mirror of
https://github.com/kopia/kopia.git
synced 2026-01-20 04:17:54 -05:00
128ef76b13
Bumps the docker group with 1 update: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action).
Updates `docker/setup-buildx-action` from 3.1.0 to 3.2.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](0d103c3126...2b51285047)
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: docker
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
204 lines
7.6 KiB
YAML
204 lines
7.6 KiB
YAML
name: Build
|
|
on:
|
|
pull_request:
|
|
branches: [ master ]
|
|
push:
|
|
# ci-sandbox is a branch dedicated to testing post-submit code.
|
|
branches: [ master, artifacts-pr ]
|
|
tags:
|
|
- v*
|
|
schedule:
|
|
# run on Mondays at 8AM
|
|
- cron: '0 8 * * 1'
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
env:
|
|
# environment variables shared between build steps
|
|
# do not include sensitive credentials and tokens here, instead pass them
|
|
# directly to tools that need them to limit the blast radius in case one of them
|
|
# becomes compromised and leaks credentials to external sites.
|
|
# required by Makefile
|
|
UNIX_SHELL_ON_WINDOWS: true
|
|
# set to true if Publish Artifacts should run
|
|
PUBLISH_ARTIFACTS: ${{ secrets.PUBLISH_ARTIFACTS }}
|
|
# where to publish releases for non-tagged commits
|
|
NON_TAG_RELEASE_REPO: ${{ secrets.NON_TAG_RELEASE_REPO }}
|
|
# RPM and APT packages GCS bucket/hostname.
|
|
PACKAGES_HOST: ${{ secrets.PACKAGES_HOST }}
|
|
jobs:
|
|
build:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
os: [windows-latest, ubuntu-latest, macos-latest]
|
|
include:
|
|
- os: [self-hosted, ARM64]
|
|
# - os: [self-hosted, ARMHF]
|
|
name: Make
|
|
runs-on: ${{ matrix.os }}
|
|
continue-on-error: ${{ contains(matrix.os, 'self-hosted') }}
|
|
steps:
|
|
- name: Check out repository
|
|
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
|
|
with:
|
|
fetch-depth: 0
|
|
- name: Set up Go
|
|
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
check-latest: true
|
|
id: go
|
|
if: ${{ !contains(matrix.os, 'ARMHF') }}
|
|
- name: Install GoLang for ARMHF
|
|
run: "echo /usr/local/go/bin >> $GITHUB_PATH; rm -rf /usr/local/go && mkdir -p /usr/local/go && curl -s -L https://go.dev/dl/go1.19.2.linux-armv6l.tar.gz | tar -C /usr/local -xz"
|
|
if: ${{ contains(matrix.os, 'ARMHF') }}
|
|
- name: Install Windows-specific packages
|
|
run: "choco install --no-progress -y make zip unzip curl"
|
|
if: ${{ contains(matrix.os, 'windows') }}
|
|
- name: Install macOS-specific packages
|
|
run: "sudo xcode-select -r"
|
|
if: ${{ contains(matrix.os, 'macos') }}
|
|
- name: Setup
|
|
run: make -j4 ci-setup
|
|
- name: Install macOS certificates
|
|
# install signing tools and credentials for macOS and Windows outside of main
|
|
# build process.
|
|
run: make macos-certificates
|
|
env:
