diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3ac7799..bf33014 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,7 +15,7 @@ on: type: boolean env: - RUNNER_DEV_VERSION: "0.9.x" + RUNNER_DEV_VERSION: "0.11.x" RUNNER_SERVER_VERSION: "3.11.16" jobs: build: @@ -28,7 +28,7 @@ jobs: # fail-fast: false matrix: - include: + include: &buildVariants # go tool dist list -json to get the source - {GOOS: android, GOARCH: 386, TARGET: i686-linux-android } - {GOOS: android, GOARCH: amd64, TARGET: x86_64-linux-android } @@ -75,10 +75,9 @@ jobs: env: CGO_ENABLED: 0 # Only android should build with cgo steps: - - uses: actions/checkout@v4 - with: - submodules: recursive - - name: Setup Go + - uses: &checkout actions/checkout@v4 + - &setupgo + name: Setup Go uses: actions/setup-go@v5 with: go-version: "${{ matrix.GOVERSION || vars.GOVERSION || '^1.16.0' }}" @@ -148,6 +147,58 @@ jobs: name: bundle-${{matrix.GOOS}}-${{matrix.GOARCH}}${{matrix.GOARM}} path: | binary-${{matrix.GOOS}}-${{matrix.GOARCH}}${{matrix.GOARM}}.* + create-vendor-archive: + name: Create Archive with all dependencies + runs-on: ubuntu-latest + strategy: + matrix: + include: + - buildVariants: *buildVariants + steps: + - uses: *checkout + with: + path: github-act-runner-full-src + - *setupgo + - name: Run go mod vendor for each target + uses: actions/github-script@v7 + with: + script: | + const targets = ${{ tojson(matrix.buildVariants) }}; + for (const env of targets) { + const envVars = { + ...process.env, + ...env + }; + await exec.exec(`go`, ['env'], { env: envVars, cwd: './github-act-runner-full-src' }); + await exec.exec(`go`, ['mod', 'vendor'], { env: envVars, cwd: './github-act-runner-full-src' }); + } + - name: Package + run: | + zip -r ../github-act-runner-full-src.zip . -x ".git/*" + tar --exclude=.git -czvf ../github-act-runner-full-src.tar.gz . + working-directory: github-act-runner-full-src + - name: Create Signed Provenance + uses: actions/attest-build-provenance@v1 + id: attest + if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.skip-packaging != 'true' }} + with: + subject-path: "github-act-runner-full-src.*" + - name: Copy Signed Provenance to well known filepath + if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.skip-packaging != 'true' }} + run: | + cp "$BUNDLE_PATH" github-act-runner-full-src.sigstore.json + env: + BUNDLE_PATH: ${{ steps.attest.outputs.bundle-path }} + - name: Create Package Checksums + if: ${{ github.event.inputs.skip-packaging != 'true' }} + run: | + sha512sum github-act-runner-full-src.zip > github-act-runner-full-src.zip.sha512 + sha512sum github-act-runner-full-src.tar.gz > github-act-runner-full-src.tar.gz.sha512 + - uses: actions/upload-artifact@v4 + with: + name: vendor + path: | + github-act-runner-full-src.* ####################################### ########## publish to github ########## @@ -155,7 +206,9 @@ jobs: publish-to-github: name: deploy to github runs-on: ubuntu-latest - needs: build + needs: + - build + - create-vendor-archive if: ${{ github.event.inputs.skip-packaging != 'true' && github.event.inputs.version }} continue-on-error: true steps: @@ -168,6 +221,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} tag: v${{ github.event.inputs.version }} commit: ${{ github.sha }} + immutableCreate: true # Do not publish before uploading everything body: | # Changes ${{ fromJSON(github.event.inputs.changelog) || 'No changelog provided' }}