Skip to content

Commit

Permalink
fix: expand goreleaser workflow to build MSI and chocolatey packages
Browse files Browse the repository at this point in the history 
note: The octopus deployment process isn't working yet, but all the other parts are done, so merging this in now to get a baseline release
  • Loading branch information
@hnrkndrssn
hnrkndrssn authored Sep 13, 2022
1 parent e5d9975 commit 1d86a77
Show file tree
Hide file tree
Showing 14 changed files with 749 additions and 28 deletions.
242 changes: 219 additions & 23 deletions .github/workflows/go-releaser.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,28 +12,224 @@ permissions:
jobs:
goreleaser:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.calculate-version.outputs.version }}
tag_name: ${{ steps.calculate-version.outputs.tag_name }}

steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Fetch all tags
run: git fetch --force --tags
- name: Set up Go
uses: actions/setup-go@v3
with:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Fetch all tags
run: git fetch --force --tags

- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.19
- uses: crazy-max/ghaction-import-gpg@v5
id: import_gpg
with:
gpg_private_key: ${{ secrets.OCTOPUS_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.OCTOPUS_GPG_PASSPHRASE }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v3
with:
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
GPG_PASSWORD: ${{ secrets.OCTOPUS_GPG_PASSPHRASE }}

- uses: crazy-max/ghaction-import-gpg@v5
id: import_gpg
with:
gpg_private_key: ${{ secrets.OCTOPUS_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.OCTOPUS_GPG_PASSPHRASE }}

- name: Run GoReleaser
id: goreleaser-release
uses: goreleaser/goreleaser-action@v3
with:
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
GPG_PASSWORD: ${{ secrets.OCTOPUS_GPG_PASSPHRASE }}

- name: Calculate version
id: calculate-version
run: |
tag_name=${{ fromJson(steps.goreleaser-release.outputs.metadata).tag }}
version=${{ fromJson(steps.goreleaser-release.outputs.metadata).version }}
echo "::set-output name=tag_name::$tag_name"
echo "::set-output name=version::$version"
- name: Upload goreleaser built binaries to artifact octopus-cli.${{ steps.calculate-version.outputs.version }}
uses: actions/upload-artifact@v3
with:
name: octopus-cli.${{ steps.calculate-version.outputs.version }}
path: |
dist/*.zip
dist/*.tar.gz
dist/*.rpm
dist/*.deb
msi:
needs: goreleaser
runs-on: windows-latest
env:
DOTNET_CLI_TELEMETRY_OPTOUT: 1
outputs:
msi_file: ${{ steps.buildmsi.outputs.msi }}

steps:
- uses: actions/checkout@v3

- uses: microsoft/setup-msbuild@v1.1
id: setupmsbuild

- name: Download goreleaser built binaries from artifact octopus-cli.${{ needs.goreleaser.outputs.version }}
uses: actions/download-artifact@v3
with:
name: octopus-cli.${{ needs.goreleaser.outputs.version }}
path: artifacts/

# the wix installer is going to expect octopus.exe to be in the working directory when it runs; this gets it there
# TODO we can include the arm64 version of octopus.exe in the same MSI, or we can build a second MSI for Arm64. Currently we do neither, this is x86_64 only
- name: Extract octopus.exe
id: extract_exe
shell: bash
run: unzip -d . ./artifacts/*Windows_x86_64.zip octopus.exe

- name: Build MSI
id: buildmsi
shell: bash
env:
MSBUILD_PATH: ${{ steps.setupmsbuild.outputs.msbuildPath }}
# note the wixproj deliberately logs "::set-output name=msi::$(TargetPath)" so this step has an output called 'msi'
run: |
name="octopus_${{ needs.goreleaser.outputs.version }}_Windows_x86_64"
version="$(echo -e ${{ needs.goreleaser.outputs.version }} | sed 's/-.*$//')"
"${MSBUILD_PATH}\MSBuild.exe" ./build/windows/octopus.wixproj -p:SourceDir="$PWD" -p:OutputPath="$PWD" -p:OutputName="$name" -p:ProductVersion="$version"
- name: Install AzureSignTool
run: dotnet tool install --global AzureSignTool

- name: Sign MSI
env:
MSI_FILE: ${{ steps.buildmsi.outputs.msi }}
shell: powershell
run: |
$timestampurl = (
"http://timestamp.comodoca.com/rfc3161",
"http://timestamp.globalsign.com/tsa/r6advanced1", #https://support.globalsign.com/code-signing/code-signing-windows-7-8-and-10,
"http://timestamp.digicert.com", #https://knowledge.digicert.com/solution/SO912.html
"http://timestamp.apple.com/ts01", #https://gist.github.com/Manouchehri/fd754e402d98430243455713efada710
"http://tsa.starfieldtech.com",
"http://www.startssl.com/timestamp",
"http://timestamp.verisign.com/scripts/timstamp.dll",
"http://timestamp.globalsign.com/scripts/timestamp.dll",
"https://rfc3161timestamp.globalsign.com/advanced"
)
$ex = $null
$signSuccessful = $false
foreach ($url in $timestampurl) {
Write-Host "Signing and timestamping with server $url"
try {
& AzureSignTool sign `
-kvu "${{ secrets.AZURE_KEYVAULT_URL }}" `
-kvt ${{ secrets.AZURE_KEYVAULT_TENANT_ID }} `
-kvi "${{ secrets.AZURE_KEYVAULT_CLIENT_ID }}" `
-kvs "${{ secrets.AZURE_KEYVAULT_CLIENT_SECRET }}" `
-kvc ${{ secrets.AZURE_KEYVAULT_CERTIFICATE_NAME }} `
-d "Octopus CLI" `
-du "https://octopus.com" `
-tr $url `
-v `
$env:MSI_FILE
$signSuccessful = $true
break
}
catch {
$ex = $_
}
}
if (-not $signSuccessful) {
Write-Error $ex
exit 1
}
- name: Attach MSI to github release
shell: bash
env:
MSI_FILE: ${{ steps.buildmsi.outputs.msi }}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
if: "!contains(needs.goreleaser.outputs.version, '-')" # skip prereleases
run: gh release upload "${{ needs.goreleaser.outputs.tag_name }}" "$MSI_FILE"

