diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ad80379..91c3d9e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,6 +9,9 @@ on: - 'v*' pull_request: +permissions: + contents: read + jobs: source-archive: name: Create Source Archive @@ -17,31 +20,31 @@ jobs: version: ${{ steps.version.outputs.version }} steps: - name: Checkout Repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@v4 with: - fetch-depth: 0 # Needed for proper version detection + fetch-depth: 0 + + - name: Install and Setup Task + run: | + chmod +x ./bootstrap.sh + ./bootstrap.sh + source ~/.bashrc + echo "${HOME}/.local/bin" >> $GITHUB_PATH - name: Set Version Information id: version - shell: bash run: | VERSION=$(git describe --tags --abbrev=0 2>/dev/null | sed 's/^v//' || echo "0.0.1") echo "version=${VERSION}" >> $GITHUB_OUTPUT - name: Create Source Archive - run: | - mkdir -p dist - tar --exclude='.git' --exclude='dist' -czf "dist/agentexec${VERSION}.src.tar.gz" . - cd dist && sha256sum "agentexec${VERSION}.src.tar.gz" > SHASUMS256.txt - echo "# agentexec ${VERSION} checksums" > SHASUMS256.txt.tmp - cat SHASUMS256.txt >> SHASUMS256.txt.tmp - mv SHASUMS256.txt.tmp SHASUMS256.txt + run: task build:cross - - name: Upload Artifacts - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + - name: Upload Source Archive + uses: actions/upload-artifact@v4 with: name: source-archive - path: dist/* + path: build/* if-no-files-found: error build-binaries: @@ -56,123 +59,78 @@ jobs: - os: ubuntu-latest goos: linux architecture: amd64 - format: tar.gz - os: ubuntu-latest goos: linux architecture: arm64 - format: tar.gz - os: ubuntu-latest goos: linux architecture: 386 - format: tar.gz - os: ubuntu-latest goos: linux architecture: arm - format: tar.gz arm: 6 # macOS builds - os: macos-latest goos: darwin architecture: amd64 - format: tar.gz - os: macos-latest goos: darwin architecture: arm64 - format: tar.gz # Windows builds - os: windows-latest goos: windows architecture: amd64 - format: zip - os: windows-latest goos: windows architecture: arm64 - format: zip - os: windows-latest goos: windows architecture: 386 - format: zip + steps: - name: Checkout Repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@v5 with: go-version: '1.23.3' check-latest: true - - name: Download Source Archive - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - name: source-archive - path: dist/ - - - name: Build and Package + - name: Install and Setup Task shell: bash - env: - GOOS: ${{ matrix.goos }} - GOARCH: ${{ matrix.architecture }} - GOARM: ${{ matrix.arm }} run: | - VERSION=$(git describe --tags --abbrev=0 2>/dev/null | sed 's/^v//' || echo "0.0.1") - COMMIT=$(git rev-parse --short HEAD) - BUILD_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ") - - # Set binary extension for Windows - EXT="" - if [[ "$GOOS" == "windows" ]]; then - EXT=".exe" - fi - - # Build binary - echo "Building for GOOS=$GOOS, GOARCH=$GOARCH" - mkdir -p dist - go build -v -trimpath -ldflags="-s -w \ - -X 'agentexec/pkg/version.Version=${VERSION}' \ - -X 'agentexec/pkg/version.Commit=${COMMIT}' \ - -X 'agentexec/pkg/version.BuildTime=${BUILD_TIME}'" \ - -o "dist/agentexec${EXT}" main.go - - # Create archive name - OUTPUT_NAME="agentexec${VERSION}.${GOOS}" - if [[ "$GOARCH" == "arm" ]] && [[ -n "$GOARM" ]]; then - OUTPUT_NAME="${OUTPUT_NAME}-armv${GOARM}l" + chmod +x ./bootstrap.sh + ./bootstrap.sh + if [[ "${{ matrix.os }}" == "macos-latest" ]]; then + source ~/.zshrc else - OUTPUT_NAME="${OUTPUT_NAME}-${GOARCH}" + source ~/.bashrc fi + echo "${HOME}/.local/bin" >> $GITHUB_PATH - # Create archive - cd dist - if [[ "${{ matrix.format }}" == "zip" ]]; then - zip -q "${OUTPUT_NAME}.zip" "agentexec${EXT}" - sha256sum "${OUTPUT_NAME}.zip" >> SHASUMS256.txt - else - tar -czf "${OUTPUT_NAME}.tar.gz" "agentexec${EXT}" - sha256sum "${OUTPUT_NAME}.tar.gz" >> SHASUMS256.txt - fi + - name: Setup Development Environment + run: task setup - # Cleanup binary - rm "agentexec${EXT}" - - # Sort SHASUMS256.txt - sort -k2 SHASUMS256.txt > SHASUMS256.txt.sorted - head -n1 SHASUMS256.txt > SHASUMS256.txt - tail -n +2 SHASUMS256.txt.sorted >> SHASUMS256.txt - rm SHASUMS256.txt.sorted + - name: Build Binary + env: + GOOS: ${{ matrix.goos }} + GOARCH: ${{ matrix.architecture }} + GOARM: ${{ matrix.arm }} + run: task build:cross - name: Upload Build Artifacts - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@v4 with: name: binary-${{ matrix.goos }}-${{ matrix.architecture }} - path: dist/* + path: build/* if-no-files-found: error create-installers: name: Create Installers - needs: build-binaries + needs: [source-archive, build-binaries] runs-on: ${{ matrix.os }} strategy: fail-fast: false @@ -190,37 +148,48 @@ jobs: - os: windows-latest goos: windows architecture: arm64 + steps: - name: Checkout Repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install and Setup Task + shell: bash + run: | + chmod +x ./bootstrap.sh + ./bootstrap.sh + if [[ "${{ matrix.os }}" == "macos-latest" ]]; then + source ~/.zshrc + else + source ~/.bashrc + fi + echo "${HOME}/.local/bin" >> $GITHUB_PATH - name: Download Binary - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + uses: actions/download-artifact@v4 with: name: binary-${{ matrix.goos }}-${{ matrix.architecture }} - path: dist/ + path: build/ - name: Setup Windows Environment if: matrix.os == 'windows-latest' shell: bash run: | choco install wix --version=3.11.2 -y - refreshenv + echo "C:\Program Files (x86)\WiX Toolset v3.11\bin" >> $GITHUB_PATH - name: Create Installer shell: bash run: | VERSION=$(git describe --tags --abbrev=0 2>/dev/null | sed 's/^v//' || echo "0.0.1") mkdir -p packages - EXT="" - if [[ "${{ matrix.goos }}" == "windows" ]]; then - EXT=".exe" - fi if [[ "${{ matrix.goos }}" == "darwin" ]]; then pkgbuild --identifier com.agentexec.cli \ --install-location /usr/local/bin \ - --root dist \ + --root build \ --scripts scripts/macos \ "packages/agentexec${VERSION}.${GOOS}-${GOARCH}.pkg" elif [[ "${{ matrix.goos }}" == "windows" ]]; then @@ -230,48 +199,46 @@ jobs: candle.exe -arch x64 \ -o installer.wixobj \ .github/workflows/installer.wix - if [ $? -ne 0 ]; then - echo "WiX candle.exe failed" - exit 1 - fi light.exe -o "packages/agentexec${VERSION}.${GOOS}-${GOARCH}.msi" installer.wixobj - if [ $? -ne 0 ]; then - echo "WiX light.exe failed" - exit 1 - fi fi cd packages if [[ "${{ matrix.goos }}" == "darwin" ]]; then - sha256sum "agentexec${VERSION}.${GOOS}-${GOARCH}.pkg" >> ../dist/SHASUMS256.txt + sha256sum "agentexec${VERSION}.${GOOS}-${GOARCH}.pkg" >> ../build/SHASUMS256.txt else - sha256sum "agentexec${VERSION}.${GOOS}-${GOARCH}.msi" >> ../dist/SHASUMS256.txt + sha256sum "agentexec${VERSION}.${GOOS}-${GOARCH}.msi" >> ../build/SHASUMS256.txt fi - name: Upload Installer - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@v4 with: name: installer-${{ matrix.goos }}-${{ matrix.architecture }} path: | packages/* - dist/SHASUMS256.txt + build/SHASUMS256.txt if-no-files-found: error validate-checksums: name: Validate Checksums - needs: [source-archive, build-binaries, create-installers] + needs: [create-installers] runs-on: ubuntu-latest steps: + - name: Checkout Repository + uses: actions/checkout@v4 + + - name: Install and Setup Task + run: | + chmod +x ./bootstrap.sh + ./bootstrap.sh + source ~/.bashrc + echo "${HOME}/.local/bin" >> $GITHUB_PATH + - name: Download All Artifacts - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + uses: actions/download-artifact@v4 with: - path: dist + path: build merge-multiple: true - name: Validate Checksums - shell: bash - run: | - cd dist - echo "Verifying checksums from SHASUMS256.txt..." - sha256sum -c SHASUMS256.txt \ No newline at end of file + run: task build:verify