mirror of
https://github.com/kopia/kopia.git
synced 2026-03-25 09:31:12 -04:00
754c77739b
Bumps the github-actions group with 6 updates: | Package | From | To | | --- | --- | --- | | [actions/setup-go](https://github.com/actions/setup-go) | `6.2.0` | `6.3.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.0` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.8.2` | `4.8.3` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `7.0.0` | `8.0.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.32.1` | `4.32.4` | | [actions/stale](https://github.com/actions/stale) | `10.1.1` | `10.2.0` | Updates `actions/setup-go` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](7a3fe6cf4c...4b73464bb3) Updates `actions/upload-artifact` from 6.0.0 to 7.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](b7c566a772...bbbca2ddaa) Updates `actions/dependency-review-action` from 4.8.2 to 4.8.3 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](3c4e3dcb1a...05fe457637) Updates `actions/download-artifact` from 7.0.0 to 8.0.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](37930b1c2a...70fc10c6e5) Updates `github/codeql-action` from 4.32.1 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](6bc82e05fd...89a39a4e59) Updates `actions/stale` from 10.1.1 to 10.2.0 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](997185467f...b5d41d4e1d) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-version: 4.8.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/stale dependency-version: 10.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
195 lines
7.1 KiB
YAML
195 lines
7.1 KiB
YAML
name: Build
|
|
on:
|
|
pull_request:
|
|
branches: [ master ]
|
|
push:
|
|
# ci-sandbox is a branch dedicated to testing post-submit code.
|
|
branches: [ master, artifacts-pr ]
|
|
tags:
|
|
- v*
|
|
schedule:
|
|
# run on Mondays at 8AM
|
|
- cron: '0 8 * * 1'
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
env:
|
|
# environment variables shared between build steps
|
|
# do not include sensitive credentials and tokens here, instead pass them
|
|
# directly to tools that need them to limit the blast radius in case one of them
|
|
# becomes compromised and leaks credentials to external sites.
|
|
# required by Makefile
|
|
UNIX_SHELL_ON_WINDOWS: true
|
|
# set to true if Publish Artifacts should run
|
|
PUBLISH_ARTIFACTS: ${{ secrets.PUBLISH_ARTIFACTS }}
|
|
# where to publish releases for non-tagged commits
|
|
NON_TAG_RELEASE_REPO: ${{ secrets.NON_TAG_RELEASE_REPO }}
|
|
# RPM and APT packages GCS bucket/hostname.
|
|
PACKAGES_HOST: ${{ secrets.PACKAGES_HOST }}
|
|
jobs:
|
|
build:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
os: [windows-latest, ubuntu-latest, macos-latest, ubuntu-24.04-arm ]
|
|
name: Make
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- name: Check out repository
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Set up Go
|
|
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
id: go
|
|
- name: Install Windows-specific packages
|
|
run: "choco install --no-progress -y make zip unzip curl"
|
|
if: ${{ contains(matrix.os, 'windows') }}
|
|
- name: Install macOS-specific packages
|
|
run: "sudo xcode-select -r"
|
|
if: ${{ contains(matrix.os, 'macos') }}
|
|
- name: Setup
|
|
run: make -j4 ci-setup
|
|
- name: Install macOS certificates
|
|
# install signing tools and credentials for macOS and Windows outside of main
|
|
# build process.
|
|
run: make macos-certificates
|
|
env:
