ci: fixup archive for notarize step #115

Workflow file for this run

.github/workflows/release.yml at 720dd5d

	name: Release

	on:
	push:
	tags:
	- 'v1.[0-9]+.[0-9]+'

	jobs:
	test:
	runs-on: ubuntu-latest
	steps:
	- name: 'wait for tests'
	uses: lewagon/wait-on-check-action@v1.3.4
	with:
	ref: ${{ github.ref }}
	check-name: 'go test & build'
	repo-token: ${{ secrets.GITHUB_TOKEN }}
	wait-interval: 10

	build-all:
	name: 'build all binaries'
	runs-on: ubuntu-latest
	# needs:
	# - test
	permissions:
	contents: write
	packages: write
	env:
	VERSION_PACKAGE: 'github.com/coupergateway/couper/utils'
	strategy:
	matrix:
	goos: [linux, darwin, windows]
	goarch: [amd64, arm64]
	fail-fast: false
	outputs:
	linux_amd64: ${{ steps.build.outputs.linux_amd64 }}
	linux_arm64: ${{ steps.build.outputs.linux_arm64 }}
	darwin_amd64: ${{ steps.build.outputs.darwin_amd64 }}
	darwin_arm64: ${{ steps.build.outputs.darwin_arm64 }}
	windows_amd64: ${{ steps.build.outputs.windows_amd64 }}
	windows_arm64: ${{ steps.build.outputs.windows_arm64 }}
	steps:
	- uses: actions/checkout@v4

	- name: Set outputs
	id: vars
	run: \|
	echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
	echo "::set-output name=build_date::$(date +'%F')"

	- uses: wangyoucao577/go-release-action@v1.51
	id: build
	with:
	github_token: ${{ secrets.GITHUB_TOKEN }}
	goos: ${{ matrix.goos }}
	goarch: ${{ matrix.goarch }}
	goversion: '1.22'
	binary_name: 'couper'
	ldflags: '-X ${{ env.VERSION_PACKAGE }}.VersionName=${{ github.ref_name }} -X ${{ env.VERSION_PACKAGE }}.BuildName=${{ steps.vars.outputs.sha_short }} -X ${{ env.VERSION_PACKAGE }}.BuildDate=${{ steps.vars.outputs.build_date }}'
	sha256sum: true
	md5sum: false
	asset_name: 'couper-${{ github.ref_name }}-${{ matrix.goos }}-${{ matrix.goarch }}'
	release_name: ${{ github.ref_name }}
	overwrite: true
	post_command: \|
	echo "::set-output name=${{ matrix.goos }}_${{ matrix.goarch }}::$SHA256_SUM"
	- name: Archive macOS builds
	if: ${{ matrix.goos == 'darwin' }}
	uses: actions/upload-artifact@v4
	with:
	name: macos-${{ matrix.goarch }}
	path: couper-${{ github.ref_name }}-darwin-${{ matrix.goarch }}.tar.gz
	retention-days: 1
	compression-level: 0
	if-no-files-found: error

	macos:
	name: 'sign MacOS binary'
	runs-on: ubuntu-latest
	needs:
	# - test
	- build-all
	strategy:
	matrix:
	goarch: [amd64, arm64]
	fail-fast: false
	permissions:
	contents: write
	packages: write
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	outputs:
	amd64: ${{ steps.upload.outputs.amd64 }}
	arm64: ${{ steps.upload.outputs.arm64 }}
	steps: # Write Apple Store Connect Key & cert to file
	- name: 'setup distribution keys'
	env:
	STORE_CONNECT_KEY: ${{ secrets.APPLE_APP_STORE_CONNECT_KEY_JSON }}
	P12_CERT_BASE64: ${{ secrets.APPLE_DIST_CERT_P12_FILE_BASE64 }}
	run: \|
	echo $STORE_CONNECT_KEY > app_store_key.json
	echo -n "$P12_CERT_BASE64" \| base64 --decode > cert.p12
	- name: 'download artifacts'
	uses: actions/download-artifact@v4
	with:
	name: macos-${{ matrix.goarch }}
	- name: 'extract artifacts'
	run: \|
	tar -xzf couper-${{ github.ref_name }}-darwin-${{ matrix.goarch }}.tar.gz
	- name: Sign
	uses: indygreg/apple-code-sign-action@v1
	with:
	p12_file: cert.p12
	p12_password: ${{ secrets.APPLE_DIST_CERT_P12_PASSWORD }}
	sign: true
	sign_args: \|
	--code-signature-flags runtime
	input_path: couper
	- name: 'Archive signed macOS binary'
	uses: montudor/action-zip@v1
	with:
	args: zip -qq couper-${{ github.ref_name }}-macos-${{ matrix.goarch }}.zip couper
	- name: Notarize
	uses: indygreg/apple-code-sign-action@v1
	with:
	app_store_connect_api_key_json_file: app_store_key.json
	staple: true
	input_path: couper-${{ github.ref_name }}-macos-${{ matrix.goarch }}.zip
	- name: 'install assets-uploader'
	run: go install github.com/wangyoucao577/assets-uploader/...@v0.13.0
	- name: 'upload signed binary archive'
	id: 'upload'
	run: \|
	github-assets-uploader -f ./couper-${{ github.ref_name }}-macos-${{ matrix.goarch }}.zip -overwrite -repo coupergateway/couper -releasename ${{ github.ref_name }} -token $GITHUB_TOKEN
	shasum -a 256 ./couper-${{ github.ref_name }}-macos-${{ matrix.goarch }}.zip \| cut -d ' ' -f1 > ./couper-${{ github.ref_name }}-macos-${{ matrix.goarch }}.zip.sha256 && github-assets-uploader -f ./couper-${{ github.ref_name }}-macos-${{ matrix.goarch }}.zip.sha256 -overwrite -repo coupergateway/couper -releasename ${{ github.ref_name }} -token $GITHUB_TOKEN
	echo "::set-output name=${{ matrix.goarch }}::$(cat ./couper-${{ github.ref_name }}-macos-${{ matrix.goarch }}.zip.sha256)"
	brewlease:
	name: 'update homebrew formula'
	runs-on: ubuntu-latest
	needs:
	- build-all
	- macos
	steps:
	- name: 'checkout'
	uses: actions/checkout@v4
	- name: 'prepare template'
	env:
	MACOS_AMD64_SHA256: ${{ needs.macos.outputs.amd64 }}
	MACOS_ARM64_SHA256: ${{ needs.macos.outputs.arm64 }}
	LINUX_ARM64_SHA256: ${{ needs.linux-windows.outputs.linux_arm64 }}
	LINUX_AMD64_SHA256: ${{ needs.linux-windows.outputs.linux_amd64 }}
	run: \|
	curl -L https://github.com/malud/temgo/releases/download/0.2.1/tg -o tg
	chmod +x tg
	./tg -i ${GITHUB_WORKSPACE}/.github/workflows/couper.rb
	- name: 'publish formula'
	uses: dmnemec/copy_file_to_another_repo_action@v1.1.1
	env:
	API_TOKEN_GITHUB: ${{ secrets.GH_COUPER_API_TOKEN }}
	with:
	source_file: '${{ github.workspace }}/.github/workflows/couper.rb'
	destination_repo: 'coupergateway/homebrew-couper'
	destination_folder: './'
	destination_branch: 'main'
	destination_branch_create: 'release.${{ github.ref_name }}' # due to testing purposes; create branch for merging later on
	user_email: 'couperbot@gmail.com'
	user_name: 'couper-bot'
	commit_message: 'Update formula to ${{ github.ref_name }} release'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: fixup archive for notarize step #115

Workflow file

ci: fixup archive for notarize step #115

Jobs

Run details

Workflow file for this run