-
-
Notifications
You must be signed in to change notification settings - Fork 3
251 lines (202 loc) · 9.14 KB
/
build_packages.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
name: Release with packages
on:
workflow_dispatch: # allow manual execution
push:
tags:
- 'v*'
jobs:
create_release_deb: # name used to identify the output in other jobs
name: Create Release with Debian package
runs-on: ubuntu-22.04
permissions:
contents: write
outputs:
upload_url: ${{ steps.create_release.outputs.upload_url }}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install Debian packages
run: |
sudo apt update && sudo apt install -y python3-dnspython python3-requests python3-netifaces python3-psutil python3-distro python3-pip python3-dateutil python3-venv python3-systemd mokutil
- name: Create venv
run: python3 -m venv venv --system-site-packages
- name: Install Python packages
run: venv/bin/pip3 install pyinstaller .
- name: Compile binaries
run: venv/bin/pyinstaller oco-agent.linux.spec
- name: Execute package build
run: cd installer/debian/ && ./build.sh
- name: Get version name for Github release title
run: echo "VERSION=Version $(python3 -c 'import oco_agent; print(oco_agent.__version__)')" >> $GITHUB_ENV
- id: create_release
name: Create Github release
uses: actions/create-release@v1
env:
# this token is provided automatically by Actions with permissions declared above
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
draft: true # create a release draft - only the master of disaster is allowed to publish it
prerelease: false
release_name: ${{ env.VERSION }}
tag_name: ${{ github.ref }}
- name: Get artifact
run: |
echo "ARTIFACT_PATH=$(find installer/ -name "*.deb")" >> $GITHUB_ENV
echo "ARTIFACT_NAME=$(basename $(find installer/ -name "*.deb") .deb)" >> $GITHUB_ENV
- name: Upload artifact
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ github.token }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ${{ env.ARTIFACT_PATH }}
asset_name: ${{ env.ARTIFACT_NAME }}.deb
asset_content_type: application/vnd.debian.binary-package
create_pkg:
name: Create macOS package
runs-on: macos-14-large
needs: create_release_deb
permissions:
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install Python
uses: actions/setup-python@v5
with:
python-version: '3.10'
- name: Create venv
run: python -m venv venv
- name: Install Python packages
run: venv/bin/pip3 install pyinstaller .
- name: Importing signing certificates
run: |
# create and unlock temporary keychain
KEYCHAIN_NAME=$RUNNER_TEMP/build.keychain
KEYCHAIN_PASS=$(head -c 8 /dev/urandom | od -An -tu8 | awk '{$1=$1};1')
security create-keychain -p $KEYCHAIN_PASS $KEYCHAIN_NAME
security default-keychain -s $KEYCHAIN_NAME
security set-keychain-settings -lut 21600 $KEYCHAIN_NAME
security unlock-keychain -p $KEYCHAIN_PASS $KEYCHAIN_NAME
# add certificate to keychain
CERT_FILE=build.p12
echo "${{ secrets.DEVELOPER_ID_APPLICATION_CERT_BASE64 }}" | base64 --decode > $CERT_FILE
security import $CERT_FILE -k $KEYCHAIN_NAME -P "${{ secrets.DEVELOPER_ID_APPLICATION_CERT_PASSWORD }}" -T /usr/bin/codesign >/dev/null 2>&1
echo "${{ secrets.DEVELOPER_ID_INSTALLER_CERT_BASE64 }}" | base64 --decode > $CERT_FILE
security import $CERT_FILE -k $KEYCHAIN_NAME -P "${{ secrets.DEVELOPER_ID_INSTALLER_CERT_PASSWORD }}" -T /usr/bin/pkgbuild -T /usr/bin/productsign >/dev/null 2>&1
rm -fr $CERT_FILE
#security find-identity -v #-p codesigning
# enable codesigning from a non user interactive shell
security set-key-partition-list -S apple-tool:,apple: -s -k $KEYCHAIN_PASS $KEYCHAIN_NAME >/dev/null 2>&1
- name: Compile binaries
run: venv/bin/pyinstaller oco-agent.macos.spec
- name: Execute package build
run: cd installer/macos/ && ./build.sh
env:
DEVELOPER_ID_INSTALLER_CERT_BASE64: ${{ secrets.DEVELOPER_ID_INSTALLER_CERT_BASE64 }}
DEVELOPER_ID_INSTALLER_CERT_PASSWORD: ${{ secrets.DEVELOPER_ID_INSTALLER_CERT_PASSWORD }}
DEVELOPER_ACCOUNT_USERNAME: ${{ secrets.DEVELOPER_ACCOUNT_USERNAME }}
DEVELOPER_ACCOUNT_PASSWORD: ${{ secrets.DEVELOPER_ACCOUNT_PASSWORD }}
DEVELOPER_ACCOUNT_TEAM: ${{ secrets.DEVELOPER_ACCOUNT_TEAM }}
- name: Purging signing keychain
run: |
security delete-keychain $RUNNER_TEMP/build.keychain
- name: Upload artifact
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ github.token }}
with:
upload_url: ${{ needs.create_release_deb.outputs.upload_url }}
asset_path: installer/macos/target/pkg-signed/oco-agent.pkg
asset_name: oco-agent-x86.pkg
asset_content_type: application/octet-stream
create_pkg_arm:
name: Create macOS ARM package
runs-on: macos-14-xlarge
needs: create_release_deb
permissions:
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install Python
uses: actions/setup-python@v5
with:
python-version: '3.10'
- name: Create venv
run: python -m venv venv
- name: Install Python packages
run: venv/bin/pip3 install pyinstaller .
- name: Importing signing certificates
run: |
# create and unlock temporary keychain
KEYCHAIN_NAME=$RUNNER_TEMP/build.keychain
KEYCHAIN_PASS=$(head -c 8 /dev/urandom | od -An -tu8 | awk '{$1=$1};1')
security create-keychain -p $KEYCHAIN_PASS $KEYCHAIN_NAME
security default-keychain -s $KEYCHAIN_NAME
security set-keychain-settings -lut 21600 $KEYCHAIN_NAME
security unlock-keychain -p $KEYCHAIN_PASS $KEYCHAIN_NAME
# add certificate to keychain
CERT_FILE=build.p12
echo "${{ secrets.DEVELOPER_ID_APPLICATION_CERT_BASE64 }}" | base64 --decode > $CERT_FILE
security import $CERT_FILE -k $KEYCHAIN_NAME -P "${{ secrets.DEVELOPER_ID_APPLICATION_CERT_PASSWORD }}" -T /usr/bin/codesign >/dev/null 2>&1
echo "${{ secrets.DEVELOPER_ID_INSTALLER_CERT_BASE64 }}" | base64 --decode > $CERT_FILE
security import $CERT_FILE -k $KEYCHAIN_NAME -P "${{ secrets.DEVELOPER_ID_INSTALLER_CERT_PASSWORD }}" -T /usr/bin/pkgbuild -T /usr/bin/productsign >/dev/null 2>&1
rm -fr $CERT_FILE
#security find-identity -v #-p codesigning
# enable codesigning from a non user interactive shell
security set-key-partition-list -S apple-tool:,apple: -s -k $KEYCHAIN_PASS $KEYCHAIN_NAME >/dev/null 2>&1
- name: Compile binaries
run: venv/bin/pyinstaller oco-agent.macos.spec
- name: Execute package build
run: cd installer/macos/ && ./build.sh
env:
DEVELOPER_ID_INSTALLER_CERT_BASE64: ${{ secrets.DEVELOPER_ID_INSTALLER_CERT_BASE64 }}
DEVELOPER_ID_INSTALLER_CERT_PASSWORD: ${{ secrets.DEVELOPER_ID_INSTALLER_CERT_PASSWORD }}
DEVELOPER_ACCOUNT_USERNAME: ${{ secrets.DEVELOPER_ACCOUNT_USERNAME }}
DEVELOPER_ACCOUNT_PASSWORD: ${{ secrets.DEVELOPER_ACCOUNT_PASSWORD }}
DEVELOPER_ACCOUNT_TEAM: ${{ secrets.DEVELOPER_ACCOUNT_TEAM }}
- name: Purging signing keychain
run: |
security delete-keychain $RUNNER_TEMP/build.keychain
- name: Upload artifact
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ github.token }}
with:
upload_url: ${{ needs.create_release_deb.outputs.upload_url }}
asset_path: installer/macos/target/pkg-signed/oco-agent.pkg
asset_name: oco-agent-arm.pkg
asset_content_type: application/octet-stream
create_exe:
name: Create Windows package
runs-on: windows-2022
needs: create_release_deb
permissions:
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install Python
uses: actions/setup-python@v5
with:
python-version: '3.8'
- name: Create venv
run: python -m venv venv
- name: Install Python packages
run: venv/Scripts/pip install pyinstaller==5.13.2 .
- name: Compile binaries
run: venv/Scripts/pyinstaller oco-agent.windows.spec
- name: Execute package build
run: |
cd installer\windows\ && "%programfiles(x86)%\Inno Setup 6\iscc.exe" "oco-agent.iss"
shell: cmd
- name: Upload artifact
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ github.token }}
with:
upload_url: ${{ needs.create_release_deb.outputs.upload_url }}
asset_path: installer/windows/oco-agent.exe
asset_name: oco-agent.exe
asset_content_type: application/vnd.microsoft.portable-executable