fix: Use git attributes to identify binary files #565
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Native (scanner) | |
# TODO: DRY it up and merge with build-native.yml | |
on: | |
pull_request: | |
push: | |
tags: | |
- '@appland/scanner-v*' | |
jobs: | |
linux-x64: | |
runs-on: ubuntu-latest | |
if: | |
${{ contains(github.event.pull_request.labels.*.name, 'build native') || | |
startsWith(github.ref, 'refs/tags/@appland/scanner-v') }} | |
env: | |
PUPPETEER_SKIP_DOWNLOAD: 1 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: ./.github/actions/setup-node | |
- name: Build | |
run: | | |
yarn build | |
cd packages/scanner | |
yarn build-native linux x64 | |
${GITHUB_WORKSPACE}/bin/hash release/scanner-linux-x64 | |
- name: Publish scanner-linux-x64 artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: scanner-linux-x64 | |
path: packages/scanner/release/scanner-linux-x64 | |
- name: 'Release: scanner-linux-x64' | |
uses: svenstaro/upload-release-action@v2 | |
if: github.ref_type == 'tag' | |
with: | |
repo_token: ${{ secrets.GH_TOKEN }} | |
file: packages/scanner/release/scanner-linux-x64 | |
asset_name: scanner-linux-x64 | |
tag: ${{ github.ref }} | |
overwrite: true | |
- name: 'Release: scanner-linux-x64.sha256' | |
uses: svenstaro/upload-release-action@v2 | |
if: github.ref_type == 'tag' | |
with: | |
repo_token: ${{ secrets.GH_TOKEN }} | |
file: packages/scanner/release/scanner-linux-x64.sha256 | |
asset_name: scanner-linux-x64.sha256 | |
tag: ${{ github.ref }} | |
overwrite: true | |
linux-arm64: | |
runs-on: linux-arm64 | |
if: | |
${{ contains(github.event.pull_request.labels.*.name, 'build native') || | |
startsWith(github.ref, 'refs/tags/@appland/scanner-v') }} | |
env: | |
PUPPETEER_SKIP_DOWNLOAD: 1 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: ./.github/actions/setup-node | |
- name: Build | |
run: | | |
yarn build | |
cd packages/scanner | |
yarn build-native linux arm64 | |
${GITHUB_WORKSPACE}/bin/hash release/scanner-linux-arm64 | |
- name: Publish scanner-linux-arm64 artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: scanner-linux-arm64 | |
path: packages/scanner/release/scanner-linux-arm64 | |
- name: 'Release: scanner-linux-arm64' | |
uses: svenstaro/upload-release-action@v2 | |
if: github.ref_type == 'tag' | |
with: | |
repo_token: ${{ secrets.GH_TOKEN }} | |
file: packages/scanner/release/scanner-linux-arm64 | |
asset_name: scanner-linux-arm64 | |
tag: ${{ github.ref }} | |
overwrite: true | |
- name: 'Release: scanner-linux-arm64.sha256' | |
uses: svenstaro/upload-release-action@v2 | |
if: github.ref_type == 'tag' | |
with: | |
repo_token: ${{ secrets.GH_TOKEN }} | |
file: packages/scanner/release/scanner-linux-arm64.sha256 | |
asset_name: scanner-linux-arm64.sha256 | |
tag: ${{ github.ref }} | |
overwrite: true | |
macos-x64: | |
runs-on: macos-12 | |
if: | |
${{ contains(github.event.pull_request.labels.*.name, 'build native') || | |
startsWith(github.ref, 'refs/tags/@appland/scanner-v') }} | |
env: | |
PUPPETEER_SKIP_DOWNLOAD: 1 | |
APPLE_IDENTITY_PRIVATE_KEY: ${{ secrets.APPLE_IDENTITY_PRIVATE_KEY }} | |
APPLE_IDENTITY_CERTIFICATE: ${{ secrets.APPLE_IDENTITY_CERTIFICATE }} | |
APPLE_CONNECT_KEY_B64: ${{ secrets.APPLE_CONNECT_KEY_B64 }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install deps | |
run: | | |
python3 -m pip install --break-system-packages setuptools | |
- name: Setup Node | |
uses: ./.github/actions/setup-node | |
- name: Build | |
run: | | |
yarn build | |
cd packages/scanner | |
yarn build-native macos x64 | |
${GITHUB_WORKSPACE}/bin/presign | |
${GITHUB_WORKSPACE}/bin/sign release/scanner-macos-x64 | |
${GITHUB_WORKSPACE}/bin/notarize release/scanner-macos-x64 | |
${GITHUB_WORKSPACE}/bin/hash release/scanner-macos-x64 | |
- name: Publish scanner-macos-x64 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: scanner-macos-x64 | |
path: packages/scanner/release/scanner-macos-x64 | |
- name: 'Release: scanner-macos-x64' | |
uses: svenstaro/upload-release-action@v2 | |
if: github.ref_type == 'tag' | |
with: | |
repo_token: ${{ secrets.GH_TOKEN }} | |
file: packages/scanner/release/scanner-macos-x64 | |
asset_name: scanner-macos-x64 | |
tag: ${{ github.ref }} | |
overwrite: true | |
- name: 'Release: scanner-macos-x64.sha256' | |
uses: svenstaro/upload-release-action@v2 | |
if: github.ref_type == 'tag' | |
with: | |
repo_token: ${{ secrets.GH_TOKEN }} | |
