2021-12-20 01:06:17 +00:00
name : GoReleaser Orbit
2021-06-26 01:40:26 +00:00
on :
push :
2021-12-20 01:06:17 +00:00
tags :
- 'orbit-*'
2022-08-10 20:00:01 +00:00
2022-10-24 20:01:00 +00:00
# This allows a subsequently queued workflow run to interrupt previous runs
concurrency :
group : ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
cancel-in-progress : true
2022-10-07 15:43:56 +00:00
defaults :
run :
# fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
shell : bash
2021-06-26 01:40:26 +00:00
permissions :
2022-03-28 20:20:31 +00:00
contents : read
2021-06-26 01:40:26 +00:00
jobs :
2023-02-22 02:49:13 +00:00
goreleaser-macos :
2021-12-20 01:06:17 +00:00
runs-on : macos-latest
2022-03-28 20:20:31 +00:00
permissions :
2023-02-22 02:49:13 +00:00
contents : read
2021-06-26 01:40:26 +00:00
steps :
- name : Checkout
2023-08-31 17:09:21 +00:00
uses : actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
2021-12-20 01:06:17 +00:00
# Note that goreleaser does not like the orbit- prefixed flag unless you use the closed-source
# paid version. We pay for goreleaser, but using the closed source build would weaken our
# supply-chain integrity goals, so we hack around it by replacing the tag.
- name : Replace tag
2023-02-22 02:49:13 +00:00
run : git tag $(echo ${{ github.ref_name }} | sed -e 's/orbit-//g') && git tag -d ${{ github.ref_name }}
2021-12-20 01:06:17 +00:00
- name : Import signing keys
2022-08-10 20:00:01 +00:00
env :
2021-12-20 01:06:17 +00:00
APPLE_APPLICATION_CERTIFICATE : ${{ secrets.APPLE_APPLICATION_CERTIFICATE }}
APPLE_APPLICATION_CERTIFICATE_PASSWORD : ${{ secrets.APPLE_APPLICATION_CERTIFICATE_PASSWORD }}
KEYCHAIN_PASSWORD : ${{ secrets.KEYCHAIN_PASSWORD }}
run : |
echo "$APPLE_APPLICATION_CERTIFICATE" | base64 --decode > certificate.p12
security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
security import certificate.p12 -k build.keychain -P $APPLE_APPLICATION_CERTIFICATE_PASSWORD -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign : -s -k $KEYCHAIN_PASSWORD build.keychain
security find-identity -vv
2021-12-20 01:43:54 +00:00
rm certificate.p12
2021-06-26 01:40:26 +00:00
- name : Set up Go
2023-08-31 17:09:21 +00:00
uses : actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
2021-06-26 01:40:26 +00:00
with :
2023-02-22 02:49:13 +00:00
go-version : ${{ vars.GO_VERSION }}
2021-06-26 01:40:26 +00:00
- name : Run GoReleaser
2023-08-31 17:09:21 +00:00
run : go run github.com/goreleaser/goreleaser@56c9d09a1b925e2549631c6d180b0a1c2ebfac82 release --debug --rm-dist --skip-publish -f orbit/goreleaser-macos.yml # v1.20.0
2021-06-26 01:40:26 +00:00
env :
2023-06-02 21:23:23 +00:00
GITHUB_TOKEN : ${{ secrets.FLEET_RELEASE_GITHUB_PAT }}
2021-12-20 01:06:17 +00:00
AC_USERNAME : ${{ secrets.APPLE_USERNAME }}
AC_PASSWORD : ${{ secrets.APPLE_PASSWORD }}
2022-09-27 15:25:42 +00:00
AC_TEAM_ID : ${{ secrets.APPLE_TEAM_ID }}
2021-12-20 01:06:17 +00:00
CODESIGN_IDENTITY : 51049B247B25B3119FAE7E9C0CC4375A43E47237
2023-02-22 02:49:13 +00:00
- name : Upload
2023-04-24 18:27:56 +00:00
uses : actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v2
2023-02-22 02:49:13 +00:00
with :
name : orbit-macos
path : dist
goreleaser-linux :
runs-on : ubuntu-20.04
permissions :
contents : read
steps :
- name : Checkout
2023-08-31 17:09:21 +00:00
uses : actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
2023-02-22 02:49:13 +00:00
# Note that goreleaser does not like the orbit- prefixed flag unless you use the closed-source
# paid version. We pay for goreleaser, but using the closed source build would weaken our
# supply-chain integrity goals, so we hack around it by replacing the tag.
- name : Replace tag
run : git tag $(echo ${{ github.ref_name }} | sed -e 's/orbit-//g') && git tag -d ${{ github.ref_name }}
- name : Set up Go
2023-08-31 17:09:21 +00:00
uses : actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
2023-02-22 02:49:13 +00:00
with :
go-version : ${{ vars.GO_VERSION }}
- name : Run GoReleaser
2023-08-31 17:09:21 +00:00
run : go run github.com/goreleaser/goreleaser@56c9d09a1b925e2549631c6d180b0a1c2ebfac82 release --debug --rm-dist --skip-publish -f orbit/goreleaser-linux.yml # v1.20.0
2023-02-22 02:49:13 +00:00
- name : Upload
2023-04-24 18:27:56 +00:00
uses : actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v2
2023-02-22 02:49:13 +00:00
with :
name : orbit-linux
path : dist
goreleaser-windows :
runs-on : windows-2022
permissions :
contents : read
steps :
- name : Checkout
2023-08-31 17:09:21 +00:00
uses : actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
2023-02-22 02:49:13 +00:00
# Note that goreleaser does not like the orbit- prefixed flag unless you use the closed-source
# paid version. We pay for goreleaser, but using the closed source build would weaken our
# supply-chain integrity goals, so we hack around it by replacing the tag.
- name : Replace tag
run : git tag $(echo ${{ github.ref_name }} | sed -e 's/orbit-//g') && git tag -d ${{ github.ref_name }}
- name : Set up Go
2023-08-31 17:09:21 +00:00
uses : actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
2023-02-22 02:49:13 +00:00
with :
go-version : ${{ vars.GO_VERSION }}
- name : Run GoReleaser
2023-08-31 17:09:21 +00:00
run : go run github.com/goreleaser/goreleaser@56c9d09a1b925e2549631c6d180b0a1c2ebfac82 release --debug --rm-dist --skip-publish -f orbit/goreleaser-windows.yml # v1.20.0
2023-02-22 02:49:13 +00:00
- name : Upload
2023-04-24 18:27:56 +00:00
uses : actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v2
2023-02-22 02:49:13 +00:00
with :
name : orbit-windows
path : dist
