on: push: tags: - 'v[0-9]+.[0-9]+.[0-9]*' name: Create release and upload binaries jobs: build-linux: name: Build Linux/BSD All runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v4 with: go-version-file: 'go.mod' check-latest: true - name: Build run: | make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" release-linux release-freebsd release-openbsd release-netbsd mkdir release mv build/*.tar.gz release - name: Upload artifacts uses: actions/upload-artifact@v3 with: name: linux-latest path: release build-windows: name: Build Windows runs-on: windows-latest steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v4 with: go-version-file: 'go.mod' check-latest: true - name: Build run: | echo $Env:GITHUB_REF.Substring(11) mkdir build\windows-amd64 $Env:GOARCH = "amd64" go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-amd64\nebula.exe ./cmd/nebula-service go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-amd64\nebula-cert.exe ./cmd/nebula-cert mkdir build\windows-arm64 $Env:GOARCH = "arm64" go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-arm64\nebula.exe ./cmd/nebula-service go build -trimpath -ldflags "-X main.Build=$($Env:GITHUB_REF.Substring(11))" -o build\windows-arm64\nebula-cert.exe ./cmd/nebula-cert mkdir build\dist\windows mv dist\windows\wintun build\dist\windows\ - name: Upload artifacts uses: actions/upload-artifact@v3 with: name: windows-latest path: build build-darwin: name: Build Universal Darwin env: HAS_SIGNING_CREDS: ${{ secrets.AC_USERNAME != '' }} runs-on: macos-11 steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v4 with: go-version-file: 'go.mod' check-latest: true - name: Import certificates if: env.HAS_SIGNING_CREDS == 'true' uses: Apple-Actions/import-codesign-certs@v2 with: p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }} p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }} - name: Build, sign, and notarize env: AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} run: | rm -rf release mkdir release make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" service build/darwin-amd64/nebula build/darwin-amd64/nebula-cert make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" service build/darwin-arm64/nebula build/darwin-arm64/nebula-cert lipo -create -output ./release/nebula ./build/darwin-amd64/nebula ./build/darwin-arm64/nebula lipo -create -output ./release/nebula-cert ./build/darwin-amd64/nebula-cert ./build/darwin-arm64/nebula-cert if [ -n "$AC_USERNAME" ]; then codesign -s "10BC1FDDEB6CE753550156C0669109FAC49E4D1E" -f -v --timestamp --options=runtime -i "net.defined.nebula" ./release/nebula codesign -s "10BC1FDDEB6CE753550156C0669109FAC49E4D1E" -f -v --timestamp --options=runtime -i "net.defined.nebula-cert" ./release/nebula-cert fi zip -j release/nebula-darwin.zip release/nebula-cert release/nebula if [ -n "$AC_USERNAME" ]; then xcrun notarytool submit ./release/nebula-darwin.zip --team-id "576H3XS7FP" --apple-id "$AC_USERNAME" --password "$AC_PASSWORD" --wait fi - name: Upload artifacts uses: actions/upload-artifact@v3 with: name: darwin-latest path: ./release/* release: name: Create and Upload Release needs: [build-linux, build-darwin, build-windows] runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Download artifacts uses: actions/download-artifact@v3 with: path: artifacts - name: Zip Windows run: | cd artifacts/windows-latest cp windows-amd64/* . zip -r nebula-windows-amd64.zip nebula.exe nebula-cert.exe dist cp windows-arm64/* . zip -r nebula-windows-arm64.zip nebula.exe nebula-cert.exe dist - name: Create sha256sum run: | cd artifacts for dir in linux-latest darwin-latest windows-latest do ( cd $dir if [ "$dir" = windows-latest ] then sha256sum