|
|
# macOS signing certificate (base64-encoded), used by Electron Builder
|
|
CSC_LINK: ${{ secrets.CSC_LINK }}
|
|
CSC_KEYCHAIN: ${{ secrets.CSC_KEYCHAIN }}
|
|
CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
|
|
MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }}
|
|
if: ${{ contains(matrix.os, 'macos') }}
|
|
- name: Install Windows signing tools
|
|
# install signing tools and credentials for macOS and Windows outside of main
|
|
# build process.
|
|
run: make windows-signing-tools
|
|
env:
|
|
# tool to install Windows signing certificate
|
|
WINDOWS_SIGNING_TOOLS_URL: ${{ secrets.WINDOWS_SIGNING_TOOLS_URL }}
|
|
WINDOWS_SIGN_TOOL: ${{ secrets.WINDOWS_SIGN_TOOL }}
|
|
if: ${{ contains(matrix.os, 'windows') }}
|
|
- name: Build
|
|
run: make ci-build
|
|
timeout-minutes: 40
|
|
env:
|
|
# Apple credentials for notarizaton, used by Electron Builder
|
|
APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
|
|
APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
|
|
APPLE_API_KEY_BASE64: ${{ secrets.APPLE_API_KEY_BASE64 }}
|
|
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
|
|
KOPIA_UI_NOTARIZE: ${{ secrets.KOPIA_UI_NOTARIZE }}
|
|
|
|
# tool to install Windows signing certificate
|
|
WINDOWS_SIGN_USER: ${{ secrets.WINDOWS_SIGN_USER }}
|
|
WINDOWS_SIGN_AUTH: ${{ secrets.WINDOWS_SIGN_AUTH }}
|
|
WINDOWS_CERT_SHA1: ${{ secrets.WINDOWS_CERT_SHA1 }}
|
|
WINDOWS_SIGN_TOOL: ${{ secrets.WINDOWS_SIGN_TOOL }}
|
|
|
|
# macOS signing certificate (base64-encoded), used by Electron Builder
|
|
MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }}
|
|
- name: Upload Kopia Artifacts
|
|
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
|
with:
|
|
name: kopia-${{ matrix.os }}
|
|
path: |
|
|
dist/*.md
|
|
dist/*.rb
|
|
dist/*.zip
|
|
dist/*.tar.gz
|
|
dist/*.rpm
|
|
dist/*.deb
|
|
dist/*.exe
|
|
dist/kopia-ui/*.zip
|
|
dist/kopia-ui/*.tar.gz
|
|
dist/kopia-ui/*.dmg
|
|
dist/kopia-ui/*.rpm
|
|
dist/kopia-ui/*.deb
|
|
dist/kopia-ui/*.exe
|
|
dist/kopia-ui/*.AppImage
|
|
dist/kopia-ui/*.yml
|
|
if-no-files-found: ignore
|
|
if: ${{ !contains(matrix.os, 'self-hosted') }}
|
|
- name: Upload Kopia Binary
|
|
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
|
with:
|
|
name: kopia_binaries-${{ matrix.os }}
|
|
path: |
|
|
dist/*/kopia
|
|
dist/*/kopia.exe
|
|
dist/*/rclone
|
|
dist/*/rclone.exe
|
|
if-no-files-found: ignore
|
|
if: ${{ !contains(matrix.os, 'self-hosted') }}
|
|
publish:
|
|
name: Stage And Publish Artifacts
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
if: github.event_name != 'pull_request' && github.repository == 'kopia/kopia'
|
|
steps:
|
|
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0
|
|
- name: Download Artifacts
|
|
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
|
|
with:
|
|
pattern: kopia-*
|
|
merge-multiple: true
|
|
path: dist
|
|
- name: Download Kopia Binaries
|
|
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
|
|
with:
|
|
pattern: kopia_binaries-*
|
|
merge-multiple: true
|
|
path: dist_binaries
|
|
- name: Display structure of downloaded files
|
|
run: ls -lR dist/ dist_binaries/
|
|
- name: Install GPG Key
|
|
run: make ci-gpg-key
|
|
env:
|
|
GPG_KEYRING: ${{secrets.GPG_KEYRING}}
|
|
- name: Stage Release
|
|
run: make stage-release
|
|
- name: Push Github Release
|
|
run: make push-github-release
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.GH_TOKEN}}
|
|
- name: Install GCS Credentials
|
|
run: make ci-gcs-creds
|
|
env:
|
|
GCS_CREDENTIALS: ${{secrets.GCS_CREDENTIALS}}
|
|
- name: Publish APT
|
|
# this needs GCS credentials and GPG keys installed before.
|
|
run: make publish-apt
|
|
- name: Publish RPM
|
|
# this needs GCS credentials and GPG keys installed before.
|
|
run: make publish-rpm
|
|
- name: Publish Homebrew
|
|
# this only pushes to a GitHub repository.
|
|
run: make publish-homebrew
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.GH_TOKEN}}
|
|
- name: Publish Scoop
|
|
# this only pushes to a GitHub repository.
|
|
run: make publish-scoop
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.GH_TOKEN}}
|
|
- name: Publish Docker
|
|
run: make publish-docker
|
|
env:
|
|
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
- name: Bump Homebrew formula
|
|
uses: dawidd6/action-homebrew-bump-formula@baf2b60c51fc1f8453c884b0c61052668a71bd1d # v3.11.0
|
|
# only bump formula for tags which don't contain '-'
|
|
# this excludes vx.y.z-rc1
|
|
if: github.ref_type == 'tag' && !contains(github.ref_name, '-')
|
|
with:
|
|
token: ${{ secrets.HOMEBREW_PUSH_TOKEN }}
|
|
formula: kopia
|