Merge pull request #32 from arduino/update-7.3 #34
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release | |
env: | |
# The name of the project | |
PROJECT_NAME: avrdude | |
DIST_DIR: dist | |
ARTIFACT_NAME: dist | |
# The project's folder on Arduino's download server for uploading builds | |
AWS_PLUGIN_TARGET: /tools/ | |
on: | |
push: | |
tags: | |
- "[0-9]+.[0-9]+*" | |
jobs: | |
build: | |
name: build (${{ matrix.config.os }}, ${{ matrix.config.arch }}) | |
runs-on: | |
ubuntu-latest | |
strategy: | |
matrix: | |
config: | |
- os: Linux | |
arch: 64bit | |
cross_compile: x86_64-ubuntu16.04-linux-gnu | |
- os: Linux | |
arch: 32bit | |
cross_compile: i686-ubuntu16.04-linux-gnu | |
- os: Linux | |
arch: ARMv6 | |
cross_compile: arm-linux-gnueabihf | |
- os: Linux | |
arch: ARM64 | |
cross_compile: aarch64-linux-gnu | |
- os: macOS | |
arch: 64bit | |
cross_compile: x86_64-apple-darwin13 | |
cross_compiler: o64-clang | |
ar: /opt/osxcross/target/bin/x86_64-apple-darwin13-ar # we have to manually specify the full path otherwise it's not found for some reason | |
ld: /opt/osxcross/target/bin/x86_64-apple-darwin13-ld | |
- os: Windows | |
arch: 32bit | |
cross_compile: i686-w64-mingw32 | |
extension: .exe | |
container: | |
image: ghcr.io/arduino/crossbuild:0.2.2 | |
steps: | |
# the tag must be formatted this way <AVRDUDE_TAG>-arduino.<ARDUINO_VERSION>, e.g tag -> 7.0-arduino.1 | |
- name: Set Avrdude tag name | |
id: get_tag_name | |
run: | | |
TAG="${GITHUB_REF##*/}" | |
echo ::set-output name=AVRDUDE_TAG::v${TAG%%-*} | |
# this repo should contain only the patches that could not be upstreamed and the release CI nothing else | |
- name: Checkout avrdude-packing repository | |
uses: actions/checkout@v3 | |
with: | |
path: avrdude-packing | |
- name: Checkout avrdude repository | |
uses: actions/checkout@v3 | |
with: | |
repository: avrdudes/avrdude | |
ref: ${{ steps.get_tag_name.outputs.AVRDUDE_TAG }} # pay attention, the pathches could need updating | |
path: ${{ env.PROJECT_NAME }} | |
- name: Set the version | |
working-directory: avrdude-packing/patches/ | |
run: perl -pi -e "s/ARDUINO_VERSION_PLACEHOLDER/${GITHUB_REF##*/}/g" 0008-Append-arduino-to-version-string.patch | |
- name: Apply patches | |
working-directory: ${{ env.PROJECT_NAME }} | |
run: git apply -v ../avrdude-packing/patches/*.patch | |
- name: replace system ranlib with darwin one | |
# for some reason is not possible to override ranlib with env vars, so this is ugly but it's the only way I found | |
if: matrix.config.os == 'macOS' | |
run: | | |
mv /usr/bin/ranlib /usr/bin/ranlib.bk | |
ln -s /opt/osxcross/target/bin/${{ matrix.config.cross_compile }}-ranlib /usr/bin/ranlib | |
- name: Build Avrdude | |
working-directory: ${{ env.PROJECT_NAME }} | |
run: | | |
if [ "${{ matrix.config.os }}" = "macOS" ]; then | |
# For darwin we disable the static flags (not supported by clang) and we make some adjustments | |
cmake -DCMAKE_C_COMPILER=${{ matrix.config.cross_compiler }} -DCMAKE_CXX_COMPILER=${{ matrix.config.cross_compiler }}++ -DCMAKE_AR=${{ matrix.config.ar }} -DCMAKE_LINKER=${{ matrix.config.ld}} -DCMAKE_EXE_LINKER_FLAGS="-L/opt/lib/${{ matrix.config.cross_compile }}/lib/" -DCMAKE_C_FLAGS="-I/opt/lib/${{ matrix.config.cross_compile }}/include -pthread -framework Foundation -framework IOKit -framework Cocoa -framework Security -DHAVE_USB_H" -DCMAKE_PREFIX_PATH=/opt/lib/${{ matrix.config.cross_compile }}/ -DHAVE_LIBFTDI="NO" -DUSE_STATIC_LIBS="ON" -B build/ | |
else | |
cmake -DCMAKE_C_COMPILER=${{ matrix.config.cross_compile }}-gcc -DCMAKE_CXX_COMPILER=${{ matrix.config.cross_compile }}-g++ -DCMAKE_EXE_LINKER_FLAGS="-static-libgcc -static-libstdc++" -DCMAKE_C_FLAGS="-I/opt/lib/${{ matrix.config.cross_compile }}/include/libusb-1.0/ -I/opt/lib/${{ matrix.config.cross_compile }}/include -pthread" -DCMAKE_PREFIX_PATH=/opt/lib/${{ matrix.config.cross_compile }}/ -DHAVE_LIBFTDI="NO" -DUSE_STATIC_LIBS="ON" -B build/ | |
fi | |
cmake --build build/ -v | |
- name: Package | |
working-directory: ${{ env.PROJECT_NAME }} | |
run: | # we need to create the subdir where to place binaries | |
mkdir -p ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }}/bin ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }}/etc | |
chmod +x build/src/${{ env.PROJECT_NAME }}${{ matrix.config.extension }} | |
mv -v build/src/${{ env.PROJECT_NAME }}${{ matrix.config.extension }} ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }}/bin | |
mv -v build/src/${{ env.PROJECT_NAME }}.conf ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }}/etc | |
mv -v COPYING ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }}/LICENSE.txt | |
tar -czv ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }} -f ${{ env.PROJECT_NAME }}_${GITHUB_REF##*/}_${{ matrix.config.os }}_${{ matrix.config.arch }}.tar.gz | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
