From 18b5ae2f5220f4c8da7b997ba313514282f5bff8 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Mon, 26 Jun 2023 10:42:02 -0400 Subject: [PATCH 1/5] document cross-build procedure --- .github/workflows/main.yml | 14 ++++++++++++++ BUILD.md | 2 +- docker-images/cross-build/README.md | 18 +++++++++--------- 3 files changed, 24 insertions(+), 10 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4b5098230..75d56b336 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -381,3 +381,17 @@ jobs: secrets: inherit with: ziti-version: ${{ needs.publish.outputs.ZITI_VERSION }} + + call-publish-linux-install-packages: + # always() re-enables evaluating conditionals in forks even if Windows or + # macOS builds were skipped + if: | + always() + && needs.publish.result == 'success' + && github.ref == 'refs/heads/main' + name: Publish Release Linux Install Packages + needs: publish + uses: ./.github/workflows/publish-linux-install-packages.yml + secrets: inherit + with: + ziti-version: ${{ needs.publish.outputs.ZITI_VERSION }} diff --git a/BUILD.md b/BUILD.md index caa3d8ee8..d1c355bcc 100644 --- a/BUILD.md +++ b/BUILD.md @@ -5,4 +5,4 @@ Please refer to [the local development README](./doc/002-local-dev.md) for build ## Crossbuilds -When you push to your repo fork then GitHub Actions will automatically crossbuild for several OSs and CPU architectures. You'll then be able to download the built artifacts from the GitHub UI. The easiest way to crossbuild the Linux exectuables locally is to build and run the crossbuild container. Please refer to [the crossbuild container README](../Dockerfile.linux-build.README) for those steps. For hints on crossbuilding for MacOS and Windows see [the main GitHub Actions workflow](../.github/workflows/main.yml) which defines the steps that are run when you push to GitHub. +When you push to your repo fork then GitHub Actions will automatically crossbuild for several OSs and CPU architectures. You'll then be able to download the built artifacts from the GitHub UI. The easiest way to crossbuild the Linux exectuables locally is to build and run the crossbuild container. Please refer to [the crossbuild container README](./docker-images/cross-build/README.md) for those steps. For hints on crossbuilding for MacOS and Windows see [the main GitHub Actions workflow](../.github/workflows/main.yml) which defines the steps that are run when you push to GitHub. diff --git a/docker-images/cross-build/README.md b/docker-images/cross-build/README.md index 8cb86dacf..4f789cd77 100644 --- a/docker-images/cross-build/README.md +++ b/docker-images/cross-build/README.md @@ -12,9 +12,9 @@ This article supports local development by providing a local containerized metho You only need to build the container image once unless you change the Dockerfile or `./linux-build.sh` (the container's entrypoint). ```bash -# build a container image named "zitibuilder" with the same version of Go that's declared in go.mod +# build a container image named "ziti-go-builder" with the same version of Go that's declared in go.mod docker buildx build \ - --tag=zitibuilder \ + --tag=ziti-go-builder \ --build-arg uid=$UID \ --build-arg gid=$GID \ --build-arg golang_version=$(grep -Po '^go\s+\K\d+\.\d+(\.\d+)?$' go.mod) \ @@ -34,16 +34,16 @@ Executing the following `docker run` command will: # build for all three architectures: amd64 arm arm64 docker run \ --rm \ - --name=zitibuilder \ + --name=ziti-go-builder \ --volume=$PWD:/mnt \ - zitibuilder + ziti-go-builder # build only amd64 docker run \ --rm \ - --name=zitibuilder \ + --name=ziti-go-builder \ --volume=$PWD:/mnt \ - zitibuilder \ + ziti-go-builder \ amd64 ``` @@ -53,7 +53,7 @@ You will find the built artifacts in `./release`. ```bash ❯ docker buildx build \ - --tag=zitibuilder \ + --tag=ziti-go-builder \ --build-arg uid=$UID \ --build-arg gid=$GID \ --build-arg golang_version="$(/bin/grep -Po '^go\s+\K\d+\.\d+(\.\d+)?