mirror of
https://github.com/kopia/kopia.git
synced 2026-01-13 00:47:53 -05:00
12e59e388d
Bumps the docker group with 1 update: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action).
Updates `docker/setup-buildx-action` from 3.11.1 to 3.12.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](e468171a9d...8d2750c68a)
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-version: 3.12.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: docker
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
195 lines
7.1 KiB
YAML
195 lines
7.1 KiB
YAML
name: Build
|
|
on:
|
|
pull_request:
|
|
branches: [ master ]
|
|
push:
|
|
# ci-sandbox is a branch dedicated to testing post-submit code.
|
|
branches: [ master, artifacts-pr ]
|
|
tags:
|
|
- v*
|
|
schedule:
|
|
# run on Mondays at 8AM
|
|
- cron: '0 8 * * 1'
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
env:
|
|
# environment variables shared between build steps
|
|
# do not include sensitive credentials and tokens here, instead pass them
|
|
# directly to tools that need them to limit the blast radius in case one of them
|
|
# becomes compromised and leaks credentials to external sites.
|
|
# required by Makefile
|
|
UNIX_SHELL_ON_WINDOWS: true
|
|
# set to true if Publish Artifacts should run
|
|
PUBLISH_ARTIFACTS: ${{ secrets.PUBLISH_ARTIFACTS }}
|
|
# where to publish releases for non-tagged commits
|
|
NON_TAG_RELEASE_REPO: ${{ secrets.NON_TAG_RELEASE_REPO }}
|
|
# RPM and APT packages GCS bucket/hostname.
|
|
PACKAGES_HOST: ${{ secrets.PACKAGES_HOST }}
|
|
jobs:
|
|
build:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
os: [windows-latest, ubuntu-latest, macos-latest, ubuntu-24.04-arm ]
|
|
name: Make
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- name: Check out repository
|
|
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Set up Go
|
|
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
id: go
|
|
- name: Install Windows-specific packages
|
|
run: "choco install --no-progress -y make zip unzip curl"
|
|
if: ${{ contains(matrix.os, 'windows') }}
|
|
- name: Install macOS-specific packages
|
|
run: "sudo xcode-select -r"
|
|
if: ${{ contains(matrix.os, 'macos') }}
|
|
- name: Setup
|
|
run: make -j4 ci-setup
|
|
- name: Install macOS certificates
|
|
# install signing tools and credentials for macOS and Windows outside of main
|
|
# build process.
|
|
run: make macos-certificates
|
|
env:
