You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
208 lines
5.5 KiB
208 lines
5.5 KiB
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
|
name: Build & Test
|
|
|
|
on:
|
|
push:
|
|
paths:
|
|
- ".github/workflows/build.yml"
|
|
- ".github/workflows/docker.yml"
|
|
- "src/**"
|
|
- "schemas/**"
|
|
- "docker/**"
|
|
- "ci/**"
|
|
|
|
pull_request:
|
|
paths:
|
|
- ".github/workflows/build.yml"
|
|
- ".github/workflows/docker.yml"
|
|
- "src/**"
|
|
- "schemas/**"
|
|
- "docker/**"
|
|
- "ci/**"
|
|
|
|
jobs:
|
|
build-win:
|
|
name: Build Windows
|
|
secrets: inherit
|
|
uses: ./.github/workflows/reusable-build.yml
|
|
strategy:
|
|
matrix:
|
|
runtime: [win-x64, win-arm64]
|
|
with:
|
|
platform: windows-latest
|
|
runtime: ${{ matrix.runtime }}
|
|
|
|
build-linux:
|
|
name: Build Linux
|
|
secrets: inherit
|
|
uses: ./.github/workflows/reusable-build.yml
|
|
strategy:
|
|
matrix:
|
|
runtime: [linux-x64, linux-arm64, linux-arm]
|
|
with:
|
|
platform: ubuntu-latest
|
|
runtime: ${{ matrix.runtime }}
|
|
|
|
build-osx:
|
|
name: Build Mac OS
|
|
secrets: inherit
|
|
uses: ./.github/workflows/reusable-build.yml
|
|
strategy:
|
|
matrix:
|
|
runtime: [osx-x64, osx-arm64]
|
|
with:
|
|
platform: macos-latest
|
|
runtime: ${{ matrix.runtime }}
|
|
# Compression cannot be used on MacOS due to this issue:
|
|
# https://github.com/dotnet/runtime/issues/79267
|
|
publish-args: -NoCompress
|
|
|
|
build-musl:
|
|
name: Build MUSL
|
|
secrets: inherit
|
|
uses: ./.github/workflows/reusable-build.yml
|
|
strategy:
|
|
matrix:
|
|
runtime: [linux-musl-x64, linux-musl-arm, linux-musl-arm64]
|
|
with:
|
|
platform: ubuntu-latest
|
|
runtime: ${{ matrix.runtime }}
|
|
publish-args: -NoSingleFile
|
|
skip-test: true
|
|
|
|
codesign:
|
|
name: Apple Signing
|
|
runs-on: macos-latest
|
|
if: github.event_name != 'pull_request'
|
|
needs: [build-osx]
|
|
strategy:
|
|
matrix:
|
|
runtime:
|
|
- osx-x64
|
|
- osx-arm64
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Download Artifacts
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: ${{ matrix.runtime }}
|
|
path: publish
|
|
|
|
- name: Add Cert to Keychain
|
|
uses: apple-actions/import-codesign-certs@v1
|
|
with:
|
|
p12-file-base64: ${{ secrets.MAC_CERT_BASE64 }}
|
|
p12-password: ${{ secrets.MAC_CERT_PASSWORD }}
|
|
|
|
- name: Code Sign
|
|
env:
|
|
CODESIGN_IDENTITY: ${{ secrets.MAC_CODESIGN_IDENTITY }}
|
|
run: >
|
|
codesign --timestamp --no-strict --force
|
|
--options=runtime
|
|
--entitlements ci/codesign/entitlements.plist
|
|
--sign "$CODESIGN_IDENTITY"
|
|
"publish/recyclarr"
|
|
|
|
- name: Notarize
|
|
uses: recyclarr/xcode-notarize@main
|
|
with:
|
|
product-path: publish/recyclarr
|
|
appstore-connect-username: ${{ secrets.MAC_DEV_USERNAME }}
|
|
appstore-connect-password: ${{ secrets.MAC_DEV_PASSWORD }}
|
|
primary-bundle-id: dev.recyclarr.cli
|
|
|
|
# Cannot staple directly to a binary:
|
|
# https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow?language=objc#3087720
|
|
# - name: Staple
|
|
# run: xcrun stapler staple -v publish/recyclarr
|
|
|
|
- name: Upload Artifacts
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: ${{ matrix.runtime }}
|
|
path: publish/*
|
|
|
|
docker:
|
|
name: Docker
|
|
needs: [build-musl]
|
|
uses: ./.github/workflows/reusable-docker.yml
|
|
secrets: inherit
|
|
|
|
release:
|
|
name: Release
|
|
runs-on: ubuntu-latest
|
|
if: startsWith(github.ref, 'refs/tags/v')
|
|
needs:
|
|
- build-win
|
|
- build-linux
|
|
- codesign # Depends on build-osx
|
|
- docker # Only for preventing a release if docker build & publish fails
|
|
env:
|
|
XZ_OPT: "-T0 -9"
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0 # avoid shallow clone for GitVersion
|
|
|
|
- name: Install GitVersion
|
|
uses: gittools/actions/gitversion/setup@v0
|
|
with:
|
|
versionSpec: 5.x
|
|
|
|
- name: Determine Version
|
|
uses: gittools/actions/gitversion/execute@v0
|
|
id: gitversion
|
|
|
|
- name: Download Artifacts
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
path: publish
|
|
|
|
- name: Create Archive
|
|
shell: pwsh
|
|
run: >
|
|
ci/CreateArchive.ps1
|
|
-PublishDir publish
|
|
-OutputDir archive
|
|
|
|
- name: Extract Changelog
|
|
id: changelog
|
|
uses: ffurrer2/extract-release-notes@v1
|
|
|
|
- name: Create Release
|
|
uses: softprops/action-gh-release@v1
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.DEPLOY_PAT }}
|
|
with:
|
|
files: archive/*
|
|
body: ${{ steps.changelog.outputs.release_notes }}
|
|
tag_name: ${{ github.event.create.ref }}
|
|
draft: false
|
|
prerelease: ${{ steps.gitversion.outputs.preReleaseTag != '' }}
|
|
|
|
# The main purpose of this job is to group all the other jobs together into one single job status
|
|
# that can be set as a requirement to merge pull requests. This is easier than enumerating all
|
|
# jobs in a workflow to ensure they all pass.
|
|
check:
|
|
if: always()
|
|
name: Report Build Status
|
|
needs:
|
|
- build-win
|
|
- build-linux
|
|
- build-osx
|
|
- build-musl
|
|
- codesign
|
|
- docker
|
|
- release
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Check if all jobs succeeded
|
|
uses: re-actors/alls-green@release/v1
|
|
with:
|
|
allowed-skips: codesign, release
|
|
jobs: ${{ toJSON(needs) }}
|