | ||
| gon gon.config.hcl | ||
| - name: Re-package binary and update checksum | ||
| # This step performs the following: | ||
| # 1. Repackage the signed binary replaced in place by Gon (ignoring the output zip file) | ||
| # 2. Recalculate package checksum and replace it in the nnnnnn-checksums.txt file | ||
| run: | | ||
| # GitHub's upload/download-artifact@v2 actions don't preserve file permissions, | ||
| # so we need to add execution permission back until the action is made to do this. | ||
| chmod +x "${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_osx_darwin_amd64/${{ env.PROJECT_NAME }}" | ||
| PACKAGE_FILENAME="$(basename ${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_nightly-*_macOS_64bit.tar.gz)" | ||
| tar -czvf "${{ env.DIST_DIR }}/$PACKAGE_FILENAME" \ | ||
| -C "${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_osx_darwin_amd64/" "${{ env.PROJECT_NAME }}" \ | ||
| -C ../../ LICENSE.txt | ||
| CHECKSUM="$(shasum -a 256 ${{ env.DIST_DIR }}/$PACKAGE_FILENAME | cut -d " " -f 1)" | ||
| perl -pi -w -e "s/.*${PACKAGE_FILENAME}/${CHECKSUM} ${PACKAGE_FILENAME}/g;" ${{ env.DIST_DIR }}/*-checksums.txt | ||
| - name: Upload artifacts | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| if-no-files-found: error | ||
| name: ${{ env.ARTIFACT_NAME }} | ||
| path: ${{ env.DIST_DIR }} | ||
|
|
||
| publish-nightly: | ||
| runs-on: ubuntu-latest | ||
| needs: notarize-macos | ||
|
|
||
| steps: | ||
| - name: Download artifact | ||
| uses: actions/download-artifact@v2 | ||
| with: | ||
| name: ${{ env.ARTIFACT_NAME }} | ||
| path: ${{ env.DIST_DIR }} | ||
|
|
||
| - name: Upload release files on Arduino downloads servers | ||
| uses: docker://plugins/s3 | ||
| env: | ||
| PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*" | ||
| PLUGIN_TARGET: "${{ env.AWS_PLUGIN_TARGET }}nightly" | ||
| PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/" | ||
| PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} | ||
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
|
|
||
| report: | ||
| runs-on: ubuntu-latest | ||
| needs: publish-nightly | ||
| if: failure() # Run if publish-nightly or any of its job dependencies failed | ||
|
|
||
| steps: | ||
| - name: Report failure | ||
| uses: masci/datadog@v1 | ||
| with: | ||
| api-key: ${{ secrets.DD_API_KEY }} | ||
| events: | | ||
| - title: "${{ env.PROJECT_NAME }} nightly build failed" | ||
| text: "Nightly build workflow has failed" | ||
| alert_type: "error" | ||
| host: ${{ github.repository }} | ||
| tags: | ||
| - "project:${{ env.PROJECT_NAME }}" | ||
| - "workflow:${{ github.workflow }}" |
| @@ -7,7 +7,7 @@ and many other tools needed to use any Arduino compatible board and platform. | ||
|
|
||
| [](https://github.com/arduino/arduino-cli/actions/workflows/test-go-task.yml) | ||
| [](https://github.com/arduino/arduino-cli/actions/workflows/test-go-integration-task.yml) | ||
| [![nightly-badge]](https://github.com/Arduino/arduino-cli/actions?workflow=nightly) | ||
| [](https://github.com/arduino/arduino-cli/actions/workflows/publish-go-nightly-task.yml) | ||
| [](https://github.com/arduino/arduino-cli/actions/workflows/deploy-cobra-mkdocs-versioned-poetry.yml) | ||
| [](https://codecov.io/gh/arduino/arduino-cli) | ||
|
|
||
| @@ -45,10 +45,6 @@ policy] and report the bug to our Security Team 🛡️ Thank you! | ||
|
|
||
| e-mail contact: [email protected] | ||
|
|
||
| [tests-badge]: https://github.com/Arduino/arduino-cli/workflows/test/badge.svg | ||
| [nightly-badge]: https://github.com/Arduino/arduino-cli/workflows/nightly/badge.svg | ||
| [docs-badge]: https://github.com/Arduino/arduino-cli/workflows/publish-docs/badge.svg | ||
| [codecov-badge]: https://codecov.io/gh/arduino/arduino-cli/branch/master/graph/badge.svg | ||
| [install]: https://arduino.github.io/arduino-cli/latest/installation | ||
| [user documentation]: https://arduino.github.io/arduino-cli/latest/ | ||
| [getting started]: https://arduino.github.io/arduino-cli/latest/getting-started/ | ||