Merge pull request #5802 from jandubois/nginx-resolver #770
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Package | |
| on: | |
| pull_request: {} | |
| push: | |
| branches: | |
| - main | |
| - release-* | |
| tags: | |
| - '*' | |
| workflow_dispatch: {} | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| package: | |
| strategy: | |
| matrix: | |
| include: | |
| - platform: mac | |
| arch: x86_64 | |
| runs-on: macos-11 | |
| - platform: mac | |
| arch: aarch64 | |
| runs-on: macos-11 | |
| - platform: win | |
| runs-on: windows-2019 | |
| - platform: linux | |
| runs-on: ubuntu-20.04 | |
| runs-on: ${{ matrix.runs-on }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| # Needed to run `git describe` to get full version info | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: '16.x' | |
| cache: yarn | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.x' | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '^1.21' | |
| cache-dependency-path: src/go/**/go.sum | |
| - name: Install Windows dependencies | |
| if: runner.os == 'Windows' | |
| shell: powershell | |
| run: .\scripts\windows-setup.ps1 -SkipVisualStudio -SkipTools | |
| - name: Flag build for M1 | |
| if: matrix.arch == 'aarch64' && matrix.platform == 'mac' | |
| run: echo "M1=1" >> "${GITHUB_ENV}" | |
| - run: pip install setuptools | |
| - # Needs a network timeout for macos & windows. See https://github.com/yarnpkg/yarn/issues/8242 for more info | |
| run: yarn install --frozen-lockfile --network-timeout 1000000 | |
| - run: yarn build | |
| - run: yarn package --${{ matrix.platform }} --publish=never | |
| - name: Build bats.tar.gz | |
| if: matrix.platform == 'linux' | |
| run: make -C bats bats.tar.gz | |
| - name: Upload bats.tar.gz | |
| uses: actions/upload-artifact@v3 | |
| if: matrix.platform == 'linux' | |
| with: | |
| name: bats.tar.gz | |
| path: bats/bats.tar.gz | |
| if-no-files-found: error | |
| - name: Upload mac disk image | |
| uses: actions/upload-artifact@v3 | |
| if: matrix.platform == 'mac' | |
| with: | |
| name: Rancher Desktop.${{ matrix.arch }}.dmg | |
| path: dist/Rancher Desktop*.dmg | |
| if-no-files-found: error | |
| - name: Upload mac zip | |
| uses: actions/upload-artifact@v3 | |
| if: matrix.platform == 'mac' | |
| with: | |
| name: Rancher Desktop-mac.${{ matrix.arch }}.zip | |
| path: dist/Rancher Desktop*.zip | |
| if-no-files-found: error | |
| - name: Upload Windows installer | |
| uses: actions/upload-artifact@v3 | |
| if: matrix.platform == 'win' | |
| with: | |
| name: Rancher Desktop Setup.msi | |
| path: dist/Rancher Desktop*.msi | |
| if-no-files-found: error | |
| - name: Upload Windows zip | |
| uses: actions/upload-artifact@v3 | |
| if: matrix.platform == 'win' | |
| with: | |
| name: Rancher Desktop-win.zip | |
| path: dist/Rancher Desktop-*-win.zip | |
| if-no-files-found: error | |
| - name: Upload Linux zip | |
| uses: actions/upload-artifact@v3 | |
| if: matrix.platform == 'linux' | |
| with: | |
| name: Rancher Desktop-linux.zip | |
| path: dist/rancher-desktop-*-linux.zip | |
| if-no-files-found: error | |
| - id: has_s3 | |
| name: Check if S3 secrets are available | |
| continue-on-error: true | |
| if: github.ref_type == 'branch' && ( startsWith(github.ref_name, 'main') || startsWith(github.ref_name, 'release-') ) | |
| run: '[[ -n "${key}" ]]' | |
| env: | |
| key: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| - name: set zip_name env var | |
| id: zip_name | |
| if: matrix.platform == 'linux' && steps.has_s3.outcome == 'success' | |
| run: | | |
| # in pull requests GITHUB_REF_NAME is in the form "<pr_number>/merge"; | |
| # remove slashes since they aren't valid in filenames | |
| no_slash_ref_name="${GITHUB_REF_NAME//\//-/}" | |
| zip_name="rancher-desktop-linux-${no_slash_ref_name}.zip" | |
| echo "zip_name=${zip_name}" >> "${GITHUB_OUTPUT}" | |
| - name: Copy zip file to S3 | |
| uses: prewk/s3-cp-action@74701625561055a306f92fa5c18e948f9d14a54a | |
| if: matrix.platform == 'linux' && steps.has_s3.outcome == 'success' | |
| with: | |
| aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| source: dist/rancher-desktop-*-linux.zip | |
| dest: s3://rancher-desktop-assets-for-obs/${{ steps.zip_name.outputs.zip_name }} | |
| - name: Trigger OBS services for relevant package in dev channel | |
| if: matrix.platform == 'linux' && steps.has_s3.outcome == 'success' | |
| run: | | |
| curl -X POST \ | |
| -H "Authorization: Token ${OBS_WEBHOOK_TOKEN}" \ | |
| "https://build.opensuse.org/trigger/runservice?project=isv:Rancher:dev&package=rancher-desktop-${GITHUB_REF_NAME}" | |
| env: | |
| OBS_WEBHOOK_TOKEN: ${{ secrets.OBS_WEBHOOK_TOKEN }} | |
| sign: | |
| name: Test Signing | |
| needs: package | |
| runs-on: windows-2022 | |
| if: >- | |
| (github.event_name == 'push' && github.ref == 'refs/heads/main') || | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release-')) || | |
| (github.event_name == 'push' && startsWith(github.ref, 'refs/tags')) || | |
| (github.event_name == 'workflow_dispatch') | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Install Windows dependencies | |
| if: runner.os == 'Windows' | |
| shell: powershell | |
| run: .\scripts\windows-setup.ps1 -SkipVisualStudio -SkipTools | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '^1.21' | |
| cache-dependency-path: src/go/**/go.sum | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: '16.x' | |
| cache: yarn | |
| # Needs a network timeout for macos & windows. See https://github.com/yarnpkg/yarn/issues/8242 for more info | |
| - run: yarn install --frozen-lockfile --network-timeout 1000000 | |
| - uses: actions/download-artifact@v3 | |
| if: runner.os == 'Windows' | |
| with: | |
| name: Rancher Desktop-win.zip | |
| - if: runner.os == 'Windows' | |
| shell: powershell | |
| run: | | |
| # Generate a test signing certificate | |
| $cert = New-SelfSignedCertificate ` | |
| -Type Custom ` | |
| -Subject "CN=Rancher-Sandbox, C=CA" ` | |
| -KeyUsage DigitalSignature ` | |
| -CertStoreLocation Cert:\CurrentUser\My ` | |
| -FriendlyName "Rancher-Sandbox Code Signing" ` | |
| -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3", "2.5.29.19={text}") | |
| Write-Output $cert | |
| $env:CSC_FINGERPRINT = $cert.Thumbprint | |
| # Run the signing script | |
| yarn sign -- (Get-Item "Rancher Desktop*-win.zip") | |
| # Check that the msi file was signed by the expected cert | |
| $usedCert = (Get-AuthenticodeSignature -FilePath 'dist\Rancher Desktop Setup*.msi').SignerCertificate | |
| Write-Output $usedCert | |
| if ($cert -ne $usedCert) { | |
| Write-Output "Expected Certificate" $cert "Actual Certificate" $usedCert | |
| Throw "Installer signed with wrong certificate" | |
| } |