name: Build on: pull_request: branches: [ master ] push: # ci-sandbox is a branch dedicated to testing post-submit code. branches: [ master, artifacts-pr ] tags: - v* schedule: # run on Mondays at 8AM - cron: '0 8 * * 1' concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true env: # environment variables shared between build steps # do not include sensitive credentials and tokens here, instead pass them # directly to tools that need them to limit the blast radius in case one of them # becomes compromised and leaks credentials to external sites. # required by Makefile UNIX_SHELL_ON_WINDOWS: true # set to true if Publish Artifacts should run PUBLISH_ARTIFACTS: ${{ secrets.PUBLISH_ARTIFACTS }} # where to publish releases for non-tagged commits NON_TAG_RELEASE_REPO: ${{ secrets.NON_TAG_RELEASE_REPO }} # RPM and APT packages GCS bucket/hostname. PACKAGES_HOST: ${{ secrets.PACKAGES_HOST }} jobs: build: strategy: fail-fast: false matrix: os: [windows-latest, ubuntu-latest, macos-latest] include: - os: [self-hosted, ARM64] # - os: [self-hosted, ARMHF] name: Make runs-on: ${{ matrix.os }} continue-on-error: ${{ contains(matrix.os, 'self-hosted') }} steps: - name: Check out repository uses: actions/checkout@v3 with: fetch-depth: 0 - name: Set up Go uses: actions/setup-go@v4 with: go-version: '1.20' id: go if: ${{ !contains(matrix.os, 'ARMHF') }} - name: Install GoLang for ARMHF run: "echo /usr/local/go/bin >> $GITHUB_PATH; rm -rf /usr/local/go && mkdir -p /usr/local/go && curl -s -L https://go.dev/dl/go1.19.2.linux-armv6l.tar.gz | tar -C /usr/local -xz" if: ${{ contains(matrix.os, 'ARMHF') }} - name: Install Windows-specific packages run: "choco install --no-progress -y make zip unzip curl" if: ${{ contains(matrix.os, 'windows') }} - name: Install macOS-specific packages run: "sudo xcode-select -r" if: ${{ contains(matrix.os, 'macos') }} - name: Setup run: make -j4 ci-setup - name: Install macOS certificates # install signing tools and credentials for macOS and Windows outside of main # build process. run: make macos-certificates env: # macOS signing certificate (base64-encoded), used by Electron Builder CSC_LINK: ${{ secrets.CSC_LINK }} CSC_KEYCHAIN: ${{ secrets.CSC_KEYCHAIN }} CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }} if: ${{ contains(matrix.os, 'macos') }} - name: Install Windows signing tools # install signing tools and credentials for macOS and Windows outside of main # build process. run: make windows-signing-tools env: # tool to install Windows signing certificate WINDOWS_SIGNING_TOOLS_URL: ${{ secrets.WINDOWS_SIGNING_TOOLS_URL }} WINDOWS_SIGN_TOOL: ${{ secrets.WINDOWS_SIGN_TOOL }} if: ${{ contains(matrix.os, 'windows') }} - name: Build run: make ci-build env: # Apple ID and app-specific password for notarizaton, used by Electron Builder APPLEID: ${{ secrets.APPLEID }} APPLEIDPASS: ${{ secrets.APPLEIDPASS }} KOPIA_UI_NOTARIZE: ${{ secrets.KOPIA_UI_NOTARIZE }} # tool to install Windows signing certificate WINDOWS_SIGN_USER: ${{ secrets.WINDOWS_SIGN_USER }} WINDOWS_SIGN_AUTH: ${{ secrets.WINDOWS_SIGN_AUTH }} WINDOWS_CERT_SHA1: ${{ secrets.WINDOWS_CERT_SHA1 }} WINDOWS_SIGN_TOOL: ${{ secrets.WINDOWS_SIGN_TOOL }} # macOS signing certificate (base64-encoded), used by Electron Builder MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }} - name: Upload Kopia Artifacts uses: actions/upload-artifact@v3 with: name: kopia path: | dist/*.md dist/*.rb dist/*.zip dist/*.tar.gz dist/*.rpm dist/*.deb dist/*.exe dist/kopia-ui/*.zip dist/kopia-ui/*.tar.gz dist/kopia-ui/*.dmg dist/kopia-ui/*.rpm dist/kopia-ui/*.deb dist/kopia-ui/*.exe dist/kopia-ui/*.AppImage dist/kopia-ui/*.yml if-no-files-found: ignore if: ${{ !contains(matrix.os, 'self-hosted') }} - name: Upload Kopia Binary uses: actions/upload-artifact@v3 with: name: kopia_binaries path: | dist/*/kopia dist/*/kopia.exe dist/*/rclone dist/*/rclone.exe if-no-files-found: ignore if: ${{ !contains(matrix.os, 'self-hosted') }} publish: name: Stage And Publish Artifacts runs-on: ubuntu-latest needs: build if: github.event_name != 'pull_request' && github.repository == 'kopia/kopia' steps: - uses: actions/checkout@v3 - name: Set up QEMU uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Download Artifacts uses: actions/download-artifact@v3 with: name: kopia path: dist - name: Download Kopia Binaries uses: actions/download-artifact@v3 with: name: kopia_binaries path: dist_binaries - name: Display structure of downloaded files run: ls -lR dist/ dist_binaries/ - name: Install GPG Key run: make ci-gpg-key env: GPG_KEYRING: ${{secrets.GPG_KEYRING}} - name: Stage Release run: make stage-release - name: Push Github Release run: make push-github-release env: GITHUB_TOKEN: ${{secrets.GH_TOKEN}} - name: Install GCS Credentials run: make ci-gcs-creds env: GCS_CREDENTIALS: ${{secrets.GCS_CREDENTIALS}} - name: Publish APT # this needs GCS credentials and GPG keys installed before. run: make publish-apt - name: Publish RPM # this needs GCS credentials and GPG keys installed before. run: make publish-rpm - name: Publish Homebrew # this only pushes to a GitHub repository. run: make publish-homebrew env: GITHUB_TOKEN: ${{secrets.GH_TOKEN}} - name: Publish Scoop # this only pushes to a GitHub repository. run: make publish-scoop env: GITHUB_TOKEN: ${{secrets.GH_TOKEN}} - name: Publish Docker run: make publish-docker env: DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} - name: Bump Homebrew formula uses: dawidd6/action-homebrew-bump-formula@v3 if: github.ref_type == 'tag' with: token: ${{ secrets.HOMEBREW_PUSH_TOKEN }} formula: kopia