Skip to content

Merge pull request #32 from arduino/update-7.3 #34

Merge pull request #32 from arduino/update-7.3

Merge pull request #32 from arduino/update-7.3 #34

Workflow file for this run

name: release
env:
# The name of the project
PROJECT_NAME: avrdude
DIST_DIR: dist
ARTIFACT_NAME: dist
# The project's folder on Arduino's download server for uploading builds
AWS_PLUGIN_TARGET: /tools/
on:
push:
tags:
- "[0-9]+.[0-9]+*"
jobs:
build:
name: build (${{ matrix.config.os }}, ${{ matrix.config.arch }})
runs-on:
ubuntu-latest
strategy:
matrix:
config:
- os: Linux
arch: 64bit
cross_compile: x86_64-ubuntu16.04-linux-gnu
- os: Linux
arch: 32bit
cross_compile: i686-ubuntu16.04-linux-gnu
- os: Linux
arch: ARMv6
cross_compile: arm-linux-gnueabihf
- os: Linux
arch: ARM64
cross_compile: aarch64-linux-gnu
- os: macOS
arch: 64bit
cross_compile: x86_64-apple-darwin13
cross_compiler: o64-clang
ar: /opt/osxcross/target/bin/x86_64-apple-darwin13-ar # we have to manually specify the full path otherwise it's not found for some reason
ld: /opt/osxcross/target/bin/x86_64-apple-darwin13-ld
- os: Windows
arch: 32bit
cross_compile: i686-w64-mingw32
extension: .exe
container:
image: ghcr.io/arduino/crossbuild:0.2.2
steps:
# the tag must be formatted this way <AVRDUDE_TAG>-arduino.<ARDUINO_VERSION>, e.g tag -> 7.0-arduino.1
- name: Set Avrdude tag name
id: get_tag_name
run: |
TAG="${GITHUB_REF##*/}"
echo ::set-output name=AVRDUDE_TAG::v${TAG%%-*}
# this repo should contain only the patches that could not be upstreamed and the release CI nothing else
- name: Checkout avrdude-packing repository
uses: actions/checkout@v3
with:
path: avrdude-packing
- name: Checkout avrdude repository
uses: actions/checkout@v3
with:
repository: avrdudes/avrdude
ref: ${{ steps.get_tag_name.outputs.AVRDUDE_TAG }} # pay attention, the pathches could need updating
path: ${{ env.PROJECT_NAME }}
- name: Set the version
working-directory: avrdude-packing/patches/
run: perl -pi -e "s/ARDUINO_VERSION_PLACEHOLDER/${GITHUB_REF##*/}/g" 0008-Append-arduino-to-version-string.patch
- name: Apply patches
working-directory: ${{ env.PROJECT_NAME }}
run: git apply -v ../avrdude-packing/patches/*.patch
- name: replace system ranlib with darwin one
# for some reason is not possible to override ranlib with env vars, so this is ugly but it's the only way I found
if: matrix.config.os == 'macOS'
run: |
mv /usr/bin/ranlib /usr/bin/ranlib.bk
ln -s /opt/osxcross/target/bin/${{ matrix.config.cross_compile }}-ranlib /usr/bin/ranlib
- name: Build Avrdude
working-directory: ${{ env.PROJECT_NAME }}
run: |
if [ "${{ matrix.config.os }}" = "macOS" ]; then
# For darwin we disable the static flags (not supported by clang) and we make some adjustments
cmake -DCMAKE_C_COMPILER=${{ matrix.config.cross_compiler }} -DCMAKE_CXX_COMPILER=${{ matrix.config.cross_compiler }}++ -DCMAKE_AR=${{ matrix.config.ar }} -DCMAKE_LINKER=${{ matrix.config.ld}} -DCMAKE_EXE_LINKER_FLAGS="-L/opt/lib/${{ matrix.config.cross_compile }}/lib/" -DCMAKE_C_FLAGS="-I/opt/lib/${{ matrix.config.cross_compile }}/include -pthread -framework Foundation -framework IOKit -framework Cocoa -framework Security -DHAVE_USB_H" -DCMAKE_PREFIX_PATH=/opt/lib/${{ matrix.config.cross_compile }}/ -DHAVE_LIBFTDI="NO" -DUSE_STATIC_LIBS="ON" -B build/
else
cmake -DCMAKE_C_COMPILER=${{ matrix.config.cross_compile }}-gcc -DCMAKE_CXX_COMPILER=${{ matrix.config.cross_compile }}-g++ -DCMAKE_EXE_LINKER_FLAGS="-static-libgcc -static-libstdc++" -DCMAKE_C_FLAGS="-I/opt/lib/${{ matrix.config.cross_compile }}/include/libusb-1.0/ -I/opt/lib/${{ matrix.config.cross_compile }}/include -pthread" -DCMAKE_PREFIX_PATH=/opt/lib/${{ matrix.config.cross_compile }}/ -DHAVE_LIBFTDI="NO" -DUSE_STATIC_LIBS="ON" -B build/
fi
cmake --build build/ -v
- name: Package
working-directory: ${{ env.PROJECT_NAME }}
run: | # we need to create the subdir where to place binaries
mkdir -p ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }}/bin ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }}/etc
chmod +x build/src/${{ env.PROJECT_NAME }}${{ matrix.config.extension }}
mv -v build/src/${{ env.PROJECT_NAME }}${{ matrix.config.extension }} ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }}/bin
mv -v build/src/${{ env.PROJECT_NAME }}.conf ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }}/etc
mv -v COPYING ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }}/LICENSE.txt
tar -czv ${{ env.PROJECT_NAME }}_${{ matrix.config.os }}_${{ matrix.config.arch }} -f ${{ env.PROJECT_NAME }}_${GITHUB_REF##*/}_${{ matrix.config.os }}_${{ matrix.config.arch }}.tar.gz
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
if-no-files-found: error
name: ${{ env.ARTIFACT_NAME }}
path: ${{ env.PROJECT_NAME }}/${{ env.PROJECT_NAME }}_*
notarize-macos:
runs-on: macos-latest
needs: build
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Download artifacts
uses: actions/download-artifact@v3
with:
name: ${{ env.ARTIFACT_NAME }}
path: ${{ env.DIST_DIR }}
- name: Import Code-Signing Certificates
env:
KEYCHAIN: "sign.keychain"
INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12"
KEYCHAIN_PASSWORD: keychainpassword # Arbitrary password for a keychain that exists only for the duration of the job, so not secret
run: |
echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}"
security create-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
security default-keychain -s "${{ env.KEYCHAIN }}"
security unlock-keychain -p "${{ env.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
security import \
"${{ env.INSTALLER_CERT_MAC_PATH }}" \
-k "${{ env.KEYCHAIN }}" \
-f pkcs12 \
-A \
-T "/usr/bin/codesign" \
-P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}"
security set-key-partition-list \
-S apple-tool:,apple: \
-s \
-k "${{ env.KEYCHAIN_PASSWORD }}" \
"${{ env.KEYCHAIN }}"
- name: Install gon for code signing and app notarization
run: |
wget -q https://github.com/Bearer/gon/releases/download/v0.0.27/gon_macos.zip
unzip gon_macos.zip -d /usr/local/bin
- name: Sign and notarize binary
env:
AC_USERNAME: ${{ secrets.AC_USERNAME }}
AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
AC_PROVIDER: ${{ secrets.AC_PROVIDER }}
run: |
gon gon.config.hcl
- name: Re-package binary
# This step performs the following:
# 1. Repackage the signed binary replaced in place by Gon (ignoring the output zip file)
run: |
# GitHub's upload/download-artifact actions don't preserve file permissions,
# so we need to add execution permission back until the action is made to do this.
chmod +x ${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_macOS_64bit/bin/${{ env.PROJECT_NAME }}
TAG="${GITHUB_REF/refs\/tags\//}"
tar -czvf "${{ env.DIST_DIR }}/${{ env.PROJECT_NAME }}_${TAG}_macOS_64bit.tar.gz" \
-C ${{ env.DIST_DIR }}/ ${{ env.PROJECT_NAME }}_macOS_64bit/
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
if-no-files-found: error
name: ${{ env.ARTIFACT_NAME }}
path: ${{ env.DIST_DIR }}
create-release:
runs-on:
ubuntu-latest
needs: [build, notarize-macos]
steps:
- name: Checkout repository # we need package_index.template
uses: actions/checkout@v3
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: ${{ env.ARTIFACT_NAME }}
path: ${{ env.DIST_DIR }}
- name: Identify Prerelease
# This is a workaround while waiting for create-release action
# to implement auto pre-release based on tag
id: prerelease
run: |
wget -q -P /tmp https://github.com/fsaintjacques/semver-tool/archive/3.2.0.zip
unzip -p /tmp/3.2.0.zip semver-tool-3.2.0/src/semver >/tmp/semver && chmod +x /tmp/semver
if [[ "$(/tmp/semver get prerel "${GITHUB_REF/refs\/tags\//}")" ]]; then echo "::set-output name=IS_PRE::true"; fi
- name: Generate package index entry
run: |
TAG=${GITHUB_REF/refs\/tags\//}
package_index=`cat package_index.template | sed s/%%VERSION%%/${TAG}/`
declare -a target_folders=("Windows_32bit" "Linux_64bit" "macOS_64bit" "Linux_32bit" "Linux_ARMv6" "Linux_ARM64")
cd dist
for folder in "${target_folders[@]}"
do
ARCHIVE_NAME=${{ env.PROJECT_NAME }}_${TAG}_${folder}.tar.gz
T_OS=`echo ${folder} | awk '{print toupper($0)}'`
SHASUM=`sha256sum ${ARCHIVE_NAME} | cut -f1 -d" "`
SIZE=`stat --printf="%s" ${ARCHIVE_NAME}`
package_index=`echo "$package_index" |
sed s/%%FILENAME_${T_OS}%%/${ARCHIVE_NAME}/ |
sed s/%%FILENAME_${T_OS}%%/${ARCHIVE_NAME}/ |
sed s/%%SIZE_${T_OS}%%/${SIZE}/ |
sed s/%%SHA_${T_OS}%%/${SHASUM}/`
done
cd ..
echo ================== CUT ME HERE =====================
echo "${package_index}"
echo "${package_index}" > package_index_draft.json
- name: Create Github Release and upload artifacts
uses: ncipollo/release-action@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
draft: false
prerelease: ${{ steps.prerelease.outputs.IS_PRE }}
# NOTE: "Artifact is a directory" warnings are expected and don't indicate a problem
# (all the files we need are in the DIST_DIR root)
artifacts: "${{ env.DIST_DIR }}/*,package_index_draft.json"
- name: Upload release files on Arduino downloads servers
uses: docker://plugins/s3
env:
PLUGIN_SOURCE: "${{ env.DIST_DIR }}/*"
PLUGIN_TARGET: ${{ env.AWS_PLUGIN_TARGET }}
PLUGIN_STRIP_PREFIX: "${{ env.DIST_DIR }}/"
PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}