-
Notifications
You must be signed in to change notification settings - Fork 0
333 lines (283 loc) · 10.9 KB
/
Copy pathrelease.yml
File metadata and controls
333 lines (283 loc) · 10.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
name: Release
on:
push:
tags:
- 'v*'
permissions:
contents: write
jobs:
build:
strategy:
matrix:
include:
- goos: linux
goarch: amd64
suffix: linux-amd64
- goos: linux
goarch: arm64
suffix: linux-arm64
- goos: darwin
goarch: amd64
suffix: darwin-amd64
- goos: darwin
goarch: arm64
suffix: darwin-arm64
- goos: windows
goarch: amd64
suffix: windows-amd64
ext: .exe
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: go.mod
- name: Run tests
run: go test ./... -count=1
- name: Build binary
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
CGO_ENABLED: "0"
run: |
VERSION="${GITHUB_REF_NAME#v}"
COMMIT="$(git rev-parse --short HEAD)"
BUILD_DATE="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
PKG="github.com/codelake-dev/licscan/internal/version"
go build -trimpath \
-ldflags "-s -w \
-X ${PKG}.Version=${VERSION} \
-X ${PKG}.Commit=${COMMIT} \
-X ${PKG}.BuildDate=${BUILD_DATE}" \
-o "licscan-${{ matrix.suffix }}${{ matrix.ext }}" ./cmd/licscan
- name: Upload artifact
uses: actions/upload-artifact@v7
with:
name: licscan-${{ matrix.suffix }}
path: licscan-${{ matrix.suffix }}${{ matrix.ext }}
release:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
path: artifacts
merge-multiple: true
- name: Generate checksums
working-directory: artifacts
run: sha256sum licscan-* > checksums.txt
- name: Create GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: true
files: |
artifacts/licscan-*
artifacts/checksums.txt
body: |
## LicScan ${{ github.ref_name }}
Open-source license & compliance scanner for modern codebases.
### Installation
**One-liner (macOS / Linux):**
```bash
curl -fsSL https://install.codelake.dev/licscan/install.sh | sh
```
**Homebrew:**
```bash
brew install codelake-dev/tap/licscan
```
**macOS (Apple Silicon):**
```bash
curl -L -o licscan https://github.com/codelake-dev/licscan/releases/download/${{ github.ref_name }}/licscan-darwin-arm64
chmod +x licscan
sudo mv licscan /usr/local/bin/
```
**macOS (Intel):**
```bash
curl -L -o licscan https://github.com/codelake-dev/licscan/releases/download/${{ github.ref_name }}/licscan-darwin-amd64
chmod +x licscan
sudo mv licscan /usr/local/bin/
```
**Linux (x86_64):**
```bash
curl -L -o licscan https://github.com/codelake-dev/licscan/releases/download/${{ github.ref_name }}/licscan-linux-amd64
chmod +x licscan
sudo mv licscan /usr/local/bin/
```
**Windows:**
Download `licscan-windows-amd64.exe` and add it to your PATH.
---
https://github.com/codelake-dev/licscan
upload-r2:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
path: artifacts
merge-multiple: true
- name: Generate checksums
working-directory: artifacts
run: sha256sum licscan-* > checksums.txt
- name: Generate version.json
run: |
PUBLIC="${{ secrets.R2_PUBLIC_URL }}"
PUBLIC="${PUBLIC%/}"
VERSION="${{ github.ref_name }}"
cat > artifacts/version.json <<EOF
{
"name": "licscan",
"version": "${VERSION}",
"released_at": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
"repo": "https://github.com/codelake-dev/licscan",
"install": "curl -fsSL ${PUBLIC}/licscan/install.sh | sh",
"platforms": {
"linux/amd64": "${PUBLIC}/licscan/${VERSION}/licscan-linux-amd64",
"linux/arm64": "${PUBLIC}/licscan/${VERSION}/licscan-linux-arm64",
"darwin/amd64": "${PUBLIC}/licscan/${VERSION}/licscan-darwin-amd64",
"darwin/arm64": "${PUBLIC}/licscan/${VERSION}/licscan-darwin-arm64",
"windows/amd64": "${PUBLIC}/licscan/${VERSION}/licscan-windows-amd64.exe"
},
"checksums": "${PUBLIC}/licscan/${VERSION}/checksums.txt",
"latest": {
"linux/amd64": "${PUBLIC}/licscan/latest/licscan-linux-amd64",
"linux/arm64": "${PUBLIC}/licscan/latest/licscan-linux-arm64",
"darwin/amd64": "${PUBLIC}/licscan/latest/licscan-darwin-amd64",
"darwin/arm64": "${PUBLIC}/licscan/latest/licscan-darwin-arm64",
"windows/amd64": "${PUBLIC}/licscan/latest/licscan-windows-amd64.exe",
"checksums": "${PUBLIC}/licscan/latest/checksums.txt"
