.github/workflows/publish.yml

name: Publish

# Controls when the action will run. 
on:
  # Triggers the workflow on new SemVer tags
  push:
    branches:
      - main
    tags: 
      - 'v[0-9]+.[0-9]+.[0-9]+'
      - 'v[0-9]+.[0-9]+.[0-9]+-**'

jobs:
  test:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-go@v3
        with:
          go-version: 'stable'
      - name: Test
        uses: ./.github/actions/test
  docker:
    runs-on: ubuntu-latest
    needs: [ test ]
    permissions:
      packages: write
      contents: read
    steps:
      - uses: actions/checkout@v3
      - uses: docker/setup-qemu-action@v2
      - uses: docker/setup-buildx-action@v2
      - uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - uses: docker/metadata-action@v4
        name: generate tags
        id: meta
        with:
          images: ghcr.io/${{ github.repository }}
          tags: |
            type=ref,event=branch
            type=sha,prefix=
            type=semver,pattern={{version}}
      - uses: docker/build-push-action@v4
        with:
          context: .
          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
#  build-linux:
#    runs-on: ubuntu-latest
#    needs: [ test ]
#    steps:
#      - uses: actions/checkout@v3
#      - uses: actions/setup-go@v3
#        with:
#          go-version: 'stable'
#      - name: Setup
#        run: |
#          sudo apt update
#          sudo apt install -y gcc-aarch64-linux-gnu
#          go generate ./...
#      - name: Build amd64
#        env:
#          CGO_ENABLED: 1
#          GOOS: linux
#          GOARCH: amd64
#        run: |
#          mkdir -p release
#          ZIP_OUTPUT=release/fsd_${GOOS}_${GOARCH}.zip
#          go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/fsd
#          cp README.md LICENSE bin/
#          zip -qj $ZIP_OUTPUT bin/*
#      - name: Build arm64
#        env:
#          CGO_ENABLED: 1
#          GOOS: linux
#          GOARCH: arm64
#          CC: aarch64-linux-gnu-gcc
#        run: |
#          mkdir -p release
#          ZIP_OUTPUT=release/fsd_${GOOS}_${GOARCH}.zip
#          go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/fsd
#          cp README.md LICENSE bin/
#          zip -qj $ZIP_OUTPUT bin/*
#      - uses: actions/upload-artifact@v3
#        with:
#          name: fsd
#          path: release/
#  build-mac: 
#    runs-on: macos-latest
#    needs: [ test ]
#    steps:
#      - uses: actions/checkout@v3
#      - uses: actions/setup-go@v3
#        with:
#          go-version: 'stable'
#      - name: Setup
#        env:
#          APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }}
#          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
#          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
#          APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }}
#          APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }}
#          APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
#          APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
#        run: |
#          # extract apple cert
#          APPLE_CERT_PATH=$RUNNER_TEMP/apple_cert.p12
#          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
#          echo -n "$APPLE_CERT_B64" | base64 --decode --output $APPLE_CERT_PATH
#
#          # extract apple key
#          mkdir -p ~/private_keys
#          APPLE_API_KEY_PATH=~/private_keys/AuthKey_$APPLE_API_KEY.p8
#          echo -n "$APPLE_KEY_B64" | base64 --decode --output $APPLE_API_KEY_PATH
#
#          # create temp keychain
#          security create-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
#          security default-keychain -s $KEYCHAIN_PATH
#          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
#          security unlock-keychain -p "$APPLE_KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
#
#          # import keychain
#          security import $APPLE_CERT_PATH -P $APPLE_CERT_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
#          security find-identity -v $KEYCHAIN_PATH -p codesigning
#          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_KEYCHAIN_PASSWORD $KEYCHAIN_PATH
#
#          # generate
#          go generate ./...
#      - name: Build amd64
#        env:
#          APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }}
#          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
#          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
#          APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }}
#          APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }}
#          APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
#          APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
#          CGO_ENABLED: 1
#          GOOS: darwin
#          GOARCH: amd64
#        run: |
#          ZIP_OUTPUT=release/fsd_${GOOS}_${GOARCH}.zip
#          mkdir -p release
#          go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/fsd
#          cp README.md LICENSE bin/
#          /usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/fsd
#          ditto -ck bin $ZIP_OUTPUT
#          xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT
#      - name: Build arm64
#        env:
#          APPLE_CERT_ID: ${{ secrets.APPLE_CERT_ID }}
#          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
#          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
#          APPLE_KEY_B64: ${{ secrets.APPLE_KEY_B64 }}
#          APPLE_CERT_B64: ${{ secrets.APPLE_CERT_B64 }}
#          APPLE_CERT_PASSWORD: ${{ secrets.APPLE_CERT_PASSWORD }}
#          APPLE_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_KEYCHAIN_PASSWORD }}
#          CGO_ENABLED: 1
#          GOOS: darwin
#          GOARCH: arm64
#        run: |
#          ZIP_OUTPUT=release/fsd_${GOOS}_${GOARCH}.zip
#          mkdir -p release
#          go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w' ./cmd/fsd
#          cp README.md LICENSE bin/
#          /usr/bin/codesign --deep -f -v --timestamp -o runtime,library -s $APPLE_CERT_ID bin/fsd
#          ditto -ck bin $ZIP_OUTPUT
#          xcrun notarytool submit -k ~/private_keys/AuthKey_$APPLE_API_KEY.p8 -d $APPLE_API_KEY -i $APPLE_API_ISSUER --wait --timeout 10m $ZIP_OUTPUT
#      - uses: actions/upload-artifact@v3
#        with:
#          name: fsd
#          path: release/
#  build-windows: 
#    runs-on: windows-latest
#    needs: [ test ]
#    steps:
#      - uses: actions/checkout@v3
#      - uses: actions/setup-go@v3
#        with:
#          go-version: 'stable'
#      - name: Setup
#        shell: bash
#        run: |
#          dotnet tool install --global AzureSignTool
#          go generate ./...
#      - name: Build amd64
#        env:
#          CGO_ENABLED: 1
#          GOOS: windows
#          GOARCH: amd64
#        shell: bash
#        run: |
#          mkdir -p release
#          ZIP_OUTPUT=release/fsd_${GOOS}_${GOARCH}.zip
#          go build -tags='netgo' -trimpath -o bin/ -a -ldflags '-s -w -linkmode external -extldflags "-static"' ./cmd/fsd
#          azuresigntool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}" -kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v bin/fsd.exe
#          cp README.md LICENSE bin/
#          7z a $ZIP_OUTPUT ./bin/*
#      - uses: actions/upload-artifact@v3
#        with:
#          name: fsd
#          path: release/