Skip to content

Storage Advisor CLI Release #23

Storage Advisor CLI Release

Storage Advisor CLI Release #23

name: Storage Advisor CLI Release
on:
release:
types: [created]
permissions:
contents: write
packages: write
jobs:
releases-matrix:
name: Release
runs-on: ubuntu-latest
strategy:
matrix:
# build and publish in parallel: linux/386, linux/amd64, linux/arm64, windows/386, windows/amd64, darwin/amd64, darwin/arm64
goos: [linux, windows, darwin]
goarch: ["386", amd64, arm64]
exclude:
- goarch: "386"
goos: darwin
- goarch: arm64
goos: windows
steps:
- uses: actions/checkout@v3
- uses: wangyoucao577/go-release-action@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
goos: ${{ matrix.goos }}
goarch: ${{ matrix.goarch }}
goversion: 1.20.13
project_path: "./tools/storage-advisor/src"
binary_name: "storage-advisor"
- name: Find build folder
id: build-folder
run: echo "BUILD_ARTIFACTS_FOLDER=build-artifacts-$(date +%s)" >> "$GITHUB_OUTPUT"
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
path: tools/storage-advisor/src/${{ steps.build-folder.outputs.BUILD_ARTIFACTS_FOLDER }}
notarize:
needs: releases-matrix
runs-on: macos-latest
steps:
- uses: actions/download-artifact@v4
- name: Obtain release name
id: release-id
run: echo "RELEASE_TAG=$(jq -r .release.tag_name ${GITHUB_EVENT_PATH})" >> "$GITHUB_OUTPUT"
- name: Download artifacts
uses: actions/download-artifact@v3
# with:
# pattern: storage-advisor-${{ steps.release-id.outputs.RELEASE_TAG }}-darwin-amd64.tar.gz
- name: List
run: ls -l
- uses: dsaltares/fetch-gh-release-asset@cdaf216b2a5baa0f20eecbf460912cc9947f2577
with:
version: tags/${{ steps.release-id.outputs.RELEASE_TAG }}
file: storage-advisor-${{ steps.release-id.outputs.RELEASE_TAG }}-darwin-amd64.tar.gz
- name: Sign
env: # Or as an environment variable
DEVELOPER_ID_APPLICATION_P12: ${{ secrets.DEVELOPER_ID_APPLICATION_P12 }}
DEVELOPER_ID_APPLICATION_P12_PWD: ${{ secrets.DEVELOPER_ID_APPLICATION_P12_PWD }}
run: |
tar -xzf storage-advisor-${{ steps.release-id.outputs.RELEASE_TAG }}-darwin-amd64.tar.gz
KEYCHAIN_NAME=$(LC_CTYPE=C openssl rand -base64 18 | tr -dc 'a-zA-Z' | head -c 16)
KEYCHAIN_PASSWORD=$(LC_CTYPE=C openssl rand -base64 18 | tr -dc 'a-zA-Z' | head -c 16)
security create-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_NAME}"
security unlock-keychain -p "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_NAME}"
curl -O https://www.apple.com/appleca/AppleIncRootCertificate.cer
security import AppleIncRootCertificate.cer -t cert -k "${KEYCHAIN_NAME}" -T /usr/bin/codesign -T /usr/bin/xcodebuild
curl -O https://www.apple.com/certificateauthority/DeveloperIDCA.cer
security import DeveloperIDCA.cer -t cert -k "${KEYCHAIN_NAME}" -T /usr/bin/codesign -T /usr/bin/xcodebuild
rm AppleIncRootCertificate.cer DeveloperIDCA.cer
echo "$DEVELOPER_ID_APPLICATION_P12" | base64 -d > signing_cert.p12
security import signing_cert.p12 -P "$DEVELOPER_ID_APPLICATION_P12_PWD" -k "${KEYCHAIN_NAME}" -T /usr/bin/codesign -T /usr/bin/xcodebuild
rm signing_cert.p12
security set-keychain-settings $KEYCHAIN_NAME
security set-key-partition-list -S apple-tool:,apple: -s -k "${KEYCHAIN_PASSWORD}" "${KEYCHAIN_N
# we need to add our new keychain to user search list to use the certificate
keychainNames=();
for keychain in $(security list-keychains -d user)
do
basename=$(basename "$keychain")
keychainName=${basename::${#basename}-4}
keychainNames+=("$keychainName")
done
security -v list-keychains -s "${keychainNames[@]}" $KEYCHAIN_NAME
codesign -s 98A9FF12B0FCCCEEDE752C824A2A7E189B5AEEAE -o runtime -v storage-advisor
security -v delete-keychain $KEYCHAIN_NAME