fix patch #30

Workflow file for this run

.github/workflows/release.yml at f5532cb

	name: release

	env:
	# The name of the project
	PROJECT_NAME: avrdude
	DIST_DIR: dist
	ARTIFACT_NAME: dist
	# The project's folder on Arduino's download server for uploading builds
	AWS_PLUGIN_TARGET: /tools/

	on:
	push:
	tags:
	- "[0-9]+.[0-9]+*"

	jobs:
	build:
	name: build (${{ matrix.config.os }}, ${{ matrix.config.arch }})
	runs-on:
	ubuntu-latest
	strategy:
	matrix:
	config:
	- os: Linux
	arch: 64bit
	cross_compile: x86_64-ubuntu16.04-linux-gnu
	- os: Linux
	arch: 32bit
	cross_compile: i686-ubuntu16.04-linux-gnu
	- os: Linux
	arch: ARMv6
	cross_compile: arm-linux-gnueabihf
	- os: Linux
	arch: ARM64
	cross_compile: aarch64-linux-gnu
	- os: macOS
	arch: 64bit
	cross_compile: x86_64-apple-darwin13
	cross_compiler: o64-clang
	ar: /opt/osxcross/target/bin/x86_64-apple-darwin13-ar # we have to manually specify the full path otherwise it's not found for some reason
	ld: /opt/osxcross/target/bin/x86_64-apple-darwin13-ld
	- os: Windows
	arch: 32bit
	cross_compile: i686-w64-mingw32
	extension: .exe

	container:
	image: ghcr.io/arduino/crossbuild:0.2.2

	steps:
	# the tag must be formatted this way <AVRDUDE_TAG>-arduino.<ARDUINO_VERSION>, e.g tag -> 7.0-arduino.1
	- name: Set Avrdude tag name
	id: get_tag_name
	run: \|
	TAG="${GITHUB_REF##*/}"
	echo ::set-output name=AVRDUDE_TAG::v${TAG%%-*}

	# this repo should contain only the patches that could not be upstreamed and the release CI nothing else
	- name: Checkout avrdude-packing repository
	uses: actions/checkout@v3
	with:
	path: avrdude-packing

	- name: Checkout avrdude repository
	uses: actions/checkout@v3
	with:
	repository: avrdudes/avrdude
	ref: ${{ steps.get_tag_name.outputs.AVRDUDE_TAG }} # pay attention, the pathches could need updating
	path: ${{ env.PROJECT_NAME }}

	- name: Set the version
	working-directory: avrdude-packing/patches/
	run: perl -pi -e "s/ARDUINO_VERSION_PLACEHOLDER/${GITHUB_REF##*/}/g" 0008-Append-arduino-to-version-string.patch

	- name: Apply patches
	working-directory: ${{ env.PROJECT_NAME }}
	run: git apply -v ../avrdude-packing/patches/*.patch

	- name: replace system ranlib with darwin one
	# for some reason is not possible to override ranlib with env vars, so this is ugly but it's the only way I found
	if: matrix.config.os == 'macOS'
	run: \|
	mv /usr/bin/ranlib /usr/bin/ranlib.bk
	ln -s /opt/osxcross/target/bin/${{ matrix.config.cross_compile }}-ranlib /usr/bin/ranlib

	- name: Build Avrdude
	working-directory: ${{ env.PROJECT_NAME }}
	run: \|
	if [ "${{ matrix.config.os }}" = "macOS" ]; then
	# For darwin we disable the static flags (not supported by clang) and we make some adjustments
	cmake -DCMAKE_C_COMPILER=${{ matrix.config.cross_compiler }} -DCMAKE_CXX_COMPILER=${{ matrix.config.cross_compiler }}++ -DCMAKE_AR=${{ matrix.config.ar }} -DCMAKE_LINKER=${{ matrix.config.ld}} -DCMAKE_EXE_LINKER_FLAGS="-L/opt/lib/${{ matrix.config.cross_compile }}/lib/" -DCMAKE_C_FLAGS="-I/opt/lib/${{ matrix.config.cross_compile }}/include -pthread -framework Foundation -framework IOKit -framework Cocoa -framework Security -DHAVE_USB_H" -DCMAKE_PREFIX_PATH=/opt/lib/${{ matrix.config.cross_compile }}/ -DHAVE_LIBFTDI="NO" -DUSE_STATIC_LIBS="ON" -B build/
	else
	cmake -DCMAKE_C_COMPILER=${{ matrix.config.cross_compile }}-gcc -DCMAKE_CXX_COMPILER=${{ matrix.config.cross_compile }}-g++ -DCMAKE_EXE_LINKER_FLAGS="-static-libgcc -static-libstdc++" -DCMAKE_C_FLAGS="-I/opt/lib/${{ matrix.config.cross_compile }}/include/libusb-1.0/ -I/opt/lib/${{ matrix.config.cross_compile }}/include -pthread" -DCMAKE_PREFIX_PATH=/opt/lib/${{ matrix.config.cross_compile }}/ -DHAVE_LIBFTDI="NO" -DUSE_STATIC_LIBS="ON" -B build/
	fi
	cmake --build build/ -v

	- name: Package
	working-directory: ${{ env.PROJECT_NAME }}
	run: \| # we need to create the subdir where to place binaries
	mkdir -p ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }}/bin ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }}/etc
	chmod +x build/src/${{ env.PROJECT_NAME }}${{ matrix.config.extension }}
	mv -v build/src/${{ env.PROJECT_NAME }}${{ matrix.config.extension }} ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }}/bin
	mv -v build/src/${{ env.PROJECT_NAME }}.conf ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }}/etc
	mv -v COPYING ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }}/LICENSE.txt
	tar -czv ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }} -f ${{ env.PROJECT_NAME }}_${GITHUB_REF##*/}_${{ matrix.config.os }}_${{ matrix.config.arch }}.tar.gz

	- name: Upload artifacts
	uses: actions/upload-artifact@v3
	with:
	if-no-files-found: error
	name: ${{ env.ARTIFACT_NAME }}
	path: ${{ env.PROJECT_NAME }}/${{ env.PROJECT_NAME }}_*

	notarize-macos:
	runs-on: macos-latest
	needs: build

	steps:
	- name: Checkout repository
	uses: actions/checkout@v3

	- name: Download artifacts
	uses: actions/download-artifact@v3
	with:
	name: ${{ env.ARTIFACT_NAME }}
	path: ${{ env.DIST_DIR }}

	- name: Import Code-Signing Certificates
	env:
	KEYCHAIN: "sign.keychain"
	INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12"
	KEYCHAIN_PASSWORD: keychainpassword # Arbitrary password for a keychain that exists only for the duration of the job, so not secret
	run: \|
	echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" \| base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}"
	security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
	security default-keychain -s "${{ env.KEYCHAIN }}"
	security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
	security import \
	"${{ env.INSTALLER_CERT_MAC_PATH }}" \
	-k "${{ env.KEYCHAIN }}" \
	-f pkcs12 \
	-A \
	-T "/usr/bin/codesign" \
	-P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}"
	security set-key-partition-list \
	-S apple-tool:,apple: \
	-s \
	-k "${{ env.KEYCHAIN_PASSWORD }}" \
	"${{ env.KEYCHAIN }}"

	- name: Install gon for code signing and app notarization
	run: \|
	wget -q https://github.com/Bearer/gon/releases/download/v0.0.27/gon_macos.zip
	unzip gon_macos.zip -d /usr/local/bin

	- name: Sign and notarize binary
	env:
	AC_USERNAME: ${{ secrets.AC_USERNAME }}
	AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
	AC_PROVIDER: ${{ secrets.AC_PROVIDER }}
	run: \|
	gon gon.config.hcl

