Binaries #52
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Binaries | |
on: | |
push: | |
tags: | |
- 'v[0-9]+.[0-9]+.[0-9]+*' | |
jobs: | |
draft-release: | |
name: Draft release | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- | |
name: Extract tag name | |
run: echo "X_TAG=${GITHUB_REF#refs/*/v}" >> $GITHUB_ENV | |
- | |
name: Fill release body | |
run: |- | |
set -e | |
cat <<EOF | tee RELEASE.md | |
$(git log --pretty="- %s" $(git tag --sort=-creatordate | sed -n 2p)..${{ github.ref }} | egrep -v "^.{1,7}$") | |
Other upgraded assets: | |
- https://hub.docker.com/r/wallarm/api-firewall | |
- https://charts.wallarm.com | |
EOF | |
- | |
name: Draft Release | |
id: draft_release | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ github.ref }} | |
release_name: v${{ env.X_TAG }} | |
body_path: RELEASE.md | |
draft: true | |
prerelease: false | |
outputs: | |
upload_url: ${{ steps.draft_release.outputs.upload_url }} | |
release_id: ${{ steps.draft_release.outputs.id }} | |
build-x86: | |
name: Build ${{ matrix.artifact }} binary | |
runs-on: ubuntu-latest | |
needs: | |
- draft-release | |
env: | |
X_GO_DISTRIBUTION: "https://go.dev/dl/go1.22.9.linux-amd64.tar.gz" | |
strategy: | |
matrix: | |
include: | |
- arch: amd64 | |
distro: debian | |
artifact: amd64-libc | |
- arch: "386" | |
distro: debian | |
artifact: 386-libc | |
steps: | |
- uses: actions/checkout@v2 | |
- | |
name: Extract tag name | |
run: echo "X_TAG=${GITHUB_REF#refs/*/v}" >> $GITHUB_ENV | |
- | |
uses: addnab/docker-run-action@v3 | |
with: | |
image: debian:bullseye | |
options: > | |
--volume ${{ github.workspace }}:/build | |
--workdir /build | |
run: |- | |
set -e | |
apt-get update -y && \ | |
apt-get install --no-install-recommends -y \ | |
build-essential \ | |
binutils \ | |
ca-certificates \ | |
curl \ | |
gcc \ | |
git \ | |
gzip \ | |
make && \ | |
curl -sLo go.tar.gz ${{ env.X_GO_DISTRIBUTION }} && \ | |
mkdir -p /usr/local/go && \ | |
tar -x -C /usr/local -f go.tar.gz && \ | |
rm go.tar.gz && \ | |
export PATH=${PATH}:/usr/local/go/bin | |
go version | |
case "${{ matrix.arch }}" in | |
"386") | |
export GOARCH=386 | |
export GOOS=linux | |
;; | |
esac | |
mkdir -p /tmp/api-firewall-${{ matrix.artifact }} && \ | |
go mod download -x && \ | |
go build \ | |
-ldflags="-X main.build=${{ env.X_TAG }} -extldflags=-static -s -w" \ | |
-o /tmp/api-firewall-${{ matrix.artifact }}/api-firewall \ | |
-buildvcs=false ./cmd/api-firewall && \ | |
/tmp/api-firewall-${{ matrix.artifact }}/api-firewall -v && \ | |
readelf -h /tmp/api-firewall-${{ matrix.artifact }}/api-firewall && \ | |
cp LICENSE /tmp/api-firewall-${{ matrix.artifact }}/ && \ | |
mkdir -p ./artifacts && \ | |
tar -c \ | |
-C /tmp/api-firewall-${{ matrix.artifact }} . \ | |
| gzip -9 \ | |
> ./artifacts/api-firewall-${{ matrix.artifact }}.tar.gz | |
- | |
name: Show the artifact | |
id: artifact | |
run: |- | |
export FILENAME=$(realpath --relative-to=. ${PWD}/artifacts/*) | |
export O_ARTIFACT="$(basename ${FILENAME})" | |
export O_MD5="$(md5sum ${FILENAME} | awk '{print $1}')" | |
export O_SHA1="$(sha1sum ${FILENAME} | awk '{print $1}')" | |
export O_SHA256="$(sha256sum ${FILENAME} | awk '{print $1}')" | |
echo "::set-output name=filepath::${FILENAME}" | |
echo "::set-output name=filename::${O_ARTIFACT}" | |
echo "::set-output name=md5::${O_MD5}" | |
echo "::set-output name=sha1::${O_SHA1}" | |
echo "::set-output name=sha256::${O_SHA256}" | |
cat <<EOF | |
ARTIFACT: ${O_ARTIFACT} | |
MD5: ${O_MD5} | |
SHA1: ${O_SHA1} | |
SHA256: ${O_SHA256} | |
EOF | |
- | |
name: Upload Release Asset | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.draft-release.outputs.upload_url }} | |
asset_path: ${{ steps.artifact.outputs.filepath }} | |
asset_name: ${{ steps.artifact.outputs.filename }} | |
asset_content_type: application/gzip | |
outputs: | |
filepath: ${{ steps.artifact.outputs.filepath }} | |
filename: ${{ steps.artifact.outputs.filename }} | |
md5: ${{ steps.artifact.outputs.md5 }} | |
sha1: ${{ steps.artifact.outputs.sha1 }} | |
sha256: ${{ steps.artifact.outputs.sha256 }} | |
build-x86-alpine: | |
name: Build ${{ matrix.artifact }} binary | |
runs-on: ubuntu-latest | |
needs: | |
- draft-release | |
env: | |
X_GO_VERSION: "1.22.9" | |
strategy: | |
matrix: | |
include: | |
- arch: amd64 | |
distro: alpine | |
artifact: amd64-musl | |
- arch: "386" | |
distro: alpine | |
artifact: 386-musl | |
steps: | |
- uses: actions/checkout@v2 | |
- | |
name: Extract tag name | |
run: echo "X_TAG=${GITHUB_REF#refs/*/v}" >> $GITHUB_ENV | |
- | |
uses: addnab/docker-run-action@v3 | |
with: | |
image: golang:${{ env.X_GO_VERSION }}-alpine3.20 | |
options: > | |
--volume ${{ github.workspace }}:/build | |
--workdir /build | |
run: |- | |
set -e | |
apk add --no-cache \ | |
binutils \ | |
ca-certificates \ | |
curl \ | |
gcc \ | |
git \ | |
gzip \ | |
musl-dev \ | |
make | |
go version | |
case "${{ matrix.arch }}" in | |
"386") | |
export GOARCH=386 | |
export GOOS=linux | |
;; | |
esac | |
mkdir -p /tmp/api-firewall-${{ matrix.artifact }} && \ | |
go mod download -x && \ | |
go build \ | |
-ldflags="-X main.build=${{ env.X_TAG }} -extldflags=-static -s -w" \ | |
-o /tmp/api-firewall-${{ matrix.artifact }}/api-firewall \ | |
-buildvcs=false ./cmd/api-firewall && \ | |
/tmp/api-firewall-${{ matrix.artifact }}/api-firewall -v && \ | |
readelf -h /tmp/api-firewall-${{ matrix.artifact }}/api-firewall && \ | |
cp LICENSE /tmp/api-firewall-${{ matrix.artifact }}/ && \ | |
mkdir -p ./artifacts && \ | |
tar -c \ | |
-C /tmp/api-firewall-${{ matrix.artifact }} . \ | |
| gzip -9 \ | |
> ./artifacts/api-firewall-${{ matrix.artifact }}.tar.gz | |
- | |
name: Show the artifact | |
id: artifact | |
run: |- | |
export FILENAME=$(realpath --relative-to=. ${PWD}/artifacts/*) | |
export O_ARTIFACT="$(basename ${FILENAME})" | |
export O_MD5="$(md5sum ${FILENAME} | awk '{print $1}')" | |
export O_SHA1="$(sha1sum ${FILENAME} | awk '{print $1}')" | |
export O_SHA256="$(sha256sum ${FILENAME} | awk '{print $1}')" | |
echo "::set-output name=filepath::${FILENAME}" | |
echo "::set-output name=filename::${O_ARTIFACT}" | |
echo "::set-output name=md5::${O_MD5}" | |
echo "::set-output name=sha1::${O_SHA1}" | |
echo "::set-output name=sha256::${O_SHA256}" | |
cat <<EOF | |
ARTIFACT: ${O_ARTIFACT} | |
MD5: ${O_MD5} | |
SHA1: ${O_SHA1} | |
SHA256: ${O_SHA256} | |
EOF | |
- | |
name: Upload Release Asset | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.draft-release.outputs.upload_url }} | |
asset_path: ${{ steps.artifact.outputs.filepath }} | |
asset_name: ${{ steps.artifact.outputs.filename }} | |
asset_content_type: application/gzip | |
outputs: | |
filepath: ${{ steps.artifact.outputs.filepath }} | |
filename: ${{ steps.artifact.outputs.filename }} | |
md5: ${{ steps.artifact.outputs.md5 }} | |
sha1: ${{ steps.artifact.outputs.sha1 }} | |
sha256: ${{ steps.artifact.outputs.sha256 }} | |
build-arm: | |
name: Build ${{ matrix.artifact }} binary | |
runs-on: ubuntu-latest | |
needs: | |
- draft-release | |
strategy: | |
matrix: | |
include: | |
- arch: none | |
distro: none | |
go_distribution: https://go.dev/dl/go1.22.9.linux-armv6l.tar.gz | |
artifact: armv6-libc | |
base_image: '--platform=linux/armv6 bullseye:latest' | |
- arch: none | |
distro: none | |
go_distribution: https://go.dev/dl/go1.22.9.linux-arm64.tar.gz | |
artifact: arm64-libc | |
base_image: '--platform=linux/aarch64 bullseye:latest' | |
- arch: none | |
distro: none | |
go_distribution: https://go.dev/dl/go1.22.9.linux-armv6l.tar.gz | |
artifact: armv6-musl | |
base_image: '--platform=linux/armv6 alpine:latest' | |
- arch: none | |
distro: none | |
go_distribution: https://go.dev/dl/go1.22.9.linux-arm64.tar.gz | |
artifact: arm64-musl | |
base_image: '--platform=linux/aarch64 alpine:latest' | |
steps: | |
- uses: actions/[email protected] | |
- | |
name: Extract tag name | |
run: echo "X_TAG=${GITHUB_REF#refs/*/v}" >> $GITHUB_ENV | |
- | |
uses: uraimo/run-on-arch-action@v2 | |
name: Build artifact | |
id: build | |
with: | |
arch: ${{ matrix.arch }} | |
distro: ${{ matrix.distro }} | |
base_image: ${{ matrix.base_image }} | |
githubToken: ${{ github.token }} | |
setup: |- | |
mkdir -p "${PWD}/artifacts" | |
dockerRunArgs: |- | |
--volume "${PWD}/artifacts:/artifacts" | |
shell: /bin/sh | |
install: |- | |
set -e | |
case "${{ matrix.distro }}" in | |
bullseye) | |
apt-get update -y && \ | |
apt-get install --no-install-recommends -y \ | |
binutils \ | |
ca-certificates \ | |
curl \ | |
gcc \ | |
git \ | |
gzip \ | |
libc6-dev \ | |
make && \ | |
curl -sLo go.tar.gz ${{ matrix.go_distribution }} && \ | |
mkdir -p /usr/local/go && \ | |
tar -x -C /usr/local -f go.tar.gz && \ | |
rm go.tar.gz && \ | |
export PATH=${PATH}:/usr/local/go/bin | |
;; | |
alpine*) | |
apk add --no-cache \ | |
binutils \ | |
ca-certificates \ | |
curl \ | |
gcc \ | |
git \ | |
gzip \ | |
make \ | |
musl-dev && \ | |
curl -sLo go.tar.gz ${{ matrix.go_distribution }} && \ | |
mkdir -p /usr/local/go && \ | |
tar -x -C /usr/local -f go.tar.gz && \ | |
rm go.tar.gz && \ | |
export PATH=${PATH}:/usr/local/go/bin | |
;; | |
esac | |
go version | |
run: |- | |
export PATH=${PATH}:/usr/local/go/bin && \ | |
export CGO_CFLAGS="-D_LARGEFILE64_SOURCE" && \ | |
mkdir -p /tmp/api-firewall-${{ matrix.artifact }} && \ | |
go mod download -x && \ | |
go build \ | |
-ldflags="-X main.build=${{ env.X_TAG }} -extldflags=-static -s -w" \ | |
-o /tmp/api-firewall-${{ matrix.artifact }}/api-firewall \ | |
-buildvcs=false ./cmd/api-firewall && \ | |
/tmp/api-firewall-${{ matrix.artifact }}/api-firewall -v && \ | |
readelf -h /tmp/api-firewall-${{ matrix.artifact }}/api-firewall && \ | |
cp LICENSE /tmp/api-firewall-${{ matrix.artifact }}/ && \ | |
tar -c \ | |
-C /tmp/api-firewall-${{ matrix.artifact }} . \ | |
| gzip -9 \ | |
> /artifacts/api-firewall-${{ matrix.artifact }}.tar.gz | |
- | |
name: Show the artifact | |
id: artifact | |
run: |- | |
export FILENAME=$(realpath --relative-to=. ${PWD}/artifacts/*) | |
export O_ARTIFACT="$(basename ${FILENAME})" | |
export O_MD5="$(md5sum ${FILENAME} | awk '{print $1}')" | |
export O_SHA1="$(sha1sum ${FILENAME} | awk '{print $1}')" | |
export O_SHA256="$(sha256sum ${FILENAME} | awk '{print $1}')" | |
echo "::set-output name=filepath::${FILENAME}" | |
echo "::set-output name=filename::${O_ARTIFACT}" | |
echo "::set-output name=md5::${O_MD5}" | |
echo "::set-output name=sha1::${O_SHA1}" | |
echo "::set-output name=sha256::${O_SHA256}" | |
cat <<EOF | |
ARTIFACT: ${O_ARTIFACT} | |
MD5: ${O_MD5} | |
SHA1: ${O_SHA1} | |
SHA256: ${O_SHA256} | |
EOF | |
- | |
name: Upload Release Asset | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.draft-release.outputs.upload_url }} | |
asset_path: ${{ steps.artifact.outputs.filepath }} | |
asset_name: ${{ steps.artifact.outputs.filename }} | |
asset_content_type: application/gzip | |
outputs: | |
filepath: ${{ steps.artifact.outputs.filepath }} | |
filename: ${{ steps.artifact.outputs.filename }} | |
md5: ${{ steps.artifact.outputs.md5 }} | |
sha1: ${{ steps.artifact.outputs.sha1 }} | |
sha256: ${{ steps.artifact.outputs.sha256 }} | |
commit-release: | |
name: Commit release | |
runs-on: ubuntu-latest | |
needs: | |
- draft-release | |
- build-x86 | |
- build-x86-alpine | |
- build-arm | |
steps: | |
- uses: actions/checkout@v2 | |
- | |
uses: eregon/publish-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
release_id: ${{ needs.draft-release.outputs.release_id }} |