From a8501d9ebfc938d842324d7964db75a1c825efad Mon Sep 17 00:00:00 2001 From: Jan De Dobbeleer Date: Wed, 27 Nov 2024 11:29:42 +0100 Subject: [PATCH] feat(release): use single release workflow --- .github/workflows/msi.yml | 2 +- .github/workflows/release2.yml | 145 +++++++++++++++++++++++++++++++++ build/post.ps1 | 16 ++++ build/pre.ps1 | 30 +++++++ packages/msi/build.ps1 | 15 ++-- 5 files changed, 199 insertions(+), 9 deletions(-) create mode 100644 .github/workflows/release2.yml create mode 100644 build/post.ps1 create mode 100644 build/pre.ps1 diff --git a/.github/workflows/msi.yml b/.github/workflows/msi.yml index 86bde2a9fb08..aad84ebc3bf9 100644 --- a/.github/workflows/msi.yml +++ b/.github/workflows/msi.yml @@ -26,7 +26,7 @@ jobs: AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} run: | $version = $env:GITHUB_REF.TrimStart("refs/tags/v") - ./build.ps1 -Architecture ${{ matrix.arch }} -Version $version -Download -Sign + ./build.ps1 -Architecture ${{ matrix.arch }} -Version $version -Download -Sign -Upload - name: Upload artifacts 🆙 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea with: diff --git a/.github/workflows/release2.yml b/.github/workflows/release2.yml new file mode 100644 index 000000000000..82d461fd5b77 --- /dev/null +++ b/.github/workflows/release2.yml @@ -0,0 +1,145 @@ +name: Release + +on: + push: + branches: + - next + paths: + - "src/**" + - "packages/**" + - ".github/workflows/**" + +jobs: + changelog: + runs-on: ubuntu-latest + outputs: + version: ${{ steps.changelog.outputs.version }} + body: ${{ steps.changelog.outputs.clean_changelog }} + tag: ${{ steps.changelog.outputs.tag }} + skipped: ${{ steps.changelog.outputs.skipped }} + steps: + - name: Checkout code 👋 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - name: Create changelog ✍️ + id: changelog + uses: TriPSs/conventional-changelog-action@3c4970b6573374889b897403d2f1278c395ea0df + with: + github-token: ${{ secrets.github_token }} + skip-version-file: "true" + output-file: "false" + skip-commit: "true" + skip-on-empty: "true" + skip-tag: "true" + + artifacts: + needs: changelog + if: ${{ needs.changelog.outputs.skipped == 'false' }} + runs-on: windows-latest + defaults: + run: + shell: pwsh + working-directory: ${{ github.workspace }}/build + steps: + - name: Checkout code 👋 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - name: Install Go 🗳 + uses: ./.github/workflows/composite/bootstrap-go + - name: Pre Build 😸 + env: + SIGNING_KEY: ${{ secrets.SIGNING_KEY }} + run: | + ./pre.ps1 -Version ${{ needs.changelog.outputs.version }} + - name: Run GoReleaser 🚀 + uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf + with: + distribution: goreleaser + version: v2.3.2 + args: release --clean --skip publish + workdir: src + env: + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + - name: Post Build 🤐 + run: | + ./post.ps1 + - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 + with: + name: build-artifacts + path: | + src/dist/posh-* + src/dist/themes.* + src/dist/checksums.* + msi: + needs: + - changelog + - artifacts + runs-on: windows-latest + strategy: + matrix: + arch: [x64, arm64, x86] + defaults: + run: + shell: pwsh + working-directory: ${{ github.workspace }}/packages/msi + steps: + - name: Checkout code 👋 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 + with: + name: build-artifacts + path: dist + - name: Install Wix Toolset 🛠 + run: dotnet tool install --global wix + - name: Build installer 📦 + id: build + env: + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + run: | + $version = '${{ needs.changelog.outputs.version }}'.TrimStart("v") + ./build.ps1 -Architecture ${{ matrix.arch }} -Version $version -Copy -Sign + - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 + with: + name: msi-artifact-${{ matrix.arch }} + path: | + packages/msi/out/install-${{ matrix.arch }}.msi + packages/msi/out/install-${{ matrix.arch }}.msi.sha256 + - uses: jandedobbeleer/azure-blob-storage-upload@main + with: + source_dir: ${{ github.workspace }}/packages/msi/out + container_name: ${{ needs.changelog.outputs.version }} + connection_string: ${{ secrets.CDN_CONNECTIONSTRING }} + extra_args: "--pattern *.msi*" + release: + runs-on: ubuntu-latest + needs: + - changelog + - msi + steps: + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 + - name: Display structure of downloaded files + run: ls -R + - name: Create version file + run: echo ${{ needs.changelog.outputs.version }} > version.txt + - uses: jandedobbeleer/azure-blob-storage-upload@main + name: Set latest on CDN + with: + source_dir: ${{ github.workspace }} + container_name: latest + connection_string: ${{ secrets.CDN_CONNECTIONSTRING }} + extra_args: "--pattern version.txt" + overwrite: "true" + # - name: Release 🎓 + # uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 + # with: + # tag_name: ${{ needs.changelog.outputs.tag }} + # body: ${{ needs.changelog.outputs.body }} + # fail_on_unmatched_files: true + # token: ${{ secrets.GH_PAT }} + # files: | + # dist/posh-* + # dist/themes.* + # dist/checksums.* + # dist/install.* diff --git a/build/post.ps1 b/build/post.ps1 new file mode 100644 index 000000000000..226ee7cbd808 --- /dev/null +++ b/build/post.ps1 @@ -0,0 +1,16 @@ +# Description: Post build script to compress the themes and generate SHA256 hashes for all files in the dist folder + +# Compress all themes +$compress = @{ + Path = "../themes/*.omp.*" + CompressionLevel = "Fastest" + DestinationPath = "../src/dist/themes.zip" +} +Compress-Archive @compress + +# Generate SHA256 hashes for all files in the dist folder +Get-ChildItem ./dist -Exclude *.yaml, *.sig | Get-Unique | +Foreach-Object { + $zipHash = Get-FileHash $_.FullName -Algorithm SHA256 + $zipHash.Hash | Out-File -Encoding 'UTF8' "../src/dist/$($_.Name).sha256" +} diff --git a/build/pre.ps1 b/build/pre.ps1 new file mode 100644 index 000000000000..5929c10fb182 --- /dev/null +++ b/build/pre.ps1 @@ -0,0 +1,30 @@ +Param +( + [string] + $Version, + [parameter(Mandatory = $false)] + [string] + $SDKVersion = "10.0.22621.0" +) + +git config --global user.name "GitHub Actions" +git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" +git tag $Version --force + +$PSDefaultParameterValues['Out-File:Encoding'] = 'UTF8' + +$shaSigningKeyLocation = Join-Path -Path $env:RUNNER_TEMP -ChildPath sha_signing_key.pem +$env:SIGNING_KEY > $shaSigningKeyLocation +Write-Output "SHA_SIGNING_KEY_LOCATION=$shaSigningKeyLocation" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + +# install code signing dlib +nuget.exe install Microsoft.Trusted.Signing.Client -Version 1.0.60 -ExcludeVersion -OutputDirectory $env:RUNNER_TEMP +Write-Output "SIGNTOOLDLIB=$env:RUNNER_TEMP/Microsoft.Trusted.Signing.Client/bin/x64/Azure.CodeSigning.Dlib.dll" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + +# requires Windows Dev Kit 10.0.22621.0 +$signtool = "C:/Program Files (x86)/Windows Kits/10/bin/$SDKVersion/x64/signtool.exe" +Write-Output "SIGNTOOL=$signtool" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append + +# openssl +$openssl = 'C:/Program Files/Git/usr/bin/openssl.exe' +Write-Output "OPENSSL=$openssl" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append diff --git a/packages/msi/build.ps1 b/packages/msi/build.ps1 index f0bee4197034..7a62731b384a 100644 --- a/packages/msi/build.ps1 +++ b/packages/msi/build.ps1 @@ -9,8 +9,8 @@ Param [parameter(Mandatory = $false)] [string] $SDKVersion = "10.0.22621.0", - [switch]$Download, - [switch]$Sign + [switch]$Sign, + [switch]$Copy ) $PSDefaultParameterValues['Out-File:Encoding'] = 'UTF8' @@ -18,24 +18,23 @@ $PSDefaultParameterValues['Out-File:Encoding'] = 'UTF8' New-Item -Path "." -Name "dist" -ItemType Directory -ErrorAction SilentlyContinue New-Item -Path "." -Name "out" -ItemType Directory -ErrorAction SilentlyContinue -if ($Download) { - # download the executable +if ($Copy) { switch ($Architecture) { 'x86' { $file = "posh-windows-386.exe" } 'x64' { $file = "posh-windows-amd64.exe" } Default { $file = "posh-windows-$Architecture.exe" } } - $name = "oh-my-posh.exe" - $url = "https://github.com/jandedobbeleer/oh-my-posh/releases/download/v$Version/$file" - Invoke-WebRequest $url -Out "./dist/$($name)" + # copy the correct architecture to ./dist + Copy-Item -Path "../../dist/$file" -Destination "./dist/oh-my-posh.exe" } # variables $env:VERSION = $Version # create MSI -$installer = "./out/install-$Architecture.msi" +$fileName = "install-$Architecture.msi" +$installer = "./out/$fileName" wix build -arch $Architecture -out $installer .\oh-my-posh.wxs if ($Sign) {