file: packages/scanner/release/scanner-macos-x64.sha256 | |
asset_name: scanner-macos-x64.sha256 | |
tag: ${{ github.ref }} | |
overwrite: true | |
macos-arm: | |
runs-on: macos-14 | |
if: | |
${{ contains(github.event.pull_request.labels.*.name, 'build native') || | |
startsWith(github.ref, 'refs/tags/@appland/scanner-v') }} | |
env: | |
PUPPETEER_SKIP_DOWNLOAD: 1 | |
APPLE_IDENTITY_PRIVATE_KEY: ${{ secrets.APPLE_IDENTITY_PRIVATE_KEY }} | |
APPLE_IDENTITY_CERTIFICATE: ${{ secrets.APPLE_IDENTITY_CERTIFICATE }} | |
APPLE_CONNECT_KEY_B64: ${{ secrets.APPLE_CONNECT_KEY_B64 }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install deps | |
run: | | |
python3 -m pip install --break-system-packages setuptools | |
- name: Setup Node | |
uses: ./.github/actions/setup-node | |
- name: Restore cargo cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.cargo | |
key: ${{ runner.os }}-${{ runner.arch }}-cargo | |
- name: Build | |
run: | | |
yarn build | |
cd packages/scanner | |
yarn build-native macos arm64 | |
${GITHUB_WORKSPACE}/bin/presign | |
${GITHUB_WORKSPACE}/bin/sign release/scanner-macos-arm64 | |
${GITHUB_WORKSPACE}/bin/notarize release/scanner-macos-arm64 | |
${GITHUB_WORKSPACE}/bin/hash release/scanner-macos-arm64 | |
- name: Publish scanner-macos-arm64 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: scanner-macos-arm64 | |
path: packages/scanner/release/scanner-macos-arm64 | |
- name: 'Release: scanner-macos-arm64' | |
uses: svenstaro/upload-release-action@v2 | |
if: github.ref_type == 'tag' | |
with: | |
repo_token: ${{ secrets.GH_TOKEN }} | |
file: packages/scanner/release/scanner-macos-arm64 | |
asset_name: scanner-macos-arm64 | |
tag: ${{ github.ref }} | |
overwrite: true | |
- name: 'Release: scanner-macos-arm64.sha256' | |
uses: svenstaro/upload-release-action@v2 | |
if: github.ref_type == 'tag' | |
with: | |
repo_token: ${{ secrets.GH_TOKEN }} | |
file: packages/scanner/release/scanner-macos-arm64.sha256 | |
asset_name: scanner-macos-arm64.sha256 | |
tag: ${{ github.ref }} | |
overwrite: true | |
windows: | |
runs-on: windows-latest | |
if: | |
${{ contains(github.event.pull_request.labels.*.name, 'build native') || | |
startsWith(github.ref, 'refs/tags/@appland/scanner-v') }} | |
env: | |
PUPPETEER_SKIP_DOWNLOAD: 1 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: ./.github/actions/setup-node | |
- name: Restore cargo cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.cargo | |
key: ${{ runner.os }}-${{ runner.arch }}-cargo | |
- name: Build | |
shell: bash | |
run: | | |
choco install rsync | |
yarn build | |
cd packages/scanner | |
yarn build-native win x64 | |
node ${GITHUB_WORKSPACE}/bin/hash.js release/scanner-win-x64.exe | |
- name: Sign the release with Trusted Signing | |
uses: azure/[email protected] | |
with: | |
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
endpoint: https://eus.codesigning.azure.net/ | |
code-signing-account-name: appmap | |
certificate-profile-name: appmap | |
files-folder: ${{ github.workspace }}/packages/scanner/release/ | |
files-folder-filter: exe,dll | |
file-digest: SHA256 | |
timestamp-rfc3161: http://timestamp.acs.microsoft.com | |
timestamp-digest: SHA256 | |
- name: Publish scanner-win-x64 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: scanner-win-x64 | |
path: packages/scanner/release/scanner-win-x64.exe | |
- name: 'Release: scanner-win-x64.exe' | |
uses: svenstaro/upload-release-action@v2 | |
if: github.ref_type == 'tag' | |
with: | |
repo_token: ${{ secrets.GH_TOKEN }} | |
file: packages/scanner/release/scanner-win-x64.exe | |
asset_name: scanner-win-x64.exe | |
tag: ${{ github.ref }} | |
overwrite: true | |
- name: 'Release: scanner-win-x64.exe.sha256' | |
uses: svenstaro/upload-release-action@v2 | |
if: github.ref_type == 'tag' | |
with: | |
repo_token: ${{ secrets.GH_TOKEN }} | |
file: packages/scanner/release/scanner-win-x64.exe.sha256 | |
asset_name: scanner-win-x64.exe.sha256 | |
tag: ${{ github.ref }} | |
overwrite: true | |
finalize-release: | |
name: finalize release | |
if: ${{ startsWith(github.ref, 'refs/tags/@appland/scanner-v') }} | |
runs-on: ubuntu-latest | |
needs: | |
- linux-x64 | |
- linux-arm64 | |
- macos-x64 | |
- macos-arm | |
- windows | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- run: yarn npm tag add `echo ${{ github.ref_name }} | sed -e s/-v/@/` latest | |
env: | |
YARN_NPM_AUTH_TOKEN: ${{ secrets.YARN_NPM_AUTH_TOKEN }} |