diff --git a/.github/workflows/build-and-test-deb.yaml b/.github/workflows/build-and-test-deb.yaml index f00fb48e5..3fd665967 100644 --- a/.github/workflows/build-and-test-deb.yaml +++ b/.github/workflows/build-and-test-deb.yaml @@ -10,8 +10,13 @@ on: workflow_call: inputs: ref_name: + description: "the ref (tag/branch) to use to extract tag/version" required: true type: string + version: + description: "override for version, will be used instead of ref if set, used for testing" + required: false + type: string schedule: - cron: '0 9 * * *' env: @@ -25,47 +30,15 @@ permissions: contents: read # This is required for actions/checkout jobs: - get-tag-and-version: + get-tag-name: name: Get tag name - runs-on: ubuntu-latest - timeout-minutes: 2 - outputs: - tag: ${{ steps.check-tag.outputs.tag }} - version: ${{ steps.check-tag.outputs.version }} - commit: ${{ steps.export-commit.outputs.commit }} - steps: - - name: Check tag from workflow input and github ref - id: check-tag - run: | - if [ -n "${{ inputs.ref_name }}" ]; then - tag=${{ inputs.ref_name }} - else - tag=${{ github.ref_name }} - fi - echo "tag=$tag" >> ${GITHUB_OUTPUT} - - version=${tag#v} - if [[ $version =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - echo "Version matches format: $version" - else - echo "Version $version doesn't match format. Using test version: 0.0.1+{commit}" - version="0.0.1+${{ github.sha }}" - fi - echo "version=$version" >> ${GITHUB_OUTPUT} - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - with: - ref: ${{ steps.check-tag.outputs.tag }} - fetch-depth: 0 - persist-credentials: false - submodules: true - - name: Export commit hash - id: export-commit - run: | - commit=$(git rev-parse HEAD) - echo "commit=$commit" >> ${GITHUB_OUTPUT} + uses: ./.github/workflows/get-version-and-tag-for-ref.yaml + with: + ref_name: ${{ inputs.ref_name }} + version: ${{ inputs.version }} ubuntu-deb-build-and-test: - needs: get-tag-and-version + needs: get-tag-name strategy: fail-fast: false matrix: @@ -89,7 +62,7 @@ jobs: rm -rf ${{ github.workspace }}/* - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: - ref: ${{ needs.get-tag-and-version.outputs.commit }} + ref: ${{ needs.get-tag-name.outputs.tag }} fetch-depth: 0 persist-credentials: false submodules: true @@ -108,10 +81,10 @@ jobs: make - name: Generate deb run: | - ./contrib/packaging/deb/package.sh --${{ matrix.output-arch }} --version ${{ needs.get-tag-and-version.outputs.version }} + ./contrib/packaging/deb/package.sh --${{ matrix.output-arch }} --version ${{ needs.get-tag-name.outputs.version }} - name: Install Finch run: | - sudo apt install ./_output/deb/runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_${{ matrix.output-arch }}.deb -y + sudo apt install ./_output/deb/runfinch-finch_${{ needs.get-tag-name.outputs.version }}_${{ matrix.output-arch }}.deb -y sudo systemctl daemon-reload sudo systemctl start containerd.service sudo systemctl restart finch.socket @@ -136,5 +109,5 @@ jobs: sudo apt remove zlib1g-dev -y - name: Upload deb to S3 run: | - aws s3 cp ./_output/deb s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_UNSIGNED_PROD }}/ --recursive --exclude "*" --include "runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_${{ matrix.output-arch }}.deb" + aws s3 cp ./_output/deb s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_UNSIGNED_PROD }}/ --recursive --exclude "*" --include "runfinch-finch_${{ needs.get-tag-name.outputs.version }}_${{ matrix.output-arch }}.deb" aws s3 cp ./contrib/packaging/deb/Release s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_UNSIGNED_PROD }}/ diff --git a/.github/workflows/build-and-test-msi.yaml b/.github/workflows/build-and-test-msi.yaml index c36b0bf23..b253c13fe 100644 --- a/.github/workflows/build-and-test-msi.yaml +++ b/.github/workflows/build-and-test-msi.yaml @@ -5,14 +5,19 @@ on: workflow_dispatch: inputs: ref_name: - description: "name of git ref for which to build installer" + description: "the ref (tag/branch) to use to extract tag/version" required: true type: string workflow_call: inputs: ref_name: + description: "the ref (tag/branch) to use to extract tag/version" required: true type: string + version: + description: "override for version, will be used instead of ref if set, used for testing" + required: false + type: string schedule: - cron: '0 9 * * *' env: @@ -28,43 +33,11 @@ permissions: jobs: get-tag-name: name: Get tag name - runs-on: ubuntu-latest - timeout-minutes: 2 - outputs: - tag: ${{ steps.check-tag.outputs.tag }} - version: ${{ steps.check-tag.outputs.version }} - commit: ${{ steps.export-commit.outputs.commit }} - steps: - - name: Check tag from workflow input and github ref - id: check-tag - run: | - if [ -n "${{ inputs.ref_name }}" ]; then - tag=${{ inputs.ref_name }} - else - tag=${{ github.ref_name }} - fi - echo "tag=$tag" >> ${GITHUB_OUTPUT} - - version=${tag#v} - if [[ $version =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - echo "Version matches format: $version" - else - echo "Version $version doesn't match format. Using test version: 0.0.1" - version="0.0.1" - fi - echo "version=$version" >> ${GITHUB_OUTPUT} - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - with: - ref: ${{ steps.check-tag.outputs.tag }} - fetch-depth: 0 - persist-credentials: false - submodules: true - - name: Export commit hash - id: export-commit - run: | - commit=$(git rev-parse HEAD) - echo "commit=$commit" >> ${GITHUB_OUTPUT} - + uses: ./.github/workflows/get-version-and-tag-for-ref.yaml + with: + ref_name: ${{ inputs.ref_name }} + version: ${{ inputs.version }} + windows-msi-build: needs: get-tag-name runs-on: [self-hosted, windows, amd64, release] @@ -91,7 +64,7 @@ jobs: cache: false - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: - ref: ${{ needs.get-tag-name.outputs.commit }} + ref: ${{ needs.get-tag-name.outputs.tag }} fetch-depth: 0 persist-credentials: false submodules: recursive @@ -118,16 +91,15 @@ jobs: - name: generate and download signed msi run: | $version="${{ needs.get-tag-name.outputs.version }}" - $tag="${{ needs.get-tag-name.outputs.tag }}" powershell .\msi-builder\BuildFinchMSI.ps1 -Version $version $timestamp=[math]::truncate((Get-Date (Get-Date).ToUniversalTime() -UFormat "%s")) - $unsignedMSI="Finch-$tag-$timestamp.msi" + $unsignedMSI="Finch-$version-$timestamp.msi" Write-Host "Upload unsigned MSI: $unsignedMSI" - + aws s3 cp "./msi-builder/build/Finch-$version.msi" "${{ secrets.WINDOWS_UNSIGNED_BUCKET }}$unsignedMSI" --acl bucket-owner-full-control --no-progress New-Item -Path "./msi-builder/build/signed/" -ItemType Directory -Force - Write-Host "Attemp to download signed MSI" + Write-Host "Attempt to download signed MSI" $retryCount = 0 $maxRetries = 20 $delay = 5 @@ -137,7 +109,7 @@ jobs: $signedMSI = aws s3 ls ${{ secrets.WINDOWS_SIGNED_BUCKET }} 2>&1 | Where-Object { $_ -match "$unsignedMSI" } | Sort-Object -Descending | Select-Object -First 1 | ForEach-Object { ($_ -split '\s+')[-1] } if ($signedMSI -and ($signedMSI -notlike "*An error occurred (404) when calling the HeadObject operation*")) { try { - aws s3 cp "${{ secrets.WINDOWS_SIGNED_BUCKET }}$signedMSI" "./msi-builder/build/signed/Finch-$tag.msi" + aws s3 cp "${{ secrets.WINDOWS_SIGNED_BUCKET }}$signedMSI" "./msi-builder/build/signed/Finch-$version.msi" break } catch { Write-Host "Error during copy: $_" @@ -159,8 +131,8 @@ jobs: aws-region: ${{ secrets.REGION }} - name: upload signed MSI to S3 run: | - $tag="${{ needs.get-tag-name.outputs.tag }}" - aws s3 cp "./msi-builder/build/signed/Finch-$tag.msi" "s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/Finch-$tag.msi" --no-progress + $version="${{ needs.get-tag-name.outputs.version }}" + aws s3 cp "./msi-builder/build/signed/Finch-$version.msi" "s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/Finch-$version.msi" --no-progress - name: Remove Finch VM and Clean Up Previous Environment if: ${{ always() }} timeout-minutes: 5 @@ -199,7 +171,7 @@ jobs: cache: false - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: - ref: ${{ needs.get-tag-name.outputs.commit }} + ref: ${{ needs.get-tag-name.outputs.tag }} fetch-depth: 0 persist-credentials: false submodules: recursive @@ -235,8 +207,8 @@ jobs: } - name: Download MSI from S3 run: | - $tag="${{ needs.get-tag-name.outputs.tag }}" - aws s3 cp "s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/Finch-$tag.msi" ./Finch.msi + $version="${{ needs.get-tag-name.outputs.version }}" + aws s3 cp "s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/Finch-$version.msi" ./Finch.msi - name: Install MSI silently run: | Start-Process 'Finch.msi' -ArgumentList '/quiet' -Wait diff --git a/.github/workflows/build-and-test-pkg.yaml b/.github/workflows/build-and-test-pkg.yaml index e3c1c075b..b41a88033 100644 --- a/.github/workflows/build-and-test-pkg.yaml +++ b/.github/workflows/build-and-test-pkg.yaml @@ -5,14 +5,19 @@ on: workflow_dispatch: inputs: ref_name: - description: "name of git ref for which to build installer" + description: "the ref (tag/branch) to use to extract tag/version" required: true type: string workflow_call: inputs: ref_name: + description: "the ref (tag/branch) to use to extract tag/version" required: true type: string + version: + description: "override for version, will be used instead of ref if set, used for testing" + required: false + type: string schedule: - cron: '0 9 * * *' env: @@ -28,36 +33,10 @@ permissions: jobs: get-tag-name: name: Get tag name - runs-on: ubuntu-latest - permissions: - contents: read - timeout-minutes: 2 - outputs: - tag: ${{ steps.check-tag.outputs.tag }} - commit: ${{ steps.export-commit.outputs.commit }} - steps: - - name: Check tag from workflow input and github ref - id: check-tag - run: | - if [ -n "${{ inputs.ref_name }}" ]; then - tag=${{ inputs.ref_name }} - else - tag=${{ github.ref_name }} - fi - echo "using tag=${tag}" - echo "tag=$tag" >> ${GITHUB_OUTPUT} - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - with: - ref: ${{ steps.check-tag.outputs.tag }} - fetch-depth: 0 - persist-credentials: false - submodules: true - - name: Export commit hash - id: export-commit - run: | - commit=$(git rev-parse HEAD) - echo "using commit=${commit}" - echo "commit=$commit" >> ${GITHUB_OUTPUT} + uses: ./.github/workflows/get-version-and-tag-for-ref.yaml + with: + ref_name: ${{ inputs.ref_name }} + version: ${{ inputs.version }} macos-aarch64-pkg-build: needs: get-tag-name @@ -75,7 +54,7 @@ jobs: output_arch: aarch64 version: 14 tag: ${{ needs.get-tag-name.outputs.tag }} - commit: ${{ needs.get-tag-name.outputs.commit }} + finch_version: ${{ needs.get-tag-name.outputs.version }} macos-x86-64-pkg-build: needs: get-tag-name @@ -93,7 +72,7 @@ jobs: output_arch: x86_64 version: 14 tag: ${{ needs.get-tag-name.outputs.tag }} - commit: ${{ needs.get-tag-name.outputs.commit }} + finch_version: ${{ needs.get-tag-name.outputs.version }} macos-aarch64-pkg-test: strategy: @@ -117,7 +96,7 @@ jobs: output_arch: aarch64 version: ${{ matrix.version }} tag: ${{ needs.get-tag-name.outputs.tag }} - commit: ${{ needs.get-tag-name.outputs.commit }} + finch_version: ${{ needs.get-tag-name.outputs.version }} macos-x86-64-pkg-test: strategy: @@ -141,4 +120,4 @@ jobs: output_arch: x86_64 version: ${{ matrix.version }} tag: ${{ needs.get-tag-name.outputs.tag }} - commit: ${{ needs.get-tag-name.outputs.commit }} + finch_version: ${{ needs.get-tag-name.outputs.version }} diff --git a/.github/workflows/build-linux.yaml b/.github/workflows/build-linux.yaml new file mode 100644 index 000000000..ba14ddf5e --- /dev/null +++ b/.github/workflows/build-linux.yaml @@ -0,0 +1,144 @@ +name: Build Static Linux Binaries + +on: + workflow_dispatch: + inputs: + ref_name: + description: "the ref (tag/branch) to use to extract tag/version" + required: true + type: string + workflow_call: + inputs: + ref_name: + description: "the ref (tag/branch) to use to extract tag/version" + required: true + type: string + version: + description: "override for version, will be used instead of ref if set, used for testing" + required: false + type: string + schedule: + - cron: '0 9 * * *' + +permissions: + # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on. + # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings + id-token: write + contents: read # this is required for actions/checkout + +jobs: + get-tag-name: + name: Get tag name + uses: ./.github/workflows/get-version-and-tag-for-ref.yaml + with: + ref_name: ${{ inputs.ref_name }} + version: ${{ inputs.version }} + + generate-static-linux-binaries: + needs: get-tag-name + runs-on: ubuntu-latest + env: + # Set during setup. + RELEASE_VERSION: ${{ needs.get-tag-name.outputs.version }} + steps: + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + ref: ${{ inputs.tag }} + fetch-depth: 0 + persist-credentials: false + submodules: recursive + - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + with: + go-version-file: go.mod + cache: true + - name: "Echo RELEASE_VERSION ENV" + run: echo ${{ env.RELEASE_VERSION }} + - name: Build + id: build + run: | + RELEASE_VERSION="${{ env.RELEASE_VERSION }}" + sudo make check-licenses download-licenses + + # static amd64 + export STATIC_AMD64_BINARY_NAME="finch-${RELEASE_VERSION}-linux-amd64-static.tar.gz" + sudo GOARCH=amd64 STATIC=1 make + pushd _output/ + sudo touch "${STATIC_AMD64_BINARY_NAME}" + sudo tar --exclude "*.tar.gz" --exclude "*.tar.gz.sha256sum" -cvzf "${STATIC_AMD64_BINARY_NAME}" . + echo "STATIC_AMD64_BINARY_NAME=${STATIC_AMD64_BINARY_NAME}" >> ${GITHUB_OUTPUT} + popd + sudo rm -rf ./_output/bin/ + + # static arm64 + export STATIC_ARM64_BINARY_NAME="finch-${RELEASE_VERSION}-linux-arm64-static.tar.gz" + sudo GOARCH=arm64 STATIC=1 make + pushd _output/ + sudo touch "${STATIC_ARM64_BINARY_NAME}" + sudo tar --exclude "*.tar.gz" --exclude "*.tar.gz.sha256sum" -cvzf "${STATIC_ARM64_BINARY_NAME}" . + echo "STATIC_ARM64_BINARY_NAME=${STATIC_ARM64_BINARY_NAME}" >> ${GITHUB_OUTPUT} + popd + sudo rm -rf ./_output/bin/ + + pushd _output/ + sudo sh -c "sha256sum '${STATIC_AMD64_BINARY_NAME}' > '${STATIC_AMD64_BINARY_NAME}.sha256sum'" + sudo sh -c "sha256sum '${STATIC_ARM64_BINARY_NAME}' > '${STATIC_ARM64_BINARY_NAME}.sha256sum'" + popd + - name: Verify release versions + run: | + ARCH=$(uname -m) + if [ "$ARCH" = "x86_64" ]; then + GOARCH="amd64" + BINARY_NAME="${{ steps.build.outputs.STATIC_AMD64_BINARY_NAME }}" + elif [ "$ARCH" = "aarch64" ]; then + GOARCH="arm64" + BINARY_NAME="${{ steps.build.outputs.STATIC_ARM64_BINARY_NAME }}" + else + echo "Unsupported architecture: $ARCH" + exit 1 + fi + + sudo mkdir -p ./_output/${{ env.RELEASE_VERSION }}/static/$GOARCH + sudo tar -xzf ./_output/$BINARY_NAME -C ./_output/${{ env.RELEASE_VERSION }}/static/$GOARCH + finch_version=$(sudo ./_output/${{ env.RELEASE_VERSION }}/static/$GOARCH/bin/finch --version) + BINARY_VERSION=$(echo $finch_version | sed -n 's/finch version //p') + export RELEASE_VERSION=${{ env.RELEASE_VERSION }} + if [ "$BINARY_VERSION" != "$RELEASE_VERSION" ]; then + echo "Version mismatch for $GOARCH binary" + echo "RELEASE_VERSION = ${RELEASE_VERSION}" + echo "finch_version = ${finch_version}" + exit 1 + fi + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + with: + name: linux-static-builds + path: | + _output/${{ steps.build.outputs.STATIC_AMD64_BINARY_NAME }} + _output/${{ steps.build.outputs.STATIC_AMD64_BINARY_NAME }}.sha256sum + _output/${{ steps.build.outputs.STATIC_ARM64_BINARY_NAME }} + _output/${{ steps.build.outputs.STATIC_ARM64_BINARY_NAME }}.sha256sum + if-no-files-found: error + outputs: + static_amd64_binary_name: ${{ steps.build.outputs.STATIC_AMD64_BINARY_NAME }} + static_arm64_binary_name: ${{ steps.build.outputs.STATIC_ARM64_BINARY_NAME }} + + # TODO: test & sign these artifacts + upload-static-linux-binaries: + needs: + - generate-static-linux-binaries + runs-on: ubuntu-latest + steps: + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + with: + name: linux-static-builds + - name: configure aws credentials + uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + with: + role-to-assume: ${{ secrets.ROLE }} + role-session-name: linux-build + aws-region: ${{ secrets.REGION }} + - name: upload to S3 + run: | + aws s3 cp --no-progress ${{ needs.generate-static-linux-binaries.outputs.static_amd64_binary_name }} s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/ + aws s3 cp --no-progress ${{ needs.generate-static-linux-binaries.outputs.static_amd64_binary_name }}.sha256sum s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/ + aws s3 cp --no-progress ${{ needs.generate-static-linux-binaries.outputs.static_arm64_binary_name }} s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/ + aws s3 cp --no-progress ${{ needs.generate-static-linux-binaries.outputs.static_arm64_binary_name }}.sha256sum s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/ diff --git a/.github/workflows/build-pkg.yaml b/.github/workflows/build-pkg.yaml index 36c6e839f..3fe24e537 100644 --- a/.github/workflows/build-pkg.yaml +++ b/.github/workflows/build-pkg.yaml @@ -17,7 +17,7 @@ on: tag: type: string required: true - commit: + finch_version: type: string required: true @@ -49,7 +49,7 @@ jobs: shell: zsh {0} - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: - ref: ${{ inputs.commit }} + ref: ${{ inputs.tag }} fetch-depth: 0 persist-credentials: false submodules: true @@ -79,7 +79,7 @@ jobs: run: | ./installer-builder/tools/release-installer.sh \ ${{ inputs.output_arch }} \ - ${{ inputs.tag }} \ + ${{ inputs.finch_version }} \ ${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }} \ ${{ secrets.EXECUTABLE_BUCKET }} \ ${{ secrets.PKG_BUCKET }} \ diff --git a/.github/workflows/ci-docs.yaml b/.github/workflows/ci-docs.yaml index bba61b9d8..3aca192e3 100644 --- a/.github/workflows/ci-docs.yaml +++ b/.github/workflows/ci-docs.yaml @@ -7,7 +7,7 @@ # However, due to GitHub's logic, even though the one from ci-docs.yaml passes, # the one from ci.yaml still has to pass for the PR to be merged, # so it functionally works, while it's visually confusing. -name: CI +name: CI Docs on: push: branches: @@ -26,6 +26,15 @@ on: - '!.github/workflows/e2e-macos.yaml' - '!.github/workflows/e2e-windows.yaml' - '!.github/workflows/e2e-linux.yaml' + - '!.github/workflows/release-automation.yaml' + - '!.github/workflows/build-linux.yaml' + - '!.github/workflows/upload-build-to-S3.yaml' + - '!.github/workflows/build-and-test-msi.yaml' + - '!.github/workflows/build-and-test-pkg.yaml' + - '!.github/workflows/ci-release.yaml' + - '!.github/workflows/get-version-and-tag-for-ref.yaml' + - '!.github/workflows/ci-docs.yaml' + - '!CHANGELOG.md' pull_request: branches: - main @@ -43,6 +52,15 @@ on: - '!.github/workflows/e2e-macos.yaml' - '!.github/workflows/e2e-windows.yaml' - '!.github/workflows/e2e-linux.yaml' + - '!.github/workflows/release-automation.yaml' + - '!.github/workflows/build-linux.yaml' + - '!.github/workflows/upload-build-to-S3.yaml' + - '!.github/workflows/build-and-test-msi.yaml' + - '!.github/workflows/build-and-test-pkg.yaml' + - '!.github/workflows/ci-release.yaml' + - '!.github/workflows/get-version-and-tag-for-ref.yaml' + - '!.github/workflows/ci-docs.yaml' + - '!CHANGELOG.md' permissions: contents: read diff --git a/.github/workflows/ci-release.yaml b/.github/workflows/ci-release.yaml new file mode 100644 index 000000000..b2c6aba2b --- /dev/null +++ b/.github/workflows/ci-release.yaml @@ -0,0 +1,135 @@ +name: CI Release +on: + push: + branches: + - main + paths: + - '**.go' + - 'go.mod' + - 'go.sum' + - 'contrib/packaging/**' + - 'deps/**' + - 'finch.yaml.d/**' + - 'winres' + - 'Makefile*' + - '.golangci.yaml' + - '!contrib/hello-finch/**' + - '.github/workflows/e2e-macos.yaml' + - '.github/workflows/e2e-windows.yaml' + - '.github/workflows/e2e-linux.yaml' + - '.github/workflows/e2e-ubuntu.yaml' + - '.github/workflows/ci.yaml' + - '.github/workflows/ci-release.yaml' + - '.github/workflows/release-automation.yaml' + - '.github/workflows/upload-installer-to-release.yaml' + - '.github/workflows/upload-msi-to-release.yaml' + - '.github/workflows/upload-deb-to-release.yaml' + - '.github/workflows/build-and-test-pkg.yaml' + - '.github/workflows/build-pkg.yaml' + - '.github/workflows/test-pkg.yaml' + - '.github/workflows/build-and-test-msi.yaml' + - '.github/workflows/build-and-test-deb.yaml' + - '.github/workflows/get-version-and-tag-for-ref.yaml' + # - '.github/workflows/build-linux.yaml' + pull_request: + branches: + - main + paths: + - '.github/workflows/ci-release.yaml' + - '.github/workflows/release-automation.yaml' + - '.github/workflows/build-and-test-pkg.yaml' + - '.github/workflows/build-pkg.yaml' + - '.github/workflows/test-pkg.yaml' + - '.github/workflows/build-and-test-msi.yaml' + - '.github/workflows/build-and-test-deb.yaml' + - 'installer-builder/**' + - 'msi-builder/**' + - 'contrib/packaging/deb/**' + # - '.github/workflows/build-linux.yaml' + workflow_dispatch: + +permissions: + id-token: write + contents: write + pull-requests: read + +env: + DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }} + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + changes: + uses: ./.github/workflows/detect-changes.yaml + secrets: inherit + + run-ci-checks: + uses: ./.github/workflows/ci.yaml + secrets: inherit + + get-intermediate-version: + name: Get intermediate version + runs-on: ubuntu-latest + outputs: + version: ${{ steps.calculate-version.outputs.version }} + steps: + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + ref: ${{ github.head_ref || github.ref_name }} + fetch-depth: 0 + - name: Gets an intermediate version string + id: calculate-version + run: | + version=$(git describe --match 'v[0-9]*' --dirty='.modified' --always --tags) + version="${version}" + echo "${version}" + echo "version=$version" >> ${GITHUB_OUTPUT} + + build-and-test-finch-pkg: + needs: [get-intermediate-version, changes] + if: ${{ needs.changes.outputs.mac-build == 'true' }} + uses: ./.github/workflows/build-and-test-pkg.yaml + permissions: + id-token: write + contents: read + secrets: inherit + with: + ref_name: ${{ github.head_ref || github.ref_name }} + version: ${{ needs.get-intermediate-version.outputs.version }} + + build-and-test-finch-msi: + needs: [get-intermediate-version, changes] + if: ${{ needs.changes.outputs.win-build == 'true' }} + uses: ./.github/workflows/build-and-test-msi.yaml + permissions: + id-token: write + contents: read + secrets: inherit + with: + ref_name: ${{ github.head_ref || github.ref_name }} + version: ${{ needs.get-intermediate-version.outputs.version }} + + build-and-test-finch-deb: + needs: [get-intermediate-version, changes] + if: ${{ needs.changes.outputs.ubuntu-build == 'true' }} + uses: ./.github/workflows/build-and-test-deb.yaml + permissions: + id-token: write + contents: read + secrets: inherit + with: + ref_name: ${{ github.head_ref || github.ref_name }} + version: ${{ needs.get-intermediate-version.outputs.version }} + + # build-static-linux-binaries: + # needs: get-intermediate-version + # uses: ./.github/workflows/build-linux.yaml + # permissions: + # id-token: write + # contents: read + # secrets: inherit + # with: + # ref_name: ${{ github.head_ref || github.ref_name }} + # version: ${{ needs.get-intermediate-version.outputs.version }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index cc3043d85..421a794c5 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -2,16 +2,30 @@ # - When a job is added/removed/renamed, please make corresponding changes in ci-docs.yaml. name: CI on: - push: + # push: + # branches: + # - main + # paths: + # - '**.go' + # - 'go.mod' + # - 'go.sum' + # - '.github/workflows/e2e-macos.yaml' + # - '.github/workflows/e2e-windows.yaml' + # - '.github/workflows/e2e-linux.yaml' + # - 'contrib/packaging/**' + # - 'deps/**' + # - 'finch.yaml.d/**' + # - 'winres' + # - 'Makefile*' + # - '.golangci.yaml' + # - '!contrib/hello-finch/**' + pull_request: branches: - main paths: - '**.go' - 'go.mod' - 'go.sum' - - '.github/workflows/e2e-macos.yaml' - - '.github/workflows/e2e-windows.yaml' - - '.github/workflows/e2e-linux.yaml' - 