mirror of
https://github.com/slackhq/nebula.git
synced 2026-06-30 18:40:29 +02:00
dependabot[bot]
58ab7250f5
smoke-extra / Run windows smoke test (push) Waiting to run
Build and test / Test macos (push) Waiting to run
Build and test / Test windows (push) Waiting to run
Build and test / CI status (push) Blocked by required conditions
smoke-extra / freebsd-amd64 (push) Failing after 22s
smoke-extra / linux-amd64-ipv6disable (push) Failing after 15s
smoke-extra / netbsd-amd64 (push) Failing after 14s
smoke-extra / openbsd-amd64 (push) Failing after 14s
smoke-extra / linux-386 (push) Failing after 15s
smoke / Run multi node smoke test (push) Failing after 1m28s
Build and test / Static checks (push) Successful in 1m47s
Build and test / Test linux (push) Failing after 1m29s
Build and test / Test linux-boringcrypto (push) Failing after 2m41s
Build and test / Test linux-pkcs11 (push) Failing after 3m14s
Build and test / Cross-build linux-arm (push) Successful in 2m58s
Build and test / Cross-build linux-mips (push) Successful in 3m44s
Build and test / Cross-build linux-other (push) Successful in 3m1s
Build and test / Cross-build windows (push) Successful in 58s
Build and test / Cross-build freebsd (push) Successful in 1m31s
Build and test / Cross-build netbsd (push) Successful in 1m31s
Build and test / Cross-build openbsd (push) Successful in 1m30s
Build and test / Cross-build mobile (push) Successful in 3m14s
Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
233 lines
8.5 KiB
YAML
233 lines
8.5 KiB
YAML
on:
|
|
push:
|
|
tags:
|
|
- 'v[0-9]+.[0-9]+.[0-9]*'
|
|
|
|
name: Create release and upload binaries
|
|
|
|
jobs:
|
|
build-linux:
|
|
name: Build Linux/BSD All
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v7
|
|
|
|
- uses: actions/setup-go@v6
|
|
with:
|
|
go-version: '1.25'
|
|
check-latest: true
|
|
|
|
- name: Build
|
|
run: |
|
|
make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" release-linux release-freebsd release-openbsd release-netbsd
|
|
mkdir release
|
|
mv build/*.tar.gz release
|
|
|
|
- name: Upload artifacts
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: linux-latest
|
|
path: release
|
|
|
|
build-windows:
|
|
name: Build Windows
|
|
runs-on: windows-latest
|
|
permissions:
|
|
id-token: write
|
|
contents: read
|
|
steps:
|
|
- uses: actions/checkout@v7
|
|
|
|
- uses: actions/setup-go@v6
|
|
with:
|
|
go-version: '1.25'
|
|
check-latest: true
|
|
|
|
- name: Build
|
|
run: |
|
|
echo $Env:GITHUB_REF.Substring(11)
|
|
mkdir build\windows-amd64
|
|
$Env:GOARCH = "amd64"
|
|
go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-amd64\nebula.exe ./cmd/nebula-service
|
|
go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-amd64\nebula-cert.exe ./cmd/nebula-cert
|
|
mkdir build\windows-arm64
|
|
$Env:GOARCH = "arm64"
|
|
go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-arm64\nebula.exe ./cmd/nebula-service
|
|
go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-arm64\nebula-cert.exe ./cmd/nebula-cert
|
|
mkdir build\dist\windows
|
|
mv dist\windows\wintun build\dist\windows\
