From be842a0c3c6ce7fdff8bb2ea5e7902ca40efa77e Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 15:30:24 +0000 Subject: [PATCH 01/11] chore: split release workflow so the majority happens on Linux --- .github/workflows/coder.yaml | 8 +- .github/workflows/release.yaml | 148 +++++++++++++++++++++++++++++---- .goreleaser-release.yaml | 126 ++++++++++++++++++++++++++++ .goreleaser.yaml | 82 +----------------- scripts/sign_macos.sh | 26 +++--- 5 files changed, 278 insertions(+), 112 deletions(-) create mode 100644 .goreleaser-release.yaml diff --git a/.github/workflows/coder.yaml b/.github/workflows/coder.yaml index 39a20bba18348..ee1be2621da68 100644 --- a/.github/workflows/coder.yaml +++ b/.github/workflows/coder.yaml @@ -226,7 +226,7 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} files: ./gotests.coverage flags: unittest-go-${{ matrix.os }} - # this flakes and sometimes fails the build + # this flakes and sometimes fails the build fail_ci_if_error: false test-go-postgres: @@ -310,7 +310,7 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} files: ./gotests.coverage flags: unittest-go-postgres-${{ matrix.os }} - # this flakes and sometimes fails the build + # this flakes and sometimes fails the build fail_ci_if_error: false deploy: @@ -318,6 +318,8 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork + needs: + - test-go-postgres permissions: contents: read id-token: write @@ -437,7 +439,7 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} files: ./site/coverage/lcov.info flags: unittest-js - # this flakes and sometimes fails the build + # this flakes and sometimes fails the build fail_ci_if_error: false - name: Upload DataDog Trace diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1736a45ce1d9d..3a51f25e745d3 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -6,28 +6,82 @@ on: workflow_dispatch: jobs: - goreleaser: - runs-on: macos-latest - env: - # Necessary for Docker manifest - DOCKER_CLI_EXPERIMENTAL: "enabled" + linux-windows: + runs-on: ubuntu-latest steps: - # Docker is not included on macos-latest - - uses: docker-practice/actions-setup-docker@1.0.10 - - uses: actions/checkout@v3 with: fetch-depth: 0 - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + - uses: actions/setup-go@v3 + with: + go-version: "~1.18" - - name: Docker Login - uses: docker/login-action@v2 + - name: Echo Go Cache Paths + id: go-cache-paths + run: | + echo "::set-output name=go-build::$(go env GOCACHE)" + echo "::set-output name=go-mod::$(go env GOMODCACHE)" + + - name: Go Build Cache + uses: actions/cache@v3 with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} + path: ${{ steps.go-cache-paths.outputs.go-build }} + key: ${{ runner.os }}-release-go-build-${{ hashFiles('**/go.sum') }} + + - name: Go Mod Cache + uses: actions/cache@v3 + with: + path: ${{ steps.go-cache-paths.outputs.go-mod }} + key: ${{ runner.os }}-release-go-mod-${{ hashFiles('**/go.sum') }} + + - name: Cache Node + id: cache-node + uses: actions/cache@v3 + with: + path: | + **/node_modules + .eslintcache + key: js-${{ runner.os }}-test-${{ hashFiles('**/yarn.lock') }} + restore-keys: | + js-${{ runner.os }}- + + - name: Build Site + run: make site/out/index.html + + - name: Build Linux binaries with GoReleaser + uses: goreleaser/goreleaser-action@v3 + with: + version: latest + args: build --rm-dist --timeout 60m --id coder-linux + + - name: Build Windows binaries with GoReleaser + uses: goreleaser/goreleaser-action@v3 + with: + version: latest + args: build --rm-dist --timeout 60m --id coder-windows + + - name: Upload Linux binary artifacts + uses: actions/upload-artifact@v3 + with: + name: linux + path: ./dist/coder-linux-* + + - name: Upload Windows binary artifacts + uses: actions/upload-artifact@v3 + with: + name: windows + path: ./dist/coder-windows-* + + # The mac binaries get built on mac runners because they need to be signed, + # and the signing tool only runs on mac. This darwin job only builds the Mac + # binaries and uploads them as job artifacts used by the publish step. + darwin: + runs-on: macos-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 - uses: actions/setup-go@v3 with: @@ -79,12 +133,72 @@ jobs: - name: Build Site run: make site/out/index.html - - name: Run GoReleaser + - name: Build darwin binaries with GoReleaser + uses: goreleaser/goreleaser-action@v3 + with: + version: latest + args: build --rm-dist --timeout 60m --id coder-darwin + env: + AC_USERNAME: ${{ secrets.AC_USERNAME }} + AC_PASSWORD: ${{ secrets.AC_PASSWORD }} + + - name: Upload binary artifacts + uses: actions/upload-artifact@v3 + with: + name: darwin + path: ./dist/coder-darwin-* + + publish: + runs-on: ubuntu-latest + needs: + - linux-windows + - darwin + env: + # Necessary for Docker manifest + DOCKER_CLI_EXPERIMENTAL: "enabled" + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Docker Login + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: mkdir artifacts + run: mkdir artifacts + + - name: Download Linux artifacts + uses: actions/download-artifact@v3 + with: + name: linux + path: ./artifacts + + - name: Download Windows artifacts + uses: actions/download-artifact@v3 + with: + name: windows + path: ./artifacts + + - name: Download darwin artifacts + uses: actions/download-artifact@v3 + with: + name: darwin + path: ./artifacts + + # This will build Docker images and Linux packages. + - name: Publish release uses: goreleaser/goreleaser-action@v3 with: + # we use the "prebuilt" builder here which is a pro-only feature + distribution: goreleaser-pro version: latest - args: release --rm-dist --timeout 60m + args: release -f ./.goreleaser-release.yaml --rm-dist --timeout 60m env: + GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} diff --git a/.goreleaser-release.yaml b/.goreleaser-release.yaml new file mode 100644 index 0000000000000..5977e7223f9f2 --- /dev/null +++ b/.goreleaser-release.yaml @@ -0,0 +1,126 @@ +archives: + - id: coder-linux + builds: [release-prebuilt-linux] + format: tar.gz + + - id: coder-windows + builds: [release-prebuilt-windows] + format: zip + + - id: coder-darwin + builds: [release-prebuilt-darwin] + format: zip + +builds: + - id: release-prebuilt-linux + builder: prebuilt + goos: [linux] + goarch: [amd64, arm, arm64] + goarm: ["7"] + prebuilt: + path: artifacts/coder-linux_{{.Os}}_{{.Arch}}/coder + + - id: release-prebuilt-windows + builder: prebuilt + goos: [windows] + goarch: [amd64, arm64] + prebuilt: + path: artifacts/coder-windows_{{.Os}}_{{.Arch}}/coder.exe + + - id: release-prebuilt-darwin + builder: prebuilt + goos: [darwin] + goarch: [amd64, arm64] + prebuilt: + path: artifacts/coder-darwin_{{.Os}}_{{.Arch}}/coder + +env: + # Apple identity for signing! + - AC_APPLICATION_IDENTITY=BDB050EB749EDD6A80C6F119BF1382ECA119CCCC + +nfpms: + - id: packages + vendor: Coder + homepage: https://coder.com + maintainer: Coder + description: | + Provision development environments with infrastructure with code + formats: + - apk + - deb + - rpm + suggests: + - postgresql + builds: + - coder-linux + bindir: /usr/bin + contents: + - src: coder.env + dst: /etc/coder.d/coder.env + type: "config|noreplace" + - src: coder.service + dst: /usr/lib/systemd/system/coder.service + +# Image templates are empty on snapshots to avoid lengthy builds for +# development. +dockers: + - image_templates: ["{{ if not .IsSnapshot }}ghcr.io/coder/coder:{{ .Tag }}-amd64{{ end }}"] + id: coder-linux + dockerfile: Dockerfile + use: buildx + build_flag_templates: + - --platform=linux/amd64 + - --label=org.opencontainers.image.title=Coder + - --label=org.opencontainers.image.description=A tool for provisioning self-hosted development environments with Terraform. + - --label=org.opencontainers.image.url=https://github.com/coder/coder + - --label=org.opencontainers.image.source=https://github.com/coder/coder + - --label=org.opencontainers.image.version={{ .Version }} + - --label=org.opencontainers.image.revision={{ .FullCommit }} + - --label=org.opencontainers.image.licenses=AGPL-3.0 + - image_templates: ["{{ if not .IsSnapshot }}ghcr.io/coder/coder:{{ .Tag }}-arm64{{ end }}"] + goarch: arm64 + dockerfile: Dockerfile + use: buildx + build_flag_templates: + - --platform=linux/arm64/v8 + - --label=org.opencontainers.image.title=coder + - --label=org.opencontainers.image.description=A tool for provisioning self-hosted development environments with Terraform. + - --label=org.opencontainers.image.url=https://github.com/coder/coder + - --label=org.opencontainers.image.source=https://github.com/coder/coder + - --label=org.opencontainers.image.version={{ .Tag }} + - --label=org.opencontainers.image.revision={{ .FullCommit }} + - --label=org.opencontainers.image.licenses=AGPL-3.0 + - image_templates: ["{{ if not .IsSnapshot }}ghcr.io/coder/coder:{{ .Tag }}-armv7{{ end }}"] + goarch: arm + goarm: "7" + dockerfile: Dockerfile + use: buildx + build_flag_templates: + - --platform=linux/arm/v7 + - --label=org.opencontainers.image.title=Coder + - --label=org.opencontainers.image.description=A tool for provisioning