}
}
EOF
- name: Inject R2_PUBLIC_URL into install.sh
# install.sh ships with a sensible default (install.codelake.dev) for
# local testing; rewrite to the deployed CDN URL before upload so
# the script downloaded from R2 always hits R2.
run: |
PUBLIC="${{ secrets.R2_PUBLIC_URL }}"
PUBLIC="${PUBLIC%/}"
sed -i "s|https://install.codelake.dev|${PUBLIC}|g" install.sh
- name: Upload to R2
env:
AWS_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: auto
R2_ENDPOINT: https://${{ secrets.R2_ACCOUNT_ID }}.r2.cloudflarestorage.com
R2_BUCKET: ${{ secrets.R2_BUCKET }}
run: |
VERSION="${{ github.ref_name }}"
# Upload versioned binaries + checksums
aws s3 cp artifacts/ "s3://${R2_BUCKET}/licscan/${VERSION}/" \
--recursive --endpoint-url "${R2_ENDPOINT}"
# Upload as latest (overwrites the previous release)
aws s3 cp artifacts/ "s3://${R2_BUCKET}/licscan/latest/" \
--recursive --endpoint-url "${R2_ENDPOINT}"
# Upload version.json to licscan root
aws s3 cp artifacts/version.json "s3://${R2_BUCKET}/licscan/version.json" \
--endpoint-url "${R2_ENDPOINT}" \
--content-type application/json \
--cache-control "public, max-age=60"
# Upload install.sh to licscan root
aws s3 cp install.sh "s3://${R2_BUCKET}/licscan/install.sh" \
--endpoint-url "${R2_ENDPOINT}" \
--content-type "text/x-shellscript" \
--cache-control "public, max-age=60"
deploy-website:
needs: release
runs-on: ubuntu-latest
steps:
- name: Checkout website
uses: actions/checkout@v4
with:
repository: codelake-dev/licscan-website
token: ${{ secrets.HOMEBREW_TAP_TOKEN }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 22
- name: Build and deploy
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
run: |
npm ci
npm run build
npx wrangler pages deploy dist --project-name licscan-dev --branch main
update-homebrew:
needs: release
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v4
with:
path: artifacts
merge-multiple: true
- name: Compute SHA256 sums
id: sha
working-directory: artifacts
run: |
echo "darwin_arm64=$(sha256sum licscan-darwin-arm64 | cut -d' ' -f1)" >> "$GITHUB_OUTPUT"
echo "darwin_amd64=$(sha256sum licscan-darwin-amd64 | cut -d' ' -f1)" >> "$GITHUB_OUTPUT"
echo "linux_arm64=$(sha256sum licscan-linux-arm64 | cut -d' ' -f1)" >> "$GITHUB_OUTPUT"
echo "linux_amd64=$(sha256sum licscan-linux-amd64 | cut -d' ' -f1)" >> "$GITHUB_OUTPUT"
- name: Checkout homebrew-tap
uses: actions/checkout@v4
with:
repository: codelake-dev/homebrew-tap
token: ${{ secrets.HOMEBREW_TAP_TOKEN }}
path: tap
- name: Update formula
env:
VERSION: ${{ github.ref_name }}
run: |
VER="${VERSION#v}"
mkdir -p tap/Formula
cat > tap/Formula/licscan.rb <<RUBY
class Licscan < Formula
desc "Open-source license & compliance scanner for modern codebases"
homepage "https://github.com/codelake-dev/licscan"
license "Apache-2.0"
version "${VER}"
on_macos do
if Hardware::CPU.arm?
url "https://github.com/codelake-dev/licscan/releases/download/${VERSION}/licscan-darwin-arm64"
sha256 "${{ steps.sha.outputs.darwin_arm64 }}"
def install
bin.install "licscan-darwin-arm64" => "licscan"
end
else
url "https://github.com/codelake-dev/licscan/releases/download/${VERSION}/licscan-darwin-amd64"
sha256 "${{ steps.sha.outputs.darwin_amd64 }}"
def install
bin.install "licscan-darwin-amd64" => "licscan"
end
end
end
on_linux do
if Hardware::CPU.arm?
url "https://github.com/codelake-dev/licscan/releases/download/${VERSION}/licscan-linux-arm64"
sha256 "${{ steps.sha.outputs.linux_arm64 }}"
def install
bin.install "licscan-linux-arm64" => "licscan"
end
else
url "https://github.com/codelake-dev/licscan/releases/download/${VERSION}/licscan-linux-amd64"
sha256 "${{ steps.sha.outputs.linux_amd64 }}"
def install
bin.install "licscan-linux-amd64" => "licscan"
end
end
end
test do
assert_match "v#{version}", shell_output("#{bin}/licscan --version")
end
end
RUBY
- name: Push updated formula
working-directory: tap
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add Formula/licscan.rb
git commit -m "Update licscan to ${{ github.ref_name }}"
git push