-
Notifications
You must be signed in to change notification settings - Fork 0
117 lines (107 loc) · 3.9 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
name: Build
on:
push:
branches:
- main
pull_request:
branches:
- "*"
jobs:
linux_and_windows:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.22.2
- name: git cleanup
run: git clean -f
- name: Unit tests
run: |
go test -v -race ./... -covermode=atomic # Run all the tests with the race detector enabled
- name: Static analysis
run: |
go vet ./... # go vet is the official Go static analyzer
- name: Cyclomatic complexity
run: |
go install github.com/fzipp/gocyclo/cmd/gocyclo@latest
/home/runner/go/bin/gocyclo -over 19 main.go pkg # forbid code with huge/complex functions
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
with:
version: latest
args: release --parallelism 1 --snapshot --clean
- name: Test Binary is Runnable
run: "dist/build_win_and_linux_linux_amd64_v1/komocli --help"
- uses: actions/upload-artifact@v4
with:
name: binaries
path: dist/
retention-days: 1
- name: golangci-lint
uses: golangci/golangci-lint-action@v4
with:
# version: latest
# skip-go-installation: true
skip-pkg-cache: true
skip-build-cache: true
# args: --timeout=15m
mac_with_signing:
runs-on: macos-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.22.2
- name: Prepare keys
env:
CERT: certificate.p12
CERT_PASSWORD: ""
MY_KEYCHAIN: build.keychain
MY_KEYCHAIN_PASSWORD: ${{ secrets.CERTIFICATE_ID }}
IDENTITY_CERTIFICATE: "Developer ID Application: Komodor Automation LTD (F584U99DLC)"
run: |
echo Decode the certificate
echo ${{ secrets.CERTIFICATE_BASE64 }} | base64 --decode > $CERT
# default again user login keychain
security list-keychains -d user -s login.keychain
# Create temp keychain
security create-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN"
# Append temp keychain to the user domain
security list-keychains -d user -s "$MY_KEYCHAIN" $(security list-keychains -d user | sed s/\"//g)
# Remove relock timeout
security set-keychain-settings "$MY_KEYCHAIN"
# Unlock keychain
security unlock-keychain -p "$MY_KEYCHAIN_PASSWORD" "$MY_KEYCHAIN"
# Add certificate to keychain
security import $CERT -k "$MY_KEYCHAIN" -P "$CERT_PASSWORD" -A -T "/usr/bin/codesign"
# Enable codesigning from a non user interactive shell
security set-key-partition-list -S apple-tool:,apple:, -t private -s -k "$MY_KEYCHAIN_PASSWORD" -D "${IDENTITY_CERTIFICATE}" "$MY_KEYCHAIN"
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
with:
version: latest
args: release --config .goreleaser-mac.yml --parallelism 1 --snapshot --clean
env:
MACOS_NOTARY_APPLE_ID: ${{ secrets.APPLE_ID_USERNAME }}
MACOS_NOTARY_TEAM_ID: ${{ secrets.APPLE_NOTARY_TEAM_ID }}
MACOS_NOTARY_PASSWORD: ${{ secrets.APP_SPECIFIC_PASSWORD }}
CERTIFICATE_ID: ${{ secrets.CERTIFICATE_ID }}
- name: Test Binary is Signed
run: |
cat codesign.log
echo ===============================
cat notarytool.log
echo ===============================
codesign -dv dist/build_macos_darwin_arm64/komocli
- uses: actions/upload-artifact@v4
with:
name: binaries-mac
path: dist/
retention-days: 1