|
|
# macOS signing certificate (base64-encoded), used by Electron Builder
|
|
CSC_LINK: ${{ secrets.CSC_LINK }}
|
|
CSC_KEYCHAIN: ${{ secrets.CSC_KEYCHAIN }}
|
|
CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
|
|
MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }}
|
|
if: ${{ contains(matrix.os, 'macos') }}
|
|
- name: Install Windows signing tools
|
|
# install signing tools and credentials for macOS and Windows outside of main
|
|
# build process.
|
|
run: make windows-signing-tools
|
|
env:
|
|
# tool to install Windows signing certificate
|
|
WINDOWS_SIGNING_TOOLS_URL: ${{ secrets.WINDOWS_SIGNING_TOOLS_URL }}
|
|
WINDOWS_SIGN_TOOL: ${{ secrets.WINDOWS_SIGN_TOOL }}
|
|
if: ${{ contains(matrix.os, 'windows') }}
|
|
- name: Build
|
|
run: make ci-build
|
|
timeout-minutes: 40
|
|
env:
|
|
# Apple credentials for notarization, used by Electron Builder
|
|
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
|
|
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
|
|
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
|
|
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
|
|
KOPIA_UI_NOTARIZE: ${{ secrets.KOPIA_UI_NOTARIZE }}
|
|
|
|
# tool to install Windows signing certificate
|
|
WINDOWS_SIGN_USER: ${{ secrets.WINDOWS_SIGN_USER }}
|
|
WINDOWS_SIGN_AUTH: ${{ secrets.WINDOWS_SIGN_AUTH }}
|
|
WINDOWS_CERT_SHA1: ${{ secrets.WINDOWS_CERT_SHA1 }}
|
|
WINDOWS_SIGN_TOOL: ${{ secrets.WINDOWS_SIGN_TOOL }}
|
|
|
|
# macOS signing certificate (base64-encoded), used by Electron Builder
|
|
MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }}
|
|
- name: Upload Kopia Artifacts
|
|
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
|
|
with:
|
|
name: kopia-${{ matrix.os }}
|
|
path: |
|
|
dist/*.md
|
|
dist/*.rb
|
|
dist/*.zip
|
|
dist/*.tar.gz
|
|
dist/*.rpm
|
|
dist/*.deb
|
|
dist/*.exe
|
|
dist/kopia-ui/*.zip
|
|
dist/kopia-ui/*.tar.gz
|
|
dist/kopia-ui/*.dmg
|
|
dist/kopia-ui/*.rpm
|
|
dist/kopia-ui/*.deb
|
|
dist/kopia-ui/*.exe
|
|
dist/kopia-ui/*.AppImage
|
|
dist/kopia-ui/*.yml
|
|
if-no-files-found: ignore
|
|
- name: Upload Kopia Binary
|
|
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
|
|
with:
|
|
name: kopia_binaries-${{ matrix.os }}
|
|
path: |
|
|
dist/*/kopia
|
|
dist/*/kopia.exe
|
|
dist/*/rclone
|
|
dist/*/rclone.exe
|
|
if-no-files-found: ignore
|
|
publish:
|
|
name: Stage And Publish Artifacts
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
if: github.event_name != 'pull_request' && github.repository == 'kopia/kopia'
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
|
|
- name: Install Linux-specific packages
|
|
run: "sudo apt-get install -y createrepo-c"
|
|
- name: Download Artifacts
|
|
uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
|
|
with:
|
|
pattern: kopia-*
|
|
merge-multiple: true
|
|
path: dist
|
|
- name: Download Kopia Binaries
|
|
uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
|
|
with:
|
|
pattern: kopia_binaries-*
|
|
merge-multiple: true
|
|
path: dist_binaries
|
|
- name: Display structure of downloaded files
|
|
run: ls -lR dist/ dist_binaries/
|
|
- name: Install GPG Key
|
|
run: make ci-gpg-key
|
|
env:
|
|
GPG_KEYRING: ${{secrets.GPG_KEYRING}}
|
|
- name: Stage Release
|
|
run: make stage-release
|
|
- name: Push Github Release
|
|
run: make push-github-release
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.GH_TOKEN}}
|
|
- name: Install GCS Credentials
|
|
run: make ci-gcs-creds
|
|
env:
|
|
GCS_CREDENTIALS: ${{secrets.GCS_CREDENTIALS}}
|
|
- name: Publish APT
|
|
# this needs GCS credentials and GPG keys installed before.
|
|
run: make publish-apt
|
|
- name: Publish RPM
|
|
# this needs GCS credentials and GPG keys installed before.
|
|
run: make publish-rpm
|
|
- name: Publish Homebrew
|
|
# this only pushes to a GitHub repository.
|
|
run: make publish-homebrew
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.GH_TOKEN}}
|
|
- name: Publish Scoop
|
|
# this only pushes to a GitHub repository.
|
|
run: make publish-scoop
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.GH_TOKEN}}
|
|
- name: Publish Docker
|
|
run: make publish-docker
|
|
env:
|
|
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
- name: Bump Homebrew formula
|
|
uses: dawidd6/action-homebrew-bump-formula@1446dca236b0440c6f02723a3f14f13be2c04ab0 # v7
|
|
# only bump formula for tags which don't contain '-'
|
|
# this excludes vx.y.z-rc1
|
|
if: github.ref_type == 'tag' && !contains(github.ref_name, '-')
|
|
with:
|
|
token: ${{ secrets.HOMEBREW_PUSH_TOKEN }}
|
|
formula: kopia
|