self-hosted development environments with Terraform. + - --label=org.opencontainers.image.url=https://github.com/coder/coder + - --label=org.opencontainers.image.source=https://github.com/coder/coder + - --label=org.opencontainers.image.version={{ .Tag }} + - --label=org.opencontainers.image.revision={{ .FullCommit }} + - --label=org.opencontainers.image.licenses=AGPL-3.0 + +docker_manifests: + - name_template: ghcr.io/coder/coder:{{ .Tag }} + image_templates: + - ghcr.io/coder/coder:{{ .Tag }}-amd64 + - ghcr.io/coder/coder:{{ .Tag }}-arm64 + - ghcr.io/coder/coder:{{ .Tag }}-armv7 + +release: + ids: [release-prebuilt-linux, release-prebuilt-windows, release-prebuilt-darwin, packages] + footer: | + ## Container Image + - `docker pull ghcr.io/coder/coder:{{ .Tag }}` + +signs: + - ids: [coder-darwin] + artifacts: archive + cmd: ./scripts/sign_macos.sh + args: ["${artifact}"] + output: true diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 7bcedf5087db5..90a79bbd9363e 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -1,16 +1,3 @@ -archives: - - id: coder-linux - builds: [coder-linux] - format: tar.gz - - - id: coder-darwin - builds: [coder-darwin] - format: zip - - - id: coder-windows - builds: [coder-windows] - format: zip - before: hooks: - go mod tidy @@ -67,10 +54,7 @@ builds: post: | sh -c 'codesign -s {{.Env.AC_APPLICATION_IDENTITY}} -f -v --timestamp --options runtime {{.Path}} || true' -env: - # Apple identity for signing! - - AC_APPLICATION_IDENTITY=BDB050EB749EDD6A80C6F119BF1382ECA119CCCC - +# This section is also contained in .goreleaser-release.yaml. nfpms: - id: packages vendor: Coder @@ -94,67 +78,9 @@ nfpms: - src: coder.service dst: /usr/lib/systemd/system/coder.service -# Image templates are empty on snapshots to avoid lengthy builds for development. -dockers: - - image_templates: ["{{ if not .IsSnapshot }}ghcr.io/coder/coder:{{ .Tag }}-amd64{{ end }}"] - id: coder-linux - dockerfile: Dockerfile - use: buildx - build_flag_templates: - - --platform=linux/amd64 - - --label=org.opencontainers.image.title=Coder - - --label=org.opencontainers.image.description=A tool for provisioning self-hosted development environments with Terraform. - - --label=org.opencontainers.image.url=https://github.com/coder/coder - - --label=org.opencontainers.image.source=https://github.com/coder/coder - - --label=org.opencontainers.image.version={{ .Version }} - - --label=org.opencontainers.image.revision={{ .FullCommit }} - - --label=org.opencontainers.image.licenses=AGPL-3.0 - - image_templates: ["{{ if not .IsSnapshot }}ghcr.io/coder/coder:{{ .Tag }}-arm64{{ end }}"] - goarch: arm64 - dockerfile: Dockerfile - use: buildx - build_flag_templates: - - --platform=linux/arm64/v8 - - --label=org.opencontainers.image.title=coder - - --label=org.opencontainers.image.description=A tool for provisioning self-hosted development environments with Terraform. - - --label=org.opencontainers.image.url=https://github.com/coder/coder - - --label=org.opencontainers.image.source=https://github.com/coder/coder - - --label=org.opencontainers.image.version={{ .Tag }} - - --label=org.opencontainers.image.revision={{ .FullCommit }} - - --label=org.opencontainers.image.licenses=AGPL-3.0 - - image_templates: ["{{ if not .IsSnapshot }}ghcr.io/coder/coder:{{ .Tag }}-armv7{{ end }}"] - goarch: arm - goarm: "7" - dockerfile: Dockerfile - use: buildx - build_flag_templates: - - --platform=linux/arm/v7 - - --label=org.opencontainers.image.title=Coder - - --label=org.opencontainers.image.description=A tool for provisioning self-hosted development environments with Terraform. - - --label=org.opencontainers.image.url=https://github.com/coder/coder - - --label=org.opencontainers.image.source=https://github.com/coder/coder - - --label=org.opencontainers.image.version={{ .Tag }} - - --label=org.opencontainers.image.revision={{ .FullCommit }} - - --label=org.opencontainers.image.licenses=AGPL-3.0 -docker_manifests: - - name_template: ghcr.io/coder/coder:{{ .Tag }} - image_templates: - - ghcr.io/coder/coder:{{ .Tag }}-amd64 - - ghcr.io/coder/coder:{{ .Tag }}-arm64 - - ghcr.io/coder/coder:{{ .Tag }}-armv7 - -release: - ids: [coder-linux, coder-darwin, coder-windows, packages] - footer: | - ## Container Image - - `docker pull ghcr.io/coder/coder:{{ .Tag }}` - -signs: - - ids: [coder-darwin] - artifacts: archive - cmd: ./scripts/sign_macos.sh - args: ["${artifact}"] - output: true +env: + # Apple identity for signing! + - AC_APPLICATION_IDENTITY=BDB050EB749EDD6A80C6F119BF1382ECA119CCCC snapshot: name_template: "{{ .Version }}-devel+{{ .ShortCommit }}" diff --git a/scripts/sign_macos.sh b/scripts/sign_macos.sh index 26d3fd181bbcb..525bc1be68c6b 100755 --- a/scripts/sign_macos.sh +++ b/scripts/sign_macos.sh @@ -5,19 +5,17 @@ set -euo pipefail SCRIPT_DIR=$(dirname "${BASH_SOURCE[0]}") PROJECT_ROOT=$(cd "$SCRIPT_DIR" && git rev-parse --show-toplevel) -( - cd "${PROJECT_ROOT}" +cd "${PROJECT_ROOT}" - codesign -s "$AC_APPLICATION_IDENTITY" -f -v --timestamp --options runtime "$1" +codesign -s "$AC_APPLICATION_IDENTITY" -f -v --timestamp --options runtime "$1" - config=$(mktemp -d)/gon.json - jq -r --null-input --arg path "$(pwd)/$1" '{ - "notarize": [ - { - "path": $path, - "bundle_id": "com.coder.cli" - } - ] - }' >"$config" - gon "$config" -) +config=$(mktemp -d)/gon.json +jq -r --null-input --arg path "$(pwd)/$1" '{ + "notarize": [ + { + "path": $path, + "bundle_id": "com.coder.cli" + } + ] +}' >"$config" +gon "$config" From 9ddb587dc11733d7d2bd938349f26e6551fc6c77 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 16:30:01 +0000 Subject: [PATCH 02/11] fixup! chore: split release workflow so the majority happens on Linux --- .github/workflows/release.yaml | 43 ++++++++----------------- .goreleaser-release-darwin.yaml | 57 +++++++++++++++++++++++++++++++++ .goreleaser-release-linux.yaml | 52 ++++++++++++++++++++++++++++++ .goreleaser-release.yaml | 45 ++++++-------------------- 4 files changed, 132 insertions(+), 65 deletions(-) create mode 100644 .goreleaser-release-darwin.yaml create mode 100644 .goreleaser-release-linux.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 3a51f25e745d3..212f90c7e96ce 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -49,29 +49,17 @@ jobs: - name: Build Site run: make site/out/index.html - - name: Build Linux binaries with GoReleaser + - name: Build Linux and Windows binaries with GoReleaser uses: goreleaser/goreleaser-action@v3 with: version: latest - args: build --rm-dist --timeout 60m --id coder-linux + args: release -f ./.goreleaser-linux.yaml --rm-dist --timeout 60m --snapshot - - name: Build Windows binaries with GoReleaser - uses: goreleaser/goreleaser-action@v3 - with: - version: latest - args: build --rm-dist --timeout 60m --id coder-windows - - - name: Upload Linux binary artifacts + - name: Upload binary artifacts uses: actions/upload-artifact@v3 with: name: linux - path: ./dist/coder-linux-* - - - name: Upload Windows binary artifacts - uses: actions/upload-artifact@v3 - with: - name: windows - path: ./dist/coder-windows-* + path: ./dist/coder* # The mac binaries get built on mac runners because they need to be signed, # and the signing tool only runs on mac. This darwin job only builds the Mac @@ -133,11 +121,11 @@ jobs: - name: Build Site run: make site/out/index.html - - name: Build darwin binaries with GoReleaser + - name: Build Darwin binaries with GoReleaser uses: goreleaser/goreleaser-action@v3 with: version: latest - args: build --rm-dist --timeout 60m --id coder-darwin + args: release -f ./.goreleaser-darwin.yaml --rm-dist --timeout 60m --snapshot env: AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} @@ -146,7 +134,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: darwin - path: ./dist/coder-darwin-* + path: ./dist/coder* publish: runs-on: ubuntu-latest @@ -171,23 +159,20 @@ jobs: - name: mkdir artifacts run: mkdir artifacts - - name: Download Linux artifacts + - name: Download darwin artifacts uses: actions/download-artifact@v3 with: - name: linux + name: darwin path: ./artifacts - - name: Download Windows artifacts + - name: Download Linux and Windows artifacts uses: actions/download-artifact@v3 with: - name: windows + name: linux path: ./artifacts - - name: Download darwin artifacts - uses: actions/download-artifact@v3 - with: - name: darwin - path: ./artifacts + - name: ls ./artifacts + run: ls ./artifacts # This will build Docker images and Linux packages. - name: Publish release @@ -196,7 +181,7 @@ jobs: # we use the "prebuilt" builder here which is a pro-only feature distribution: goreleaser-pro version: latest - args: release -f ./.goreleaser-release.yaml --rm-dist --timeout 60m + args: release -f ./.goreleaser-release.yaml --rm-dist --timeout 60m --snapshot env: GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.goreleaser-release-darwin.yaml b/.goreleaser-release-darwin.yaml new file mode 100644 index 0000000000000..179c930c0f2de --- /dev/null +++ b/.goreleaser-release-darwin.yaml @@ -0,0 +1,57 @@ +before: + hooks: + - go mod tidy + - rm -f