Merge remote-tracking branch 'origin/main' into release/1.0.0-beta #194
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release Workbench | |
on: | |
push: | |
tags: | |
- 'v*' | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
release: | |
name: Create Release | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Fail if tag is not prefixed by v | |
run: | | |
if [[ $GITHUB_REF_NAME =~ ^v[0-9]+\.[0-9]+\.[0-9].* ]]; then | |
echo "Valid version format" | |
else | |
echo "Invalid version format" | |
exit 1 | |
fi | |
- name: Create release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
tag: ${{ github.ref_name }} | |
run: | | |
OPTIONS="" | |
if [[ $GITHUB_REF_NAME == *"internal"* ]]; then | |
OPTIONS="--prerelease" | |
fi | |
gh release create "$GITHUB_REF_NAME" \ | |
--repo="$GITHUB_REPOSITORY" \ | |
--title="Release for ${GITHUB_REF_NAME}" \ | |
--generate-notes $OPTIONS | |
build: | |
name: Build on ${{ matrix.target }} | |
runs-on: ${{ matrix.os }} | |
needs: [release] | |
strategy: | |
matrix: | |
include: | |
- os: [self-hosted, linux, X64] | |
target: Linux | |
# M1 | |
- os: macos-14 | |
target: Macos | |
# X86 | |
- os: macos-13 | |
target: Macos | |
- os: windows-latest | |
target: Windows | |
# - os: "[self-hosted, linux, ARM64]" | |
# target: Linux | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Change the package.json version to match the tag | |
run: | | |
VERSION=$(echo $GITHUB_REF_NAME | sed 's/^v//g') | |
echo "VERSION=${VERSION}" >> $GITHUB_ENV | |
sed -i.bak 's/"version": "[^"]*"/"version": "'"$VERSION"'"/' package.json && rm package.json.bak | |
rm -f package.json.bak | |
- name: Download CQLSH prebuilt binaries from axonops-workbench-cqlsh | |
run: | | |
mkdir -p main/bin | |
for binary in cqlsh-410 cqlsh-407 keys_generator; do | |
curl -fL ${CQLSH_GITHUB_URL}/${CQLSH_BUILD_VERSION}/${binary}-$(uname -s)-$(uname -m).tar | tar xf - -C main/bin | |
mv main/bin/${binary}-$(uname -s)-$(uname -m) main/bin/${binary} | |
mv main/bin/${binary}/${binary}-$(uname -s)-$(uname -m) main/bin/${binary}/${binary} | |
done | |
sed -i.bak "s/%CQLSH_VERSION%/$CQLSH_BUILD_VERSION/g" renderer/views/index.html | |
rm -f renderer/views/index.html.bak | |
env: | |
CQLSH_BUILD_VERSION: "0.13.0" | |
CQLSH_GITHUB_URL: "${{ secrets.CQLSH_GITHUB_URL || 'https://github.com/axonops/axonops-workbench-cqlsh/releases/download' }}" | |
- name: Setup Python v3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.12 | |
cache: "pip" | |
- name: Install python dependencies | |
run: pip3 install -r requirements.txt | |
- name: Setup Node.js v20.17.0 | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20.17.0 | |
- name: Get credits and add them to the database | |
run: | | |
cd get_credits | |
npm cache clean --force | |
npm i | |
npm rebuild | |
node get_credits.js | |
- name: Install AxonOps Developer Workbench dependencies | |
run: | | |
npm cache clean --force | |
npm i | |
# - name: Install Snapcraft | |
# uses: samuelmeuli/action-snapcraft@v2 | |
# if: ${{ runner.os != 'Windows' }} | |
- name: Pack AxonOps Developer Workbench | |
run: | | |
if [ "$(uname -m)" == "aarch64" ] && [ "$(uname -s)" == "Linux" ]; then | |
sudo apt-get -y install ruby | |
sudo gem install dotenv -v 2.8.1 | |
sudo gem instal fpm | |
export USE_SYSTEM_FPM=true | |
fi | |
if [ "$(uname -s )" == "Darwin" ] && [ "$(uname -m)" == "arm64" ]; then | |
npm run mac:arm64 | |
elif [ "$(uname -s )" == "Darwin" ] && [ "$(uname -m)" == "x86_64" ]; then | |
npm run mac | |
fi | |
export CSC_IDENTITY_AUTO_DISCOVERY=false | |
if [ "$(uname -s )" == "Linux" ]; then | |
npm run linux | |
fi | |
if [[ "$(uname -s)" =~ "MINGW64" ]]; then | |
unset CSC_KEY_PASSWORD | |
unset CSC_LINK | |
npm run win | |
fi | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} | |
CSC_LINK: ${{ secrets.CSC_LINK }} | |
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
CSC_INSTALLER_KEY_PASSWORD: ${{ secrets.CSC_INSTALLER_KEY_PASSWORD }} | |
CSC_INSTALLER_LINK: ${{ secrets.CSC_INSTALLER_LINK }} | |
- name: Setup temporary installer signing keychain | |
uses: apple-actions/import-codesign-certs@v3 | |
if: ${{ startsWith(runner.os, 'macos') }} | |
with: | |
p12-file-base64: ${{ secrets.CSC_INSTALLER_LINK }} | |
p12-password: ${{ secrets.CSC_INSTALLER_KEY_PASSWORD }} | |
- name: Sign the Apple pkg | |
if: ${{ startsWith(runner.os, 'macos') }} | |
run: | | |
for pkg_name in $(ls -1 dist/*.pkg); do | |
mv $pkg_name Unsigned-Workbench.pkg | |
productsign --sign "Developer ID Installer: AXONOPS Limited (UJ776LUP23)" Unsigned-Workbench.pkg $pkg_name | |
rm -f Unsigned-Workbench.pkg | |
xcrun notarytool submit $pkg_name --apple-id $APPLE_ID --team-id $APPLE_TEAM_ID --password $APPLE_APP_SPECIFIC_PASSWORD --wait | |
done | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
- name: Azure login | |
if: runner.os == 'Windows' | |
uses: azure/login@v2 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: Install AzureSignTool | |
if: runner.os == 'Windows' | |
run: dotnet tool install --no-cache --global AzureSignTool --version 4.0.1 | |
- name: Azure token to use with AzureSignTool | |
if: runner.os == 'Windows' | |
shell: pwsh | |
run: | | |
$az_token=$(az account get-access-token --scope https://vault.azure.net/.default --query accessToken --output tsv) | |
echo "::add-mask::$az_token" | |
echo "AZ_TOKEN=$az_token" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append | |
- name: Build signed installer | |
if: runner.os == 'Windows' | |
run: | | |
azuresigntool.exe sign --verbose -kvu ${{ secrets.AZURE_KEY_VAULT_URI }} -kvc ${{ secrets.AZURE_KEYVAULT_CERT_NAME }} -kva %AZ_TOKEN% -fd sha256 -tr http://timestamp.digicert.com -v "dist/AxonOps.Workbench-%VERSION%-win-x64.exe" | |
azuresigntool.exe sign --verbose -kvu ${{ secrets.AZURE_KEY_VAULT_URI }} -kvc ${{ secrets.AZURE_KEYVAULT_CERT_NAME }} -kva %AZ_TOKEN% -fd sha256 -tr http://timestamp.digicert.com -v "dist/AxonOps.Workbench-%VERSION%-win-x64.msi" | |
shell: cmd | |
# Ensure this task is right before the Upload | |
- name: Create checksum files | |
run: | | |
SAVEIFS=$IFS | |
IFS=$(echo -en "\n\b") | |
cd dist | |
case "$(uname -s)" in | |
Darwin) | |
FILES=$(ls -1 *.dmg *.zip *.pkg) | |
for f in $FILES; do | |
shasum -a 256 $f > ${f}.sha256sum | |
done | |
;; | |
MINGW64*) | |
FILES=$(ls -1 *.exe *.msi) | |
for f in $FILES; do | |
sha256sum $f > ${f}.sha256sum | |
done | |
;; | |
Linux) | |
FILES=$(ls -1 *.tar.gz *.deb *.rpm) | |
for f in $FILES; do | |
sha256sum $f > ${f}.sha256sum | |
done | |
;; | |
esac | |
IFS=$SAVEIFS | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Upload Artifacts | |
uses: softprops/action-gh-release@v2 | |
with: | |
files: | | |
dist/*.zip | |
dist/*.pkg | |
dist/*.dmg | |
dist/*.deb | |
dist/*.rpm | |
dist/*.exe | |
dist/*.tar.gz | |
dist/*.nsis | |
dist/*.msi | |
dist/*.sha256sum | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
generate-sbom: | |
runs-on: ubuntu-latest | |
needs: [build] | |
if: ${{ !cancelled() && success() && !contains(github.ref, 'internal') }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Setup Node.js v20.17.0 | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20.17.0 | |
- name: Generate SBOM 1/2 | |
uses: anchore/sbom-action@v0 | |
with: | |
artifact-name: sbom.spdx.json | |
- name: Generate SBOM 2/2 | |
uses: anchore/sbom-action@v0 | |
with: | |
artifact-name: sbom.cyclonedx.json | |
format: cyclonedx-json | |
# Release choco and brew | |
release-brew: | |
runs-on: ubuntu-latest | |
needs: [build] | |
if: ${{ !cancelled() && success() && !contains(github.ref, 'internal') }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: main | |
repository: axonops/homebrew-repository | |
path: homebrew | |
persist-credentials: true | |
fetch-depth: 0 | |
ssh-key: ${{ secrets.BREW_SSH_KEY }} | |
- name: Make changes to Homebrew | |
run: | | |
set -x | |
if [[ "$VERSION" == "" ]]; then | |
VERSION=$(echo $GITHUB_REF_NAME | sed 's/^v//g') | |
fi | |
case $VERSION in | |
*internal*) | |
NAME=axonopsworkbench-internal | |
CONFIG_FILE=Casks/axonopsworkbench-internal.rb | |
;; | |
*beta*) | |
NAME=axonopsworkbench-beta | |
CONFIG_FILE=Casks/axonopsworkbench-beta.rb | |
;; | |
*) | |
NAME=axonopsworkbench | |
CONFIG_FILE=Casks/axonopsworkbench.rb | |
;; | |
esac | |
cd homebrew | |
git config user.name "GitHub Actions" | |
git config user.email "[email protected]" | |
# Get the sha256sum | |
SHA_ARM=$(curl -sfL ${GITHUB_URL}/v${VERSION}/AxonOps.Workbench-${VERSION}-mac-arm64.zip.sha256sum | awk '{print $1}') | |
SHA_AMD=$(curl -sfL ${GITHUB_URL}/v${VERSION}/AxonOps.Workbench-${VERSION}-mac-x64.zip.sha256sum | awk '{print $1}') | |
# Update versions | |
cp $TEMPLATE $CONFIG_FILE | |
sed -i "s/%SHA_ARM%/$SHA_ARM/g" $CONFIG_FILE | |
sed -i "s/%SHA_AMD%/$SHA_AMD/g" $CONFIG_FILE | |
sed -i "s/%VERSION%/${VERSION}/g" $CONFIG_FILE | |
sed -i "s/cask \"axonopsworkbench\" do/cask \"${NAME}\" do/g" $CONFIG_FILE | |
git add $CONFIG_FILE | |
if [ $(git status --porcelain | wc -l) -eq "0" ]; then | |
echo "No changes to commit" | |
exit 0 | |
fi | |
git --no-pager diff | |
git commit -m "Changes made by GitHub Actions [skip ci]" | |
git tag $VERSION | |
env: | |
GITHUB_URL: https://github.com/axonops/axonops-workbench/releases/download/ | |
TEMPLATE: Casks/axonopsworkbench.rb.tmpl | |
- name: Push changes | |
uses: ad-m/github-push-action@master | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
directory: homebrew | |
repository: axonops/homebrew-repository | |
ssh: true | |
tags: true | |
release-choco: | |
runs-on: ubuntu-latest | |
needs: [build] | |
if: ${{ !cancelled() && success() && !contains(github.ref, 'internal') }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: main | |
repository: axonops/chocolatey | |
path: chocolatey | |
persist-credentials: true | |
fetch-depth: 0 | |
ssh-key: ${{ secrets.CHOCO_SSH_KEY }} | |
- name: Make changes to chocolatey | |
run: | | |
if [[ "$VERSION" == "" ]]; then | |
VERSION=$(echo $GITHUB_REF_NAME | sed 's/^v//g') | |
fi | |
#echo "VERSION=$VERSION" >> $GITHUB_ENV | |
cd chocolatey | |
git config user.name "GitHub Actions" | |
git config user.email "[email protected]" | |
# Get the sha256sum | |
SHA_AMD=$(curl -sfL ${GITHUB_URL}/v${VERSION}/AxonOps.Workbench-${VERSION}-win-x64.msi.sha256sum | awk '{print $1}') | |
# Update versions | |
cp $TEMPLATE $CONFIG_FILE | |
sed -i "s/%SHA_AMD%/$SHA_AMD/g" $CONFIG_FILE | |
sed -i "s/%VERSION%/${VERSION}/g" $CONFIG_FILE | |
sed -i "s%<version>.*</version>%<version>${VERSION}</version>%g" axonopsworkbench.nuspec | |
git add . | |
if [ $(git status --porcelain | wc -l) -eq "0" ]; then | |
echo "No changes to commit" | |
exit 0 | |
fi | |
git --no-pager diff | |
git commit -m "Changes made by GitHub Actions" | |
git tag $VERSION | |
env: | |
GITHUB_URL: https://github.com/axonops/axonops-workbench/releases/download/ | |
TEMPLATE: tools/chocolateyinstall.ps1.tmpl | |
CONFIG_FILE: tools/chocolateyinstall.ps1 | |
- name: Push changes | |
uses: ad-m/github-push-action@master | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
directory: chocolatey | |
repository: axonops/chocolatey | |
ssh: true | |
tags: true | |
release-debian-redhat: | |
runs-on: ubuntu-latest | |
needs: [build] | |
if: ${{ !cancelled() && success() }} | |
steps: | |
- id: "auth" | |
uses: "google-github-actions/auth@v1" | |
with: | |
credentials_json: "${{ secrets.SERVICE_ACCOUNT_KEY }}" | |
- name: "Set up Cloud SDK" | |
uses: "google-github-actions/setup-gcloud@v1" | |
- name: "Set runtime variables" | |
run: | | |
if [[ "$VERSION" == "" ]]; then | |
VERSION=$(echo $GITHUB_REF_NAME | sed 's/^v//g') | |
fi | |
PUBLISH="yes" | |
DEBIAN_ARCHS="amd64" | |
REDHAT_ARCHS="x86_64" | |
VERSION=$(echo $GITHUB_REF_NAME | sed 's/^v//g') | |
case $VERSION in | |
*internal*) | |
PUBLISH="no" | |
REPO_SUFFIX="-beta" | |
;; | |
*beta*) | |
REPO_SUFFIX="-beta" | |
;; | |
*) | |
REPO_SUFFIX="" | |
;; | |
esac | |
echo "REPO=$REPO" >> $GITHUB_ENV | |
echo "DEBIAN_ARCHS=$DEBIAN_ARCHS" >> $GITHUB_ENV | |
echo "REDHAT_ARCHS=$REDHAT_ARCHS" >> $GITHUB_ENV | |
- name: Push Debian package | |
if: env.PUBLISH == 'yes' | |
run: | | |
if [[ "$VERSION" == "" ]]; then | |
VERSION=$(echo $GITHUB_REF_NAME | sed 's/^v//g') | |
fi | |
for arch in ${{ env.DEBIAN_ARCHS }}; do | |
curl -sLO "https://github.com/axonops/axonops-workbench/releases/download/v$VERSION/AxonOps.Workbench-$VERSION-linux-${arch}.deb" | |
gcloud config set project axonops-public | |
gcloud artifacts apt upload axonops-apt-${env.REPO_SUFFIX} --location=europe --source=AxonOps.Workbench-$VERSION-linux-${arch}.deb | |
done | |
- name: Push RedHat package | |
if: env.PUBLISH == 'yes' | |
run: | | |
if [[ "$VERSION" == "" ]]; then | |
VERSION=$(echo $GITHUB_REF_NAME | sed 's/^v//g') | |
fi | |
for arch in ${{ env.REDHAT_ARCHS }}; do | |
curl -sLO "https://github.com/axonops/axonops-workbench/releases/download/v$VERSION/AxonOps.Workbench-$VERSION-linux-${arch}.rpm" | |
gcloud config set project axonops-public | |
gcloud artifacts yum upload axonops-yum-${env.REPO_SUFFIX} --location=europe --source=AxonOps.Workbench-$VERSION-linux-${arch}.rpm | |
done |