code.vegaprotocol.io/vega@v0.79.0/.github/workflows/release-binaries.yml (about) 1 --- 2 name: Release vega, data-node, vegawallet and visor binaries 3 4 "on": 5 push: 6 branches: 7 - develop 8 tags: 9 - "v*" 10 11 workflow_dispatch: 12 inputs: 13 publish: 14 description: 'Publish as a GitHub release' 15 required: false 16 type: boolean 17 default: false 18 tag: 19 description: 'Git Tag to build and publish' 20 required: false 21 type: string 22 default: '' 23 apps: 24 description: 'Applications to build and publish' 25 required: false 26 type: choice 27 options: 28 - [vega, data-node, vegawallet, visor] 29 - [vega] 30 - [data-node] 31 - [vegawallet] 32 - [visor] 33 - [vegatools] 34 archs: 35 description: 'Architecture to build and publish' 36 required: false 37 type: choice 38 options: 39 - [amd64, arm64] 40 - [amd64] 41 - [arm64] 42 os: 43 description: 'OS to build and publish' 44 required: false 45 type: choice 46 options: 47 - [linux, macos, windows] 48 - [linux] 49 - [macos] 50 - [windows] 51 disableTests: 52 description: 'Skip running tests' 53 required: false 54 type: boolean 55 default: false 56 57 jobs: 58 # 59 # Linux 60 # 61 release-linux: 62 if: ${{ contains(fromJson(inputs.os || '["linux"]'), 'linux') }} 63 name: Release ${{ matrix.app }} on Linux ${{ matrix.arch }} 64 runs-on: ubuntu-latest 65 strategy: 66 fail-fast: false 67 matrix: 68 arch: ${{ fromJson(inputs.archs || '["amd64", "arm64"]') }} 69 app: ${{ fromJson(inputs.apps || '["vega", "data-node", "vegawallet", "visor"]') }} 70 env: 71 GOOS: linux 72 GOARCH: ${{ matrix.arch }} 73 CGO_ENABLED: 0 74 steps: 75 - name: Set up Go 76 uses: actions/setup-go@v2 77 with: 78 go-version: '1.21' 79 id: go 80 81 - name: Check out code 82 uses: actions/checkout@v2 83 with: 84 ref: ${{ inputs.tag }} 85 86 - name: Sanity check 87 run: | 88 git rev-parse --verify HEAD 89 git status 90 91 # - name: Get dependencies 92 # run: go get -v -t -d ./... 93 94 # - name: Run tests 95 # if: ${{ env.GOARCH == 'amd64' && inputs.disableTests != true }} 96 # run: go test -v ./... 97 98 - name: Build binary 99 run: go build -o build/${{ matrix.app }} ./cmd/${{ matrix.app }} 100 101 - name: Check version 102 if: ${{ env.GOARCH == 'amd64' }} 103 working-directory: build 104 run: ./${{ matrix.app }} version || ./${{ matrix.app }} software version 105 106 - name: Bundle binary in archive 107 uses: thedoctor0/zip-release@master 108 with: 109 type: zip 110 directory: build 111 filename: ${{ matrix.app }}-${{ env.GOOS }}-${{ env.GOARCH }}.zip 112 113 - name: Release 114 if: ${{ inputs.publish || startsWith(github.ref, 'refs/tags/') }} 115 uses: softprops/action-gh-release@cd28b0f5ee8571b76cfdaa62a30d51d752317477 116 with: 117 files: build/*.zip 118 name: ${{ inputs.tag || github.ref_name }} 119 tag_name: ${{ inputs.tag || github.ref_name }} 120 prerelease: true 121 env: 122 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 123 124 # 125 # macOS 126 # 127 release-macos: 128 if: ${{ contains(fromJson(inputs.os || '["macos"]'), 'macos') }} 129 name: Release ${{ matrix.app }} on MacOS ${{ matrix.arch }} 130 runs-on: macos-latest 131 strategy: 132 fail-fast: false 133 matrix: 134 arch: ${{ fromJson(inputs.archs || '["amd64", "arm64"]') }} 135 app: ${{ fromJson(inputs.apps || '["vega", "data-node", "vegawallet", "visor"]') }} 136 env: 137 GOOS: darwin 138 GOARCH: ${{ matrix.arch }} 139 CGO_ENABLED: 0 140 steps: 141 - name: Set up Go 142 uses: actions/setup-go@v2 143 144 with: 145 go-version: '1.21' 146 id: go 147 148 - name: Check out code 149 uses: actions/checkout@v2 150 with: 151 ref: ${{ inputs.tag }} 152 153 - name: Sanity check 154 run: | 155 git rev-parse --verify HEAD 156 git status 157 158 # - name: Get dependencies 159 # run: go get -v -t -d ./... 160 161 # - name: Run tests 162 # if: ${{ env.GOARCH == 'amd64' && inputs.disableTests != true }} 163 # run: go test -v ./... 164 165 - name: Build binary 166 run: go build -o build/${{ matrix.app }} ./cmd/${{ matrix.app }} 167 168 - name: Import DeveloperID Certificate 169 # we sign vegawallet only 170 if: ${{ matrix.app == 'vegawallet' }} 171 uses: apple-actions/import-codesign-certs@v1 172 with: 173 keychain: vega 174 create-keychain: true 175 p12-file-base64: ${{ secrets.MACOS_CERTIFICATE }} 176 p12-password: ${{ secrets.MACOS_CERTIFICATE_PASS }} 177 178 - name: Sign binary 179 # we sign vegawallet only 180 if: ${{ matrix.app == 'vegawallet' }} 181 working-directory: build 182 # --timestamp 183 # During signing, requests that a timestamp authority server be contacted to authenticate the time of 184 # signing. 