site/out/bin/coder* + +archives: + - id: coder-darwin + builds: [coder-darwin] + format: zip + +builds: + - id: coder-slim + dir: cmd/coder + ldflags: ["-s -w -X github.com/coder/coder/buildinfo.tag={{ .Version }}"] + env: [CGO_ENABLED=0] + goos: [darwin, linux, windows] + goarch: [amd64, arm, arm64] + goarm: ["7"] + # Only build arm 7 for Linux + ignore: + - goos: windows + goarm: "7" + - goos: darwin + goarm: "7" + hooks: + # The "trimprefix" appends ".exe" on Windows. + post: | + cp {{.Path}} site/out/bin/coder-{{ .Os }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ trimprefix .Name "coder" }} + + - id: coder-darwin + dir: cmd/coder + flags: [-tags=embed] + ldflags: ["-s -w -X github.com/coder/coder/buildinfo.tag={{ .Version }}"] + env: [CGO_ENABLED=0] + goos: [darwin] + goarch: [amd64, arm64] + hooks: + # This signs the binary that will be located inside the zip. + # MacOS requires the binary to be signed for notarization. + # + # If it doesn't successfully sign, the zip sign step will error. + post: | + sh -c 'codesign -s {{.Env.AC_APPLICATION_IDENTITY}} -f -v --timestamp --options runtime {{.Path}} || true' + +env: + # Apple identity for signing! + - AC_APPLICATION_IDENTITY=BDB050EB749EDD6A80C6F119BF1382ECA119CCCC + +signs: + - ids: [coder-darwin] + artifacts: archive + cmd: ./scripts/sign_macos.sh + args: ["${artifact}"] + output: true + +snapshot: + name_template: "{{ .Version }}-devel+{{ .ShortCommit }}" diff --git a/.goreleaser-release-linux.yaml b/.goreleaser-release-linux.yaml new file mode 100644 index 0000000000000..313d34f7ef231 --- /dev/null +++ b/.goreleaser-release-linux.yaml @@ -0,0 +1,52 @@ +before: + hooks: + - go mod tidy + - rm -f site/out/bin/coder* + +archives: + - id: coder-linux + builds: [coder-linux] + format: tar.gz + + - id: coder-windows + builds: [coder-windows] + format: zip + +builds: + - id: coder-slim + dir: cmd/coder + ldflags: ["-s -w -X github.com/coder/coder/buildinfo.tag={{ .Version }}"] + env: [CGO_ENABLED=0] + goos: [darwin, linux, windows] + goarch: [amd64, arm, arm64] + goarm: ["7"] + # Only build arm 7 for Linux + ignore: + - goos: windows + goarm: "7" + - goos: darwin + goarm: "7" + hooks: + # The "trimprefix" appends ".exe" on Windows. + post: | + cp {{.Path}} site/out/bin/coder-{{ .Os }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ trimprefix .Name "coder" }} + + - id: coder-linux + dir: cmd/coder + flags: [-tags=embed] + ldflags: ["-s -w -X github.com/coder/coder/buildinfo.tag={{ .Version }}"] + env: [CGO_ENABLED=0] + goos: [linux] + goarch: [amd64, arm, arm64] + goarm: ["7"] + + - id: coder-windows + dir: cmd/coder + flags: [-tags=embed] + ldflags: ["-s -w -X github.com/coder/coder/buildinfo.tag={{ .Version }}"] + env: [CGO_ENABLED=0] + goos: [windows] + goarch: [amd64, arm64] + +snapshot: + name_template: "{{ .Version }}-devel+{{ .ShortCommit }}" diff --git a/.goreleaser-release.yaml b/.goreleaser-release.yaml index 5977e7223f9f2..4edad63e93ce7 100644 --- a/.goreleaser-release.yaml +++ b/.goreleaser-release.yaml @@ -3,14 +3,6 @@ archives: builds: [release-prebuilt-linux] format: tar.gz - - id: coder-windows - builds: [release-prebuilt-windows] - format: zip - - - id: coder-darwin - builds: [release-prebuilt-darwin] - format: zip - builds: - id: release-prebuilt-linux builder: prebuilt @@ -20,24 +12,7 @@ builds: prebuilt: path: artifacts/coder-linux_{{.Os}}_{{.Arch}}/coder - - id: release-prebuilt-windows - builder: prebuilt - goos: [windows] - goarch: [amd64, arm64] - prebuilt: - path: artifacts/coder-windows_{{.Os}}_{{.Arch}}/coder.exe - - - id: release-prebuilt-darwin - builder: prebuilt - goos: [darwin] - goarch: [amd64, arm64] - prebuilt: - path: artifacts/coder-darwin_{{.Os}}_{{.Arch}}/coder - -env: - # Apple identity for signing! - - AC_APPLICATION_IDENTITY=BDB050EB749EDD6A80C6F119BF1382ECA119CCCC - +# This section is also contained in .goreleaser.yaml. nfpms: - id: packages vendor: Coder @@ -52,7 +27,7 @@ nfpms: suggests: - postgresql builds: - - coder-linux + - release-prebuilt-linux bindir: /usr/bin contents: - src: coder.env @@ -65,7 +40,7 @@ nfpms: # development. dockers: - image_templates: ["{{ if not .IsSnapshot }}ghcr.io/coder/coder:{{ .Tag }}-amd64{{ end }}"] - id: coder-linux + id: release-prebuilt-linux dockerfile: Dockerfile use: buildx build_flag_templates: @@ -113,14 +88,12 @@ docker_manifests: - ghcr.io/coder/coder:{{ .Tag }}-armv7 release: - ids: [release-prebuilt-linux, release-prebuilt-windows, release-prebuilt-darwin, packages] + ids: [release-prebuilt-linux, packages] footer: | ## Container Image - `docker pull ghcr.io/coder/coder:{{ .Tag }}` - -signs: - - ids: [coder-darwin] - artifacts: archive - cmd: ./scripts/sign_macos.sh - args: ["${artifact}"] - output: true + # All non-Linux files should just be used as is. We have to import the Linux + # builds so that the docker images get built and package creation works. + extra_files: + - glob: ./artifacts/coder_*_darwin* + - glob: ./artifacts/coder_*_windows* From 2b8d9cb83fb130eafe3c82a5ee0fadaeeb8c5d93 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 16:55:33 +0000 Subject: [PATCH 03/11] chore: add dry-run functionality to release workflow --- .github/workflows/release.yaml | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 212f90c7e96ce..e31a18589a957 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -4,6 +4,11 @@ on: tags: - "v*" workflow_dispatch: + inputs: + snapshot: + description: Perform a snapshot/dry-run release (required if the ref is not a tag) + type: boolean + required: true jobs: linux-windows: @@ -53,7 +58,7 @@ jobs: uses: goreleaser/goreleaser-action@v3 with: version: latest - args: release -f ./.goreleaser-linux.yaml --rm-dist --timeout 60m --snapshot + args: release -f ./.goreleaser-release-linux.yaml --rm-dist --timeout 60m --skip-publish --skip-announce ${{ github.event.inputs.snapshot && '--snapshot' }} - name: Upload binary artifacts uses: actions/upload-artifact@v3 @@ -125,7 +130,7 @@ jobs: uses: goreleaser/goreleaser-action@v3 with: version: latest - args: release -f ./.goreleaser-darwin.yaml --rm-dist --timeout 60m --snapshot + args: release -f ./.goreleaser-release-darwin.yaml --rm-dist --timeout 60m --skip-publish --skip-announce ${{ github.event.inputs.snapshot && '--snapshot' }} env: AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} @@ -181,9 +186,15 @@ jobs: # we use the "prebuilt" builder here which is a pro-only feature distribution: goreleaser-pro version: latest - args: release -f ./.goreleaser-release.yaml --rm-dist --timeout 60m --snapshot + args: release -f ./.goreleaser-release.yaml --rm-dist --timeout 60m ${{ github.event.inputs.snapshot && '--snapshot' }} env: GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} + + - name: Upload artifacts + uses: actions/upload-artifact@v3 + with: + name: release + path: ./dist/* From d638c6efac9c2f35aab83dc70f3b08c3cdb7ebb0 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 18:40:10 +0000 Subject: [PATCH 04/11] fixup! chore: add dry-run functionality to release workflow --- .goreleaser-release-darwin.yaml | 11 ++++++----- .goreleaser-release-linux.yaml | 3 +++ .goreleaser-release.yaml | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/.goreleaser-release-darwin.yaml b/.goreleaser-release-darwin.yaml index 179c930c0f2de..1c6ea3f5d20d3 100644 --- a/.goreleaser-release-darwin.yaml +++ b/.goreleaser-release-darwin.yaml @@ -35,12 +35,10 @@ builds: goos: [darwin] goarch: [amd64, arm64] hooks: - # This signs the binary that will be located inside the zip. - # MacOS requires the binary to be signed for notarization. - # - # If it doesn't successfully sign, the zip sign step will error. + # This signs the binary that will be located inside the zip. MacOS + # requires the binary to be signed for notarization. post: | - sh -c 'codesign -s {{.Env.AC_APPLICATION_IDENTITY}} -f -v --timestamp --options runtime {{.Path}} || true' + sh -c 'codesign -s {{.Env.AC_APPLICATION_IDENTITY}} -f -v --timestamp --options runtime {{.Path}}' env: # Apple identity for signing! @@ -53,5 +51,8 @@ signs: args: ["${artifact}"] output: true +release: + ids: [coder-darwin] + snapshot: name_template: "{{ .Version }}-devel+{{ .ShortCommit }}" diff --git a/.goreleaser-release-linux.yaml b/.goreleaser-release-linux.yaml index 313d34f7ef231..d2d20a322ea6a 100644 --- a/.goreleaser-release-linux.yaml +++ b/.goreleaser-release-linux.yaml @@ -48,5 +48,8 @@ builds: goos: [windows] goarch: [amd64, arm64] +release: + ids: [coder-windows, coder-linux] + snapshot: name_template: "{{ .Version }}-devel+{{ .ShortCommit }}" diff --git a/.goreleaser-release.yaml b/.goreleaser-release.yaml index 4edad63e93ce7..3b8f947add255 100644 --- a/.goreleaser-release.yaml +++ b/.goreleaser-release.yaml @@ -10,7 +10,7 @@ builds: goarch: [amd64, arm, arm64] goarm: ["7"] prebuilt: - path: artifacts/coder-linux_{{.Os}}_{{.Arch}}/coder + path: artifacts/coder-linux_{{.Os}}_{{.Arch}}{{ with .Arm }}_{{ . }}{{ end }}/coder # This section is also contained in .goreleaser.yaml. nfpms: From ec1064b5367d6ceb335df45dd47aa2f4ace64704 