|
|
|
|
- name: Code-sign
|
|
uses: ./.github/actions/code-sign
|
|
with:
|
|
path: build
|
|
role: ${{ secrets.DEFINED_CODE_SIGNER_ROLE }}
|
|
bucket: ${{ secrets.DEFINED_CODE_SIGNER_BUCKET }}
|
|
|
|
- name: Upload artifacts
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: windows-latest
|
|
path: build
|
|
|
|
build-darwin:
|
|
name: Build Universal Darwin
|
|
env:
|
|
HAS_SIGNING_CREDS: ${{ secrets.AC_USERNAME != '' }}
|
|
runs-on: macos-latest
|
|
steps:
|
|
- uses: actions/checkout@v7
|
|
|
|
- uses: actions/setup-go@v6
|
|
with:
|
|
go-version: '1.25'
|
|
check-latest: true
|
|
|
|
- name: Import certificates
|
|
if: env.HAS_SIGNING_CREDS == 'true'
|
|
uses: Apple-Actions/import-codesign-certs@v7
|
|
with:
|
|
p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
|
|
p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
|
|
|
|
- name: Build, sign, and notarize
|
|
env:
|
|
AC_USERNAME: ${{ secrets.AC_USERNAME }}
|
|
AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
|
|
run: |
|
|
rm -rf release
|
|
mkdir release
|
|
make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" service build/darwin-amd64/nebula build/darwin-amd64/nebula-cert
|
|
make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" service build/darwin-arm64/nebula build/darwin-arm64/nebula-cert
|
|
lipo -create -output ./release/nebula ./build/darwin-amd64/nebula ./build/darwin-arm64/nebula
|
|
lipo -create -output ./release/nebula-cert ./build/darwin-amd64/nebula-cert ./build/darwin-arm64/nebula-cert
|
|
|
|
if [ -n "$AC_USERNAME" ]; then
|
|
codesign -s "10BC1FDDEB6CE753550156C0669109FAC49E4D1E" -f -v --timestamp --options=runtime -i "net.defined.nebula" ./release/nebula
|
|
codesign -s "10BC1FDDEB6CE753550156C0669109FAC49E4D1E" -f -v --timestamp --options=runtime -i "net.defined.nebula-cert" ./release/nebula-cert
|
|
fi
|
|
|
|
zip -j release/nebula-darwin.zip release/nebula-cert release/nebula
|
|
|
|
if [ -n "$AC_USERNAME" ]; then
|
|
xcrun notarytool submit ./release/nebula-darwin.zip --team-id "576H3XS7FP" --apple-id "$AC_USERNAME" --password "$AC_PASSWORD" --wait
|
|
fi
|
|
|
|
- name: Upload artifacts
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: darwin-latest
|
|
path: ./release/*
|
|
|
|
build-docker:
|
|
name: Create and Upload Docker Images
|
|
# Technically we only need build-linux to succeed, but if any platforms fail we'll
|
|
# want to investigate and restart the build
|
|
needs: [build-linux, build-darwin, build-windows]
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
HAS_DOCKER_CREDS: ${{ vars.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }}
|
|
# XXX It's not possible to write a conditional here, so instead we do it on every step
|
|
#if: ${{ env.HAS_DOCKER_CREDS == 'true' }}
|
|
steps:
|
|
# Be sure to checkout the code before downloading artifacts, or they will
|
|
# be overwritten
|
|
- name: Checkout code
|
|
if: ${{ env.HAS_DOCKER_CREDS == 'true' }}
|
|
uses: actions/checkout@v7
|
|
|
|
- name: Download artifacts
|
|
if: ${{ env.HAS_DOCKER_CREDS == 'true' }}
|
|
uses: actions/download-artifact@v8
|
|
with:
|
|
name: linux-latest
|
|
path: artifacts
|
|
|
|
- name: Login to Docker Hub
|
|
if: ${{ env.HAS_DOCKER_CREDS == 'true' }}
|
|
uses: docker/login-action@v4
|
|
with:
|
|
username: ${{ vars.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Set up Docker Buildx
|
|
if: ${{ env.HAS_DOCKER_CREDS == 'true' }}
|
|
uses: docker/setup-buildx-action@v4
|
|
|
|
- name: Build and push images
|
|
if: ${{ env.HAS_DOCKER_CREDS == 'true' }}
|
|
env:
|
|
DOCKER_IMAGE_REPO: ${{ vars.DOCKER_IMAGE_REPO || 'nebulaoss/nebula' }}
|
|
DOCKER_IMAGE_TAG: ${{ vars.DOCKER_IMAGE_TAG || 'latest' }}
|
|
run: |
|
|
mkdir -p build/linux-{amd64,arm64}
|
|
tar -zxvf artifacts/nebula-linux-amd64.tar.gz -C build/linux-amd64/
|
|
tar -zxvf artifacts/nebula-linux-arm64.tar.gz -C build/linux-arm64/
|
|
docker buildx build . --push -f docker/Dockerfile --platform linux/amd64,linux/arm64 \
|
|
--build-arg VERSION="${GITHUB_REF#refs/tags/v}" \
|
|
--build-arg REVISION="${GITHUB_SHA}" \
|
|
--tag "${DOCKER_IMAGE_REPO}:${DOCKER_IMAGE_TAG}" --tag "${DOCKER_IMAGE_REPO}:${GITHUB_REF#refs/tags/v}"
|
|
|
|
release:
|
|
name: Create and Upload Release
|
|
needs: [build-linux, build-darwin, build-windows]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v7
|
|
|
|
- name: Download artifacts
|
|
uses: actions/download-artifact@v8
|
|
with:
|
|
path: artifacts
|
|
|
|
- name: Zip Windows
|
|
run: |
|
|
cd artifacts/windows-latest
|
|
cp windows-amd64/* .
|
|
zip -r nebula-windows-amd64.zip nebula.exe nebula-cert.exe dist
|
|
cp windows-arm64/* .
|
|
zip -r nebula-windows-arm64.zip nebula.exe nebula-cert.exe dist
|
|
|
|
- name: Create sha256sum
|
|
run: |
|
|
cd artifacts
|
|
for dir in linux-latest darwin-latest windows-latest
|
|
do
|
|
(
|
|
cd $dir
|
|
if [ "$dir" = windows-latest ]
|
|
then
|
|
sha256sum <windows-amd64/nebula.exe | sed 's=-$=nebula-windows-amd64.zip/nebula.exe='
|
|
sha256sum <windows-amd64/nebula-cert.exe | sed 's=-$=nebula-windows-amd64.zip/nebula-cert.exe='
|
|
sha256sum <windows-arm64/nebula.exe | sed 's=-$=nebula-windows-arm64.zip/nebula.exe='
|
|
sha256sum <windows-arm64/nebula-cert.exe | sed 's=-$=nebula-windows-arm64.zip/nebula-cert.exe='
|
|
sha256sum nebula-windows-amd64.zip
|
|
sha256sum nebula-windows-arm64.zip
|
|
elif [ "$dir" = darwin-latest ]
|
|
then
|
|
sha256sum <nebula-darwin.zip | sed 's=-$=nebula-darwin.zip='
|
|
sha256sum <nebula | sed 's=-$=nebula-darwin.zip/nebula='
|
|
sha256sum <nebula-cert | sed 's=-$=nebula-darwin.zip/nebula-cert='
|
|
else
|
|
for v in *.tar.gz
|
|
do
|
|
sha256sum $v
|
|
tar zxf $v --to-command='sh -c "sha256sum | sed s=-$='$v'/$TAR_FILENAME="'
|
|
done
|
|
fi
|
|
)
|
|
done | sort -k 2 >SHASUM256.txt
|
|
|
|
- name: Create Release
|
|
id: create_release
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
GITHUB_REF_NAME: ${{ github.ref_name }}
|
|
run: |
|
|
cd artifacts
|
|
gh release create \
|
|
--verify-tag \
|
|
--title "Release ${GITHUB_REF_NAME}" \
|
|
"${GITHUB_REF_NAME}" \
|
|
SHASUM256.txt *-latest/*.zip *-latest/*.tar.gz
|