Skip to content

Commit

Permalink
Merge branch 'main' of github.com:defang-io/defang into 140
Browse files Browse the repository at this point in the history
  • Loading branch information
@Chrisyhjiang
Chrisyhjiang committed Jul 2, 2024
2 parents aba4023 + 198eec5 commit 643c150
Show file tree
Hide file tree
Showing 9 changed files with 303 additions and 35 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/check-sample.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v4

- name: Check for required files
run: |
Expand All @@ -37,14 +37,14 @@ jobs:
- [ ] I have documented how to provision any third-party services in the readme
- [ ] I have documented how to run the sample in the readme (locally and with Defang)
`;
// Get the current PR
const { data: pullRequest } = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: pr_number
});
// Check if the checklist already exists in the PR description
if (!pullRequest.body.includes(checklist)) {
// Update the PR description with the checklist
Expand Down
166 changes: 141 additions & 25 deletions .github/workflows/go.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,13 @@ jobs:
run: go test -test.short -v ./...
working-directory: src

- name: Build MacOS binary
run: GOOS=darwin go build ./cmd/cli
working-directory: src
# - name: Build MacOS binary
# run: GOOS=darwin go build ./cmd/cli
# working-directory: src

- name: Build Windows binary
run: GOOS=windows go build ./cmd/cli
working-directory: src
# - name: Build Windows binary
# run: GOOS=windows go build ./cmd/cli
# working-directory: src

- name: Verify Go modules
working-directory: src
Expand All @@ -43,6 +43,7 @@ jobs:
nix-shell-test:
runs-on: ubuntu-latest
needs: go-test
steps:
- uses: actions/checkout@v4

Expand All @@ -54,7 +55,7 @@ jobs:
- name: Check nix-shell default.nix
run: |
set -o pipefail
nix-shell --pure -E 'with import <nixpkgs> {}; mkShell { buildInputs = [ (import ./default.nix {}) ]; }' --run defang 2>&1 | sed -u 's|\s\+got:|::error file=pkgs/defang/cli.nix,line=6::Replace the vendorHash with the correct value:|'
nix-shell --pure -E 'with import <nixpkgs> {}; mkShell { buildInputs = [ (import ./default.nix {}) ]; }' --run defang 2>&1 | sed -u 's|\s\+got:|::error file=pkgs/defang/cli.nix,line=9::Replace the vendorHash with the correct value:|'
# go-byoc-test:
# runs-on: ubuntu-latest
Expand Down Expand Up @@ -89,6 +90,8 @@ jobs:
go-playground-test:
runs-on: ubuntu-latest
needs: go-test
env:
COMPOSE_PROJECT_NAME: ${{ github.run_id }}
steps:
- uses: actions/checkout@v4

Expand All @@ -114,16 +117,17 @@ jobs:
run: go run ./cmd/cli compose stop -f tests/sanity/compose.yaml --debug
working-directory: src

go-release:
if: startsWith(github.ref, 'refs/tags/v') # only run this step on tagged commits
build-and-sign:
name: Build app and sign files with Trusted Signing
environment: release
needs: go-test
runs-on: macos-latest
permissions:
contents: write # to upload archives as GitHub Releases
runs-on: windows-latest # for signtool
env: # from https://github.com/spiffe/spire/pull/5158
GOPATH: 'D:\golang\go'
GOCACHE: 'D:\golang\cache'
GOMODCACHE: 'D:\golang\modcache'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # for release notes

- name: Set up Go
uses: actions/setup-go@v5
Expand All @@ -135,36 +139,148 @@ jobs:
run: go mod download
working-directory: src

- name: Install Nix (for nix-prefetch-url)
uses: cachix/install-nix-action@v26
- name: Run GoReleaser (Windows and Linux)
uses: goreleaser/goreleaser-action@v5
with:
# distribution: goreleaser-pro # either 'goreleaser' (default) or 'goreleaser-pro'
# version: latest
args: build --id defang-cli ${{ !startsWith(github.ref, 'refs/tags/v') && '--snapshot' || '' }}
workdir: src

- name: Run GoReleaser
# From https://github.com/Azure/trusted-signing-action/pull/37
- name: Azure login
uses: azure/login@v1
if: startsWith(github.ref, 'refs/tags/v') # only run this step on tagged commits
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Trusted Signing
uses: Azure/[email protected]
if: startsWith(github.ref, 'refs/tags/v') # only run this step on tagged commits
with:
endpoint: https://wus2.codesigning.azure.net/ # from Azure portal
trusted-signing-account-name: DefangLabs # from Azure portal
certificate-profile-name: signed-binary-test # from Azure portal
files-folder: ${{ github.workspace }}\src\dist
files-folder-filter: exe # no dll
files-folder-recurse: true
file-digest: SHA256
timestamp-rfc3161: http://timestamp.acs.microsoft.com
timestamp-digest: SHA256
exclude-environment-credential: true
exclude-workload-identity-credential: true
exclude-managed-identity-credential: true
exclude-shared-token-cache-credential: true
exclude-visual-studio-credential: true
exclude-visual-studio-code-credential: true
exclude-azure-cli-credential: false
exclude-azure-powershell-credential: true
exclude-azure-developer-cli-credential: true
exclude-interactive-browser-credential: true

