mirror of
https://github.com/slackhq/nebula.git
synced 2025-11-08 23:03:58 +01:00
3aca576b07
* update to go1.21 Since the first minor version update has already been released, we can probably feel comfortable updating to go1.21. This version now enforces that the go version on the system is compatible with the version specified in go.mod, so we can remove the old logic around checking the minimum version in the Makefile. - https://go.dev/doc/go1.21#tools > To improve forwards compatibility, Go 1.21 now reads the go line in a go.work or go.mod file as a strict minimum requirement: go 1.21.0 means that the workspace or module cannot be used with Go 1.20 or with Go 1.21rc1. This allows projects that depend on fixes made in later versions of Go to ensure that they are not used with earlier versions. It also gives better error reporting for projects that make use of new Go features: when the problem is that a newer Go version is needed, that problem is reported clearly, instead of attempting to build the code and printing errors about unresolved imports or syntax errors. * update to go1.22 * bump gvisor * fix merge conflicts * use latest gvisor `go` branch Need to use the latest commit on the `go` branch, see: - https://github.com/google/gvisor?tab=readme-ov-file#using-go-get * mod tidy * more fixes * give smoketest more time Is this why it is failing? * also a little more sleep here --------- Co-authored-by: Jack Doan <me@jackdoan.com>
173 lines
6.1 KiB
YAML
173 lines
6.1 KiB
YAML
on:
|
|
push:
|
|
tags:
|
|
- 'v[0-9]+.[0-9]+.[0-9]*'
|
|
|
|
name: Create release and upload binaries
|
|
|
|
jobs:
|
|
build-linux:
|
|
name: Build Linux/BSD All
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.22'
|
|
check-latest: true
|
|
|
|
- name: Build
|
|
run: |
|
|
make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" release-linux release-freebsd release-openbsd release-netbsd
|
|
mkdir release
|
|
mv build/*.tar.gz release
|
|
|
|
- name: Upload artifacts
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: linux-latest
|
|
path: release
|
|
|
|
build-windows:
|
|
name: Build Windows
|
|
runs-on: windows-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.22'
|
|
check-latest: true
|
|
|
|
- name: Build
|
|
run: |
|
|
echo $Env:GITHUB_REF.Substring(11)
|
|
mkdir build\windows-amd64
|
|
$Env:GOARCH = "amd64"
|
|
go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-amd64\nebula.exe ./cmd/nebula-service
|
|
go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-amd64\nebula-cert.exe ./cmd/nebula-cert
|
|
mkdir build\windows-arm64
|
|
$Env:GOARCH = "arm64"
|
|
go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-arm64\nebula.exe ./cmd/nebula-service
|
|
go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-arm64\nebula-cert.exe ./cmd/nebula-cert
|
|
mkdir build\dist\windows
|
|
mv dist\windows\wintun build\dist\windows\
|
|
|
|
- name: Upload artifacts
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: windows-latest
|
|
path: build
|
|
|
|
build-darwin:
|
|
name: Build Universal Darwin
|
|
env:
|
|
HAS_SIGNING_CREDS: ${{ secrets.AC_USERNAME != '' }}
|
|
runs-on: macos-11
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.22'
|
|
check-latest: true
|
|
|
|
- name: Import certificates
|
|
if: env.HAS_SIGNING_CREDS == 'true'
|
|
uses: Apple-Actions/import-codesign-certs@v2
|
|
with:
|
|
p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
|
|
p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
|
|
|
|
- name: Build, sign, and notarize
|
|
env:
|
|
AC_USERNAME: ${{ secrets.AC_USERNAME }}
|
|
AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
|
|
run: |
|
|
rm -rf release
|
|
mkdir release
|
|
make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" service build/darwin-amd64/nebula build/darwin-amd64/nebula-cert
|
|
make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" service build/darwin-arm64/nebula build/darwin-arm64/nebula-cert
|
|
lipo -create -output ./release/nebula ./build/darwin-amd64/nebula ./build/darwin-arm64/nebula
|
|
lipo -create -output ./release/nebula-cert ./build/darwin-amd64/nebula-cert ./build/darwin-arm64/nebula-cert
|
|
|
|
if [ -n "$AC_USERNAME" ]; then
|
|
codesign -s "10BC1FDDEB6CE753550156C0669109FAC49E4D1E" -f -v --timestamp --options=runtime -i "net.defined.nebula" ./release/nebula
|
|
codesign -s "10BC1FDDEB6CE753550156C0669109FAC49E4D1E" -f -v --timestamp --options=runtime -i "net.defined.nebula-cert" ./release/nebula-cert
|
|
fi
|
|
|
|
zip -j release/nebula-darwin.zip release/nebula-cert release/nebula
|
|
|
|
if [ -n "$AC_USERNAME" ]; then
|
|
xcrun notarytool submit ./release/nebula-darwin.zip --team-id "576H3XS7FP" --apple-id "$AC_USERNAME" --password "$AC_PASSWORD" --wait
|
|
fi
|
|
|
|
- name: Upload artifacts
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: darwin-latest
|
|
path: ./release/*
|
|
|
|
release:
|
|
name: Create and Upload Release
|
|
needs: [build-linux, build-darwin, build-windows]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Download artifacts
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
path: artifacts
|
|
|
|
- name: Zip Windows
|
|
run: |
|
|
cd artifacts/windows-latest
|
|
cp windows-amd64/* .
|
|
zip -r nebula-windows-amd64.zip nebula.exe nebula-cert.exe dist
|
|
cp windows-arm64/* .
|
|
zip -r nebula-windows-arm64.zip nebula.exe nebula-cert.exe dist
|
|
|
|
- name: Create sha256sum
|
|
run: |
|
|
cd artifacts
|
|
for dir in linux-latest darwin-latest windows-latest
|
|
do
|
|
(
|
|
cd $dir
|
|
if [ "$dir" = windows-latest ]
|
|
then
|
|
sha256sum <windows-amd64/nebula.exe | sed 's=-$=nebula-windows-amd64.zip/nebula.exe='
|
|
sha256sum <windows-amd64/nebula-cert.exe | sed 's=-$=nebula-windows-amd64.zip/nebula-cert.exe='
|
|
sha256sum <windows-arm64/nebula.exe | sed 's=-$=nebula-windows-arm64.zip/nebula.exe='
|
|
sha256sum <windows-arm64/nebula-cert.exe | sed 's=-$=nebula-windows-arm64.zip/nebula-cert.exe='
|
|
sha256sum nebula-windows-amd64.zip
|
|
sha256sum nebula-windows-arm64.zip
|
|
elif [ "$dir" = darwin-latest ]
|
|
then
|
|
sha256sum <nebula-darwin.zip | sed 's=-$=nebula-darwin.zip='
|
|
sha256sum <nebula | sed 's=-$=nebula-darwin.zip/nebula='
|
|
sha256sum <nebula-cert | sed 's=-$=nebula-darwin.zip/nebula-cert='
|
|
else
|
|
for v in *.tar.gz
|
|
do
|
|
sha256sum $v
|
|
tar zxf $v --to-command='sh -c "sha256sum | sed s=-$='$v'/$TAR_FILENAME="'
|
|
done
|
|
fi
|
|
)
|
|
done | sort -k 2 >SHASUM256.txt
|
|
|
|
- name: Create Release
|
|
id: create_release
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
cd artifacts
|
|
gh release create \
|
|
--verify-tag \
|
|
--title "Release ${{ github.ref_name }}" \
|
|
"${{ github.ref_name }}" \
|
|
SHASUM256.txt *-latest/*.zip *-latest/*.tar.gz
|