imperviousai · tonyimpervious · Aug 30, 2022 · Aug 31, 2022 · Aug 31, 2022 · Aug 31, 2022
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,120 @@
+name: Build-Artifacts
+on:
+  push:
+    branches:
+      - "auto-signing"
+
+
+permissions:
+  contents: write
+
+jobs:
+  goreleaser_mac:
+    runs-on: macos-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      -
+        name: Fetch all tags
+        run: git fetch --force --tags
+      -
+        name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.19
+      - 
+        name: Set Up Node
+        uses: actions/setup-node@v3
+      - 
+        name: Set up Gon
+        run: brew tap mitchellh/gon && brew install mitchellh/gon/gon
+      - 
+        name: Import Keychain Certs
+        uses: apple-actions/import-codesign-certs@v1
+        with: 
+          p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
+          p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
+      - 
+        name: Yarn install
+        working-directory: client
+        run: yarn
+      - 
+        name: Export the UI
+        working-directory: client
+        run: yarn export
+      -
+        name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --rm-dist --config .goreleaser_macosx.yml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
+      - 
+        name: Upload assets (macos-arm64)
+        uses: actions/upload-artifact@v3
+        with:
+          name: Impervious-macosx_arm64
+          path: dist/impervious-macos-arm64*/impervious.zip
+      - 
+        name: Upload assets (macos-amd64)
+        uses: actions/upload-artifact@v3
+        with:
+          name: Impervious-macosx_amd64
+          path: dist/impervious-macos-amd64*/impervious.zip
+
+
+  goreleaser_linux:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      -
+        name: Fetch all tags
+        run: git fetch --force --tags
+      -
+        name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.19
+      - 
+        name: Set Up Node
+        uses: actions/setup-node@v3
+      - 
+        name: Yarn install
+        working-directory: client
+        run: yarn
+      - 
+        name: Export the UI
+        working-directory: client
+        run: yarn export
+      -
+        name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --rm-dist --config .goreleaser_linux.yml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
+      - 
+        name: Upload assets (linux-multi)
+        uses: actions/upload-artifact@v3
+        with:
+          name: Impervious-linux-multi
+          path: dist/impervious-linux*/*
+      # - 
+      #   name: Upload assets (windows)
+      #   uses: actions/upload-artifact@v3
+      #   with:
+      #     name: Impervious-windows
+      #     path: dist/impervious-windows*/*
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,40 +1,45 @@
-name: Release
+name: Build-Sign-Release
 on:
   release:
     types: [created]
 
+
+permissions:
+  contents: write
+
 jobs:
-  releases-matrix:
-    name: Release Go Binary
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        # build and publish in parallel: linux/386, linux/amd64, windows/386, windows/amd64, darwin/amd64
-        goos: [linux, windows, darwin]
-        goarch: ["386", amd64, arm, arm64, "s390x"]
-        exclude:
-          - goarch: "386"
-            goos: darwin
-          - goarch: "arm"
-            goos: darwin
-          - goarch: "arm64"
-            goos: windows
-          - goarch: "arm"
-            goos: windows
-          - goarch: "s390x"
-            goos: windows
-          - goarch: "s390x"
-            goos: darwin
+  goreleaser:
+    runs-on: macos-latest
     steps:
-    - uses: actions/checkout@v2
-    - uses: wangyoucao577/[email protected]
-      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        goos: ${{ matrix.goos }}
-        goarch: ${{ matrix.goarch }}
-        goversion: 1.16
-        project_path: "./cmd/impd"
-        binary_name: "impervious"
-        pre_command: "GO111MODULE=on"
-        build_command: "go build"
-        sha256sum: TRUE
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      -
+        name: Fetch all tags
+        run: git fetch --force --tags
+      -
