Test code so we can compile with a non-version tag #3715
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Build and test on each commit. Create a release on tagged commits. | |
| # | |
| # Binaries on each platform are stripped. This removes debug symbols. | |
| name: Build | |
| on: [push] | |
| jobs: | |
| build-all: | |
| name: ${{ matrix.os-name }}-build | |
| runs-on: ${{ matrix.os }} | |
| container: ${{ matrix.container }} | |
| defaults: | |
| run: | |
| shell: bash | |
| strategy: | |
| matrix: | |
| os: ['windows-latest', 'ubuntu-latest', 'macos-latest'] | |
| include: | |
| - os: ubuntu-latest | |
| os-name: Linux | |
| container: fossa/haskell-static-alpine:ghc-9.0.2 | |
| project-file: cabal.project.ci.linux | |
| ghc: '9.0.2' | |
| - os: macos-latest | |
| os-name: macOS | |
| project-file: cabal.project.ci.macos | |
| ghc: '9.0.2' | |
| - os: windows-latest | |
| os-name: Windows | |
| project-file: cabal.project.ci.windows | |
| ghc: '9.0.2' | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| lfs: true | |
| - name: Install MacOS binary dependencies | |
| if: ${{ contains(matrix.os, 'macos') }} | |
| run: | | |
| brew install jq | |
| # Set up Haskell. | |
| - uses: haskell/actions/setup@v2 | |
| id: setup-haskell | |
| name: Setup ghc/cabal (non-alpine) | |
| if: ${{ !contains(matrix.os, 'ubuntu') }} | |
| with: | |
| ghc-version: ${{ matrix.ghc }} | |
| # Set up Rust. | |
| - uses: actions-rs/toolchain@v1 | |
| with: | |
| profile: minimal | |
| toolchain: stable | |
| - uses: taiki-e/install-action@nextest | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Debugging information | |
| run: | | |
| ghc --version || echo "no ghc" | |
| cabal --version || echo "no cabal" | |
| ghcup --version || echo "no ghcup" | |
| rustc -V || echo "no rustc" | |
| cargo -V || echo "no cargo" | |
| # Build Rust crates, which must be present when the CLI builds. | |
| - name: Test Rust dependencies | |
| run: cargo nextest run | |
| - name: Build Rust dependencies | |
| run: cargo build --release | |
| # Build FOSSA CLI. | |
| - uses: actions/cache@v3 | |
| name: Cache cabal store | |
| with: | |
| path: ${{ steps.setup-haskell.outputs.cabal-store || '~/.cabal/store' }} | |
| key: ${{ runner.os }}-${{ matrix.ghc }}-cabal-cache-${{ hashFiles('**/*.cabal', format('{0}', matrix.project-file)) }} | |
| restore-keys: | | |
| ${{ runner.os }}-${{ matrix.ghc }}-cabal-cache- | |
| ${{ runner.os }}-${{ matrix.ghc }}- | |
| ${{ runner.os }}- | |
| - name: Update vendored binaries | |
| run: | | |
| mkdir vendor-bins | |
| ./vendor_download.sh | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.BASIS_ACCESS_TOKEN }} | |
| - name: Build test data | |
| run: | | |
| make build-test-data | |
| - name: Check git status | |
| # https://github.com/actions/checkout/issues/760#issuecomment-1099519159 | |
| run: | | |
| git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| git status --porcelain | |
| - name: Build | |
| # Occasionally, we run out of memory on the build process. | |
| # Since cabal uses incremental compilation, we can retry from where we left off | |
| # by simply re-running cabal if we fail. | |
| env: | |
| RUN_CMD: cabal build --project-file=${{ matrix.project-file }} all | |
| run: | | |
| cabal update | |
| $RUN_CMD || $RUN_CMD | |
| - name: Run unit tests | |
| run: | | |
| cabal test --project-file=${{ matrix.project-file }} unit-tests | |
| # Save artifacts. | |
| - name: Find and move binaries (Windows) | |
| if: ${{ contains(matrix.os, 'windows') }} | |
| run: | | |
| mkdir release | |
| find . -type f -path '*/fossa/fossa.exe' -exec cp {} release \; | |
| find . -type f -path '*/pathfinder/pathfinder.exe' -exec cp {} release \; | |
| - name: Find and move binaries (non-Windows) | |
| if: ${{ !contains(matrix.os, 'windows') }} | |
| run: | | |
| mkdir release | |
| find . -type f -path '*/fossa/fossa' -exec cp {} release \; | |
| find . -type f -path '*/pathfinder/pathfinder' -exec cp {} release \; | |
| - name: Strip binaries | |
| run: | | |
| strip release/* | |
| - uses: actions/upload-artifact@v2 | |
| with: | |
| name: ${{ runner.os }}-binaries | |
| path: release | |
| create-release: | |
| name: create-release | |
| runs-on: ubuntu-latest | |
| needs: ['build-all'] | |
| permissions: | |
| id-token: write | |
| steps: | |
| - uses: actions/download-artifact@v2 | |
| - name: Get version | |
| id: get-version | |
| run: | | |
| case $GITHUB_REF in | |
| refs/tags/v*) | |
| # This strips the 'v' prefix from the tag. | |
| echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\/v/} | |
| ;; | |
| *) | |
| echo ::set-output name=VERSION::${GITHUB_SHA} | |