'contrib/packaging/**' - 'deps/**' - 'finch.yaml.d/**' @@ -19,27 +33,19 @@ on: - 'Makefile*' - '.golangci.yaml' - '!contrib/hello-finch/**' - pull_request: - branches: - - main - paths: - - '**.go' - - 'go.mod' - - 'go.sum' + - '.github/workflows/ci.yaml' - '.github/workflows/e2e-macos.yaml' - '.github/workflows/e2e-windows.yaml' - '.github/workflows/e2e-linux.yaml' - - 'contrib/packaging/**' - - 'deps/**' - - 'finch.yaml.d/**' - - 'winres' - - 'Makefile*' - - '.golangci.yaml' - - '!contrib/hello-finch/**' + - '.github/workflows/e2e-ubuntu.yaml' + - '.github/workflows/get-version-and-tag-for-ref.yaml' workflow_dispatch: + workflow_call: + permissions: id-token: write contents: write + pull-requests: read env: DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }} @@ -50,6 +56,10 @@ concurrency: cancel-in-progress: true jobs: + changes: + uses: ./.github/workflows/detect-changes.yaml + secrets: inherit + git-secrets: runs-on: ubuntu-latest timeout-minutes: 2 @@ -85,6 +95,8 @@ jobs: uses: "WyriHaximus/github-action-get-previous-tag@04e8485ecb6487243907e330d522ff60f02283ce" # v1.4.0 gen-code-no-diff: + needs: [changes] + if: ${{ needs.changes.outputs.code == 'true' }} strategy: matrix: os: [macos-latest, windows-latest, ubuntu-latest] @@ -98,7 +110,10 @@ jobs: cache: false - run: make gen-code - run: git diff --exit-code + unit-tests: + needs: [changes] + if: ${{ needs.changes.outputs.code == 'true' }} strategy: fail-fast: false matrix: @@ -116,8 +131,11 @@ jobs: go-version: ${{ env.GO_VERSION }} cache: false - run: make test-unit + # It's recommended to run golangci-lint in a job separate from other jobs (go test, etc) because different jobs run in parallel. go-linter: + needs: [changes] + if: ${{ needs.changes.outputs.code == 'true' }} name: lint runs-on: ubuntu-latest timeout-minutes: 5 @@ -149,6 +167,7 @@ jobs: # so we will just update it manually whenever it makes sense (e.g., a feature that we want is added). version: v2.1.0 args: --fix=false --timeout=5m --skip-dirs="(^|/)deps($|/)" + shellcheck: name: ShellCheck runs-on: ubuntu-latest @@ -160,7 +179,10 @@ jobs: with: version: v0.9.0 continue-on-error: true + go-mod-tidy-check: + needs: [changes] + if: ${{ needs.changes.outputs.code == 'true' }} runs-on: ubuntu-latest timeout-minutes: 1 steps: @@ -169,10 +191,11 @@ jobs: with: go-version: ${{ env.GO_VERSION }} cache: false - # TODO: Use `go mod tidy --check` after https://github.com/golang/go/issues/27005 is fixed. - - run: go mod tidy - - run: git diff --exit-code + - run: go mod tidy -diff + check-licenses: + needs: [changes] + if: ${{ needs.changes.outputs.code == 'true' || needs.changes.outputs.deps == 'true' }} runs-on: ubuntu-latest timeout-minutes: 1 steps: @@ -182,7 +205,10 @@ jobs: go-version: ${{ env.GO_VERSION }} cache: false - run: make check-licenses + macos-e2e-tests: + needs: [changes] + if: ${{ needs.changes.outputs.mac-e2e == 'true' }} strategy: fail-fast: false matrix: @@ -197,7 +223,10 @@ jobs: version: ${{ matrix.version }} runner-type: ${{ matrix.runner-type }} test-command: ${{ matrix.test-command }} + windows-e2e-tests: + needs: [changes] + if: ${{ needs.changes.outputs.win-e2e == 'true' }} strategy: fail-fast: false matrix: @@ -210,7 +239,10 @@ jobs: arch: ${{ matrix.arch }} runner-type: ${{ matrix.runner-type }} test-command: ${{ matrix.test-command }} + linux-e2e-tests: + needs: [changes] + if: ${{ needs.changes.outputs.linux-e2e == 'true' }} strategy: fail-fast: false matrix: @@ -225,7 +257,10 @@ jobs: arch: ${{ matrix.arch }} version: ${{ matrix.version }} runner-type: ${{ matrix.runner-type }} + ubuntu-e2e-tests: + needs: [changes] + if: ${{ needs.changes.outputs.ubuntu-e2e == 'true' }} strategy: fail-fast: false matrix: @@ -242,6 +277,8 @@ jobs: output-arch: ${{ matrix.output-arch }} mdlint: + needs: [changes] + if: ${{ needs.changes.outputs.docs == 'true' }} runs-on: ubuntu-latest timeout-minutes: 5 steps: diff --git a/.github/workflows/detect-changes.yaml b/.github/workflows/detect-changes.yaml new file mode 100644 index 000000000..444421bf8 --- /dev/null +++ b/.github/workflows/detect-changes.yaml @@ -0,0 +1,111 @@ +name: Detect Changes +on: + workflow_call: + inputs: + ref_name: + description: "The ref name. Defaults to github.head_ref if present, otherwise github.ref_name" + required: false + type: string + outputs: + code: + value: ${{ jobs.changes.outputs.code }} + docs: + value: ${{ jobs.changes.outputs.docs }} + deps: + value: ${{ jobs.changes.outputs.deps }} + mac-build: + value: ${{ jobs.changes.outputs.mac-build }} + mac-e2e: + value: ${{ jobs.changes.outputs.mac-e2e }} + win-build: + value: ${{ jobs.changes.outputs.win-build }} + win-e2e: + value: ${{ jobs.changes.outputs.win-e2e }} + ubuntu-build: + value: ${{ jobs.changes.outputs.ubuntu-build }} + ubuntu-e2e: + value: ${{ jobs.changes.outputs.ubuntu-e2e }} + linux-build: + value: ${{ jobs.changes.outputs.linux-build }} + linux-e2e: + value: ${{ jobs.changes.outputs.linux-e2e }} + +permissions: + contents: read + pull-requests: read + +jobs: + changes: + runs-on: ubuntu-latest + outputs: + code: ${{ steps.filter.outputs.code }} + docs: ${{ steps.filter.outputs.docs }} + deps: ${{ steps.filter.outputs.deps }} + mac-build: ${{ steps.filter.outputs.mac-build }} + mac-e2e: ${{ steps.filter.outputs.mac-e2e }} + win-build: ${{ steps.filter.outputs.win-build }} + win-e2e: ${{ steps.filter.outputs.win-e2e }} + ubuntu-build: ${{ steps.filter.outputs.ubuntu-build }} + ubuntu-e2e: ${{ steps.filter.outputs.ubuntu-e2e }} + linux-build: ${{ steps.filter.outputs.linux-build }} + linux-e2e: ${{ steps.filter.outputs.linux-e2e }} + steps: + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + ref: ${{ inputs.ref_name || github.head_ref || github.ref_name }} + - uses: dorny/paths-filter@v3 + id: filter + with: + # predicate-quantifier: 'every' + list-files: 'csv' + filters: | + code: &code + - '**.go' + - 'go.mod' + - 'go.sum' + - 'Makefile*' + - 'finch.yaml.d/**' + docs: + - '**/*.md' + deps: &deps + - 'deps/**' + mac-build: + - *code + - *deps + - 'installer-builder/**' + - '.github/workflows/build-and-test-pkg.yaml' + - '.github/workflows/build-pkg.yaml' + - '.github/workflows/test-pkg.yaml' + - '.github/workflows/upload-installer-to-release.yaml' + mac-e2e: + - *code + - *deps + - '.github/workflows/e2e-macos.yaml' + win-build: + - *code + - *deps + - '.github/workflows/build-and-test-msi.yaml' + - '.github/workflows/upload-msi-to-release.yaml' + - 'winres/**' + win-e2e: + - *code + - *deps + - '.github/workflows/e2e-windows.yaml' + ubuntu-build: + - *code + - *deps + - 'contrib/packaging/deb/**' + - '.github/workflows/build-and-test-deb.yaml' + - '.github/workflows/upload-deb-to-release.yaml' + ubuntu-e2e: + - *code + - *deps + - 'contrib/packaging/deb/**' + - '.github/workflows/e2e-ubuntu.yaml' + linux-build: &linux-build + - *code + - *deps + - 'contrib/packaging/rpm/**' + linux-e2e: + - *linux-build + - '.github/workflows/e2e-linux.yaml' diff --git a/.github/workflows/e2e-linux.yaml b/.github/workflows/e2e-linux.yaml index 4af71b6ff..b127fea9d 100644 --- a/.github/workflows/e2e-linux.yaml +++ b/.github/workflows/e2e-linux.yaml @@ -44,9 +44,9 @@ jobs: container_report: ${{ steps.set-multiple-vars.outputs.CONTAINER_REPORT }} vm_serial_report: ${{ steps.set-multiple-vars.outputs.VM_SERIAL_REPORT }} steps: - - name: Clean macOS runner workspace + - name: Clean runner workspace run: | - rm -rf ${{ github.workspace }}/* + sudo rm -rf ${{ github.workspace }}/* - name: Allow Node16 on AL2 if: ${{ (startsWith(inputs.os, 'amazon') && inputs.version == '2' ) }} run: | diff --git a/.github/workflows/e2e-ubuntu-finch-daemon.yaml b/.github/workflows/e2e-ubuntu-finch-daemon.yaml index 68e91a799..3acccae03 100644 --- a/.github/workflows/e2e-ubuntu-finch-daemon.yaml +++ b/.github/workflows/e2e-ubuntu-finch-daemon.yaml @@ -18,54 +18,14 @@ permissions: contents: read jobs: - get-latest-tag: - name: Get the latest release tag - runs-on: ubuntu-latest - permissions: - contents: read - timeout-minutes: 2 - outputs: - tag: ${{ steps.latest-tag.outputs.tag }} - steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - with: - fetch-depth: 0 - - name: 'Get the latest tag' - id: latest-tag - uses: "WyriHaximus/github-action-get-previous-tag@04e8485ecb6487243907e330d522ff60f02283ce" # v1.4.0 - - get-tag-and-version: - needs: get-latest-tag + get-tag-name: name: Get tag name - runs-on: ubuntu-latest - permissions: - contents: read - timeout-minutes: 2 - outputs: - tag: ${{ steps.check-tag.outputs.tag }} - version: ${{ steps.check-tag.outputs.version }} - steps: - - name: Check tag from workflow input and github ref - id: check-tag - run: | - if [ -n "${{ needs.get-latest-tag.outputs.tag }}" ]; then - tag=${{ needs.get-latest-tag.outputs.tag }} - else - tag=${{ github.tag }} - fi - echo "tag=$tag" >> ${GITHUB_OUTPUT} + uses: ./.github/workflows/get-version-and-tag-for-ref.yaml + with: + ref_name: ${{ github.ref_name }} - version=${tag#v} - if [[ $version =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - echo "Version matches format: $version" - else - echo "Error: Version $version doesn't match format." - exit 1 - fi - echo "version=$version" >> ${GITHUB_OUTPUT} - e2e-test-finch-daemon: - needs: get-tag-and-version + needs: get-tag-name runs-on: codebuild-finch-${{ inputs.arch }}-1-instance-${{ github.run_id }}-${{ github.run_attempt }} permissions: id-token: write # used when getting AWS credentials @@ -151,11 +111,11 @@ jobs: make - name: Generate deb run: | - ./contrib/packaging/deb/package.sh --${{ inputs.output-arch }} --version ${{ needs.get-tag-and-version.outputs.version }} + ./contrib/packaging/deb/package.sh --${{ inputs.output-arch }} --version ${{ needs.get-tag-name.outputs.version }} - name: Install Finch run: | - sudo apt install ./_output/deb/runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_${{ inputs.output-arch }}.deb -y + sudo apt install ./_output/deb/runfinch-finch_${{ needs.get-tag-name.outputs.version }}_${{ inputs.output-arch }}.deb -y sudo systemctl daemon-reload sudo systemctl restart containerd.service sudo systemctl restart finch.socket diff --git a/.github/workflows/e2e-ubuntu-finch.yaml b/.github/workflows/e2e-ubuntu-finch.yaml index 0966f4232..117f1bebf 100644 --- a/.github/workflows/e2e-ubuntu-finch.yaml +++ b/.github/workflows/e2e-ubuntu-finch.yaml @@ -18,54 +18,14 @@ permissions: contents: read jobs: - get-latest-tag: - name: Get the latest release tag - runs-on: ubuntu-latest - permissions: - contents: read - timeout-minutes: 2 - outputs: - tag: ${{ steps.latest-tag.outputs.tag }} - steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - with: - fetch-depth: 0 - - name: 'Get the latest tag' - id: latest-tag - uses: "WyriHaximus/github-action-get-previous-tag@04e8485ecb6487243907e330d522ff60f02283ce" # v1.4.0 - - get-tag-and-version: - needs: get-latest-tag + get-tag-name: name: Get tag name - runs-on: ubuntu-latest - permissions: - contents: read - timeout-minutes: 2 - outputs: - tag: ${{ steps.check-tag.outputs.tag }} - version: ${{ steps.check-tag.outputs.version }} - steps: - - name: Check tag from workflow input and github ref - id: check-tag - run: | - if [ -n "${{ needs.get-latest-tag.outputs.tag }}" ]; then - tag=${{ needs.get-latest-tag.outputs.tag }} - else - tag=${{ github.tag }} - fi - echo "tag=$tag" >> ${GITHUB_OUTPUT} - - version=${tag#v} - if [[ $version =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - echo "Version matches format: $version" - else - echo "Error: Version $version doesn't match format." - exit 1 - fi - echo "version=$version" >> ${GITHUB_OUTPUT} + uses: ./.github/workflows/get-version-and-tag-for-ref.yaml + with: + ref_name: ${{ github.ref_name }} e2e-test-finch: - needs: get-tag-and-version + needs: get-tag-name runs-on: codebuild-finch-${{ inputs.arch }}-1-instance-${{ github.run_id }}-${{ github.run_attempt }} permissions: id-token: write # used when getting AWS credentials @@ -153,11 +113,11 @@ jobs: make - name: Generate deb run: | - ./contrib/packaging/deb/package.sh --${{ inputs.output-arch }} --version ${{ needs.get-tag-and-version.outputs.version }} + ./contrib/packaging/deb/package.sh --${{ inputs.output-arch }} --version ${{ needs.get-tag-name.outputs.version }} - name: Install Finch run: | - sudo apt install ./_output/deb/runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_${{ inputs.output-arch }}.deb -y + sudo apt install ./_output/deb/runfinch-finch_${{ needs.get-tag-name.outputs.version }}_${{ inputs.output-arch }}.deb -y sudo systemctl daemon-reload sudo systemctl restart containerd.service sudo systemctl restart finch.socket diff --git a/.github/workflows/get-version-and-tag-for-ref.yaml b/.github/workflows/get-version-and-tag-for-ref.yaml new file mode 100644 index 000000000..cf7c067ec --- /dev/null +++ b/.github/workflows/get-version-and-tag-for-ref.yaml @@ -0,0 +1,62 @@ +name: Get tag and version from ref + +on: + workflow_dispatch: + inputs: + ref_name: + description: "the ref (tag/branch) to use to extract tag/version" + required: true + type: string + workflow_call: + inputs: + ref_name: + description: "the ref (tag/branch) to use to extract tag/version" + required: true + type: string + version: + description: "override for version, will be used instead of ref if set, used for testing" + required: false + type: string + outputs: + tag: + description: "The first output string" + value: ${{ jobs.get-version-and-tag-for-ref.outputs.tag }} + version: + description: "The second output string" + value: ${{ jobs.get-version-and-tag-for-ref.outputs.version }} + +permissions: + contents: read + +jobs: + get-version-and-tag-for-ref: + name: Get tag name + runs-on: ubuntu-latest + outputs: + tag: ${{ steps.calculate-tag.outputs.tag }} + version: ${{ steps.calculate-tag.outputs.version }} + steps: + - name: Calculate a version and tag for a given ref + id: calculate-tag + run: | + if [ -n "${{ inputs.ref_name }}" ]; then + echo "Using ref_name input: ${{ inputs.ref_name }}" + tag=${{ inputs.ref_name }} + else + echo "ref_name input was empty, using github.ref_name: ${{ github.ref_name }}" + tag=${{ github.ref_name }} + fi + echo "tag=$tag" >> ${GITHUB_OUTPUT} + + if [ -n "${{ inputs.version }}" ]; then + version="${{ inputs.version }}" + version="${version#v}" + echo "Version was supplied as input: $version" + elif [[ "${tag#v}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + version="${tag#v}" + echo "Version matches release format: $version" + else + echo "Version $version doesn't match format. Using test version: 0.0.1" + version="0.0.1" + fi + echo "version=$version" >> ${GITHUB_OUTPUT} diff --git a/.github/workflows/test-pkg.yaml b/.github/workflows/test-pkg.yaml index 3a0ca7611..b2922798b 100644 --- a/.github/workflows/test-pkg.yaml +++ b/.github/workflows/test-pkg.yaml @@ -17,7 +17,7 @@ on: tag: type: string required: true - commit: + finch_version: type: string required: true @@ -48,7 +48,7 @@ jobs: - name: Checkout the tag uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: - ref: ${{ inputs.commit }} + ref: ${{ inputs.tag }} fetch-depth: 0 persist-credentials: false submodules: true @@ -76,12 +76,12 @@ jobs: - name: Download from S3 run: | aws s3 cp \ - s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/Finch-${{ inputs.tag }}-${{ inputs.output_arch }}.pkg \ - Finch-${{ inputs.tag }}-${{ inputs.output_arch }}.pkg + s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/Finch-${{ inputs.finch_version }}-${{ inputs.output_arch }}.pkg \ + Finch-${{ inputs.finch_version }}-${{ inputs.output_arch }}.pkg shell: zsh {0} - name: Verify signature and notarization of Finch installer run: | - PKG_FILE="Finch-${{ inputs.tag }}-${{ inputs.output_arch }}.pkg" + PKG_FILE="Finch-${{ inputs.finch_version }}-${{ inputs.output_arch }}.pkg" PKG_SIGNATURE=$(pkgutil --check-signature "$PKG_FILE") if ! echo "$PKG_SIGNATURE" | grep -q "Status: signed by a developer certificate issued by Apple for distribution"; then echo "Finch installer signature check failed" @@ -93,7 +93,7 @@ jobs: exit 1 fi - name: Silently install - run: sudo installer -pkg Finch-${{ inputs.tag }}-${{ inputs.output_arch }}.pkg -target / + run: sudo installer -pkg Finch-${{ inputs.finch_version }}-${{ inputs.output_arch }}.pkg -target / - name: Install Rosetta 2 run: echo "A" | softwareupdate --install-rosetta || true - name: Install build dependencies @@ -151,7 +151,7 @@ jobs: # Need to reinstall because there were errors on arm64 11.7 and arm64 12.6 hosts after running multiple instances tests, # that caused the VM initialization failure in the e2e test. # Example workflow run https://github.com/runfinch/finch/actions/runs/4367457552/jobs/7638794529 - sudo installer -pkg Finch-${{ inputs.tag }}-${{ inputs.output_arch }}.pkg -target / + sudo installer -pkg Finch-${{ inputs.finch_version }}-${{ inputs.output_arch }}.pkg -target / - name: Run VM e2e tests uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 with: @@ -173,4 +173,4 @@ jobs: - name: Silently uninstall run: echo 'y' | sudo bash /Applications/Finch/uninstall.sh - name: Delete installer - run: rm -rf Finch-${{ inputs.tag }}-${{ inputs.output_arch }}.pkg + run: rm -rf Finch-${{ inputs.finch_version }}-${{ inputs.output_arch }}.pkg diff --git a/.github/workflows/upload-deb-to-release.yaml b/.github/workflows/upload-deb-to-release.yaml index dfdf814c6..e00be2103 100644 --- a/.github/workflows/upload-deb-to-release.yaml +++ b/.github/workflows/upload-deb-to-release.yaml @@ -15,34 +15,15 @@ permissions: id-token: write # This is required for requesting the JWT contents: write # This is required for uploading the release assets jobs: - get-tag-and-version: + get-tag-name: name: Get tag name - runs-on: ubuntu-latest - timeout-minutes: 2 - outputs: - tag: ${{ steps.check-tag.outputs.tag }} - version: ${{ steps.check-tag.outputs.version }} - steps: - - name: Check tag from workflow input and github ref - id: check-tag - run: | - if [ -n "${{ inputs.ref_name }}" ]; then - tag=${{ inputs.ref_name }} - else - tag=${{ github.ref_name }} - fi - echo "tag=$tag" >> ${GITHUB_OUTPUT} - - version=${tag#v} - if [[ $version =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - echo "Version matches format: $version" - else - echo "Error: Version $version doesn't match format." - exit 1 - fi - echo "version=$version" >> ${GITHUB_OUTPUT} + uses: ./.github/workflows/get-version-and-tag-for-ref.yaml + with: + ref_name: ${{ inputs.ref_name }} + version: ${{ inputs.version }} + upload-deb: - needs: get-tag-and-version + needs: get-tag-name runs-on: ubuntu-latest timeout-minutes: 10 steps: @@ -59,10 +40,10 @@ jobs: RETRY_SLEEP_SECONDS=15 while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do - if aws s3 cp s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_SIGNED_PROD }}/runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_amd64.deb.sig runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_amd64.deb.sig && \ - aws s3 cp s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_SIGNED_PROD }}/runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_arm64.deb.sig runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_arm64.deb.sig && \ - aws s3 cp s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_UNSIGNED_PROD }}/runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_amd64.deb runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_amd64.deb && \ - aws s3 cp s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_UNSIGNED_PROD }}/runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_arm64.deb runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_arm64.deb && \ + if aws s3 cp s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_SIGNED_PROD }}/runfinch-finch_${{ needs.get-tag-name.outputs.version }}_amd64.deb.sig runfinch-finch_${{ needs.get-tag-name.outputs.version }}_amd64.deb.sig && \ + aws s3 cp s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_SIGNED_PROD }}/runfinch-finch_${{ needs.get-tag-name.outputs.version }}_arm64.deb.sig runfinch-finch_${{ needs.get-tag-name.outputs.version }}_arm64.deb.sig && \ + aws s3 cp s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_UNSIGNED_PROD }}/runfinch-finch_${{ needs.get-tag-name.outputs.version }}_amd64.deb runfinch-finch_${{ needs.get-tag-name.outputs.version }}_amd64.deb && \ + aws s3 cp s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_UNSIGNED_PROD }}/runfinch-finch_${{ needs.get-tag-name.outputs.version }}_arm64.deb runfinch-finch_${{ needs.get-tag-name.outputs.version }}_arm64.deb && \ aws s3 cp s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_SIGNED_PROD }}/publickey.pem publickey.pem && \ aws s3 cp s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_UNSIGNED_PROD }}/Release Release; then echo "Downloaded deb and signature files successfully." @@ -143,14 +124,14 @@ jobs: aws-region: us-west-2 - name: Get signed Release run: | - aws s3 cp dists/noble/Release s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_UNSIGNED_PROD }}/Release_${{ needs.get-tag-and-version.outputs.version }} + aws s3 cp dists/noble/Release s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_UNSIGNED_PROD }}/Release_${{ needs.get-tag-name.outputs.version }} MAX_RETRIES=10 RETRY_COUNT=0 RETRY_SLEEP_SECONDS=5 while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do - if aws s3 cp s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_SIGNED_PROD }}/Release_${{ needs.get-tag-and-version.outputs.version }}.sig Release.gpg && \ - aws s3 cp s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_SIGNED_PROD }}/Release_${{ needs.get-tag-and-version.outputs.version }} Release; then + if aws s3 cp s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_SIGNED_PROD }}/Release_${{ needs.get-tag-name.outputs.version }}.sig Release.gpg && \ + aws s3 cp s3://${{ secrets.DEB_PRIVATE_BUCKET_NAME_SIGNED_PROD }}/Release_${{ needs.get-tag-name.outputs.version }} Release; then echo "Downloaded Release and signed Release files successfully." break else @@ -175,10 +156,10 @@ jobs: aws-region: ${{ secrets.REGION }} - name: Upload repository files to repository bucket run: | - aws s3 cp pool/main/f/runfinch-finch/runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_amd64.deb s3://${{ secrets.ARTIFACT_BUCKET_NAME }}/deb/pool/main/f/runfinch-finch/ - aws s3 cp pool/main/f/runfinch-finch/runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_amd64.deb.sig s3://${{ secrets.ARTIFACT_BUCKET_NAME }}/deb/pool/main/f/runfinch-finch/ - aws s3 cp pool/main/f/runfinch-finch/runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_arm64.deb s3://${{ secrets.ARTIFACT_BUCKET_NAME }}/deb/pool/main/f/runfinch-finch/ - aws s3 cp pool/main/f/runfinch-finch/runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_arm64.deb.sig s3://${{ secrets.ARTIFACT_BUCKET_NAME }}/deb/pool/main/f/runfinch-finch/ + aws s3 cp pool/main/f/runfinch-finch/runfinch-finch_${{ needs.get-tag-name.outputs.version }}_amd64.deb s3://${{ secrets.ARTIFACT_BUCKET_NAME }}/deb/pool/main/f/runfinch-finch/ + aws s3 cp pool/main/f/runfinch-finch/runfinch-finch_${{ needs.get-tag-name.outputs.version }}_amd64.deb.sig s3://${{ secrets.ARTIFACT_BUCKET_NAME }}/deb/pool/main/f/runfinch-finch/ + aws s3 cp pool/main/f/runfinch-finch/runfinch-finch_${{ needs.get-tag-name.outputs.version }}_arm64.deb s3://${{ secrets.ARTIFACT_BUCKET_NAME }}/deb/pool/main/f/runfinch-finch/ + aws s3 cp pool/main/f/runfinch-finch/runfinch-finch_${{ needs.get-tag-name.outputs.version }}_arm64.deb.sig s3://${{ secrets.ARTIFACT_BUCKET_NAME }}/deb/pool/main/f/runfinch-finch/ aws s3 cp pool/main/f/runfinch-finch/publickey.pem s3://${{ secrets.ARTIFACT_BUCKET_NAME }}/deb/pool/main/f/runfinch-finch/ aws s3 cp dists/noble/Release s3://${{ secrets.ARTIFACT_BUCKET_NAME }}/deb/dists/noble/ @@ -195,12 +176,12 @@ jobs: - name: Upload deb archives and signatures to release uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v0.1.15 with: - tag_name: ${{ needs.get-tag-and-version.outputs.tag }} + tag_name: ${{ needs.get-tag-name.outputs.tag }} files: | - pool/main/f/runfinch-finch/runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_amd64.deb - pool/main/f/runfinch-finch/runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_amd64.deb.sig - pool/main/f/runfinch-finch/runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_arm64.deb - pool/main/f/runfinch-finch/runfinch-finch_${{ needs.get-tag-and-version.outputs.version }}_arm64.deb.sig + pool/main/f/runfinch-finch/runfinch-finch_${{ needs.get-tag-name.outputs.version }}_amd64.deb + pool/main/f/runfinch-finch/runfinch-finch_${{ needs.get-tag-name.outputs.version }}_amd64.deb.sig + pool/main/f/runfinch-finch/runfinch-finch_${{ needs.get-tag-name.outputs.version }}_arm64.deb + pool/main/f/runfinch-finch/runfinch-finch_${{ needs.get-tag-name.outputs.version }}_arm64.deb.sig pool/main/f/runfinch-finch/publickey.pem - name: Delete deb and signature files run: | diff --git a/.github/workflows/upload-installer-to-release.yaml b/.github/workflows/upload-installer-to-release.yaml index dbe9f1f37..bc0edc776 100644 --- a/.github/workflows/upload-installer-to-release.yaml +++ b/.github/workflows/upload-installer-to-release.yaml @@ -4,6 +4,7 @@ on: workflow_call: inputs: ref_name: + description: "the ref (tag/branch) to use to extract tag/version" required: true type: string @@ -13,20 +14,9 @@ permissions: jobs: get-tag-name: name: Get tag name - runs-on: ubuntu-latest - timeout-minutes: 2 - outputs: - tag: ${{ steps.check-tag.outputs.tag }} - steps: - - name: Check tag from workflow input and github ref - id: check-tag - run: | - if [ -n "${{ inputs.ref_name }}" ]; then - tag=${{ inputs.ref_name }} - else - tag=${{ github.ref_name }} - fi - echo "tag=$tag" >> ${GITHUB_OUTPUT} + uses: ./.github/workflows/get-version-and-tag-for-ref.yaml + with: + ref_name: ${{ inputs.ref_name }} upload-installers: needs: get-tag-name @@ -41,16 +31,16 @@ jobs: aws-region: ${{ secrets.REGION }} - name: Download installers and dependency source code run: | - aws s3 cp s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/Finch-${{ needs.get-tag-name.outputs.tag }}-aarch64.pkg Finch-${{ needs.get-tag-name.outputs.tag }}-aarch64.pkg - aws s3 cp s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/Finch-${{ needs.get-tag-name.outputs.tag }}-x86_64.pkg Finch-${{ needs.get-tag-name.outputs.tag }}-x86_64.pkg + aws s3 cp s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/Finch-${{ needs.get-tag-name.outputs.version }}-aarch64.pkg Finch-${{ needs.get-tag-name.outputs.version }}-aarch64.pkg + aws s3 cp s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/Finch-${{ needs.get-tag-name.outputs.version }}-x86_64.pkg Finch-${{ needs.get-tag-name.outputs.version }}-x86_64.pkg aws s3 cp s3://${{ secrets.DEPENDENCY_BUCKET_NAME }}/dependency-sources.tar.gz DependenciesSourceCode.tar.gz - name: Upload installers and dependency source code to release uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v0.1.15 with: - tag_name: ${{ needs.get-tag-name.outputs.tag }} + tag_name: ${{ needs.get-tag-name.outputs.version }} files: | - Finch-${{ needs.get-tag-name.outputs.tag }}-aarch64.pkg - Finch-${{ needs.get-tag-name.outputs.tag }}-x86_64.pkg + Finch-${{ needs.get-tag-name.outputs.version }}-aarch64.pkg + Finch-${{ needs.get-tag-name.outputs.version }}-x86_64.pkg DependenciesSourceCode.tar.gz - name: Delete installers and dependency source code - run: rm -rf Finch-${{ needs.get-tag-name.outputs.tag }}-aarch64.pkg Finch-${{ needs.get-tag-name.outputs.tag }}-x86_64.pkg DependenciesSourceCode.tar.gz + run: rm -rf Finch-${{ needs.get-tag-name.outputs.version }}-aarch64.pkg Finch-${{ needs.get-tag-name.outputs.version }}-x86_64.pkg DependenciesSourceCode.tar.gz diff --git a/.github/workflows/upload-msi-to-release.yaml b/.github/workflows/upload-msi-to-release.yaml index e796b03eb..f6a792d30 100644 --- a/.github/workflows/upload-msi-to-release.yaml +++ b/.github/workflows/upload-msi-to-release.yaml @@ -11,35 +11,15 @@ permissions: id-token: write # This is required for requesting the JWT contents: write # This is required for uploading the release assets jobs: - get-version-tag: - name: Get the version, tag and validate the format - runs-on: ubuntu-latest - timeout-minutes: 2 - outputs: - tag: ${{ steps.check-tag.outputs.tag }} - version: ${{ steps.check-tag.outputs.version }} - steps: - - name: Check tag from workflow input and github ref - id: check-tag - run: | - if [ -n "${{ inputs.ref_name }}" ]; then - tag=${{ inputs.ref_name }} - else - tag=${{ github.ref_name }} - fi - echo "tag=$tag" >> ${GITHUB_OUTPUT} - - version=${tag#v} - if [[ $version =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - echo "Version matches format: $version" - else - echo "Error: Version $version doesn't match format." - exit 1 - fi - echo "version=$version" >> ${GITHUB_OUTPUT} + get-tag-name: + name: Get tag name + uses: ./.github/workflows/get-version-and-tag-for-ref.yaml + with: + ref_name: ${{ inputs.ref_name }} + version: ${{ inputs.version }} upload-windows-msi: - needs: get-version-tag + needs: get-tag-name runs-on: ubuntu-latest timeout-minutes: 2 steps: @@ -51,12 +31,12 @@ jobs: aws-region: ${{ secrets.REGION }} - name: Download installers and dependency source code run: | - aws s3 cp s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/Finch-${{ needs.get-version-tag.outputs.tag }}.msi Finch-${{ needs.get-version-tag.outputs.tag }}.msi + aws s3 cp s3://${{ secrets.INSTALLER_PRIVATE_BUCKET_NAME }}/Finch-${{ needs.get-tag-name.outputs.version }}.msi Finch-${{ needs.get-tag-name.outputs.version }}.msi - name: Upload installers and dependency source code to release uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v0.1.15 with: - tag_name: ${{ needs.get-version-tag.outputs.tag }} + tag_name: ${{ needs.get-tag-name.outputs.version }} files: | - Finch-${{ needs.get-version-tag.outputs.tag }}.msi + Finch-${{ needs.get-tag-name.outputs.version }}.msi - name: Delete installers and dependency source code - run: rm -rf Finch-${{ needs.get-version-tag.outputs.tag }}.msi \ No newline at end of file + run: rm -rf Finch-${{ needs.get-tag-name.outputs.version }}.msi \ No newline at end of file diff --git a/Makefile b/Makefile index 6ce060aa7..65b2e40e1 100644 --- a/Makefile +++ b/Makefile @@ -28,11 +28,10 @@ VDE_INSTALL ?= /opt/finch ARCH ?= $(shell uname -m) SUPPORTED_ARCH = false LICENSEDIR := $(OUTDIR)/license-files -VERSION ?= $(shell git describe --match 'v[0-9]*' --dirty='.modified' --abbrev=0 --always --tags) +VERSION ?= $(shell git describe --match 'v[0-9]*' --dirty='.modified' --always --tags) GITCOMMIT ?= $(shell git rev-parse HEAD)$(shell test -z "$(git status --porcelain)" || echo .m) VERSION_INJECTION := -X $(PACKAGE)/pkg/version.Version=$(VERSION) VERSION_INJECTION += -X $(PACKAGE)/pkg/version.GitCommit=$(GITCOMMIT) -VERSION_INJECTION += -X $(PACKAGE)/pkg/version.GitCommit=$(GITCOMMIT) LDFLAGS = "-w $(VERSION_INJECTION)" MIN_MACOS_VERSION ?