|
|
# macOS signing certificate (base64-encoded), used by Electron Builder
|
|
CSC_LINK: ${{ secrets.CSC_LINK }}
|
|
CSC_KEYCHAIN: ${{ secrets.CSC_KEYCHAIN }}
|
|
CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
|
|
MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }}
|
|
if: ${{ contains(matrix.os, 'macos') }}
|
|
- name: Install Windows signing tools
|
|
# install signing tools and credentials for macOS and Windows outside of main
|
|
# build process.
|
|
run: make windows-signing-tools
|
|
env:
|
|
# tool to install Windows signing certificate
|
|
WINDOWS_SIGNING_TOOLS_URL: ${{ secrets.WINDOWS_SIGNING_TOOLS_URL }}
|
|
WINDOWS_SIGN_TOOL: ${{ secrets.WINDOWS_SIGN_TOOL }}
|
|
if: ${{ contains(matrix.os, 'windows') }}
|
|
- name: Build
|
|
run: make ci-build
|
|
timeout-minutes: 40
|
|
env:
|
|
# Apple credentials for notarization, used by Electron Builder
|
|
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
|
|
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
|
|
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
|
|
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
|
|
KOPIA_UI_NOTARIZE: ${{ secrets.KOPIA_UI_NOTARIZE }}
|
|
|
|
# tool to install Windows signing certificate
|
|
WINDOWS_SIGN_USER: ${{ secrets.WINDOWS_SIGN_USER }}
|
|
WINDOWS_SIGN_AUTH: ${{ secrets.WINDOWS_SIGN_AUTH }}
|
|
WINDOWS_CERT_SHA1: ${{ secrets.WINDOWS_CERT_SHA1 }}
|
|
WINDOWS_SIGN_TOOL: ${{ secrets.WINDOWS_SIGN_TOOL }}
|
|
|
|
# macOS signing certificate (base64-encoded), used by Electron Builder
|
|
MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }}
|
|
- name: Upload Kopia Artifacts
|
|
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
|
with:
|
|
name: kopia-${{ matrix.os }}
|
|
path: |
|
|
dist/*.md
|
|
dist/*.rb
|
|
dist/*.zip
|
|
dist/*.tar.gz
|
|
dist/*.rpm
|
|
dist/*.deb
|
|
dist/*.exe
|
|
dist/kopia-ui/*.zip
|
|
dist/kopia-ui/*.tar.gz
|
|
dist/kopia-ui/*.dmg
|
|
dist/kopia-ui/*.rpm
|
|
dist/kopia-ui/*.deb
|
|
dist/kopia-ui/*.exe
|
|
dist/kopia-ui/*.AppImage
|
|
dist/kopia-ui/*.yml
|
|
if-no-files-found: ignore
|
|
- name: Upload Kopia Binary
|
|
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
|
|
with:
|
|
name: kopia_binaries-${{ matrix.os }}
|
|
path: |
|
|
dist/*/kopia
|
|
dist/*/kopia.exe
|
|
dist/*/rclone
|
|
dist/*/rclone.exe
|
|
if-no-files-found: ignore
|
|
publish:
|
|
name: Stage And Publish Artifacts
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
if: github.event_name != 'pull_request' && github.repository == 'kopia/kopia'
|
|
steps:
|
|
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
|
|
- name: Install Linux-specific packages
|
|
run: "sudo apt-get install -y createrepo-c"
|
|
- name: Download Artifacts
|
|
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
|
with:
|
|
pattern: kopia-*
|
|
merge-multiple: true
|
|
path: dist
|
|
- name: Download Kopia Binaries
|
|
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
|
with:
|
|
pattern: kopia_binaries-*
|
|
merge-multiple: true
|
|
path: dist_binaries
|
|
- name: Display structure of downloaded files
|
|
run: ls -lR dist/ dist_binaries/
|
|
- name: Install GPG Key
|
|
run: make ci-gpg-key
|
|
env:
|
|
GPG_KEYRING: ${{secrets.GPG_KEYRING}}
|
|
- name: Stage Release
|
|
run: make stage-release
|
|
- name: Push Github Release
|
|
run: make push-github-release
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.GH_TOKEN}}
|
|
- name: Install GCS Credentials
|
|
run: make ci-gcs-creds
|
|
env:
|
|
GCS_CREDENTIALS: ${{secrets.GCS_CREDENTIALS}}
|
|
- name: Publish APT
|
|
# this needs GCS credentials and GPG keys installed before.
|
|
run: make publish-apt
|
|
- name: Publish RPM
|
|
# this needs GCS credentials and GPG keys installed before.
|
|
run: make publish-rpm
|
|
- name: Publish Homebrew
|
|
# this only pushes to a GitHub repository.
|
|
run: make publish-homebrew
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.GH_TOKEN}}
|
|
- name: Publish Scoop
|
|
# this only pushes to a GitHub repository.
|
|
run: make publish-scoop
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.GH_TOKEN}}
|
|
- name: Publish Docker
|
|
run: make publish-docker
|
|
env:
|
|
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
- name: Bump Homebrew formula
|
|
uses: dawidd6/action-homebrew-bump-formula@3428a0601bba3173ec0bdcc945be23fa27aa4c31 # v5
|
|
# only bump formula for tags which don't contain '-'
|
|
# this excludes vx.y.z-rc1
|
|
if: github.ref_type == 'tag' && !contains(github.ref_name, '-')
|
|
with:
|
|
token: ${{ secrets.HOMEBREW_PUSH_TOKEN }}
|
|
formula: kopia
|