	- name: Re-package binary
	# This step performs the following:
	# 1. Repackage the signed binary replaced in place by Gon (ignoring the output zip file)
	run: \|
	# GitHub's upload/download-artifact actions don't preserve file permissions,
	# so we need to add execution permission back until the action is made to do this.
	chmod +x ${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_macOS_64bit/bin/${{ env.PROJECT_NAME }}
	TAG="${GITHUB_REF/refs\/tags\//}"
	tar -czvf "${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_${TAG}_macOS_64bit.tar.gz" \
	-C ${{ env.DIST_DIR }}/ ${{ env.PROJECT_NAME }}_macOS_64bit/

	- name: Upload artifacts
	uses: actions/upload-artifact@v3
	with:
	if-no-files-found: error
	name: ${{ env.ARTIFACT_NAME }}
	path: ${{ env.DIST_DIR }}

	create-release:
	runs-on:
	ubuntu-latest
	needs: [build, notarize-macos]

	steps:
	- name: Checkout repository # we need package_index.template
	uses: actions/checkout@v3

	- name: Download artifact
	uses: actions/download-artifact@v3
	with:
	name: ${{ env.ARTIFACT_NAME }}
	path: ${{ env.DIST_DIR }}

	- name: Identify Prerelease
	# This is a workaround while waiting for create-release action
	# to implement auto pre-release based on tag
	id: prerelease
	run: \|
	wget -q -P /tmp https://github.com/fsaintjacques/semver-tool/archive/3.2.0.zip
	unzip -p /tmp/3.2.0.zip semver-tool-3.2.0/src/semver >/tmp/semver && chmod +x /tmp/semver
	if [[ "$(/tmp/semver get prerel "${GITHUB_REF/refs\/tags\//}")" ]]; then echo "::set-output name=IS_PRE::true"; fi

	- name: Generate package index entry
	run: \|
	TAG=${GITHUB_REF/refs\/tags\//}
	package_index=`cat package_index.template \| sed s/%%VERSION%%/${TAG}/`
	declare -a target_folders=("Windows_32bit" "Linux_64bit" "macOS_64bit" "Linux_32bit" "Linux_ARMv6" "Linux_ARM64")
	cd dist
	for folder in "${target_folders[@]}"
	do
	ARCHIVE_NAME=${{ env.PROJECT_NAME }}_${TAG}_${folder}.tar.gz
	T_OS=`echo ${folder} \| awk '{print toupper($0)}'`
	SHASUM=`sha256sum ${ARCHIVE_NAME} \| cut -f1 -d" "`
	SIZE=`stat --printf="%s" ${ARCHIVE_NAME}`
	package_index=`echo "$package_index" \|
	sed s/%%FILENAME_${T_OS}%%/${ARCHIVE_NAME}/ \|
	sed s/%%FILENAME_${T_OS}%%/${ARCHIVE_NAME}/ \|
	sed s/%%SIZE_${T_OS}%%/${SIZE}/ \|
	sed s/%%SHA_${T_OS}%%/${SHASUM}/`
	done
	cd ..
	echo ================== CUT ME HERE =====================
	echo "${package_index}"
	echo "${package_index}" > package_index_draft.json

	- name: Create Github Release and upload artifacts
	uses: ncipollo/release-action@v1
	with:
	token: ${{ secrets.GITHUB_TOKEN }}
	draft: false
	prerelease: ${{ steps.prerelease.outputs.IS_PRE }}
	# NOTE: "Artifact is a directory" warnings are expected and don't indicate a problem
	# (all the files we need are in the DIST_DIR root)
	artifacts: "${{ env.DIST_DIR }}/*,package_index_draft.json"

	- name: Upload release files on Arduino downloads servers
	uses: docker://plugins/s3
	env:
	PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*"
	PLUGIN_TARGET: ${{ env.AWS_PLUGIN_TARGET }}
	PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/"
	PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix patch #30

Workflow file

fix patch #30

Jobs

Run details

Workflow file for this run