|
|
|
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
|
|
|
name: Build & Test
|
|
|
|
|
|
|
|
on:
|
|
|
|
push:
|
|
|
|
paths:
|
|
|
|
- ".github/workflows/build.yml"
|
|
|
|
- ".github/workflows/reusable-docker.yml"
|
|
|
|
- ".github/workflows/reusable-build.yml"
|
|
|
|
- "src/**"
|
|
|
|
- "tests/**"
|
|
|
|
- "docker/**"
|
|
|
|
- "ci/**"
|
|
|
|
- "**.props"
|
|
|
|
- "**.targets"
|
|
|
|
|
|
|
|
pull_request:
|
|
|
|
paths:
|
|
|
|
- ".github/workflows/build.yml"
|
|
|
|
- ".github/workflows/reusable-docker.yml"
|
|
|
|
- ".github/workflows/reusable-build.yml"
|
|
|
|
- "src/**"
|
|
|
|
- "tests/**"
|
|
|
|
- "docker/**"
|
|
|
|
- "ci/**"
|
|
|
|
- "**.props"
|
|
|
|
- "**.targets"
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
#############################################
|
|
|
|
build-win:
|
|
|
|
name: Build Windows
|
|
|
|
secrets: inherit
|
|
|
|
uses: ./.github/workflows/reusable-build.yml
|
|
|
|
strategy:
|
|
|
|
matrix:
|
|
|
|
runtime: [win-x64, win-arm64]
|
|
|
|
with:
|
|
|
|
platform: windows-latest
|
|
|
|
runtime: ${{ matrix.runtime }}
|
|
|
|
|
|
|
|
#############################################
|
|
|
|
build-linux:
|
|
|
|
name: Build Linux
|
|
|
|
secrets: inherit
|
|
|
|
uses: ./.github/workflows/reusable-build.yml
|
|
|
|
strategy:
|
|
|
|
matrix:
|
|
|
|
runtime: [linux-x64, linux-arm64, linux-arm]
|
|
|
|
with:
|
|
|
|
platform: ubuntu-latest
|
|
|
|
runtime: ${{ matrix.runtime }}
|
|
|
|
|
|
|
|
#############################################
|
|
|
|
build-osx:
|
|
|
|
name: Build Mac OS
|
|
|
|
secrets: inherit
|
|
|
|
uses: ./.github/workflows/reusable-build.yml
|
|
|
|
strategy:
|
|
|
|
matrix:
|
|
|
|
runtime: [osx-x64, osx-arm64]
|
|
|
|
with:
|
|
|
|
platform: macos-latest
|
|
|
|
runtime: ${{ matrix.runtime }}
|
|
|
|
|
|
|
|
#############################################
|
|
|
|
codesign:
|
|
|
|
name: Apple Signing
|
|
|
|
runs-on: macos-latest
|
|
|
|
# Ignore pull requests & non-master branches
|
|
|
|
if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v')
|
|
|
|
needs: [build-osx]
|
|
|
|
strategy:
|
|
|
|
matrix:
|
|
|
|
runtime:
|
|
|
|
- osx-x64
|
|
|
|
- osx-arm64
|
|
|
|
steps:
|
|
|
|
- name: Checkout
|
|
|
|
uses: actions/checkout@v4
|
|
|
|
|
|
|
|
- name: Download Artifacts
|
|
|
|
uses: ./.github/actions/download-tar
|
|
|
|
with:
|
|
|
|
name: ${{ matrix.runtime }}
|
|
|
|
path: publish
|
|
|
|
|
|
|
|
- name: Add Cert to Keychain
|
|
|
|
# todo: Switch back to upstream when this is merged:
|
|
|
|
# https://github.com/Apple-Actions/import-codesign-certs/pull/58
|
|
|
|
uses: recyclarr/import-codesign-certs@master
|
|
|
|
with:
|
|
|
|
p12-file-base64: ${{ secrets.MAC_CERT_BASE64 }}
|
|
|
|
p12-password: ${{ secrets.MAC_CERT_PASSWORD }}
|
|
|
|
|
|
|
|
- name: Code Sign
|
|
|
|
env:
|
|
|
|
CODESIGN_IDENTITY: ${{ secrets.MAC_CODESIGN_IDENTITY }}
|
|
|
|
run: >
|
|
|
|
codesign --timestamp --no-strict --force
|
|
|
|
--options=runtime
|
|
|
|
--entitlements ci/codesign/entitlements.plist
|
|
|
|
--sign "$CODESIGN_IDENTITY"
|
|
|
|
"publish/recyclarr"
|
|
|
|
|
|
|
|
- name: Notarize
|
|
|
|
run: >-
|
|
|
|
ci/notarize.sh
|
|
|
|
