Fix substitution of quoted variables #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: push | |
env: | |
APP: usql | |
VER: ${{ github.ref_name }} | |
GO_VERSION: stable | |
jobs: | |
build_for_linux: | |
name: Build for Linux | |
runs-on: ubuntu-24.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
arch: [amd64, arm, arm64] | |
steps: | |
- name: Install build dependencies | |
run: | | |
sudo apt-get -qq update | |
sudo apt-get install -y \ | |
build-essential \ | |
qemu-user \ | |
gcc-arm-linux-gnueabihf \ | |
g++-arm-linux-gnueabihf \ | |
gcc-aarch64-linux-gnu \ | |
g++-aarch64-linux-gnu \ | |
libstdc++6-armhf-cross \ | |
libstdc++6-arm64-cross \ | |
libc6-dev-armhf-cross \ | |
libc6-dev-arm64-cross \ | |
file | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Build ${{ matrix.arch }} | |
run: | | |
./build.sh -v $VER -a ${{ matrix.arch }} | |
- name: Build ${{ matrix.arch }} (static) | |
if: matrix.arch != 'arm' | |
run: | | |
./build.sh -v $VER -a ${{ matrix.arch }} -s | |
- name: Archive artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dist-linux-${{ matrix.arch }} | |
path: build/linux/**/* | |
if-no-files-found: error | |
build_for_macos: | |
name: Build for macOS | |
runs-on: macos-latest | |
strategy: | |
matrix: | |
arch: [amd64, arm64] | |
steps: | |
- name: Install build dependencies | |
run: | | |
brew install coreutils | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Build ${{ matrix.arch }} | |
run: | | |
./build.sh -v $VER -a ${{ matrix.arch }} | |
- name: Archive artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dist-darwin-${{ matrix.arch }} | |
path: build/darwin/**/* | |
if-no-files-found: error | |
build_for_macos_universal: | |
name: Build for macOS (universal) | |
needs: | |
- build_for_macos | |
runs-on: macos-latest | |
steps: | |
- name: Install build dependencies | |
run: | | |
brew install coreutils | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
- name: Build universal | |
run: | | |
if [ "$VER" = "master" ]; then | |
VER=0.0.0-dev | |
fi | |
export WORKDIR=$PWD/build/darwin/universal/$VER | |
mkdir -p $WORKDIR | |
gtar -jxvf dist-darwin-amd64/*/*/*.tar.bz2 -C $WORKDIR $APP | |
gtar -jxvf dist-darwin-amd64/*/*/*.tar.bz2 -C $WORKDIR LICENSE | |
mv $WORKDIR/$APP $WORKDIR/$APP-amd64 | |
gtar -jxvf dist-darwin-arm64/*/*/*.tar.bz2 -C $WORKDIR $APP | |
mv $WORKDIR/$APP $WORKDIR/$APP-arm64 | |
file $WORKDIR/$APP-{amd64,arm64} | |
lipo -create -output $WORKDIR/$APP $WORKDIR/$APP-amd64 $WORKDIR/$APP-arm64 | |
chmod +x $WORKDIR/$APP | |
file $WORKDIR/$APP | |
rm $WORKDIR/$APP-{amd64,arm64} | |
sudo /usr/sbin/purge | |
gtar -C $WORKDIR -cjf $WORKDIR/$APP-${VER#v}-darwin-universal.tar.bz2 $APP LICENSE | |
ls -alh $WORKDIR/* | |
sha256sum $WORKDIR/* | |
- name: Archive artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dist-darwin-universal | |
path: build/darwin/**/* | |
if-no-files-found: error | |
build_for_windows: | |
name: Build for Windows | |
runs-on: windows-latest | |
steps: | |
- name: Install build dependencies | |
run: choco install zip | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Build amd64 | |
shell: bash | |
run: | | |
./build.sh -v $VER | |