+        name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.16
+      - 
+        name: Set up Gon
+        run: brew tap mitchellh/gon && brew install mitchellh/gon/gon
+      - 
+        name: Import Keychain Certs
+        uses: apple-actions/import-codesign-certs@v1
+        with: 
+          p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
+          p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
+      -
+        name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
diff --git a/.gitignore b/.gitignore
@@ -25,3 +25,6 @@ vendor/
 local.config.yml
 imp.db*
 config/*.config.yml
+
+# build artifacts
+dist/
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -0,0 +1,40 @@
+builds:
+  - id: impervious-windows
+    main: ./cmd/impd
+    binary: impervious
+    goos:
+      - windows
+    goarch:
+      - 386
+      - amd64
+  - id: impervious-linux
+    main: ./cmd/impd
+    binary: impervious
+    goos:
+      - linux
+    goarch:
+      - 386
+      - amd64
+      - arm
+      - arm64
+      - s390x
+  - id: impervious-macos-amd64
+    main: ./cmd/impd
+    binary: impervious
+    goos:
+      - darwin
+    goarch:
+      - amd64
+    hooks:
+      post:
+        - gon gon-macos-amd64.json
+  - id: impervious-macos-arm64
+    main: ./cmd/impd
+    binary: impervious
+    goos:
+      - darwin
+    goarch:
+      - arm64
+    hooks:
+      post:
+        - gon gon-macos-arm64.json
diff --git a/.goreleaser_linux.yml b/.goreleaser_linux.yml
@@ -0,0 +1,19 @@
+builds:
+  - id: impervious-linux
+    main: ./cmd/impd
+    binary: impervious
+    goos:
+      - linux
+    goarch:
+      # - 386
+      - amd64
+      # - arm
+      # - arm64
+      # - s390x
+archives:
+  - 
+    format: zip
+    name_template: "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+checksum:
+  name_template: "{{ .ProjectName }}_linux_checksums.txt"
+  algorithm: sha256
diff --git a/.goreleaser_macosx.yml b/.goreleaser_macosx.yml
@@ -0,0 +1,41 @@
+builds:
+  # - id: impervious-windows temporarily disabling arch that we dont currently support
+  #   main: ./cmd/impd
+  #   binary: impervious
+  #   goos:
+  #     - windows
+  #   goarch:
+  #     - 386
+  #     - amd64
+  - id: impervious-macos-amd64
+    main: ./cmd/impd
+    env:
+      - CGO_ENABLED=1
+    binary: impervious
+    goos:
+      - darwin
+    goarch:
+      - amd64
+    hooks:
+      post:
+        - gon gon-macos-amd64.json
+  - id: impervious-macos-arm64
+    main: ./cmd/impd
+    env:
+      - CGO_ENABLED=1
+    binary: impervious
+    goos:
+      - darwin
+    goarch:
+      - arm64
+    hooks:
+      post:
+        - gon gon-macos-arm64.json
+archives:
+  - 
+    format: zip
+    name_template: "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+checksum:
+  name_template: "{{ .ProjectName }}_macosx_checksums.txt"
+  algorithm: sha256
+
diff --git a/gon-macos-amd64.json b/gon-macos-amd64.json
@@ -0,0 +1,18 @@
+{
+    "source" : ["dist/impervious-macos-amd64_darwin_amd64_v1/impervious"],
+    "bundle_id" : "ai.impervious.imp-daemon",
+    "apple_id": {
+        "username":  "[email protected]",
+        "password":  "@env:AC_PASSWORD"
+    },
+    "sign" :{
+        "application_identity" : "Developer ID Application: Impervious Technologies Inc. (S722DY52YY)"
+    },
+    "dmg" :{
+        "output_path":  "dist/impervious-macos-amd64_darwin_amd64_v1/impervious-signed.dmg",
+        "volume_name":  "impervious"
+    },
+    "zip" :{
+        "output_path" : "dist/impervious-macos-amd64_darwin_amd64_v1/impervious.zip"
+    }
+}
diff --git a/gon-macos-arm64.json b/gon-macos-arm64.json
@@ -0,0 +1,18 @@
+{
+    "source" : ["dist/impervious-macos-arm64_darwin_arm64/impervious"],
+    "bundle_id" : "ai.impervious.imp-daemon",
+    "apple_id": {
+        "username":  "[email protected]",
+        "password":  "@env:AC_PASSWORD"
+    },
+    "sign" :{
+        "application_identity" : "Developer ID Application: Impervious Technologies Inc. (S722DY52YY)"
+    },
+    "dmg" :{
+        "output_path":  "dist/impervious-macos-arm64_darwin_arm64/impervious-signed.dmg",
+        "volume_name":  "impervious"
+    },
+    "zip" :{
+        "output_path" : "dist/impervious-macos-arm64_darwin_arm64/impervious.zip"
+    }
+}