-
Notifications
You must be signed in to change notification settings - Fork 596
136 lines (130 loc) · 4.63 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# Forked from https://github.com/containerd/nerdctl/blob/v0.8.1/.github/workflows/release.yml
# Apache License 2.0
name: Release
on:
push:
branches:
- 'master'
tags:
- 'v*'
pull_request:
branches:
- 'master'
env:
GO111MODULE: on
MACOS_LATEST_PRODUCT_VERSION: 15
permissions:
contents: read
jobs:
artifacts-darwin:
name: Artifacts Darwin
runs-on: ${{ matrix.runner }}
strategy:
fail-fast: false
matrix:
# When you update this list, make sure to update MACOS_LATEST_PRODUCT_VERSION too
runner: ["macos-13", "macos-14", "macos-15"]
timeout-minutes: 20
steps:
- name: "Show xcode and SDK version"
run: |
# Xcode version
xcodebuild -version
# macOS SDK version
xcrun --show-sdk-version
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 1
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: 1.23.x
- name: Make darwin artifacts
run: |
make artifacts-darwin
product_version="$(sw_vers --productVersion | cut -d. -f1)"
# Rename lima-VERSION-Darwin-arm64.tar.gz to lima-VERSION-Darwin_macOS15-arm64.tar.gz
for f in _artifacts/*; do
dst=${f/Darwin/Darwin_macOS${product_version}}
if [ ${product_version} = ${MACOS_LATEST_PRODUCT_VERSION} ]; then
# For the latest macOS release, preserve lima-VERSION-Darwin-arm64.tar.gz
cp -a "${f}" "${dst}"
else
mv "${f}" "${dst}"
fi
done
- name: "Upload artifacts"
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: artifacts-darwin-${{ matrix.runner }}
path: _artifacts/
release:
# An old release of Ubuntu is chosen for glibc compatibility
runs-on: ubuntu-20.04
needs: artifacts-darwin
timeout-minutes: 20
# The maximum access is "read" for PRs from public forked repos
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
permissions:
contents: write # for releases
id-token: write # for provenances
attestations: write # for provenances
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
pattern: artifacts-darwin-*
merge-multiple: true
path: _artifacts/
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: 1.23.x
- name: Install gcc-x86-64-linux-gnu
run: |
sudo apt-get update
sudo apt-get install -y gcc-x86-64-linux-gnu
- name: Install gcc-aarch64-linux-gnu
run: |
sudo apt-get update
sudo apt-get install -y gcc-aarch64-linux-gnu
- name: "Compile binaries"
run: make artifacts-linux
- name: "Make misc artifacts"
run: make artifacts-misc
- name: "SHA256SUMS"
run: |
( cd _artifacts; sha256sum *.tar.gz ) | tee /tmp/SHA256SUMS
mv /tmp/SHA256SUMS _artifacts/SHA256SUMS
- name: "The sha256sum of the SHA256SUMS file"
run: (cd _artifacts; sha256sum SHA256SUMS)
- name: "Prepare the release note"
run: |
shasha=$(sha256sum _artifacts/SHA256SUMS | awk '{print $1}')
cat <<-EOF | tee /tmp/release-note.txt
(Changes to be documented)
## Usage
\`\`\`console
[macOS]$ limactl create
[macOS]$ limactl start
...
INFO[0029] READY. Run \`lima\` to open the shell.
[macOS]$ lima uname
Linux
\`\`\`
- - -
The binaries were built automatically on GitHub Actions.
The build log is available for 90 days: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
The sha256sum of the SHA256SUMS file itself is \`${shasha}\` .
- - -
Release manager: [ADD YOUR NAME HERE] (@[ADD YOUR GITHUB ID HERE])
EOF
- uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
with:
subject-path: _artifacts/*
- name: "Create release"
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
tag="${GITHUB_REF##*/}"
gh release create -F /tmp/release-note.txt --draft --title "${tag}" "${tag}" _artifacts/*