- name: Archive artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dist-windows | |
path: build/windows/**/* | |
if-no-files-found: error | |
draft_release: | |
name: Draft Release | |
needs: | |
- build_for_linux | |
- build_for_macos | |
- build_for_macos_universal | |
- build_for_windows | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
- name: Extract artifacts | |
run: | | |
mkdir /tmp/scan | |
mkdir scan | |
for i in dist-*/*/*/*.tar.bz2; do | |
name=$(basename $i|cut -d- -f1) | |
ver=$(sed -e 's/\.tar\.bz2$//' <<< $(basename $i)|cut -d- -f2-) | |
echo "extracting $i ($name $ver)" | |
tar -C /tmp/scan -jv -f $i -x $name | |
hash=$(sha256sum /tmp/scan/$name|awk '{print $1}') | |
mv /tmp/scan/$name ./scan/$name-$ver-${hash:0:8} | |
done | |
for i in dist-*/*/*/*.zip; do | |
name=$(basename $i|cut -d- -f1) | |
ver=$(sed -e 's/\.zip$//' <<< $(basename $i)|cut -d- -f2-) | |
echo "extracting $i ($name $ver)" | |
unzip -d /tmp/scan $i $name.exe | |
hash=$(sha256sum /tmp/scan/$name.exe|awk '{print $1}') | |
mv /tmp/scan/$name.exe ./scan/$name-$ver-${hash:0:8}.exe | |
done | |
file ./scan/* | |
sha256sum ./scan/* | |
- name: Submit to VirusTotal | |
id: virustotal | |
uses: crazy-max/ghaction-virustotal@v4 | |
with: | |
vt_api_key: ${{ secrets.VIRUSTOTAL_API_KEY }} | |
request_rate: 4 | |
files: | | |
./scan/* | |
- name: Generate Release Notes | |
id: generate_release_notes | |
uses: softprops/action-gh-release@v2 | |
if: startsWith(github.ref, 'refs/tags/v') | |
with: | |
name: ${{ env.APP }} ${{ env.VER }} | |
draft: true | |
generate_release_notes: true | |
files: | | |
dist-*/*/*/*.tar.bz2 | |
dist-*/*/*/*.zip | |
- name: Add VirusTotal Info to Release Notes | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: | | |
# github api url | |
url=https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/${{ steps.generate_release_notes.outputs.id }} | |
echo "url: $url" | |
# get release notes | |
release=$( | |
curl \ | |
-s \ | |
-L \ | |
-H "Accept: application/vnd.github+json" \ | |
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
-H "X-GitHub-Api-Version: 2022-11-28" \ | |
$url | |
) | |
tag_name=$(jq -r .tag_name <<< "$release") | |
target_commitish=$(jq -r .target_commitish <<< "$release") | |
body=$(jq -r .body <<< "$release") | |
echo "tag_name: $tag_name target_commitish: $target_commitish" | |
# append virustotal details to release notes | |
nl=$'\n' | |
body+="$nl$nl[VirusTotal](https://www.virustotal.com) analysis:$nl" | |
while read -r -d, line; do | |
name=$(sed -e 's/^\.\/scan\/\([^=]\+\)=.*/\1/' <<< "$line") | |
vturl=$(sed -e 's/.*=\(https.*\)/\1/' <<< "$line") | |
body+="* [$name]($vturl)$nl" | |
done <<< "${{ steps.virustotal.outputs.analysis }}" | |
echo -e "body:\n$body" | |
# update release notes | |
export tag_name target_commitish body | |
curl \ | |
-s \ | |
-L \ | |
-X PATCH \ | |
-H "Accept: application/vnd.github+json" \ | |
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
-H "X-GitHub-Api-Version: 2022-11-28" \ | |
--variable '%tag_name' \ | |
--varable '%target_commitish' \ | |
--variable '%body' \ | |
--expand-data '{"tag_name": "{{tag_name:json}}", "body": "{{body:trim:json}}"}' \ | |
$url |