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 19:43:32 +0000 Subject: [PATCH 05/11] fixup! chore: add dry-run functionality to release workflow --- .github/workflows/release.yaml | 7 +++++++ .goreleaser-release.yaml | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e31a18589a957..eee3860cacc0d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,3 +1,10 @@ +# GitHub release workflow. +# +# This workflow is a bit complicated because we have to build darwin binaries on +# a mac runner, but the mac runners are extremely slow. So instead of running +# the entire release on a mac (which will take an hour to run), we run only the +# mac build on a mac, and the rest on a linux runner. The final release is then +# published using a final linux runner. name: release on: push: diff --git a/.goreleaser-release.yaml b/.goreleaser-release.yaml index 3b8f947add255..932b645792993 100644 --- a/.goreleaser-release.yaml +++ b/.goreleaser-release.yaml @@ -1,3 +1,6 @@ +# This goreleaser config file requires GoReleaser Pro as it uses the prebuilt +# builder type. + archives: - id: coder-linux builds: [release-prebuilt-linux] @@ -97,3 +100,6 @@ release: extra_files: - glob: ./artifacts/coder_*_darwin* - glob: ./artifacts/coder_*_windows* + +snapshot: + name_template: "{{ .Version }}-devel+{{ .ShortCommit }}" From 6b09749e29165702a8083bbc03635f7acb8a0531 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 20:14:32 +0000 Subject: [PATCH 06/11] fixup! chore: add dry-run functionality to release workflow --- .goreleaser-release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.goreleaser-release.yaml b/.goreleaser-release.yaml index 932b645792993..822bab9d5bcbb 100644 --- a/.goreleaser-release.yaml +++ b/.goreleaser-release.yaml @@ -98,8 +98,8 @@ release: # All non-Linux files should just be used as is. We have to import the Linux # builds so that the docker images get built and package creation works. extra_files: - - glob: ./artifacts/coder_*_darwin* - - glob: ./artifacts/coder_*_windows* + - glob: ./artifacts/coder_*_darwin*/coder + - glob: ./artifacts/coder_*_windows*/coder.exe snapshot: name_template: "{{ .Version }}-devel+{{ .ShortCommit }}" From 8d0992d555cd03f5f703d2db67f1ef6df1d0bcc6 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 20:52:22 +0000 Subject: [PATCH 07/11] chore: add retry for apple notarization --- scripts/sign_macos.sh | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/scripts/sign_macos.sh b/scripts/sign_macos.sh index 525bc1be68c6b..523649d7c5cf4 100755 --- a/scripts/sign_macos.sh +++ b/scripts/sign_macos.sh @@ -18,4 +18,23 @@ jq -r --null-input --arg path "$(pwd)/$1" '{ } ] }' >"$config" -gon "$config" + +# The notarization process is very fragile and heavily dependent on Apple's +# notarization server not returning server errors, so we retry this step 5 +# times with a delay of 30 seconds between each attempt. +rc=0 +for i in $(seq 1 5); do + gon "$config" && rc=0 && break || rc=$? + echo "gon exit code: $rc" + if [ "$i" -lt 5 ]; then + echo + echo "Retrying notarization in 30 seconds" + echo + sleep 30 + else + echo + echo "Giving up :(" + fi +done + +exit $rc From 5cf8b28848c8e314f85aa619dabea0ca4c448512 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 21:03:33 +0000 Subject: [PATCH 08/11] fixup! chore: add retry for apple notarization --- .goreleaser-release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.goreleaser-release.yaml b/.goreleaser-release.yaml index 822bab9d5bcbb..ee050b830f9b1 100644 --- a/.goreleaser-release.yaml +++ b/.goreleaser-release.yaml @@ -98,8 +98,8 @@ release: # All non-Linux files should just be used as is. We have to import the Linux # builds so that the docker images get built and package creation works. extra_files: - - glob: ./artifacts/coder_*_darwin*/coder - - glob: ./artifacts/coder_*_windows*/coder.exe + - glob: ./artifacts/coder_*_darwin_*.zip + - glob: ./artifacts/coder_*_windows_*.zip snapshot: name_template: "{{ .Version }}-devel+{{ .ShortCommit }}" From ea01e6ee9bc7cf98858de444a589f22780663b36 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 21:48:59 +0000 Subject: [PATCH 09/11] fixup! chore: add retry for apple notarization --- .../.goreleaser-release-darwin.yaml | 0 .../.goreleaser-release-linux.yaml | 0 .../.goreleaser-release.yaml | 0 .github/workflows/release.yaml | 12 +++--------- 4 files changed, 3 insertions(+), 9 deletions(-) rename .goreleaser-release-darwin.yaml => .github/.goreleaser-release-darwin.yaml (100%) rename .goreleaser-release-linux.yaml => .github/.goreleaser-release-linux.yaml (100%) rename .goreleaser-release.yaml => .github/.goreleaser-release.yaml (100%) diff --git a/.goreleaser-release-darwin.yaml b/.github/.goreleaser-release-darwin.yaml similarity index 100% rename from .goreleaser-release-darwin.yaml rename to .github/.goreleaser-release-darwin.yaml diff --git a/.goreleaser-release-linux.yaml b/.github/.goreleaser-release-linux.yaml similarity index 100% rename from .goreleaser-release-linux.yaml rename to .github/.goreleaser-release-linux.yaml diff --git a/.goreleaser-release.yaml b/.github/.goreleaser-release.yaml similarity index 100% rename from .goreleaser-release.yaml rename to .github/.goreleaser-release.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index eee3860cacc0d..9aca440806b2a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -65,7 +65,7 @@ jobs: uses: goreleaser/goreleaser-action@v3 with: version: latest - args: release -f ./.goreleaser-release-linux.yaml --rm-dist --timeout 60m --skip-publish --skip-announce ${{ github.event.inputs.snapshot && '--snapshot' }} + args: release -f ./.github/.goreleaser-release-linux.yaml --rm-dist --timeout 60m --skip-publish --skip-announce ${{ github.event.inputs.snapshot && '--snapshot' }} - name: Upload binary artifacts uses: actions/upload-artifact@v3 @@ -137,7 +137,7 @@ jobs: uses: goreleaser/goreleaser-action@v3 with: version: latest - args: release -f ./.goreleaser-release-darwin.yaml --rm-dist --timeout 60m --skip-publish --skip-announce ${{ github.event.inputs.snapshot && '--snapshot' }} + args: release -f ./.github/.goreleaser-release-darwin.yaml --rm-dist --timeout 60m --skip-publish --skip-announce ${{ github.event.inputs.snapshot && '--snapshot' }} env: AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} @@ -193,15 +193,9 @@ jobs: # we use the "prebuilt" builder here which is a pro-only feature distribution: goreleaser-pro version: latest - args: release -f ./.goreleaser-release.yaml --rm-dist --timeout 60m ${{ github.event.inputs.snapshot && '--snapshot' }} + args: release -f ./.github/.goreleaser-release.yaml --rm-dist --timeout 60m ${{ github.event.inputs.snapshot && '--snapshot' }} env: GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} - - - name: Upload artifacts - uses: actions/upload-artifact@v3 - with: - name: release - path: ./dist/* From 211660183eeea337d45498ea1589999980c79414 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 21:49:57 +0000 Subject: [PATCH 10/11] fixup! chore: add retry for apple notarization --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9aca440806b2a..0a7025130b24e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -13,7 +13,7 @@ on: workflow_dispatch: inputs: snapshot: - description: Perform a snapshot/dry-run release (required if the ref is not a tag) + description: Perform a snapshot/dry-run release (will not create a GitHub release, required if the ref is not a tag) type: boolean required: true From 2c3a65a59b7320b3a46d6dfd5f33cdd42bbcd59b Mon Sep 17 00:00:00 2001 From: deansheather Date: Tue, 7 Jun 2022 15:10:00 +0000 Subject: [PATCH 11/11] fixup! chore: add retry for apple notarization --- .github/workflows/coder.yaml | 2 -- .goreleaser.yaml | 11 ----------- 2 files changed, 13 deletions(-) diff --git a/.github/workflows/coder.yaml b/.github/workflows/coder.yaml index ee1be2621da68..8cbfac7756dcd 100644 --- a/.github/workflows/coder.yaml +++ b/.github/workflows/coder.yaml @@ -318,8 +318,6 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork - needs: - - test-go-postgres permissions: contents: read id-token: write diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 90a79bbd9363e..602023d91e3d1 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -46,13 +46,6 @@ builds: env: [CGO_ENABLED=0] goos: [darwin] goarch: [amd64, arm64] - hooks: - # This signs the binary that will be located inside the zip. - # MacOS requires the binary to be signed for notarization. - # - # If it doesn't successfully sign, the zip sign step will error. - post: | - sh -c 'codesign -s {{.Env.AC_APPLICATION_IDENTITY}} -f -v --timestamp --options runtime {{.Path}} || true' # This section is also contained in .goreleaser-release.yaml. nfpms: @@ -78,9 +71,5 @@ nfpms: - src: coder.service dst: /usr/lib/systemd/system/coder.service -env: - # Apple identity for signing! - - AC_APPLICATION_IDENTITY=BDB050EB749EDD6A80C6F119BF1382ECA119CCCC - snapshot: name_template: "{{ .Version }}-devel+{{ .ShortCommit }}" pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy