Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

automatic release to GitHub #279

Merged
merged 9 commits into from
May 24, 2022
Merged

automatic release to GitHub #279

merged 9 commits into from
May 24, 2022

Conversation

ZyanKLee
Copy link
Contributor

@ZyanKLee ZyanKLee commented May 21, 2022
edited
Loading

  • disable update mechanism
  • remove upx (can later be added again, if need be)
  • generate dev binary and upload to pull_request

closes #272

ZyanKLee added 3 commits May 21, 2022 18:45
@ZyanKLee
chore: disable update mechanism
eb54376
@ZyanKLee
chore: remove upx
40eb5c7 
in my tests upx brought a reduction to 54% of the original size, which amounted to 4,5MiB decrease.
As we are talking about <10MiB here, I removed it to keep the complexity low.
@ZyanKLee
feat: build dev artifact and upload
6fd251a
@ZyanKLee ZyanKLee linked an issue May 21, 2022 that may be closed by this pull request
automatic release to GitHub #272
Closed
@ZyanKLee ZyanKLee marked this pull request as draft May 21, 2022 17:19
@ZyanKLee
Copy link
Contributor Author

For now I only implemented the dev build. What is missing is the actual releasing mechanics.

@ZyanKLee ZyanKLee marked this pull request as ready for review May 21, 2022 20:58
@ZyanKLee
Copy link
Contributor Author

This PR is ready for review. Anyone?

TheDukeofErl
TheDukeofErl approved these changes May 22, 2022
View reviewed changes
Copy link
Collaborator

@TheDukeofErl TheDukeofErl left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Had to take a little bit of time to familiarize myself with the Github CICD pipeline and its integration. Looks good to me!

@Dadadah
Copy link
Collaborator

Dadadah commented May 22, 2022

LGTM

@ZyanKLee
Copy link
Contributor Author

It just dawned on me, that I totally forgot to implement the key handling for the signer script. Will do that later today - latest tomorrow.

@ZyanKLee ZyanKLee marked this pull request as draft May 23, 2022 06:23
@ZyanKLee ZyanKLee marked this pull request as ready for review May 23, 2022 21:54
ZyanKLee
ZyanKLee commented May 23, 2022
View reviewed changes
Copy link
Contributor Author

@ZyanKLee ZyanKLee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now, this last commit adds the missing magic:

I created a secret variable in Github, which is decoded (base64 -d) and put in place. Then make release is run (which also runs the signer command) and finally I create a md5sum - just for good measures. In the end a release is being created and all those files are attached to it.

ZyanKLee
ZyanKLee commented May 23, 2022
View reviewed changes
Makefile
@@ -1,5 +1,5 @@
UPDATE_URL=
UPDATE_PUBKEY=
UPDATE_PUBKEY=Md2rdsS+b6W0trgcqa5lAWP978Zj0sFmubJ252OPKwc=
Copy link
Contributor Author

@ZyanKLee ZyanKLee May 23, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the public key that corresponds with the new signer key. They are used to in the end let update.go verify the integrity of our new release artifact.

ZyanKLee
ZyanKLee commented May 23, 2022
View reviewed changes
.github/workflows/release.yml
with:
files: |
${{ github.workspace }}/bin/NoiseTorch_x64_*.tgz
${{ github.workspace }}/bin/NoiseTorch_x64_*.tgz.sig
${{ github.workspace }}/bin/NoiseTorch_x64_*.tgz.md5sum
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

md5sum's are more common and more people know how to use them to verify the integrity of files.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whoops, sorry, meant to do a comment, not a review, so I deleted that. I'm still partial to doing an sha256sum over an md5 or sha1, given the cheapness of those attacks. At the very least, could we include both md5 and sha256?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would agree, if this was used to secure anything vital. But it's only a checksum to verify if the file has been altered or is another file altogether. You think this is still a reason to use some more sophisticated checksum algorithm?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh, well. why not? -> see 536f5b3

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! In reality, there probably isn't a huge amount of risk but it's something that doesn't hurt at all to add :)

I appreciate it getting added to the PR.

@ZyanKLee ZyanKLee merged commit 9ab760e into master May 24, 2022
@ZyanKLee ZyanKLee added this to the v0.12.0 milestone May 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TheDukeofErl TheDukeofErl TheDukeofErl approved these changes

@Dadadah Dadadah Awaiting requested review from Dadadah

@AXDOOMER AXDOOMER Awaiting requested review from AXDOOMER

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.12.0
Development

Successfully merging this pull request may close these issues.

automatic release to GitHub
3 participants
@ZyanKLee @Dadadah @TheDukeofErl