"${{ secrets.MAC_DEV_USERNAME }}"
|
|
|
|
"${{ secrets.MAC_DEV_PASSWORD }}"
|
|
|
|
AVLRN599D8
|
|
|
|
publish/recyclarr
|
|
|
|
|
|
|
|
# Cannot staple directly to a binary:
|
|
|
|
# https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow?language=objc#3087720
|
|
|
|
# - name: Staple
|
|
|
|
# run: xcrun stapler staple -v publish/recyclarr
|
|
|
|
|
|
|
|
- name: Upload Artifacts
|
|
|
|
uses: ./.github/actions/upload-tar
|
|
|
|
with:
|
|
|
|
name: ${{ matrix.runtime }}
|
|
|
|
path: publish
|
|
|
|
|
|
|
|
#############################################
|
|
|
|
docker:
|
|
|
|
name: Docker
|
|
|
|
needs: [build-win, build-linux, build-osx]
|
|
|
|
uses: ./.github/workflows/reusable-docker.yml
|
|
|
|
secrets: inherit
|
|
|
|
|
|
|
|
#############################################
|
|
|
|
release:
|
|
|
|
name: Release
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
if: startsWith(github.ref, 'refs/tags/v')
|
|
|
|
needs:
|
|
|
|
- build-win
|
|
|
|
- build-linux
|
|
|
|
- codesign # Depends on build-osx
|
|
|
|
- docker # Only for preventing a release if docker build & publish fails
|
|
|
|
env:
|
|
|
|
XZ_OPT: "-T0 -9"
|
|
|
|
steps:
|
|
|
|
- name: Checkout
|
|
|
|
uses: actions/checkout@v4
|
|
|
|
with:
|
|
|
|
fetch-depth: 0 # avoid shallow clone for GitVersion
|
|
|
|
|
|
|
|
- name: Install GitVersion
|
|
|
|
uses: gittools/actions/gitversion/setup@v0
|
|
|
|
with:
|
|
|
|
versionSpec: 6.x
|
|
|
|
includePrerelease: true
|
|
|
|
|
|
|
|
- name: Determine Version
|
|
|
|
uses: gittools/actions/gitversion/execute@v0
|
|
|
|
id: gitversion
|
|
|
|
|
|
|
|
- name: Download Artifacts
|
|
|
|
uses: ./.github/actions/download-tar
|
|
|
|
with:
|
|
|
|
path: publish
|
|
|
|
|
|
|
|
- name: Create Archive
|
|
|
|
shell: pwsh
|
|
|
|
run: >
|
|
|
|
ci/CreateArchive.ps1
|
|
|
|
-PublishDir publish
|
|
|
|
-OutputDir archive
|
|
|
|
|
|
|
|
- name: Extract Changelog
|
|
|
|
id: changelog
|
|
|
|
uses: ffurrer2/extract-release-notes@v1
|
|
|
|
|
|
|
|
- name: Create Release
|
|
|
|
uses: softprops/action-gh-release@v1
|
|
|
|
env:
|
|
|
|
GITHUB_TOKEN: ${{ secrets.DEPLOY_PAT }}
|
|
|
|
with:
|
|
|
|
files: |
|
|
|
|
archive/**/recyclarr-*.zip
|
|
|
|
archive/**/recyclarr-*.tar.xz
|
|
|
|
body: ${{ steps.changelog.outputs.release_notes }}
|
|
|
|
tag_name: ${{ github.event.create.ref }}
|
|
|
|
draft: false
|
|
|
|
prerelease: ${{ steps.gitversion.outputs.preReleaseTag != '' }}
|
|
|
|
|
|
|
|
#############################################
|
|
|
|
# The main purpose of this job is to group all the other jobs together into one single job status
|
|
|
|
# that can be set as a requirement to merge pull requests. This is easier than enumerating all
|
|
|
|
# jobs in a workflow to ensure they all pass.
|
|
|
|
check:
|
|
|
|
if: always()
|
|
|
|
name: Report Build Status
|
|
|
|
needs:
|
|
|
|
- build-win
|
|
|
|
- build-linux
|
|
|
|
- build-osx
|
|
|
|
- codesign
|
|
|
|
- docker
|
|
|
|
- release
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
|
|
- name: Check if all jobs succeeded
|
|
|
|
uses: re-actors/alls-green@release/v1
|
|
|
|
with:
|
|
|
|
allowed-skips: codesign, release
|
|
|
|
jobs: ${{ toJSON(needs) }}
|