| ;; | |
| esac | |
| - name: Check that version info was embedded correctly | |
| if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
| run: | | |
| chmod +x Linux-binaries/fossa | |
| echo $GITHUB_REF_NAME | |
| echo $GITHUB_REF_TYPE | |
| echo $GITHUB_SHA | |
| echo ${GITHUB_SHA:0:12} | |
| echo $(Linux-binaries/fossa --version) | |
| echo "fossa-cli version ${{ steps.get-version.outputs.VERSION }} (revision ${GITHUB_SHA:0:12} compiled with ghc-9.0)" | |
| [ "$GITHUB_REF_TYPE" = "tag" ] && echo "Ref type OK" | |
| [ "$(Linux-binaries/fossa --version)" = "fossa-cli version ${{ steps.get-version.outputs.VERSION }} (revision ${GITHUB_SHA:0:12} compiled with ghc-9.0)" ] && echo "CLI version OK" | |
| # This uses names compatible with our install script. | |
| # | |
| # Originally, CLI >=2.x Linux releases were only packaged as zip files, but | |
| # we added tar.gz to improve compatibility. Our install script depends on | |
| # the unzip command, which is not installed in most Linux distributions by | |
| # default. To avoid breaking compatibility with older install scripts, we | |
| # release both formats but default to using tar.gz when installing. | |
| - name: Bundle binaries | |
| run: | | |
| mkdir release | |
| ls -R | |
| chmod +x Linux-binaries/* | |
| zip -j release/fossa_${{ steps.get-version.outputs.VERSION }}_linux_amd64.zip Linux-binaries/fossa | |
| zip -j release/pathfinder_${{ steps.get-version.outputs.VERSION }}_linux_amd64.zip Linux-binaries/pathfinder | |
| tar --create --gzip --verbose --file release/fossa_${{ steps.get-version.outputs.VERSION }}_linux_amd64.tar.gz --directory Linux-binaries fossa | |
| tar --create --gzip --verbose --file release/pathfinder_${{ steps.get-version.outputs.VERSION }}_linux_amd64.tar.gz --directory Linux-binaries pathfinder | |
| chmod +x macOS-binaries/* | |
| zip -j release/fossa_${{ steps.get-version.outputs.VERSION }}_darwin_amd64.zip macOS-binaries/fossa | |
| zip -j release/pathfinder_${{ steps.get-version.outputs.VERSION }}_darwin_amd64.zip macOS-binaries/pathfinder | |
| chmod +x Windows-binaries/* | |
| zip -j release/fossa_${{ steps.get-version.outputs.VERSION }}_windows_amd64.zip Windows-binaries/fossa.exe | |
| zip -j release/pathfinder_${{ steps.get-version.outputs.VERSION }}_windows_amd64.zip Windows-binaries/pathfinder.exe | |
| - name: Create checksums | |
| # We have to run from within the release dir so that "release" isn't prepended to the relative path of the zip file. | |
| run: | | |
| cd release | |
| sha256sum --binary "fossa_${{ steps.get-version.outputs.VERSION }}_linux_amd64.zip" > "fossa_${{ steps.get-version.outputs.VERSION }}_linux_amd64.zip.sha256" | |
| sha256sum --binary "fossa_${{ steps.get-version.outputs.VERSION }}_linux_amd64.tar.gz" > "fossa_${{ steps.get-version.outputs.VERSION }}_linux_amd64.tar.gz.sha256" | |
| sha256sum --binary "fossa_${{ steps.get-version.outputs.VERSION }}_darwin_amd64.zip" > "fossa_${{ steps.get-version.outputs.VERSION }}_darwin_amd64.zip.sha256" | |
| sha256sum --binary "fossa_${{ steps.get-version.outputs.VERSION }}_windows_amd64.zip" > "fossa_${{ steps.get-version.outputs.VERSION }}_windows_amd64.zip.sha256" | |
| echo "Sanity-checking the checksums." | |
| cat *.sha256 | sha256sum --check --status | |
| - name: Install Cosign | |
| if: ${{ github.ref_type == 'tag' }} | |
| uses: sigstore/[email protected] | |
| - name: Sign Release | |
| if: ${{ github.ref_type == 'tag' }} | |
| run: | | |
| cosign version | |
| cosign sign-blob --yes --bundle "release/fossa_${{ steps.get-version.outputs.VERSION }}_linux_amd64.bundle" "release/fossa_${{ steps.get-version.outputs.VERSION }}_linux_amd64.tar.gz" | |
| - name: Verify Signature | |
| if: ${{ github.ref_type == 'tag' }} | |
| run: | |
| cosign verify-blob --bundle "release/fossa_${{ steps.get-version.outputs.VERSION }}_linux_amd64.bundle" --certificate-oidc-issuer "https://token.actions.githubusercontent.com" --certificate-identity "https://github.com/$GITHUB_WORKFLOW_REF" "release/fossa_${{ steps.get-version.outputs.VERSION }}_linux_amd64.tar.gz" | |
| # Uploads the generated archives (tar.gz/zip) as build artifacts to allow | |
| # verifying them without needing to do an actual release. This step does not | |
| # need to run for tagged release versions. | |
| - name: Upload release archives | |
| if: ${{ !startsWith(github.ref, 'refs/tags/v') }} | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: release-archives | |
| path: release | |
| - name: Release | |
| if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| files: release/* | |
| draft: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |