-
Notifications
You must be signed in to change notification settings - Fork 138
139 lines (139 loc) · 6.33 KB
/
build-binaries.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
on: [push, pull_request]
name: Build binaries
permissions:
contents: read
packages: write
jobs:
build-macos:
strategy:
matrix:
go-version: ["1.23"]
os: [macos-latest]
runs-on: ${{ matrix.os }}
env:
CGO_ENABLED: 1
steps:
- name: Install Go
uses: actions/setup-go@v2
with:
go-version: ${{ matrix.go-version }}
- name: Checkout code
uses: actions/checkout@v2
with:
# `fetch-depth: 0` gets us all tags.
fetch-depth: 0
- name: Calculate git version and add it to the environment
shell: bash
# We have to `$GITHUB_ENV` to create env vars that can be used in future steps (in particular, as part of download file names).
# https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#environment-files
# https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
run: |
echo "GIT_VERSION=$(git describe --tags)" >> $GITHUB_ENV
- name: Build macos binary
run: |
go build -o build/macos/smimesign -ldflags "-X main.versionString=${{ env.GIT_VERSION }}" .
- name: Tar the macOS binary
run: |
# We cd so that the binary ends up in the top level of the tar.
cd build/macos && tar -czvf smimesign-macos-${{ env.GIT_VERSION }}.tgz smimesign
- name: Upload build folder to the action
uses: actions/upload-artifact@v4
with:
# Note: this artifact is shared across jobs:
# https://github.com/actions/upload-artifact#uploading-to-the-same-artifact
name: build
path: build/
- name: Upload macOS files to the release
# Pinned hash from https://github.com/softprops/action-gh-release/releases/tag/v2.0.8
uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191
if: startsWith(github.ref, 'refs/tags/v')
with:
files: |
build/macOS/smimesign-macos-${{ env.GIT_VERSION }}.tgz
build-windows:
strategy:
matrix:
go-version: ["1.23"]
os: [windows-latest]
runs-on: ${{ matrix.os }}
env:
CGO_ENABLED: 1
steps:
- name: Install Go
uses: actions/setup-go@v2
with:
go-version: ${{ matrix.go-version }}
- name: Checkout code
uses: actions/checkout@v2
with:
# `fetch-depth: 0` gets us all tags.
fetch-depth: 0
- name: Calculate git version and add it to the environment
shell: bash
# We have to use this format to create env vars that can be used in future steps (in particular, as part of download file names).
# https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#environment-files
# https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
run: |
echo "GIT_VERSION=$(git describe --tags)" >> $GITHUB_ENV
- name: Calculate bare git version and add it to the environment
# This is for InnoSetup
shell: bash
run: |
if [[ "${GIT_VERSION}" =~ ^v([[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+)(-[A-za-z0-9-]*)? ]]
then
echo "BARE_GIT_VERSION=${BASH_REMATCH[1]}" >> $GITHUB_ENV
else
echo "Could not calculate the bare git version (e.g. `v1.1.0-rc1-28-g8a54734` -> `1.1.0`) for: ${GIT_VERSION}"
exit 1
fi
- name: Build amd64
shell: bash
run: |
GOARCH=amd64 go build -o "build/amd64/smimesign.exe" -ldflags "-X main.versionString=${{ env.GIT_VERSION }}"
- name: Switch MinGW to x86
# Pinned hash from https://github.com/egor-tensin/setup-mingw/releases/tag/v2.2.0
uses: egor-tensin/setup-mingw@84c781b557efd538dec66bde06988d81cd3138cf
with:
platform: x86
- name: Build 386
shell: bash
run: |
GOARCH=386 go build -o "build/386/smimesign.exe" -ldflags "-X main.versionString=${{ env.GIT_VERSION }}" .
- name: Sign amd64 and 386
if: startsWith(github.ref, 'refs/tags/v')
run: |
.\windows-installer\signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /p ${{ secrets.PFX_PASSWORD }} /f windows-installer\codesign.pfx build/amd64/smimesign.exe
.\windows-installer\signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /p ${{ secrets.PFX_PASSWORD }} /f windows-installer\codesign.pfx build/386/smimesign.exe
- name: Create installer
shell: bash
run: |
GIT_VERSION=${{ env.GIT_VERSION }} BARE_GIT_VERSION=${{ env.BARE_GIT_VERSION }} iscc windows-installer/inno-setup-smimesign-installer.iss
- name: Sign installer
if: startsWith(github.ref, 'refs/tags/v')
run: |
.\windows-installer\signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /p ${{ secrets.PFX_PASSWORD }} /f windows-installer\codesign.pfx build\installer\smimesign-windows-*.exe
- name: Create zips for release upload
run: |
Compress-Archive -Path build\amd64\smimesign.exe -DestinationPath build\amd64\smimesign.zip
Compress-Archive -Path build\386\smimesign.exe -DestinationPath build\386\smimesign.zip
- name: Rename zips for release upload
shell: bash
run: |
mv build/amd64/smimesign.zip build/amd64/smimesign-windows-amd64-${{ env.GIT_VERSION }}.zip
mv build/386/smimesign.zip build/386/smimesign-windows-386-${{ env.GIT_VERSION }}.zip
- name: Upload build folder to the action
uses: actions/upload-artifact@v4
with:
# Note: this artifact is shared across jobs:
# https://github.com/actions/upload-artifact#uploading-to-the-same-artifact
name: build
path: build/
- name: Upload Windows files to the release
# Pinned hash from https://github.com/softprops/action-gh-release/releases/tag/v2.0.8
uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191
if: startsWith(github.ref, 'refs/tags/v')
with:
files: |
build/amd64/smimesign-windows-amd64-${{ env.GIT_VERSION }}.zip
build/386/smimesign-windows-386-${{ env.GIT_VERSION }}.zip
build/installer/smimesign-windows-*.exe