diff --git a/.github/workflows/build-artifact.yml b/.github/workflows/build-artifact.yml new file mode 100644 index 0000000..0313e59 --- /dev/null +++ b/.github/workflows/build-artifact.yml @@ -0,0 +1,23 @@ +--- +name: build dev artifact + +on: + pull_request: + +permissions: + contents: read + pull-requests: read + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/setup-go@v3 + with: + go-version: 1.18 + - uses: actions/checkout@v3 + - run: make dev + - uses: actions/upload-artifact@v3 + with: + name: linux_x64 + path: ${{ github.workspace }}/bin/noisetorch diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..304d5f1 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,34 @@ +--- +name: release + +on: + push: + tags: + - "v*.*.*" + +permissions: + contents: write + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/setup-go@v3 + with: + go-version: 1.18 + - uses: actions/checkout@v3 + - name: Build release artifact + run: | + mkdir -p ~/.config/noisetorch + echo '${{ secrets.NOISETORCH_SIGNER_PRIVKEY_BASE64 }}' | base64 -d > ~/.config/noisetorch/private.key + make release + rm -rf ~/.config/noisetorch/ + for f in bin/NoiseTorch_x64_*.tgz ; do md5sum ${f} | tee ${f}.md5sum ; sha512sum ${f} | tee ${f}.sha512sum ; done + - name: Release + uses: softprops/action-gh-release@v1 + with: + files: | + ${{ github.workspace }}/bin/NoiseTorch_x64_*.tgz + ${{ github.workspace }}/bin/NoiseTorch_x64_*.tgz.sig + ${{ github.workspace }}/bin/NoiseTorch_x64_*.tgz.md5sum + ${{ github.workspace }}/bin/NoiseTorch_x64_*.tgz.sha512sum diff --git a/Makefile b/Makefile index 91302ef..4f97778 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ -UPDATE_URL=https://noisetorch.epicgamer.org -UPDATE_PUBKEY=3mL+rBi4yBZ1wGimQ/oSQCjxELzgTh+673H4JdzQBOk= +UPDATE_URL= +UPDATE_PUBKEY=Md2rdsS+b6W0trgcqa5lAWP978Zj0sFmubJ252OPKwc= VERSION := $(shell git describe --tags) dev: rnnoise @@ -18,13 +18,11 @@ release: rnnoise mkdir -p tmp/.local/bin/ go generate - CGO_ENABLED=0 GOOS=linux go build -trimpath -tags release -a -ldflags '-s -w -extldflags "-static" -X main.version=${VERSION} -X main.distribution=official -X main.updateURL=${UPDATE_URL} -X main.publicKeyString=${UPDATE_PUBKEY}' . - upx noisetorch + CGO_ENABLED=0 GOOS=linux go build -trimpath -tags release -a -ldflags '-s -w -extldflags "-static" -X main.version=${VERSION} -X main.distribution=official' . mv noisetorch tmp/.local/bin/ cd tmp/; \ - tar cvzf ../bin/NoiseTorch_x64.tgz . + tar cvzf ../bin/NoiseTorch_x64_${VERSION}.tgz . rm -rf tmp/ - go run scripts/signer.go -s - git describe --tags > bin/version.txt + go run scripts/signer.go -s -f bin/NoiseTorch_x64_${VERSION}.tgz rnnoise: $(MAKE) -C c/ladspa diff --git a/scripts/signer.go b/scripts/signer.go index aff95e9..0ad69c8 100644 --- a/scripts/signer.go +++ b/scripts/signer.go @@ -25,8 +25,13 @@ func main() { var publicKeyString string flag.StringVar(&publicKeyString, "k", "", "Public key to verify against (runs verifier if set)") + var artifactFile string + flag.StringVar(&artifactFile, "f", "", "Artifact file name and path that should be signed") + flag.Parse() + signatureFile := artifactFile + ".sig" + if doGenerate { generateKeypair() os.Exit(0) @@ -38,10 +43,10 @@ func main() { os.Exit(0) } - if doSign { + if doSign && artifactFile != "" { _, priv := loadKeys() - file, err := ioutil.ReadFile("bin/NoiseTorch_x64.tgz") + file, err := ioutil.ReadFile(artifactFile) if err != nil { panic(err) } @@ -50,24 +55,26 @@ func main() { if err != nil { panic(err) } - if err := ioutil.WriteFile("bin/NoiseTorch_x64.tgz.sig", sig, 0644); err != nil { + + err = ioutil.WriteFile(signatureFile, sig, 0640) + if err != nil { panic(err) } os.Exit(0) } - if publicKeyString != "" { + if publicKeyString != "" && artifactFile != "" && signatureFile != "" { pub, err := base64.StdEncoding.DecodeString(publicKeyString) if err != nil { panic(err) } - file, err := ioutil.ReadFile("bin/NoiseTorch_x64.tgz") + file, err := ioutil.ReadFile(artifactFile) if err != nil { panic(err) } - sig, err := ioutil.ReadFile("bin/NoiseTorch_x64.tgz.sig") + sig, err := ioutil.ReadFile(signatureFile) if err != nil { panic(err) }