build: Upgrade recli (fixes #8503) (#8871) #408
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Syncthing | |
on: | |
pull_request: | |
push: | |
env: | |
# The go version to use for builds. | |
GO_VERSION: "1.19.6" | |
# Optimize compatibility on the slow archictures. | |
GO386: softfloat | |
GOARM: "5" | |
GOMIPS: softfloat | |
# Avoid hilarious amounts of obscuring log output when running tests. | |
LOGGER_DISCARD: "1" | |
# Our build metadata | |
BUILD_USER: builder | |
BUILD_HOST: github.syncthing.net | |
# A note on actions and third party code... The actions under actions/ (like | |
# `uses: actions/checkout`) are maintained by GitHub, and we need to trust | |
# GitHub to maintain their code and infrastructure or we're in deep shit in | |
# general. The same doesn't necessarily apply to other actions authors, so | |
# some care needs to be taken when adding steps, especially in the paths | |
# that lead up to code being packaged and signed. | |
jobs: | |
# | |
# Tests for all platforms. Runs a matrix build on Windows, Linux and Mac, | |
# with the list of expected supported Go versions (current, previous). | |
# | |
build-test: | |
name: Build and test | |
strategy: | |
fail-fast: false | |
matrix: | |
runner: ["windows-latest", "ubuntu-latest", "macos-latest"] | |
# The oldest version in this list should match what we have in our go.mod. | |
# Variables don't seem to be supported here, or we could have done something nice. | |
go: ["1.19"] # Skip Go 1.20 for now, https://github.com/syncthing/syncthing/issues/8799 | |
runs-on: ${{ matrix.runner }} | |
steps: | |
- name: Set git to use LF | |
if: matrix.runner == 'windows-latest' | |
# Without this, the Windows checkout will happen with CRLF line | |
# endings, which is fine for the source code but messes up tests | |
# that depend on data on disk being as expected. Ideally, those | |
# tests should be fixed, but not today. | |
run: | | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ matrix.go }} | |
cache: true | |
- name: Build | |
run: | | |
go run build.go | |
- name: Test | |
# Our Windows tests currently don't work on Go 1.20 | |
# https://github.com/syncthing/syncthing/issues/8779 | |
# https://github.com/syncthing/syncthing/issues/8778 | |
if: "!(matrix.go == '1.20' && matrix.runner == 'windows-latest')" | |
run: | | |
go run build.go test | |
# | |
# Meta checks for formatting, copyright, etc | |
# | |
correctness: | |
name: Check correctness | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Check correctness | |
run: | | |
go test -v ./meta | |
# | |
# Windows | |
# | |
package-windows: | |
name: Package for Windows | |
if: github.event_name == 'push' && github.ref == 'refs/heads/release' | |
environment: signing | |
needs: | |
- build-test | |
runs-on: windows-latest | |
steps: | |
- name: Set git to use LF | |
# Without this, the checkout will happen with CRLF line endings, | |
# which is fine for the source code but messes up tests that depend | |
# on data on disk being as expected. Ideally, those tests should be | |
# fixed, but not today. | |
run: | | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
~\AppData\Local\go-build | |
~\go\pkg\mod | |
key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-package-${{ hashFiles('**/go.sum') }} | |
- name: Install dependencies | |
run: | | |
go install github.com/josephspurrier/goversioninfo/cmd/goversioninfo@v1.4.0 | |
- name: Create packages | |
run: | | |
go run build.go -goarch amd64 zip | |
go run build.go -goarch arm zip | |
go run build.go -goarch arm64 zip | |
go run build.go -goarch 386 zip | |
env: | |
CGO_ENABLED: "0" | |
CODESIGN_SIGNTOOL: ${{ secrets.CODESIGN_SIGNTOOL }} | |
CODESIGN_CERTIFICATE_BASE64: ${{ secrets.CODESIGN_CERTIFICATE_BASE64 }} | |
CODESIGN_CERTIFICATE_PASSWORD: ${{ secrets.CODESIGN_CERTIFICATE_PASSWORD }} | |
CODESIGN_TIMESTAMP_SERVER: ${{ secrets.CODESIGN_TIMESTAMP_SERVER }} | |
- name: Archive artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: packages | |
path: syncthing-windows-*.zip | |
# | |
# Linux | |
# | |
package-linux: | |
name: Package for Linux | |
needs: | |
- build-test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-package-${{ hashFiles('**/go.sum') }} | |
- name: Create packages | |
run: | | |
archs=$(go tool dist list | grep linux | sed 's#linux/##') | |
for goarch in $archs ; do | |
go run build.go -goarch "$goarch" tar | |
done | |
env: | |
CGO_ENABLED: "0" | |
- name: Archive artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: packages | |
path: syncthing-linux-*.tar.gz | |
# | |
# macOS | |
# | |
package-macos: | |
name: Package for macOS | |
if: github.event_name == 'push' && github.ref == 'refs/heads/release' | |
environment: signing | |
needs: | |
- build-test | |
runs-on: macos-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-package-${{ hashFiles('**/go.sum') }} | |
- name: Import signing certificate | |
run: | | |
# Set up a run-specific keychain, making it available for the | |
# `codesign` tool. | |
umask 066 | |
KEYCHAIN_PATH=$RUNNER_TEMP/codesign.keychain | |
KEYCHAIN_PASSWORD=$(uuidgen) | |
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" | |
security default-keychain -s "$KEYCHAIN_PATH" | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH" | |
security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH" | |
# Import the certificate | |
CERTIFICATE_PATH=$RUNNER_TEMP/codesign.p12 | |
echo "$DEVELOPER_ID_CERTIFICATE_BASE64" | base64 -d -o "$CERTIFICATE_PATH" | |
security import "$CERTIFICATE_PATH" -k "$KEYCHAIN_PATH" -P "$DEVELOPER_ID_CERTIFICATE_PASSWORD" -T /usr/bin/codesign -T /usr/bin/productsign | |
security set-key-partition-list -S apple-tool:,apple: -s -k actions "$KEYCHAIN_PATH" | |
# Set the codesign identity for following steps | |
echo "CODESIGN_IDENTITY=$CODESIGN_IDENTITY" >> $GITHUB_ENV | |
env: | |
DEVELOPER_ID_CERTIFICATE_BASE64: ${{ secrets.DEVELOPER_ID_CERTIFICATE_BASE64 }} | |
DEVELOPER_ID_CERTIFICATE_PASSWORD: ${{ secrets.DEVELOPER_ID_CERTIFICATE_PASSWORD }} | |
CODESIGN_IDENTITY: ${{ secrets.CODESIGN_IDENTITY }} | |
- name: Create package (amd64) | |
run: | | |
go run build.go -goarch amd64 zip | |
env: | |
CGO_ENABLED: "1" | |
- name: Create package (arm64 cross) | |
run: | | |
cat <<EOT > xgo.sh | |
#!/bin/bash | |
CGO_ENABLED=1 \ | |
CGO_CFLAGS="-target arm64-apple-macos10.15" \ | |
CGO_LDFLAGS="-target arm64-apple-macos10.15" \ | |
go "\$@" | |
EOT | |
chmod 755 xgo.sh | |
go run build.go -gocmd ./xgo.sh -goarch arm64 zip | |
env: | |
CGO_ENABLED: "1" | |
- name: Create package (universal) | |
run: | | |
rm -rf _tmp | |
mkdir _tmp | |
pushd _tmp | |
unzip ../syncthing-macos-amd64-*.zip | |
unzip ../syncthing-macos-arm64-*.zip | |
lipo -create syncthing-macos-amd64-*/syncthing syncthing-macos-arm64-*/syncthing -o syncthing | |
amd64=(syncthing-macos-amd64-*) | |
universal="${amd64/amd64/universal}" | |
mv "$amd64" "$universal" | |
mv syncthing "$universal" | |
zip -r "../$universal.zip" "$universal" | |
- name: Archive artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: packages | |
path: syncthing-*.zip | |
# | |
# Cross compile other unixes | |
# | |
package-cross: | |
name: Package cross compiled | |
needs: | |
- build-test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-cross-${{ hashFiles('**/go.sum') }} | |
- name: Create packages | |
run: | | |
platforms=$(go tool dist list \ | |
| grep -v aix/ppc64 \ | |
| grep -v android/ \ | |
| grep -v darwin/ \ | |
| grep -v ios/ \ | |
| grep -v js/ \ | |
| grep -v linux/ \ | |
| grep -v nacl/ \ | |
| grep -v openbsd/arm\$ \ | |
| grep -v openbsd/arm64 \ | |
| grep -v openbsd/mips \ | |
| grep -v plan9/ \ | |
| grep -v windows/ \ | |
) | |
for plat in $platforms; do | |
goos="${plat%/*}" | |
goarch="${plat#*/}" | |
go run build.go -goos "$goos" -goarch "$goarch" tar | |
done | |
env: | |
CGO_ENABLED: "0" | |
- name: Archive artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: packages | |
path: syncthing-*.tar.gz | |
# | |
# Source | |
# | |
package-source: | |
name: Package source code | |
needs: | |
- build-test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Package source | |
run: | | |
version=$(go run build.go version) | |
echo "$version" > RELEASE | |
go mod vendor | |
go run build.go assets | |
cd .. | |
tar c -z -f "syncthing-source-$version.tar.gz" \ | |
--exclude .git \ | |
syncthing | |
mv "syncthing-source-$version.tar.gz" syncthing | |
- name: Archive artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: packages | |
path: syncthing-source-*.tar.gz |