= 11.0 @@ -155,10 +154,8 @@ ifeq ($(GOOS),windows) finch: finch-windows finch-all else ifeq ($(GOOS),darwin) finch: finch-macos -else ifeq ($(NATIVE_BUILD),true) -finch: finch-native else -finch: finch-all +finch: finch-linux endif finch-windows: @@ -171,9 +168,11 @@ finch-macos: finch-unix finch-unix: finch-all -finch-native: GO_BUILD_TAGS += native -finch-native: finch-all +finch-linux: finch-all +ifneq ($(STATIC),) +finch-all: export CGO_ENABLED=0 +endif finch-all: $(GO) build -ldflags $(LDFLAGS) -tags "$(GO_BUILD_TAGS)" -o $(OUTDIR)/bin/$(BINARYNAME) $(PACKAGE)/cmd/finch @@ -204,62 +203,62 @@ coverage: download-licenses: GOBIN = $(CURDIR)/tools_bin download-licenses: GOBIN=$(GOBIN) go install github.com/google/go-licenses - $(GOBIN)/go-licenses save ./... --save_path="$(LICENSEDIR)" --force --include_tests + $(GOBIN)/go-licenses save ./... --ignore github.com/multiformats/go-base36 --ignore github.com/spf13/afero/sftpfs --save_path="$(LICENSEDIR)" --force --include_tests ### dependencies in tools.go - start ### # for go.uber.org/mock/mockgen mkdir -p "$(LICENSEDIR)/go.uber.org/mock" - curl https://raw.githubusercontent.com/golang/mock/main/LICENSE --output "$(LICENSEDIR)/go.uber.org/mock/LICENSE" + curl -L https://raw.githubusercontent.com/golang/mock/main/LICENSE --output "$(LICENSEDIR)/go.uber.org/mock/LICENSE" # for github.com/google/go-licenses mkdir -p "$(LICENSEDIR)/github.com/google/go-licenses" - curl https://raw.githubusercontent.com/google/go-licenses/master/LICENSE --output "$(LICENSEDIR)/github.com/google/go-licenses/LICENSE" + curl -L https://raw.githubusercontent.com/google/go-licenses/master/LICENSE --output "$(LICENSEDIR)/github.com/google/go-licenses/LICENSE" # for golang.org/x/tools/cmd/stringer mkdir -p "$(LICENSEDIR)/golang.org/x/tools" - curl https://raw.githubusercontent.com/golang/tools/master/LICENSE --output "$(LICENSEDIR)/golang.org/x/tools/LICENSE" + curl -L https://raw.githubusercontent.com/golang/tools/master/LICENSE --output "$(LICENSEDIR)/golang.org/x/tools/LICENSE" ### dependencies in tools.go - end ### ### dependencies in benchmark.yaml - start ### mkdir -p "$(LICENSEDIR)/github.com/benchmark-action/github-action-benchmark" - curl https://raw.githubusercontent.com/benchmark-action/github-action-benchmark/master/LICENSE.txt --output "$(LICENSEDIR)/github.com/benchmark-action/github-action-benchmark/LICENSE.txt" + curl -L https://raw.githubusercontent.com/benchmark-action/github-action-benchmark/master/LICENSE.txt --output "$(LICENSEDIR)/github.com/benchmark-action/github-action-benchmark/LICENSE.txt" ### dependencies in benchmark.yaml - end ### ### dependencies in ci.yaml - start ### mkdir -p "$(LICENSEDIR)/github.com/actions/checkout" - curl https://raw.githubusercontent.com/actions/checkout/main/LICENSE --output "$(LICENSEDIR)/github.com/actions/checkout/LICENSE" + curl -L https://raw.githubusercontent.com/actions/checkout/main/LICENSE --output "$(LICENSEDIR)/github.com/actions/checkout/LICENSE" mkdir -p "$(LICENSEDIR)/github.com/actions/setup-go" - curl https://raw.githubusercontent.com/actions/setup-go/main/LICENSE --output "$(LICENSEDIR)/github.com/actions/setup-go/LICENSE" + curl -L https://raw.githubusercontent.com/actions/setup-go/main/LICENSE --output "$(LICENSEDIR)/github.com/actions/setup-go/LICENSE" mkdir -p "$(LICENSEDIR)/github.com/golangci/golangci-lint-action" - curl https://raw.githubusercontent.com/golangci/golangci-lint-action/master/LICENSE --output "$(LICENSEDIR)/github.com/golangci/golangci-lint-action/LICENSE" + curl -L https://raw.githubusercontent.com/golangci/golangci-lint-action/master/LICENSE --output "$(LICENSEDIR)/github.com/golangci/golangci-lint-action/LICENSE" mkdir -p "$(LICENSEDIR)/github.com/avto-dev/markdown-lint" - curl https://raw.githubusercontent.com/avto-dev/markdown-lint/master/LICENSE --output "$(LICENSEDIR)/github.com/avto-dev/markdown-lint/LICENSE" + curl -L https://raw.githubusercontent.com/avto-dev/markdown-lint/master/LICENSE --output "$(LICENSEDIR)/github.com/avto-dev/markdown-lint/LICENSE" mkdir -p "$(LICENSEDIR)/github.com/ludeeus/action-shellcheck" - curl https://raw.githubusercontent.com/ludeeus/action-shellcheck/blob/2.0.0/LICENSE --output "$(LICENSEDIR)/github.com/ludeeus/action-shellcheck/LICENSE" + curl -L https://raw.githubusercontent.com/ludeeus/action-shellcheck/blob/2.0.0/LICENSE --output "$(LICENSEDIR)/github.com/ludeeus/action-shellcheck/LICENSE" ### dependencies in ci.yaml - end ### ### dependencies in lint-pr-title.yaml - start ### mkdir -p "$(LICENSEDIR)/github.com/amannn/action-semantic-pull-request" - curl https://raw.githubusercontent.com/amannn/action-semantic-pull-request/main/LICENSE --output "$(LICENSEDIR)/github.com/amannn/action-semantic-pull-request/LICENSE" + curl -L https://raw.githubusercontent.com/amannn/action-semantic-pull-request/main/LICENSE --output "$(LICENSEDIR)/github.com/amannn/action-semantic-pull-request/LICENSE" ### dependencies in lint-pr-title.yaml - end ### ### dependencies in release-please.yaml - start ### mkdir -p "$(LICENSEDIR)/github.com/googleapis/release-please" - curl https://raw.githubusercontent.com/googleapis/release-please/main/LICENSE --output "$(LICENSEDIR)/github.com/googleapis/release-please/LICENSE" + curl -L https://raw.githubusercontent.com/googleapis/release-please/main/LICENSE --output "$(LICENSEDIR)/github.com/googleapis/release-please/LICENSE" ### dependencies in release-please.yaml - end ### ### system-level dependencies - start ### mkdir -p "$(LICENSEDIR)/github.com/lima-vm/lima" - curl https://raw.githubusercontent.com/lima-vm/lima/master/LICENSE --output "$(LICENSEDIR)/github.com/lima-vm/lima/LICENSE" + curl -L https://raw.githubusercontent.com/lima-vm/lima/master/LICENSE --output "$(LICENSEDIR)/github.com/lima-vm/lima/LICENSE" ### system-level dependencies - end ### diff --git a/msi-builder/BuildFinchMSI.ps1 b/msi-builder/BuildFinchMSI.ps1 index fce453af0..1c1c15afa 100644 --- a/msi-builder/BuildFinchMSI.ps1 +++ b/msi-builder/BuildFinchMSI.ps1 @@ -67,6 +67,12 @@ Write-Host "Files copied successfully." # 5. Copy WiX template and update resources path and version Write-Host "5. Copy Wix template and update value..." + +# Seems like version must follow major.minor.patch format https://docs.firegiant.com/wix/schema/wxs/validate/#ProductVersion. +# So sanitize version for wix, but keep original for filename. +$wixVersion = $Version -replace '^v', '' -replace '-.*$', '' +Write-Host "Original version: $Version, WiX version: $wixVersion" + Copy-Item -Path (Join-Path -Path $scriptDirectory -ChildPath "FinchMSITemplate.wxs") -Destination (Join-Path -Path $scriptDirectory -ChildPath "build\") $wxsFilePath = Join-Path -Path $scriptDirectory -ChildPath "build\FinchMSITemplate.wxs" @@ -78,7 +84,7 @@ $roofsFileName = $roofsFile.Name # Replace __ROOTFS__, __SOURCE__ and __VERSION__ $content = Get-Content -Path $wxsFilePath -Raw $updatedContent = $content -replace '__SOURCE__', $finchResourcePath ` - -replace '__VERSION__', $Version ` + -replace '__VERSION__', $wixVersion ` -replace '__ROOTFS__', $roofsFileName $updatedContent | Set-Content -Path $wxsFilePath Write-Host "Source path and version are updated successfully." @@ -93,10 +99,34 @@ $candleArgs = "$wxsFilePath -out $wixobjPath" $lightPath = Join-Path -Path $wixToolPath -ChildPath "light.exe" $lightArgs = "$wixobjPath -ext WixUIExtension -out $msiPath" -Start-Process -FilePath $candlePath -ArgumentList $candleArgs -Wait -Write-Host "Candle finished." +Write-Host "Candle started..." +$candleProcess = Start-Process -FilePath $candlePath -ArgumentList $candleArgs -PassThru -NoNewWindow -RedirectStandardOutput "$buildFolderPath\candle_stdout.txt" -RedirectStandardError "$buildFolderPath\candle_stderr.txt" -Wait +if ($candleProcess.ExitCode -ne 0) { + Write-Error "Candle failed with exit code: $($candleProcess.ExitCode)" + Write-Host "--- Candle stdout ---" + Get-Content "$buildFolderPath\candle_stdout.txt" + Write-Host "--- Candle stderr ---" + Get-Content "$buildFolderPath\candle_stderr.txt" + exit 1 +} else { + Write-Host "Candle finished." +} + Write-Host "Light started, it may take some time..." -Start-Process -FilePath $lightPath -ArgumentList $lightArgs -Wait -Write-Host "Light finished." +$lightProcess = Start-Process -FilePath $lightPath -ArgumentList $lightArgs -PassThru -NoNewWindow -RedirectStandardOutput "$buildFolderPath\light_stdout.txt" -RedirectStandardError "$buildFolderPath\light_stderr.txt" -Wait +if ($lightProcess.ExitCode -ne 0) { + Write-Error "Light failed with exit code: $($lightProcess.ExitCode)" + Write-Host "--- Light stdout ---" + Get-Content "$buildFolderPath\light_stdout.txt" + Write-Host "--- Light stderr ---" + Get-Content "$buildFolderPath\light_stderr.txt" + exit 1 +} else { + Write-Host "Light finished." +} -Write-Host "Finch-$Version.msi is generated. Location: $msiPath" \ No newline at end of file +Write-Host "Finch-$Version.msi is generated. Location: $msiPath" +if (-not (Test-Path $msiPath)) { + Write-Error "MSI file was not created at: $msiPath" + exit 1 +} \ No newline at end of file