v1.8.0 (#1017) #14
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
tags: | |
- 'v[0-9]+.[0-9]+.[0-9]*' | |
name: Create release and upload binaries | |
jobs: | |
build-linux: | |
name: Build Linux/BSD All | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version-file: 'go.mod' | |
check-latest: true | |
- name: Build | |
run: | | |
make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" release-linux release-freebsd release-openbsd release-netbsd | |
mkdir release | |
mv build/*.tar.gz release | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: linux-latest | |
path: release | |
build-windows: | |
name: Build Windows | |
runs-on: windows-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version-file: 'go.mod' | |
check-latest: true | |
- name: Build | |
run: | | |
echo $Env:GITHUB_REF.Substring(11) | |
mkdir build\windows-amd64 | |
$Env:GOARCH = "amd64" | |
go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-amd64\nebula.exe ./cmd/nebula-service | |
go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-amd64\nebula-cert.exe ./cmd/nebula-cert | |
mkdir build\windows-arm64 | |
$Env:GOARCH = "arm64" | |
go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-arm64\nebula.exe ./cmd/nebula-service | |
go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-arm64\nebula-cert.exe ./cmd/nebula-cert | |
mkdir build\dist\windows | |
mv dist\windows\wintun build\dist\windows\ | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: windows-latest | |
path: build | |
build-darwin: | |
name: Build Universal Darwin | |
env: | |
HAS_SIGNING_CREDS: ${{ secrets.AC_USERNAME != '' }} | |
runs-on: macos-11 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version-file: 'go.mod' | |
check-latest: true | |
- name: Import certificates | |
if: env.HAS_SIGNING_CREDS == 'true' | |
uses: Apple-Actions/import-codesign-certs@v2 | |
with: | |
p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }} | |
p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }} | |
- name: Build, sign, and notarize | |
env: | |
AC_USERNAME: ${{ secrets.AC_USERNAME }} | |
AC_PASSWORD: ${{ secrets.AC_PASSWORD }} | |
run: | | |
rm -rf release | |
mkdir release | |
make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" service build/darwin-amd64/nebula build/darwin-amd64/nebula-cert | |
make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" service build/darwin-arm64/nebula build/darwin-arm64/nebula-cert | |
lipo -create -output ./release/nebula ./build/darwin-amd64/nebula ./build/darwin-arm64/nebula | |
lipo -create -output ./release/nebula-cert ./build/darwin-amd64/nebula-cert ./build/darwin-arm64/nebula-cert | |
if [ -n "$AC_USERNAME" ]; then | |
codesign -s "10BC1FDDEB6CE753550156C0669109FAC49E4D1E" -f -v --timestamp --options=runtime -i "net.defined.nebula" ./release/nebula | |
codesign -s "10BC1FDDEB6CE753550156C0669109FAC49E4D1E" -f -v --timestamp --options=runtime -i "net.defined.nebula-cert" ./release/nebula-cert | |
fi | |
zip -j release/nebula-darwin.zip release/nebula-cert release/nebula | |
if [ -n "$AC_USERNAME" ]; then | |
xcrun notarytool submit ./release/nebula-darwin.zip --team-id "576H3XS7FP" --apple-id "$AC_USERNAME" --password "$AC_PASSWORD" --wait | |
fi | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: darwin-latest | |
path: ./release/* | |
release: | |
name: Create and Upload Release | |
needs: [build-linux, build-darwin, build-windows] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
path: artifacts | |
- name: Zip Windows | |
run: | | |
cd artifacts/windows-latest | |
cp windows-amd64/* . | |
zip -r nebula-windows-amd64.zip nebula.exe nebula-cert.exe dist | |
cp windows-arm64/* . | |
zip -r nebula-windows-arm64.zip nebula.exe nebula-cert.exe dist | |
- name: Create sha256sum | |
run: | | |
cd artifacts | |
for dir in linux-latest darwin-latest windows-latest | |
do | |
( | |
cd $dir | |
if [ "$dir" = windows-latest ] | |
then | |
sha256sum <windows-amd64/nebula.exe | sed 's=-$=nebula-windows-amd64.zip/nebula.exe=' | |
sha256sum <windows-amd64/nebula-cert.exe | sed 's=-$=nebula-windows-amd64.zip/nebula-cert.exe=' | |
sha256sum <windows-arm64/nebula.exe | sed 's=-$=nebula-windows-arm64.zip/nebula.exe=' | |
sha256sum <windows-arm64/nebula-cert.exe | sed 's=-$=nebula-windows-arm64.zip/nebula-cert.exe=' | |
sha256sum nebula-windows-amd64.zip | |
sha256sum nebula-windows-arm64.zip | |
elif [ "$dir" = darwin-latest ] | |
then | |
sha256sum <nebula-darwin.zip | sed 's=-$=nebula-darwin.zip=' | |
sha256sum <nebula | sed 's=-$=nebula-darwin.zip/nebula=' | |
sha256sum <nebula-cert | sed 's=-$=nebula-darwin.zip/nebula-cert=' | |
else | |
for v in *.tar.gz | |
do | |
sha256sum $v | |
tar zxf $v --to-command='sh -c "sha256sum | sed s=-$='$v'/$TAR_FILENAME="' | |
done | |
fi | |
) | |
done | sort -k 2 >SHASUM256.txt | |
- name: Create Release | |
id: create_release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
cd artifacts | |
gh release create \ | |
--verify-tag \ | |
--title "Release ${{ github.ref_name }}" \ | |
"${{ github.ref_name }}" \ | |
SHASUM256.txt *-latest/*.zip *-latest/*.tar.gz |