- name: Append MSI to artifact octopus-cli.${{ needs.goreleaser.outputs.version }}
uses: actions/upload-artifact@v3
with:
name: octopus-cli.${{ needs.goreleaser.outputs.version }}
path: ${{ steps.buildmsi.outputs.msi }}

generate-packages-and-publish:
needs: [goreleaser, msi]
runs-on: ubuntu-latest
env:
OCTOPUS_API_KEY: ${{ secrets.OCTOPUS_API_KEY }}
OCTOPUS_HOST: ${{ secrets.OCTOPUS_URL }}
OCTOPUS_SPACE: Integrations

steps:
- uses: actions/checkout@v3
- uses: nuget/setup-nuget@v1

- name: checkout OctopusDeploy/linux-package-feeds so we can take the package publish scripts from it
uses: actions/checkout@v3
with:
repository: OctopusDeploy/linux-package-feeds
token: ${{ secrets.INTEGRATIONS_FNM_BOT_TOKEN }}
path: linux-package-feeds

- name: Download goreleaser built binaries and MSI from artifact octopus-cli.${{ needs.goreleaser.outputs.version }}
uses: actions/download-artifact@v3
with:
name: octopus-cli.${{ needs.goreleaser.outputs.version }}
path: artifacts/

- name: Create Chocolatey NuGet package
env:
MSI_FILE: ${{ needs.msi.outputs.msi_file }}
run: |
cp artifacts/$(basename "${MSI_FILE//\\//}") build/tools
nuget pack ./build/cli.nuspec -Version ${{ needs.goreleaser.outputs.version }} -OutputDirectory artifacts/
- name: Copy publish-apt.sh and publish-rpm.sh
run: cp linux-package-feeds/source/publish-*.sh artifacts/

- name: Create combined zipfile package for Octopus Deploy
working-directory: artifacts
run: zip -r octopus-cli.${{ needs.goreleaser.outputs.version }}.zip .

- uses: OctopusDeploy/install-octopus-cli-action@v1
with:
version: latest

- uses: OctopusDeploy/push-package-action@v2
with:
packages: artifacts/octopus-cli.${{ needs.goreleaser.outputs.version }}.zip

- name: Fetch Release Notes
id: fetch-release-notes
if: "!contains(needs.goreleaser.outputs.version, '-')" # don't generate release notes for SNAPSHOT builds because there won't be a github release to get them from
run: |
echo "::debug::${{github.event_name}}"
OUTPUT_FILE="release_notes.txt"
gh view release "${{ needs.goreleaser.outputs.tag_name }}" --jq '.body' --json 'body' | sed 's#\r# #g' > $OUTPUT_FILE
echo "::set-output name=release-note-file::$OUTPUT_FILE"
- uses: OctopusDeploy/create-release-action@v2
if: "!contains(needs.goreleaser.outputs.version, '-')"
with:
project: 'cli'
package_version: ${{ needs.goreleaser.outputs.version }}
packages: 'NuGet.CommandLine:6.2.1'
release_notes_file: ${{ steps.fetch-release-notes.outputs.release-note-file || ''}}
git_ref: ${{ github.event.repository.default_branch }}
git_commit: ${{ github.event.after || github.event.pull_request.head.sha }}
28 changes: 23 additions & 5 deletions .goreleaser.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
project_name: octopus

release:
prerelease: auto
draft: true # we publish during the Octopus deployment
name_template: "Octopus CLI {{.Version}}"

before:
hooks:
- go mod tidy
Expand All @@ -16,21 +21,33 @@ builds:
- arm64
id: "octopus"
main: ./cmd/octopus
binary: "{{ .ProjectName }}_v{{ .Version }}"
binary: "{{ .ProjectName }}"

archives:
- replacements:
darwin: Darwin
darwin: macOS
linux: Linux
windows: Windows
amd64: x86_64
format_overrides:
- goos: windows
format: zip
name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"

nfpms:
- license: Apache 2.0
maintainer: Octopus Deploy
homepage: https://github.com/OctopusDeploy/cli
bindir: /usr/bin
description: Octopus Deploy's official command line tool.
formats:
- rpm
- deb

checksum:
name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
name_template: "{{ .ProjectName }}_{{ .Version }}_SHA256SUMS"
algorithm: sha256

signs:
- artifacts: all
args:
Expand All @@ -42,6 +59,7 @@ signs:
"--detach-sign",
"${artifact}",
]
stdin: '{{ .Env.GPG_PASSWORD }}'
stdin: "{{ .Env.GPG_PASSWORD }}"

changelog:
skip: true
Loading

0 comments on commit 1d86a77

Please sign in to comment.