185 # --deep 186 # When signing a bundle, specifies that nested code content such as helpers, frameworks, and plug-ins, 187 # should be recursively signed in turn. 188 # --options runtime 189 # On macOS versions >= 10.14.0, opts signed processes into a hardened runtime environment which includes 190 # runtime code signing enforcement, library validation, hard, kill, and debugging restrictions. 191 run: codesign --verbose --sign "${{ secrets.MACOS_CERTIFICATE_IDENTITY_ID }}" --timestamp --options runtime --deep --force ${{ matrix.app }} 192 193 - name: Verify signature 194 # we sign vegawallet only 195 if: ${{ matrix.app == 'vegawallet' }} 196 working-directory: build 197 run: codesign --verbose --verify --strict --deep ${{ matrix.app }} 198 199 - name: Check version 200 if: ${{ env.GOARCH == 'amd64' }} 201 working-directory: build 202 run: ./${{ matrix.app }} version || ./${{ matrix.app }} software version 203 204 - name: Bundle binary in archive 205 uses: thedoctor0/zip-release@master 206 with: 207 type: zip 208 directory: build 209 filename: ${{ matrix.app }}-${{ env.GOOS }}-${{ env.GOARCH }}.zip 210 211 - name: Store notarization credentials 212 # we do notarization to vegawallet only 213 if: ${{ matrix.app == 'vegawallet' }} 214 run: | 215 xcrun notarytool store-credentials vega \ 216 --apple-id "${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}" \ 217 --team-id "${{ secrets.MACOS_NOTARIZATION_TEAM_ID }}" \ 218 --password "${{ secrets.MACOS_NOTARIZATION_PASS }}" 219 220 - name: Notarize app 221 # we do notarization to vegawallet only 222 if: ${{ matrix.app == 'vegawallet' }} 223 working-directory: build 224 run: | 225 xcrun notarytool submit ${{ matrix.app }}-${{ env.GOOS }}-${{ env.GOARCH }}.zip \ 226 --keychain-profile vega \ 227 --output-format json \ 228 --timeout "90m" \ 229 --wait 230 231 - name: Release 232 if: ${{ inputs.publish || startsWith(github.ref, 'refs/tags/') }} 233 uses: softprops/action-gh-release@cd28b0f5ee8571b76cfdaa62a30d51d752317477 234 with: 235 files: build/*.zip 236 name: ${{ inputs.tag || github.ref_name }} 237 tag_name: ${{ inputs.tag || github.ref_name }} 238 prerelease: true 239 env: 240 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 241 242 # 243 # Windows 244 # 245 release-windows: 246 if: ${{ contains(fromJson(inputs.os || '["windows"]'), 'windows') }} 247 name: Release ${{ matrix.app }} on Windows ${{ matrix.arch }} 248 runs-on: windows-2019 249 strategy: 250 fail-fast: false 251 matrix: 252 arch: ${{ fromJson(inputs.archs || '["amd64", "arm64"]') }} 253 app: ${{ fromJson(inputs.apps || '["vegawallet"]') }} 254 exclude: 255 - app: vega 256 - app: data-node 257 - app: visor 258 - app: vegatools 259 env: 260 GOOS: windows 261 GOARCH: ${{ matrix.arch }} 262 CGO_ENABLED: 0 263 steps: 264 - name: Set up Go 265 uses: actions/setup-go@v2 266 with: 267 go-version: '1.21' 268 id: go 269 270 - name: Check out code 271 uses: actions/checkout@v2 272 with: 273 ref: ${{ inputs.tag }} 274 275 - name: Sanity check 276 run: | 277 git rev-parse --verify HEAD 278 git status 279 280 # - name: Get dependencies 281 # run: go get -v -t -d ./... 282 283 # - name: Run tests 284 # if: ${{ env.GOARCH == 'amd64' && inputs.disableTests != true }} 285 # run: go test -v ./... 286 287 - name: Build binary 288 run: go build -o build/${{ matrix.app }}.exe ./cmd/${{ matrix.app }} 289 290 - name: "Sign binary" 291 if: ${{ matrix.app == 'vegawallet' }} 292 uses: ./.github/actions/sign-windows-binary 293 with: 294 current-working-directory: build 295 binary-file: ${{ matrix.app }}.exe 296 gcp-credentials: ${{ secrets.GCP_CREDENTIALS }} 297 ev-cert-pem: ${{ secrets.EV_SIGN_CERT_FULL_CHAIN_PEM }} 298 299 300 - name: Check version 301 if: ${{ env.GOARCH == 'amd64' }} 302 working-directory: build 303 run: .\${{ matrix.app }}.exe version || .\${{ matrix.app }}.exe software version 304 305 - name: Bundle binary in archive 306 uses: thedoctor0/zip-release@master 307 with: 308 type: zip 309 directory: build 310 filename: ${{ matrix.app }}-${{ env.GOOS }}-${{ env.GOARCH }}.zip 311 312 - name: Release 313 if: ${{ inputs.publish || startsWith(github.ref, 'refs/tags/') }} 314 uses: softprops/action-gh-release@cd28b0f5ee8571b76cfdaa62a30d51d752317477 315 with: 316 files: build/*.zip 317 name: ${{ inputs.tag || github.ref_name }} 318 tag_name: ${{ inputs.tag || github.ref_name }} 319 prerelease: true 320 env: 321 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}