$' go.mod)" \ @@ -89,9 +89,9 @@ You will find the built artifacts in `./release`. ❯ docker run \ --rm \ - --name=zitibuilder \ + --name=ziti-go-builder \ --volume=$PWD:/mnt \ - zitibuilder + ziti-go-builder Number of parallel builds: 4 --> linux/arm: github.com/openziti/ziti/ziti From 244dae4f8661c77dbd0ae18a38a0536498f97e20 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Thu, 10 Aug 2023 18:03:02 -0400 Subject: [PATCH 2/5] build and publish linux package ziti-cli --- .github/workflows/main.yml | 10 +- .github/workflows/publish-linux-packages.yml | 126 +++++++++++++++++++ build/dist-packages/README.md | 6 + build/dist-packages/linux/nfpm-ziti-cli.yaml | 30 +++++ 4 files changed, 168 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/publish-linux-packages.yml create mode 100644 build/dist-packages/README.md create mode 100644 build/dist-packages/linux/nfpm-ziti-cli.yaml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 75d56b336..66fe69274 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -382,16 +382,18 @@ jobs: with: ziti-version: ${{ needs.publish.outputs.ZITI_VERSION }} - call-publish-linux-install-packages: + # call on release-next and main branches to publish linux packages to + # "testing" and "release" package repos in Artifactory + call-publish-linux-packages: # always() re-enables evaluating conditionals in forks even if Windows or # macOS builds were skipped if: | always() && needs.publish.result == 'success' - && github.ref == 'refs/heads/main' - name: Publish Release Linux Install Packages + && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/release-next') + name: Publish Release Linux Packages needs: publish - uses: ./.github/workflows/publish-linux-install-packages.yml + uses: ./.github/workflows/publish-linux-packages.yml secrets: inherit with: ziti-version: ${{ needs.publish.outputs.ZITI_VERSION }} diff --git a/.github/workflows/publish-linux-packages.yml b/.github/workflows/publish-linux-packages.yml new file mode 100644 index 000000000..c68f6f285 --- /dev/null +++ b/.github/workflows/publish-linux-packages.yml @@ -0,0 +1,126 @@ +name: Publish Linux Packages + +on: + workflow_call: + inputs: + ziti-version: + description: generated by 'ziti-ci get-current-version' + type: string + required: true + +# cancel older, redundant runs of same workflow on same branch +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} + cancel-in-progress: true + +jobs: + publish-linux-packages: + runs-on: ubuntu-latest + strategy: + matrix: + package_name: + - ziti-cli + arch: + - goreleaser: amd64 + gox: amd64 + deb: amd64 + rpm: x86_64 + - goreleaser: arm64 + gox: arm64 + deb: arm64 + rpm: aarch64 + - goreleaser: armv7 + gox: arm + deb: armv7 + rpm: armv7 + nfpm_packager: + - rpm + - deb + # - archlinux # (pacman) + # - apk + env: + ZITI_VERSION: ${{ inputs.ziti-version || github.event.inputs.ziti-version }} + ZITI_MAINTAINER: "OpenZiti Maintainers " + ZITI_HOMEPAGE: "https://openziti.io" + ZITI_VENDOR: "NetFoundry" + GOARCH: ${{ matrix.arch.goreleaser }} + steps: + - name: Checkout Workspace + uses: actions/checkout@v3 + + - name: Download Linux Release Artifacts + uses: actions/download-artifact@v3 + with: + name: linux-release-${{ github.run_id }} + path: release/ + + - name: Move Release Artifact for Architecture to Predictable Location for nfpm + run: | + mv -v ./release/${{ matrix.arch.gox }}/linux/ziti \ + ./release/ziti + + - name: Build Package + id: nfpm + uses: burningalchemist/action-gh-nfpm@v1 + # uses: netfoundry/action-gh-nfpm@main + with: + nfpm_version: "2.32.0" + packager: ${{ matrix.nfpm_packager }} + config: build/dist-packages/linux/nfpm-${{ matrix.package_name }}.yaml + target: release/ + + - name: get the package name from the output + run: echo ${{ steps.nfpm.outputs.package }} + shell: bash + + - run: ls -lh release/ + + - name: upload package artifact to build summary page + uses: actions/upload-artifact@v3 + with: + name: ${{ matrix.package_name }}-${{ matrix.arch.goreleaser }}-${{ matrix.nfpm_packager }} + path: ./release/${{ matrix.package_name }}*.${{ matrix.nfpm_packager }} + if-no-files-found: error + + - name: Configure jFrog CLI + uses: jfrog/setup-jfrog-cli@v3 + env: + JF_ENV_1: ${{ secrets.ZITI_ARTIFACTORY_CLI_CONFIG_PACKAGE_UPLOAD }} + + - name: Upload RPM to Artifactory testing repo + if: ${{ !github.event.release.published && matrix.nfpm_packager == 'rpm' }} + run: > + jf rt upload + ./release/${{ matrix.package_name }}*.${{ matrix.nfpm_packager }} + /zitipax-openziti-rpm-stable/testing/${{ matrix.arch.rpm }}/ + --recursive=false + --flat=true + + - name: Upload RPM to Artifactory release repo + if: ${{ github.event.release.published && matrix.nfpm_packager == 'rpm' }} + run: > + jf rt upload + ./release/${{ matrix.package_name }}*.${{ matrix.nfpm_packager }} + /zitipax-openziti-rpm-stable/release/${{ matrix.arch.rpm }}/ + --recursive=false + --flat=true + + - name: Upload DEB to Artifactory testing repo + if: ${{ !github.event.release.published && matrix.nfpm_packager == 'deb' }} + run: > + jf rt upload + ./release/${{ matrix.package_name }}*.${{ matrix.nfpm_packager }} + /zitipax-openziti-deb-stable/pool/${{ matrix.package_name }}/testing/${{ matrix.arch.deb }}/ + --deb=testing/main/${{ matrix.arch.deb }} + --recursive=false + --flat=true + + - name: Upload DEB to Artifactory release repo + if: ${{ github.event.release.published && matrix.nfpm_packager == 'deb' }} + run: > + jf rt upload + ./release/${{ matrix.package_name }}*.${{ matrix.nfpm_packager }} + /zitipax-openziti-deb-stable/pool/${{ matrix.package_name }}/release/${{ matrix.arch.deb }}/ + --deb=release/main/${{ matrix.arch.deb }} + --recursive=false + --flat=true diff --git a/build/dist-packages/README.md b/build/dist-packages/README.md new file mode 100644 index 000000000..d5ed583e4 --- /dev/null +++ b/build/dist-packages/README.md @@ -0,0 +1,6 @@ + +# nfpm-configs + +These are `nfpm` configuration files. `nfpm` generates Linux packages, e.g., +RPM. These files references environment variables set in GitHub Actions workflow +`.github/workflows/publish-linux-install-packages.yml`. diff --git a/build/dist-packages/linux/nfpm-ziti-cli.yaml b/build/dist-packages/linux/nfpm-ziti-cli.yaml new file mode 100644 index 000000000..c47117e1f --- /dev/null +++ b/build/dist-packages/linux/nfpm-ziti-cli.yaml @@ -0,0 +1,30 @@ +# nfpm configuration file +# +# check https://nfpm.goreleaser.com/configuration for detailed usage +# +name: ziti-cli +arch: ${GOARCH} +platform: linux +version: ${ZITI_VERSION} +maintainer: ${ZITI_MAINTAINER} +description: > + The ziti-cli package provides the ziti executable binary as a command line + interface for Ziti. +vendor: ${ZITI_VENDOR} +homepage: ${ZITI_HOMEPAGE} +license: Apache-2.0 +contents: + - src: ./release/ziti + dst: /opt/openziti/bin/ziti + file_info: + mode: 0755 + - src: /opt/openziti/bin/ziti + dst: /usr/bin/ziti + type: symlink + +# packager-neutral scripts may be overriden by packager-specific scripts +# scripts: + # preinstall: ./scripts/preinstall.sh + # postinstall: ./scripts/postinstall.sh + # preremove: ./scripts/preremove.sh + # postremove: ./scripts/postremove.sh From f95c44b47a97302b97f80ec9915195bb2a36d737 Mon Sep 17 00:00:00 2001 From: Ken Bingham Date: Thu, 31 Aug 2023 13:31:20 -0400 Subject: [PATCH 3/5] Update .github/workflows/main.yml --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 66fe69274..7e8a8883c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -391,7 +391,7 @@ jobs: always() && needs.publish.result == 'success' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/release-next') - name: Publish Release Linux Packages + name: Publish Linux Packages needs: publish uses: ./.github/workflows/publish-linux-packages.yml secrets: inherit From 442eebd0ab22b8a96dc25770b28589006ddaa36f Mon Sep 17 00:00:00 2001 From: Ken Bingham Date: Thu, 31 Aug 2023 13:31:49 -0400 Subject: [PATCH 4/5] Update build/dist-packages/README.md --- build/dist-packages/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/dist-packages/README.md b/build/dist-packages/README.md index d5ed583e4..e450aa624 100644 --- a/build/dist-packages/README.md +++ b/build/dist-packages/README.md @@ -2,5 +2,5 @@ # nfpm-configs These are `nfpm` configuration files. `nfpm` generates Linux packages, e.g., -RPM. These files references environment variables set in GitHub Actions workflow +RPM. These files reference environment variables set in GitHub Actions workflow `.github/workflows/publish-linux-install-packages.yml`. From b1eca77869d43a2dfc98638330a278671be45433 Mon Sep 17 00:00:00 2001 From: Ken Bingham Date: Thu, 31 Aug 2023 13:33:57 -0400 Subject: [PATCH 5/5] stop using Actions concurrency on this callable workflow --- .github/workflows/publish-linux-packages.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/publish-linux-packages.yml b/.github/workflows/publish-linux-packages.yml index c68f6f285..23f660bdd 100644 --- a/.github/workflows/publish-linux-packages.yml +++ b/.github/workflows/publish-linux-packages.yml @@ -8,11 +8,6 @@ on: type: string required: true -# cancel older, redundant runs of same workflow on same branch -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} - cancel-in-progress: true - jobs: publish-linux-packages: runs-on: ubuntu-latest