diff options
| author | ZyanKLee <ZyanKLee@users.noreply.github.com> | 2022-05-24 11:11:26 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-24 11:11:26 +0200 |
| commit | 9ab760e2fbe8e203877a80a3dd1af7039602c72e (patch) | |
| tree | 65b42edd8e84aa6b89664f6a859b3b9430e6d37f | |
| parent | 9f5cfdfc793e60c020e2beb85c6846387400f1ac (diff) | |
| parent | 536f5b3a91ae4273341e5bd36442877c3c358f95 (diff) | |
Merge pull request #279 from noisetorch/272-automatic-release-to-github
automatic release to GitHub
| -rw-r--r-- | .github/workflows/build-artifact.yml | 23 | ||||
| -rw-r--r-- | .github/workflows/release.yml | 34 | ||||
| -rw-r--r-- | Makefile | 12 | ||||
| -rw-r--r-- | scripts/signer.go | 19 |
4 files changed, 75 insertions, 13 deletions
diff --git a/.github/workflows/build-artifact.yml b/.github/workflows/build-artifact.yml new file mode 100644 index 0000000..0313e59 --- /dev/null +++ b/.github/workflows/build-artifact.yml @@ -0,0 +1,23 @@ +--- +name: build dev artifact + +on: + pull_request: + +permissions: + contents: read + pull-requests: read + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/setup-go@v3 + with: + go-version: 1.18 + - uses: actions/checkout@v3 + - run: make dev + - uses: actions/upload-artifact@v3 + with: + name: linux_x64 + path: ${{ github.workspace }}/bin/noisetorch diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..304d5f1 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,34 @@ +--- +name: release + +on: + push: + tags: + - "v*.*.*" + +permissions: + contents: write + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/setup-go@v3 + with: + go-version: 1.18 + - uses: actions/checkout@v3 + - name: Build release artifact + run: | + mkdir -p ~/.config/noisetorch + echo '${{ secrets.NOISETORCH_SIGNER_PRIVKEY_BASE64 }}' | base64 -d > ~/.config/noisetorch/private.key + make release + rm -rf ~/.config/noisetorch/ + for f in bin/NoiseTorch_x64_*.tgz ; do md5sum ${f} | tee ${f}.md5sum ; sha512sum ${f} | tee ${f}.sha512sum ; done + - name: Release + uses: softprops/action-gh-release@v1 + with: + files: | + ${{ github.workspace }}/bin/NoiseTorch_x64_*.tgz + ${{ github.workspace }}/bin/NoiseTorch_x64_*.tgz.sig + ${{ github.workspace }}/bin/NoiseTorch_x64_*.tgz.md5sum + ${{ github.workspace }}/bin/NoiseTorch_x64_*.tgz.sha512sum @@ -1,5 +1,5 @@ -UPDATE_URL=https://noisetorch.epicgamer.org -UPDATE_PUBKEY=3mL+rBi4yBZ1wGimQ/oSQCjxELzgTh+673H4JdzQBOk= +UPDATE_URL= +UPDATE_PUBKEY=Md2rdsS+b6W0trgcqa5lAWP978Zj0sFmubJ252OPKwc= VERSION := $(shell git describe --tags) dev: rnnoise @@ -18,14 +18,12 @@ release: rnnoise mkdir -p tmp/.local/bin/ go generate - CGO_ENABLED=0 GOOS=linux go build -trimpath -tags release -a -ldflags '-s -w -extldflags "-static" -X main.version=${VERSION} -X main.distribution=official -X main.updateURL=${UPDATE_URL} -X main.publicKeyString=${UPDATE_PUBKEY}' . - upx noisetorch + CGO_ENABLED=0 GOOS=linux go build -trimpath -tags release -a -ldflags '-s -w -extldflags "-static" -X main.version=${VERSION} -X main.distribution=official' . mv noisetorch tmp/.local/bin/ cd tmp/; \ - tar cvzf ../bin/NoiseTorch_x64.tgz . + tar cvzf ../bin/NoiseTorch_x64_${VERSION}.tgz . rm -rf tmp/ - go run scripts/signer.go -s - git describe --tags > bin/version.txt + go run scripts/signer.go -s -f bin/NoiseTorch_x64_${VERSION}.tgz rnnoise: git submodule update --init --recursive $(MAKE) -C c/ladspa diff --git a/scripts/signer.go b/scripts/signer.go index e32a7cb..77e79c0 100644 --- a/scripts/signer.go +++ b/scripts/signer.go @@ -25,8 +25,13 @@ func main() { //nolint var publicKeyString string flag.StringVar(&publicKeyString, "k", "", "Public key to verify against (runs verifier if set)") + var artifactFile string + flag.StringVar(&artifactFile, "f", "", "Artifact file name and path that should be signed") + flag.Parse() + signatureFile := artifactFile + ".sig" + if doGenerate { generateKeypair() os.Exit(0) @@ -38,10 +43,10 @@ func main() { //nolint os.Exit(0) } - if doSign { + if doSign && artifactFile != "" { _, priv := loadKeys() - file, err := ioutil.ReadFile("bin/NoiseTorch_x64.tgz") + file, err := ioutil.ReadFile(artifactFile) if err != nil { panic(err) } @@ -50,24 +55,26 @@ func main() { //nolint if err != nil { panic(err) } - if err := ioutil.WriteFile("bin/NoiseTorch_x64.tgz.sig", sig, 0644); err != nil { + + err = ioutil.WriteFile(signatureFile, sig, 0640) + if err != nil { panic(err) } os.Exit(0) } - if publicKeyString != "" { + if publicKeyString != "" && artifactFile != "" && signatureFile != "" { pub, err := base64.StdEncoding.DecodeString(publicKeyString) if err != nil { panic(err) } - file, err := ioutil.ReadFile("bin/NoiseTorch_x64.tgz") + file, err := ioutil.ReadFile(artifactFile) if err != nil { panic(err) } - sig, err := ioutil.ReadFile("bin/NoiseTorch_x64.tgz.sig") + sig, err := ioutil.ReadFile(signatureFile) if err != nil { panic(err) } |