Merge pull request noisetorch#279 from noisetorch/272-automatic-relea…

…se-to-github automatic release to GitHub
VanceAlot · May 24, 2022 · 9ab760e · 9ab760e
2 parents 9f5cfdf + 536f5b3
commit 9ab760e
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 13 deletions.
diff --git a/.github/workflows/build-artifact.yml b/.github/workflows/build-artifact.yml
@@ -0,0 +1,23 @@
+---
+name: build dev artifact
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+      - uses: actions/checkout@v3
+      - run: make dev
+      - uses: actions/upload-artifact@v3
+        with:
+          name: linux_x64
+          path: ${{ github.workspace }}/bin/noisetorch
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,34 @@
+---
+name: release
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+permissions:
+  contents: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+      - uses: actions/checkout@v3
+      - name: Build release artifact
+        run: |
+          mkdir -p ~/.config/noisetorch
+          echo '${{ secrets.NOISETORCH_SIGNER_PRIVKEY_BASE64 }}' | base64 -d > ~/.config/noisetorch/private.key
+          make release
+          rm -rf ~/.config/noisetorch/
+          for f in bin/NoiseTorch_x64_*.tgz ; do md5sum ${f} | tee ${f}.md5sum ; sha512sum ${f} | tee ${f}.sha512sum ; done
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: |
+            ${{ github.workspace }}/bin/NoiseTorch_x64_*.tgz
+            ${{ github.workspace }}/bin/NoiseTorch_x64_*.tgz.sig
+            ${{ github.workspace }}/bin/NoiseTorch_x64_*.tgz.md5sum
+            ${{ github.workspace }}/bin/NoiseTorch_x64_*.tgz.sha512sum
diff --git a/Makefile b/Makefile
@@ -1,5 +1,5 @@
-UPDATE_URL=https://noisetorch.epicgamer.org
-UPDATE_PUBKEY=3mL+rBi4yBZ1wGimQ/oSQCjxELzgTh+673H4JdzQBOk=
+UPDATE_URL=
+UPDATE_PUBKEY=Md2rdsS+b6W0trgcqa5lAWP978Zj0sFmubJ252OPKwc=
 VERSION := $(shell git describe --tags)
 
 dev: rnnoise
@@ -18,14 +18,12 @@ release: rnnoise
 
 	mkdir -p tmp/.local/bin/
 	go generate
-	CGO_ENABLED=0 GOOS=linux go build -trimpath -tags release -a -ldflags '-s -w -extldflags "-static" -X main.version=${VERSION} -X main.distribution=official -X main.updateURL=${UPDATE_URL} -X main.publicKeyString=${UPDATE_PUBKEY}' .
-	upx noisetorch
+	CGO_ENABLED=0 GOOS=linux go build -trimpath -tags release -a -ldflags '-s -w -extldflags "-static" -X main.version=${VERSION} -X main.distribution=official' .
 	mv noisetorch tmp/.local/bin/
 	cd tmp/; \
-	tar cvzf ../bin/NoiseTorch_x64.tgz .
+	tar cvzf ../bin/NoiseTorch_x64_${VERSION}.tgz .
 	rm -rf tmp/
-	go run scripts/signer.go -s
-	git describe --tags > bin/version.txt
+	go run scripts/signer.go -s -f bin/NoiseTorch_x64_${VERSION}.tgz
 rnnoise:
 	git submodule update --init --recursive
 	$(MAKE) -C c/ladspa
diff --git a/scripts/signer.go b/scripts/signer.go
@@ -25,8 +25,13 @@ func main() { //nolint
 	var publicKeyString string
 	flag.StringVar(&publicKeyString, "k", "", "Public key to verify against (runs verifier if set)")
 
+	var artifactFile string
+	flag.StringVar(&artifactFile, "f", "", "Artifact file name and path that should be signed")
+
 	flag.Parse()
 
+	signatureFile := artifactFile + ".sig"
+
 	if doGenerate {
 		generateKeypair()
 		os.Exit(0)
@@ -38,10 +43,10 @@ func main() { //nolint
 		os.Exit(0)
 	}
 
-	if doSign {
+	if doSign && artifactFile != "" {
 		_, priv := loadKeys()
 
-		file, err := ioutil.ReadFile("bin/NoiseTorch_x64.tgz")
+		file, err := ioutil.ReadFile(artifactFile)
 		if err != nil {
 			panic(err)
 		}
@@ -50,24 +55,26 @@ func main() { //nolint
 		if err != nil {
 			panic(err)
 		}
-		if err := ioutil.WriteFile("bin/NoiseTorch_x64.tgz.sig", sig, 0644); err != nil {
+
+		err = ioutil.WriteFile(signatureFile, sig, 0640)
+		if err != nil {
 			panic(err)
 		}
 		os.Exit(0)
 	}
 
-	if publicKeyString != "" {
+	if publicKeyString != "" && artifactFile != "" && signatureFile != "" {
 		pub, err := base64.StdEncoding.DecodeString(publicKeyString)
 		if err != nil {
 			panic(err)
 		}
 
-		file, err := ioutil.ReadFile("bin/NoiseTorch_x64.tgz")
+		file, err := ioutil.ReadFile(artifactFile)
 		if err != nil {
 			panic(err)
 		}
 
-		sig, err := ioutil.ReadFile("bin/NoiseTorch_x64.tgz.sig")
+		sig, err := ioutil.ReadFile(signatureFile)
 		if err != nil {
 			panic(err)
 		}