fleet/.github/workflows/goreleaser-orbit.yaml

name: GoReleaser Orbit

on:
  push:
   tags:
     - 'orbit-*'
     
permissions:
  contents: write

jobs:
  goreleaser:
    runs-on: macos-latest
    environment: Docker Hub
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      # Note that goreleaser does not like the orbit- prefixed flag unless you use the closed-source
      # paid version. We pay for goreleaser, but using the closed source build would weaken our
      # supply-chain integrity goals, so we hack around it by replacing the tag.
      - name: Replace tag
        run: git tag $(echo ${{ github.ref_name }} | sed -e 's/orbit-//g')

      - name: Import signing keys
        env: 
          APPLE_APPLICATION_CERTIFICATE: ${{ secrets.APPLE_APPLICATION_CERTIFICATE }}
          APPLE_APPLICATION_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_APPLICATION_CERTIFICATE_PASSWORD }}
          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
        run: |
          echo "$APPLE_APPLICATION_CERTIFICATE" | base64 --decode > certificate.p12
          security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
          security default-keychain -s build.keychain
          security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
          security import certificate.p12 -k build.keychain -P $APPLE_APPLICATION_CERTIFICATE_PASSWORD -T /usr/bin/codesign
          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
          security find-identity -vv

      - name: Set up Go
        uses: actions/setup-go@v2
        with:
          go-version: 1.17

      - name: Run GoReleaser
        run: go run github.com/goreleaser/goreleaser release --rm-dist -f orbit/.goreleaser.yml
        env:
          AC_USERNAME: ${{ secrets.APPLE_USERNAME }}
          AC_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
          CODESIGN_IDENTITY: 51049B247B25B3119FAE7E9C0CC4375A43E47237
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Build Orbit releases in GitHub Actions (#3413) Complete build including macOS signing+notarization. 2021-12-20 01:06:17 +00:00			`name: GoReleaser Orbit`
Implement release automation (#1215) - Use goreleaser to automate release process. - Add new dockerfiles for fleet (with fleetctl) and fleetctl (only). - Add GitHub Action Workflow to run goreleaser on new tag. - Update NPM to match new archive naming. 2021-06-26 01:40:26 +00:00
			`on:`
			`push:`
Build Orbit releases in GitHub Actions (#3413) Complete build including macOS signing+notarization. 2021-12-20 01:06:17 +00:00			`tags:`
			`- 'orbit-*'`

Implement release automation (#1215) - Use goreleaser to automate release process. - Add new dockerfiles for fleet (with fleetctl) and fleetctl (only). - Add GitHub Action Workflow to run goreleaser on new tag. - Update NPM to match new archive naming. 2021-06-26 01:40:26 +00:00			`permissions:`
			`contents: write`

			`jobs:`
			`goreleaser:`
Build Orbit releases in GitHub Actions (#3413) Complete build including macOS signing+notarization. 2021-12-20 01:06:17 +00:00			`runs-on: macos-latest`
Add environment to release action (#1222) This allows the action to get access to Docker Hub credentials. 2021-06-26 02:58:35 +00:00			`environment: Docker Hub`
Implement release automation (#1215) - Use goreleaser to automate release process. - Add new dockerfiles for fleet (with fleetctl) and fleetctl (only). - Add GitHub Action Workflow to run goreleaser on new tag. - Update NPM to match new archive naming. 2021-06-26 01:40:26 +00:00			`steps:`
			`- name: Checkout`
			`uses: actions/checkout@v2`
Build Orbit releases in GitHub Actions (#3413) Complete build including macOS signing+notarization. 2021-12-20 01:06:17 +00:00
			`# Note that goreleaser does not like the orbit- prefixed flag unless you use the closed-source`
			`# paid version. We pay for goreleaser, but using the closed source build would weaken our`
			`# supply-chain integrity goals, so we hack around it by replacing the tag.`
			`- name: Replace tag`
			`run: git tag $(echo ${{ github.ref_name }} \| sed -e 's/orbit-//g')`

			`- name: Import signing keys`
			`env:`
			`APPLE_APPLICATION_CERTIFICATE: ${{ secrets.APPLE_APPLICATION_CERTIFICATE }}`
			`APPLE_APPLICATION_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_APPLICATION_CERTIFICATE_PASSWORD }}`
			`KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}`
			`run: \|`
			`echo "$APPLE_APPLICATION_CERTIFICATE" \| base64 --decode > certificate.p12`
			`security create-keychain -p $KEYCHAIN_PASSWORD build.keychain`
			`security default-keychain -s build.keychain`
			`security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain`
			`security import certificate.p12 -k build.keychain -P $APPLE_APPLICATION_CERTIFICATE_PASSWORD -T /usr/bin/codesign`
			`security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain`
			`security find-identity -vv`
Implement release automation (#1215) - Use goreleaser to automate release process. - Add new dockerfiles for fleet (with fleetctl) and fleetctl (only). - Add GitHub Action Workflow to run goreleaser on new tag. - Update NPM to match new archive naming. 2021-06-26 01:40:26 +00:00
			`- name: Set up Go`
			`uses: actions/setup-go@v2`
			`with:`
Build Orbit releases in GitHub Actions (#3413) Complete build including macOS signing+notarization. 2021-12-20 01:06:17 +00:00			`go-version: 1.17`
Implement release automation (#1215) - Use goreleaser to automate release process. - Add new dockerfiles for fleet (with fleetctl) and fleetctl (only). - Add GitHub Action Workflow to run goreleaser on new tag. - Update NPM to match new archive naming. 2021-06-26 01:40:26 +00:00
			`- name: Run GoReleaser`
Update GitHub goreleaser configuration for Orbit (#3414) 2021-12-20 01:37:54 +00:00			`run: go run github.com/goreleaser/goreleaser release --rm-dist -f orbit/.goreleaser.yml`
Implement release automation (#1215) - Use goreleaser to automate release process. - Add new dockerfiles for fleet (with fleetctl) and fleetctl (only). - Add GitHub Action Workflow to run goreleaser on new tag. - Update NPM to match new archive naming. 2021-06-26 01:40:26 +00:00			`env:`
Build Orbit releases in GitHub Actions (#3413) Complete build including macOS signing+notarization. 2021-12-20 01:06:17 +00:00			`AC_USERNAME: ${{ secrets.APPLE_USERNAME }}`
			`AC_PASSWORD: ${{ secrets.APPLE_PASSWORD }}`
			`CODESIGN_IDENTITY: 51049B247B25B3119FAE7E9C0CC4375A43E47237`
Implement release automation (#1215) - Use goreleaser to automate release process. - Add new dockerfiles for fleet (with fleetctl) and fleetctl (only). - Add GitHub Action Workflow to run goreleaser on new tag. - Update NPM to match new archive naming. 2021-06-26 01:40:26 +00:00			`GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}`