cicd: skip sign on pull requests #507

Workflow file for this run

	name: Test, Build, Package, Release

	on:
	push:
	pull_request:

	# set go version for all steps
	env:
	GOVERSION: 1.21.x

	jobs:
	get-version:
	runs-on: ubuntu-latest
	outputs:
	minor: ${{ steps.get-minor-version.outputs.minor }}
	major: ${{ steps.get-major-version.outputs.major }}
	revision: ${{ steps.get-total-revision.outputs.revision }}
	sha: ${{ steps.get-short-sha.outputs.sha }}
	version: ${{ steps.get-version.outputs.version }}
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- id: get-major-version
	run: echo "major=$(./buildtools/get_version \| cut -d . -f 1 \| sed -e 's/[^0-9]*//g')" >> $GITHUB_OUTPUT
	- id: get-minor-version
	run: echo "minor=$(./buildtools/get_version \| cut -d . -f 2 \| sed -e 's/[^0-9]*//g')" >> $GITHUB_OUTPUT
	- id: get-total-revision
	run: REV=$(./buildtools/get_version \| cut -d . -f 3 \| sed -e 's/[^0-9]*//g'); echo "revision=${REV:-0}" >> $GITHUB_OUTPUT
	- id: get-short-sha
	run: echo "sha=$( git rev-parse --short HEAD )" >> $GITHUB_OUTPUT
	- id: get-version
	run: echo "version=$(./buildtools/get_version)" >> $GITHUB_OUTPUT


	test:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-go@v4
	with:
	go-version: ${{ env.GOVERSION }}
	- run: make citest


	test-win:
	runs-on: windows-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-go@v4
	with:
	go-version: ${{ env.GOVERSION }}
	- run: go test -v pkg/... ; if ($LASTEXITCODE -ne 0) { exit 1 }

	test-osx:
	runs-on: macos-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-go@v4
	with:
	go-version: ${{ env.GOVERSION }}
	- run: make test

	build:
	strategy:
	fail-fast: false
	matrix:
	go-os: [linux, freebsd, darwin]
	go-arch: [386, amd64, arm64]
	exclude:
	- go-os: darwin
	go-arch: 386
	needs: [get-version]
	runs-on: ubuntu-latest
	env:
	BIN: "snclient-${{needs.get-version.outputs.version}}-${{ matrix.go-os }}-${{ matrix.go-arch }}"
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- uses: actions/setup-go@v4
	with:
	go-version: ${{ env.GOVERSION }}
	- run: \|
	echo "Building ${{ env.BIN }}"
	make GOOS=${{ matrix.go-os }} GOARCH=${{ matrix.go-arch }} build
	- uses: actions/upload-artifact@v3
	with:
	name: "${{ env.BIN }}"
	path: "snclient"
	if-no-files-found: error


	build-win:
	strategy:
	fail-fast: false
	matrix:
	go-os: [windows]
	go-arch: [386, amd64]
	needs: [get-version]
	runs-on: ubuntu-latest
	env:
	BIN: "snclient-${{needs.get-version.outputs.version}}-${{ matrix.go-os }}-${{ matrix.go-arch }}"
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- uses: actions/setup-go@v4
	with:
	go-version: ${{ env.GOVERSION }}
	- run: \|
	echo "Building ${{ env.BIN }}.exe"
	make tools
	rm -rf winres
	cp -rp packaging/windows/winres .
	./tools/go-winres make --arch 386,amd64,arm64
	cp rsrc_windows*.syso cmd/snclient/
	make GOOS=${{ matrix.go-os }} GOARCH=${{ matrix.go-arch }} build
	mv snclient snclient.exe
	- uses: actions/upload-artifact@v3
	with:
	name: "${{ env.BIN }}"
	path: "snclient.exe"
	if-no-files-found: error


	sign-win:
	strategy:
	fail-fast: false
	matrix:
	go-os: [windows]
	go-arch: [386, amd64]
	needs: [get-version, build-win]
	runs-on: windows-latest
	env:
	BIN: "snclient-${{needs.get-version.outputs.version}}-${{ matrix.go-os }}-${{ matrix.go-arch }}"
	steps:
	- uses: actions/checkout@v4
	- uses: actions/download-artifact@v3
	with:
	name: "${{ env.BIN }}"
	path: "."

	- name: "Sign snclient.exe"
	if: "!github.event.pull_request"
	uses: Minionguyjpro/signtool-code-sign@1.0.7
	with:
	certificate: '${{ secrets.WIN_SIGN_CERTIFICATE }}'
	cert-password: '${{ secrets.WIN_SIGN_PASSWORD }}'
	cert-sha1: '${{ secrets.WIN_SIGN_CERTHASH }}'
	cert-description: 'SNClient+ Agent (https://omd.consol.de/docs/snclient/)'
	timestamp-server: 'http://timestamp.digicert.com'
	folder: "./"

	- name: "Verify snclient.exe"
	if: "!github.event.pull_request"
	run: \|
	Write-Host "Verify snclient.exe"
	& "C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe" verify /pa snclient.exe

	- uses: actions/upload-artifact@v3
	with:
	name: "${{ env.BIN }}"
	path: "snclient.exe"
	if-no-files-found: error


	dist-win:
	needs: [get-version]
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-go@v4
	with:
	go-version: ${{ env.GOVERSION }}
	- run: sudo apt-get install help2man tofrodos
	- run: \|
	echo "Creating dist folder for windows"
	make windist
	- uses: actions/upload-artifact@v3
	with:
	name: "windist"
	path: "windist"
	if-no-files-found: error


	pkg-msi:
	strategy:
	matrix:
	go-os: [windows]
	go-arch: [386, amd64]
	needs: [get-version, build-win, dist-win, sign-win]
	runs-on: windows-latest
	env:
	BIN: "snclient-${{needs.get-version.outputs.version}}-${{ matrix.go-os }}-${{ matrix.go-arch }}"
	steps:
	- uses: actions/checkout@v4
	- uses: actions/download-artifact@v3
	with:
	name: "${{ env.BIN }}"
	path: "windist"
	- uses: actions/download-artifact@v3
	with:
	name: "windist"
	path: "windist"

	- run: \|
	Write-Host "Building ${{ env.BIN }}.msi"
	Copy-Item .\windist\windows_exporter-${{ matrix.go-arch }}.exe .\windist\windows_exporter.exe
	& .\packaging\windows\build_msi.ps1 `
	-out "${{ env.BIN }}.msi" `
	-arch "${{ matrix.go-arch }}" `
	-major "${{needs.get-version.outputs.major}}" `
	-minor "${{needs.get-version.outputs.minor}}" `
	-rev "${{needs.get-version.outputs.revision}}" `
	-sha "${{ needs.get-version.outputs.sha }}"

	- uses: Minionguyjpro/signtool-code-sign@1.0.7
	with:
	certificate: '${{ secrets.WIN_SIGN_CERTIFICATE }}'
	cert-password: '${{ secrets.WIN_SIGN_PASSWORD }}'
	cert-sha1: '${{ secrets.WIN_SIGN_CERTHASH }}'
	cert-description: 'SNClient+ Agent (https://omd.consol.de/docs/snclient/)'
	timestamp-server: 'http://timestamp.digicert.com'
	folder: "./"

	- run: \|
	Write-Host "Verify snclient.msi"
	& "C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe" verify /pa ${{ env.BIN }}.msi

	- uses: actions/upload-artifact@v3
	with:
	name: "${{ env.BIN }}.msi"
	path: "${{ env.BIN }}.msi"
	if-no-files-found: error


	pkg-deb:
	strategy:
	matrix:
	go-os: [linux]
	go-arch: [386, amd64, arm64]
	runs-on: ubuntu-latest
	needs: [get-version, build]
	env:
	BIN: "snclient-${{needs.get-version.outputs.version}}-${{ matrix.go-os }}-${{ matrix.go-arch }}"
	steps:
	- uses: actions/checkout@v4
	- uses: actions/download-artifact@v3
	with:
	name: "${{ env.BIN }}"
	- run: sudo apt-get install help2man devscripts
	- run: \|
	echo "Building ${{ env.BIN }}.deb"
	export DEBEMAIL="Sven Nierlein <sven.nierlein@consol.de>"
	export DEBFULLNAME="Sven Nierlein"
	make VERSION=${{needs.get-version.outputs.version}} ARCH=${{ matrix.go-arch }} DEBFILE=${{ env.BIN }}.deb deb
	- uses: actions/upload-artifact@v3
	with:
	name: "${{ env.BIN }}.deb"
	path: "${{ env.BIN }}.deb"
	if-no-files-found: error


	pkg-osx:
	strategy:
	matrix:
	go-os: [darwin]
	go-arch: [amd64, arm64]
	runs-on: macos-latest
	needs: [get-version, build]
	env:
	BIN: "snclient-${{needs.get-version.outputs.version}}-${{ matrix.go-os }}-${{ matrix.go-arch }}"
	DIST: "snclient-${{needs.get-version.outputs.version}}-osx-${{ matrix.go-arch }}"
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- uses: actions/download-artifact@v3
	with:
	name: "${{ env.BIN }}"
	- run: \|
	echo "Building ${{ env.DIST }}.pkg"
	brew install help2man
	export PATH="/usr/local/opt/openssl@3/bin:$PATH"
	make osx
	mv snclient*.pkg ${{ env.DIST }}.pkg
	- uses: actions/upload-artifact@v3
	with:
	name: "${{ env.DIST }}.pkg"
	path: "${{ env.DIST }}.pkg"
	if-no-files-found: error
	- uses: geekyeggo/delete-artifact@v2
	with:
	name: "${{ env.BIN }}"


	pkg-rpm:
	strategy:
	matrix:
	go-os: [linux]
	go-arch: [386, amd64, arm64]
	runs-on: ubuntu-latest
	needs: [get-version, build]
	env:
	BIN: "snclient-${{needs.get-version.outputs.version}}-${{ matrix.go-os }}-${{ matrix.go-arch }}"
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- uses: actions/download-artifact@v3
	with:
	name: "${{ env.BIN }}"
	- run: sudo apt-get install help2man
	- run: \|
	echo "Building ${{ env.BIN }}.rpm"
	make rpm
	mv snclient*.rpm ${{ env.BIN }}.rpm
	- uses: actions/upload-artifact@v3
	with:
	name: "${{ env.BIN }}.rpm"
	path: "${{ env.BIN }}.rpm"
	if-no-files-found: error


	# remove those artifacts which have been converted to .deb or .rpm files
	clean-tmp-files:
	strategy:
	matrix:
	go-os: [linux]
	go-arch: [386, amd64, arm64]
	runs-on: ubuntu-latest
	needs: [pkg-rpm,pkg-deb]
	env:
	BIN: "snclient-${{needs.get-version.outputs.version}}-${{ matrix.go-os }}-${{ matrix.go-arch }}"
	steps:
	- uses: geekyeggo/delete-artifact@v2
	with:
	name: "${{ env.BIN }}"


	integration-test:
	runs-on: ubuntu-latest
	needs: [get-version,pkg-deb,pkg-rpm]
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-go@v4
	with:
	go-version: ${{ env.GOVERSION }}
	- name: "Integration tests"
	run: \|
	cd t
	go test -v


	integration-test-windows:
	strategy:
	matrix:
	go-os: [windows]
	go-arch: [amd64]
	runs-on: windows-latest
	needs: [get-version,pkg-msi]
	env:
	BIN: "snclient-${{needs.get-version.outputs.version}}-${{ matrix.go-os }}-${{ matrix.go-arch }}"
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-go@v4
	with:
	go-version: ${{ env.GOVERSION }}
	- uses: actions/download-artifact@v3
	with:
	name: "windist"
	path: "windist"
	- uses: actions/download-artifact@v3
	with:
	name: "${{ env.BIN }}"
	path: "windist"
	- uses: actions/download-artifact@v3
	with:
	name: "${{ env.BIN }}.msi"
	- name: "Integration tests"
	run: \|
	Move-Item -Path ${{ env.BIN }}.msi -Destination .\t\snclient.msi
	Copy-Item .\windist\windows_exporter-${{ matrix.go-arch }}.exe .\windist\windows_exporter.exe
	cd t
	go test -v ; if ($LASTEXITCODE -ne 0) { exit 1 }
	shell: powershell


	# remove those artifacts use for msi files
	clean-tmp-windist:
	runs-on: ubuntu-latest
	needs: [pkg-msi, integration-test-windows]
	steps:
	- uses: geekyeggo/delete-artifact@v2
	with:
	name: "windist"

	clean-tmp-winbin:
	strategy:
	matrix:
	go-os: [windows]
	go-arch: [386, amd64]
	needs: [get-version, integration-test-windows]
	runs-on: windows-latest
	env:
	BIN: "snclient-${{needs.get-version.outputs.version}}-${{ matrix.go-os }}-${{ matrix.go-arch }}"
	steps:
	- uses: geekyeggo/delete-artifact@v2
	with:
	name: ${{ env.BIN }}

	make-release:
	if: startsWith(github.ref, 'refs/tags/')
	runs-on: ubuntu-latest
	needs: [get-version,pkg-msi,pkg-deb,pkg-rpm,pkg-osx,integration-test,integration-test-windows, test, test-win, test-osx]
	outputs:
	release-upload-url: ${{ steps.create-release.outputs.upload_url }}
	steps:
	- uses: actions/checkout@v4
	- run: make release_notes.txt
	- id: create-release
	uses: softprops/action-gh-release@v1
	with:
	name: "v${{needs.get-version.outputs.version}}"
	tag_name: "v${{needs.get-version.outputs.version}}"
	draft: true
	body_path: "release_notes.txt"


	upload-windows-release-assets:
	if: startsWith(github.ref, 'refs/tags/')
	strategy:
	matrix:
	go-os: [windows]
	go-arch: [386, amd64]
	runs-on: ubuntu-latest
	needs: [get-version,make-release]
	env:
	BIN: "snclient-${{needs.get-version.outputs.version}}-${{ matrix.go-os }}-${{ matrix.go-arch }}"
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	steps:
	- uses: actions/checkout@v4
	- uses: actions/download-artifact@v3
	with:
	name: "${{ env.BIN }}.msi"
	- run: gh release upload v${{needs.get-version.outputs.version}} ${{ env.BIN }}.msi


	upload-linux-deb-assets:
	if: startsWith(github.ref, 'refs/tags/')
	strategy:
	matrix:
	go-os: [linux]
	go-arch: [386, amd64, arm64]
	runs-on: ubuntu-latest
	needs: [get-version,make-release]
	env:
	BIN: "snclient-${{needs.get-version.outputs.version}}-${{ matrix.go-os }}-${{ matrix.go-arch }}"
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	steps:
	- uses: actions/checkout@v4
	- uses: actions/download-artifact@v3
	with:
	name: "${{ env.BIN }}.deb"
	- run: gh release upload v${{needs.get-version.outputs.version}} ${{ env.BIN }}.deb


	upload-linux-rpm-assets:
	if: startsWith(github.ref, 'refs/tags/')
	strategy:
	matrix:
	go-os: [linux]
	go-arch: [386, amd64, arm64]
	runs-on: ubuntu-latest
	needs: [get-version,make-release]
	env:
	BIN: "snclient-${{needs.get-version.outputs.version}}-${{ matrix.go-os }}-${{ matrix.go-arch }}"
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	steps:
	- uses: actions/checkout@v4
	- uses: actions/download-artifact@v3
	with:
	name: "${{ env.BIN }}.rpm"
	- run: gh release upload v${{needs.get-version.outputs.version}} ${{ env.BIN }}.rpm


	upload-osx-pkg-assets:
	if: startsWith(github.ref, 'refs/tags/')
	strategy:
	matrix:
	go-os: [darwin]
	go-arch: [amd64, arm64]
	runs-on: ubuntu-latest
	needs: [get-version,make-release]
	env:
	BIN: "snclient-${{needs.get-version.outputs.version}}-osx-${{ matrix.go-arch }}"
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	steps:
	- uses: actions/checkout@v4
	- uses: actions/download-artifact@v3
	with:
	name: "${{ env.BIN }}.pkg"
	- run: gh release upload v${{needs.get-version.outputs.version}} ${{ env.BIN }}.pkg


	upload-binary-release-assets:
	if: startsWith(github.ref, 'refs/tags/')
	strategy:
	matrix:
	go-os: [freebsd]
	go-arch: [386, amd64, arm64]
	runs-on: ubuntu-latest
	needs: [get-version,make-release]
	env:
	BIN: "snclient-${{needs.get-version.outputs.version}}-${{ matrix.go-os }}-${{ matrix.go-arch }}"
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	steps:
	- uses: actions/checkout@v4
	- uses: actions/download-artifact@v3
	with:
	name: "${{ env.BIN }}"
	- run: tar cvzf ./${{ env.BIN }}.tar.gz ./*
	- run: gh release upload v${{needs.get-version.outputs.version}} ${{ env.BIN }}.tar.gz

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

cicd: skip sign on pull requests #507

Workflow file

cicd: skip sign on pull requests #507

Jobs

Run details

Workflow file for this run