if-no-files-found: error | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.PROJECT_NAME }}/${{ env.PROJECT_NAME }}_* | |
notarize-macos: | |
runs-on: macos-latest | |
needs: build | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.DIST_DIR }} | |
- name: Import Code-Signing Certificates | |
env: | |
KEYCHAIN: "sign.keychain" | |
INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12" | |
KEYCHAIN_PASSWORD: keychainpassword # Arbitrary password for a keychain that exists only for the duration of the job, so not secret | |
run: | | |
echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}" | |
security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" | |
security default-keychain -s "${{ env.KEYCHAIN }}" | |
security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}" | |
security import \ | |
"${{ env.INSTALLER_CERT_MAC_PATH }}" \ | |
-k "${{ env.KEYCHAIN }}" \ | |
-f pkcs12 \ | |
-A \ | |
-T "/usr/bin/codesign" \ | |
-P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}" | |
security set-key-partition-list \ | |
-S apple-tool:,apple: \ | |
-s \ | |
-k "${{ env.KEYCHAIN_PASSWORD }}" \ | |
"${{ env.KEYCHAIN }}" | |
- name: Install gon for code signing and app notarization | |
run: | | |
wget -q https://github.com/Bearer/gon/releases/download/v0.0.27/gon_macos.zip | |
unzip gon_macos.zip -d /usr/local/bin | |
- name: Sign and notarize binary | |
env: | |
AC_USERNAME: ${{ secrets.AC_USERNAME }} | |
AC_PASSWORD: ${{ secrets.AC_PASSWORD }} | |
AC_PROVIDER: ${{ secrets.AC_PROVIDER }} | |
run: | | |
gon gon.config.hcl | |
- name: Re-package binary | |
# This step performs the following: | |
# 1. Repackage the signed binary replaced in place by Gon (ignoring the output zip file) | |
run: | | |
# GitHub's upload/download-artifact actions don't preserve file permissions, | |
# so we need to add execution permission back until the action is made to do this. | |
chmod +x ${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_macOS_64bit/bin/${{ env.PROJECT_NAME }} | |
TAG="${GITHUB_REF/refs\/tags\//}" | |
tar -czvf "${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_${TAG}_macOS_64bit.tar.gz" \ | |
-C ${{ env.DIST_DIR }}/ ${{ env.PROJECT_NAME }}_macOS_64bit/ | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
if-no-files-found: error | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.DIST_DIR }} | |
create-release: | |
runs-on: | |
ubuntu-latest | |
needs: [build, notarize-macos] | |
steps: | |
- name: Checkout repository # we need package_index.template | |
uses: actions/checkout@v3 | |
- name: Download artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.DIST_DIR }} | |
- name: Identify Prerelease | |
# This is a workaround while waiting for create-release action | |
# to implement auto pre-release based on tag | |
id: prerelease | |
run: | | |
wget -q -P /tmp https://github.com/fsaintjacques/semver-tool/archive/3.2.0.zip | |
unzip -p /tmp/3.2.0.zip semver-tool-3.2.0/src/semver >/tmp/semver && chmod +x /tmp/semver | |
if [[ "$(/tmp/semver get prerel "${GITHUB_REF/refs\/tags\//}")" ]]; then echo "::set-output name=IS_PRE::true"; fi | |
- name: Generate package index entry | |
run: | | |
TAG=${GITHUB_REF/refs\/tags\//} | |
package_index=`cat package_index.template | sed s/%%VERSION%%/${TAG}/` | |
declare -a target_folders=("Windows_32bit" "Linux_64bit" "macOS_64bit" "Linux_32bit" "Linux_ARMv6" "Linux_ARM64") | |
cd dist | |
for folder in "${target_folders[@]}" | |
do | |
ARCHIVE_NAME=${{ env.PROJECT_NAME }}_${TAG}_${folder}.tar.gz | |
T_OS=`echo ${folder} | awk '{print toupper($0)}'` | |
SHASUM=`sha256sum ${ARCHIVE_NAME} | cut -f1 -d" "` | |
SIZE=`stat --printf="%s" ${ARCHIVE_NAME}` | |
package_index=`echo "$package_index" | | |
sed s/%%FILENAME_${T_OS}%%/${ARCHIVE_NAME}/ | | |
sed s/%%FILENAME_${T_OS}%%/${ARCHIVE_NAME}/ | | |
sed s/%%SIZE_${T_OS}%%/${SIZE}/ | | |
sed s/%%SHA_${T_OS}%%/${SHASUM}/` | |
done | |
cd .. | |
echo ================== CUT ME HERE ===================== | |
echo "${package_index}" | |
echo "${package_index}" > package_index_draft.json | |
- name: Create Github Release and upload artifacts | |
uses: ncipollo/release-action@v1 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
draft: false | |
prerelease: ${{ steps.prerelease.outputs.IS_PRE }} | |
# NOTE: "Artifact is a directory" warnings are expected and don't indicate a problem | |
# (all the files we need are in the DIST_DIR root) | |
artifacts: "${{ env.DIST_DIR }}/*,package_index_draft.json" | |
- name: Upload release files on Arduino downloads servers | |
uses: docker://plugins/s3 | |
env: | |
PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*" | |
PLUGIN_TARGET: ${{ env.AWS_PLUGIN_TARGET }} | |
PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/" | |
PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |