mirror/kopia
1
0
Fork 0
mirror of https://github.com/kopia/kopia.git synced 2026-01-15 01:47:54 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
1c5c4e256839dabec00eb86ee4801dfd198efe4c
kopia/.github/workflows/make.yml
dependabot[bot] 5ebff98a67 build(deps): bump the github-actions group with 4 updates (#4483) 
Bumps the github-actions group with 4 updates: [actions/setup-go](https://github.com/actions/setup-go), [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/download-artifact](https://github.com/actions/download-artifact) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/setup-go` from 5.3.0 to 5.4.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](f111f3307d...0aaccfd150)

Updates `actions/upload-artifact` from 4.6.1 to 4.6.2
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](4cec3d8aa0...ea165f8d65)

Updates `actions/download-artifact` from 4.1.9 to 4.2.1
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](cc20338598...95815c38cf)

Updates `github/codeql-action` from 3.28.10 to 3.28.13
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](b56ba49b26...1b549b9259)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-01 20:04:32 -07:00

196 lines
7.1 KiB
YAML
Raw Blame History

name: Build
on:
pull_request:
branches: [ master ]
push:
# ci-sandbox is a branch dedicated to testing post-submit code.
branches: [ master, artifacts-pr ]
tags:
- v*
schedule:
# run on Mondays at 8AM
- cron: '0 8 * * 1'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
# environment variables shared between build steps
# do not include sensitive credentials and tokens here, instead pass them
# directly to tools that need them to limit the blast radius in case one of them
# becomes compromised and leaks credentials to external sites.
# required by Makefile
UNIX_SHELL_ON_WINDOWS: true
# set to true if Publish Artifacts should run
PUBLISH_ARTIFACTS: ${{ secrets.PUBLISH_ARTIFACTS }}
# where to publish releases for non-tagged commits
NON_TAG_RELEASE_REPO: ${{ secrets.NON_TAG_RELEASE_REPO }}
# RPM and APT packages GCS bucket/hostname.
PACKAGES_HOST: ${{ secrets.PACKAGES_HOST }}
jobs:
build:
strategy:
fail-fast: false
matrix:
os: [windows-latest, ubuntu-latest, macos-latest, ubuntu-24.04-arm ]
name: Make
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
with:
go-version-file: 'go.mod'
check-latest: true
id: go
- name: Install Windows-specific packages
run: "choco install --no-progress -y make zip unzip curl"
if: ${{ contains(matrix.os, 'windows') }}
- name: Install macOS-specific packages
run: "sudo xcode-select -r"
if: ${{ contains(matrix.os, 'macos') }}
- name: Setup
run: make -j4 ci-setup
- name: Install macOS certificates
# install signing tools and credentials for macOS and Windows outside of main
# build process.
run: make macos-certificates
env:
# macOS signing certificate (base64-encoded), used by Electron Builder
CSC_LINK: ${{ secrets.CSC_LINK }}
CSC_KEYCHAIN: ${{ secrets.CSC_KEYCHAIN }}
CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }}
if: ${{ contains(matrix.os, 'macos') }}
- name: Install Windows signing tools
# install signing tools and credentials for macOS and Windows outside of main
# build process.
run: make windows-signing-tools
env:
# tool to install Windows signing certificate
WINDOWS_SIGNING_TOOLS_URL: ${{ secrets.WINDOWS_SIGNING_TOOLS_URL }}
WINDOWS_SIGN_TOOL: ${{ secrets.WINDOWS_SIGN_TOOL }}
if: ${{ contains(matrix.os, 'windows') }}
- name: Build
run: make ci-build
timeout-minutes: 40
env:
# Apple credentials for notarizaton, used by Electron Builder
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
KOPIA_UI_NOTARIZE: ${{ secrets.KOPIA_UI_NOTARIZE }}
# tool to install Windows signing certificate
WINDOWS_SIGN_USER: ${{ secrets.WINDOWS_SIGN_USER }}
WINDOWS_SIGN_AUTH: ${{ secrets.WINDOWS_SIGN_AUTH }}
WINDOWS_CERT_SHA1: ${{ secrets.WINDOWS_CERT_SHA1 }}
WINDOWS_SIGN_TOOL: ${{ secrets.WINDOWS_SIGN_TOOL }}
# macOS signing certificate (base64-encoded), used by Electron Builder
MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }}
- name: Upload Kopia Artifacts
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kopia-${{ matrix.os }}
path: |
dist/*.md
dist/*.rb
dist/*.zip
dist/*.tar.gz
dist/*.rpm
dist/*.deb
dist/*.exe
dist/kopia-ui/*.zip
dist/kopia-ui/*.tar.gz
dist/kopia-ui/*.dmg
dist/kopia-ui/*.rpm
dist/kopia-ui/*.deb
dist/kopia-ui/*.exe
dist/kopia-ui/*.AppImage
dist/kopia-ui/*.yml
if-no-files-found: ignore
- name: Upload Kopia Binary
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: kopia_binaries-${{ matrix.os }}
path: |
dist/*/kopia
dist/*/kopia.exe
dist/*/rclone
dist/*/rclone.exe
if-no-files-found: ignore
publish:
name: Stage And Publish Artifacts
runs-on: ubuntu-latest
needs: build
if: github.event_name != 'pull_request' && github.repository == 'kopia/kopia'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up QEMU
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
- name: Install Linux-specific packages
run: "sudo apt-get install -y createrepo-c"
- name: Download Artifacts
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
with:
pattern: kopia-*
merge-multiple: true
path: dist
- name: Download Kopia Binaries
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
with:
pattern: kopia_binaries-*
merge-multiple: true
path: dist_binaries
- name: Display structure of downloaded files
run: ls -lR dist/ dist_binaries/
- name: Install GPG Key
run: make ci-gpg-key
env:
GPG_KEYRING: ${{secrets.GPG_KEYRING}}
- name: Stage Release
run: make stage-release
- name: Push Github Release
run: make push-github-release
env:
GITHUB_TOKEN: ${{secrets.GH_TOKEN}}
- name: Install GCS Credentials
run: make ci-gcs-creds
env:
GCS_CREDENTIALS: ${{secrets.GCS_CREDENTIALS}}
- name: Publish APT
# this needs GCS credentials and GPG keys installed before.
run: make publish-apt
- name: Publish RPM
# this needs GCS credentials and GPG keys installed before.
run: make publish-rpm
- name: Publish Homebrew
# this only pushes to a GitHub repository.
run: make publish-homebrew
env:
GITHUB_TOKEN: ${{secrets.GH_TOKEN}}
- name: Publish Scoop
# this only pushes to a GitHub repository.
run: make publish-scoop
env:
GITHUB_TOKEN: ${{secrets.GH_TOKEN}}
- name: Publish Docker
run: make publish-docker
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Bump Homebrew formula
uses: dawidd6/action-homebrew-bump-formula@8d494330bce4434918392df134ad3db1167904db # v4
# only bump formula for tags which don't contain '-'
# this excludes vx.y.z-rc1
if: github.ref_type == 'tag' && !contains(github.ref_name, '-')
with:
token: ${{ secrets.HOMEBREW_PUSH_TOKEN }}
formula: kopia
Reference in New Issue View Git Blame Copy Permalink