- name: Upload dist-win folder
uses: actions/upload-artifact@v4
with:
name: dist-win
path: src/dist
if-no-files-found: error

build-and-sign-mac:
name: Build app and sign MacOS
needs: go-test
runs-on: macos-latest # for codesign and notarytool
steps:
- uses: actions/checkout@v4

- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: src/go.mod
cache-dependency-path: src/go.sum

# - name: Download Go dependencies
# run: go mod download
# working-directory: src

- name: Run GoReleaser (macOS)
uses: goreleaser/goreleaser-action@v5
with:
# distribution: goreleaser-pro # either 'goreleaser' (default) or 'goreleaser-pro'
# version: latest
args: release --clean
args: build --id defang-mac ${{ !startsWith(github.ref, 'refs/tags/v') && '--snapshot' || '' }}
workdir: src
env:
GH_PAT_WINGET: ${{ secrets.GH_PAT_WINGET }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is limited to the current repository
MACOS_CERTIFICATE_NAME: ${{ secrets.MACOS_CERTIFICATE_NAME }}
MACOS_P12_BASE64: ${{ secrets.MACOS_P12_BASE64 }}
MACOS_P12_PASSWORD: ${{ secrets.MACOS_P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}

- name: Upload dist-mac folder
uses: actions/upload-artifact@v4
with:
name: dist-mac
path: src/dist
if-no-files-found: error

go-release:
if: startsWith(github.ref, 'refs/tags/v') # only run this step on tagged commits
environment: release
needs:
- build-and-sign-mac
- build-and-sign
runs-on: macos-latest # for notarization
permissions:
contents: write # to upload archives as GitHub Releases
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # for release notes

- name: Install Nix (for nix-prefetch-url)
uses: cachix/install-nix-action@v26

- name: Download dist-mac folder
uses: actions/download-artifact@v4
with:
name: dist-mac
path: src/distx

- name: Download dist-win folder
uses: actions/download-artifact@v4
with:
name: dist-win
path: src/distx

- name: List files
run: ls -lR src/dist

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
with:
distribution: goreleaser-pro # either 'goreleaser' (default) or 'goreleaser-pro'
# version: latest
args: release --config .goreleaser-prebuilt.yml
workdir: src
env:
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
GH_PAT_WINGET: ${{ secrets.GH_PAT_WINGET }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is limited to the current repository
DISCORD_WEBHOOK_ID: ${{ secrets.DISCORD_WEBHOOK_ID }}
DISCORD_WEBHOOK_TOKEN: ${{ secrets.DISCORD_WEBHOOK_TOKEN }}

- name: Notarize macOS app
- name: Notarize macOS app # TODO: move to goreleaser.yml
shell: bash
run: |
xcrun notarytool submit src/dist/defang_*_macOS.zip --apple-id "$MACOS_NOTARIZATION_APPLE_ID" --team-id "$MACOS_NOTARIZATION_TEAM_ID" --password "$MACOS_NOTARIZATION_APP_PW"
bin/notarize.sh dist/defang_*_macOS.zip
working-directory: src
env:
MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }}
MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.MACOS_NOTARIZATION_TEAM_ID }}
MACOS_NOTARIZATION_APP_PW: ${{ secrets.MACOS_NOTARIZATION_APP_PW }}

post-build:
post-release:
runs-on: ubuntu-latest
needs: go-release

Expand Down Expand Up @@ -200,7 +316,7 @@ jobs:
client-payload: '{"version": "${{ github.ref_name }}"}'

- name: Trigger Homebrew Formula Update
uses: peter-evans/repository-dispatch@v1
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ secrets.HOMEBREW_ACTION_TRIGGER_TOKEN }}
repository: DefangLabs/homebrew-defang
Expand Down Expand Up @@ -228,7 +344,7 @@ jobs:
# install dependencies
npm ci --ignore-scripts
#b uild
# build
npm run build
# make the cli.js executable
Expand Down
12 changes: 6 additions & 6 deletions flake.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions flake.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
gnumake
gnused # force Linux `sed` everywhere
go_1_21
goreleaser
nixfmt
nodejs_20 # for Pulumi, must match values in package.json
pulumi-bin
Expand Down
Loading

0 comments on commit 643c150

Please sign in to comment.