Skip to content

Commit 100515a

Browse files
ethanndicksonethanndickson
committed
retry
1 parent d84a705 commit 100515a

File tree

3 files changed

+103
-8
lines changed

3 files changed

+103
-8
lines changed

.github/workflows/ci.yaml

Lines changed: 18 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -809,8 +809,10 @@ jobs:
809809
# Builds the dylibs and upload it as an artifact so it can be embedded in the main build
810810
build-dylib:
811811
needs: changes
812+
# We always build the dylibs on PRs to verify we're not merging unbuildable code,
813+
# but they need only be signed on main.
812814
# TODO: Uncomment
813-
# if: github.ref == 'refs/heads/main' && needs.changes.outputs.docs-only == 'false' && !github.event.pull_request.head.repo.fork
815+
# if: needs.changes.outputs.docs-only == 'false' && !github.event.pull_request.head.repo.fork
814816
runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest' }}
815817
steps:
816818
- name: Harden Runner
@@ -834,6 +836,8 @@ jobs:
834836
uses: ./.github/actions/setup-go
835837

836838
- name: Install rcodesign
839+
# TODO: Uncomment
840+
# if: github.ref == 'refs/heads/main'
837841
run: |
838842
set -euo pipefail
839843
wget -O /tmp/rcodesign.tar.gz https://github.com/indygreg/apple-platform-rs/releases/download/apple-codesign%2F0.22.0/apple-codesign-0.22.0-macos-universal.tar.gz
@@ -844,6 +848,8 @@ jobs:
844848
rm /tmp/rcodesign.tar.gz
845849
846850
- name: Setup Apple Developer certificate and API key
851+
# TODO: Uncomment
852+
# if: github.ref == 'refs/heads/main'
847853
run: |
848854
set -euo pipefail
849855
touch /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
@@ -864,7 +870,9 @@ jobs:
864870
make gen/mark-fresh
865871
make build/coder-dylib
866872
env:
867-
CODER_SIGN_DARWIN: "1"
873+
# TODO: Uncomment
874+
# CODER_SIGN_DARWIN: ${{ github.ref == 'refs/heads/main' && '1' || '0' }}
875+
CODER_SIGN_DARWIN: 1
868876
AC_CERTIFICATE_FILE: /tmp/apple_cert.p12
869877
AC_CERTIFICATE_PASSWORD_FILE: /tmp/apple_cert_password.txt
870878

@@ -877,6 +885,11 @@ jobs:
877885
./build/*.dylib
878886
retention-days: 7
879887

888+
- name: Delete Apple Developer certificate and API key
889+
# TODO: Uncomment
890+
# if: github.ref == 'refs/heads/main'
891+
run: rm -f /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
892+
880893
build:
881894
# This builds and publishes ghcr.io/coder/coder-preview:main for each commit
882895
# to main branch.
@@ -930,9 +943,9 @@ jobs:
930943

931944
- name: Insert dylibs
932945
run: |
933-
mv ./build/*amd64.dylib ./site/out/bin/coder-desktop-darwin-amd64.dylib
934-
mv ./build/*arm64.dylib ./site/out/bin/coder-desktop-darwin-arm64.dylib
935-
mv ./build/*arm64.h ./site/out/bin/coder-desktop-darwin-dylib.h
946+
mv ./build/*amd64.dylib ./site/out/bin/coder-vpn-darwin-amd64.dylib
947+
mv ./build/*arm64.dylib ./site/out/bin/coder-vpn-darwin-arm64.dylib
948+
mv ./build/*arm64.h ./site/out/bin/coder-vpn-darwin-dylib.h
936949
937950
- name: Build
938951
run: |

.github/workflows/release.yaml

Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,8 +32,80 @@ env:
3232
CODER_RELEASE_NOTES: ${{ inputs.release_notes }}
3333

3434
jobs:
35+
# build-dylib is a separate job to build the dylib on macOS.
36+
build-dylib:
37+
runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest' }}
38+
steps:
39+
- name: Harden Runner
40+
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
41+
with:
42+
egress-policy: audit
43+
44+
- name: Checkout
45+
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
46+
with:
47+
fetch-depth: 0
48+
49+
- name: Setup build tools
50+
run: |
51+
brew install bash gnu-getopt make
52+
echo "$(brew --prefix bash)/bin" >> $GITHUB_PATH
53+
echo "$(brew --prefix gnu-getopt)/bin" >> $GITHUB_PATH
54+
echo "$(brew --prefix make)/libexec/gnubin" >> $GITHUB_PATH
55+
56+
- name: Setup Go
57+
uses: ./.github/actions/setup-go
58+
59+
- name: Install rcodesign
60+
run: |
61+
set -euo pipefail
62+
wget -O /tmp/rcodesign.tar.gz https://github.com/indygreg/apple-platform-rs/releases/download/apple-codesign%2F0.22.0/apple-codesign-0.22.0-macos-universal.tar.gz
63+
sudo tar -xzf /tmp/rcodesign.tar.gz \
64+
-C /usr/local/bin \
65+
--strip-components=1 \
66+
apple-codesign-0.22.0-macos-universal/rcodesign
67+
rm /tmp/rcodesign.tar.gz
68+
69+
- name: Setup Apple Developer certificate and API key
70+
run: |
71+
set -euo pipefail
72+
touch /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
73+
chmod 600 /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
74+
echo "$AC_CERTIFICATE_P12_BASE64" | base64 -d > /tmp/apple_cert.p12
75+
echo "$AC_CERTIFICATE_PASSWORD" > /tmp/apple_cert_password.txt
76+
echo "$AC_APIKEY_P8_BASE64" | base64 -d > /tmp/apple_apikey.p8
77+
env:
78+
AC_CERTIFICATE_P12_BASE64: ${{ secrets.AC_CERTIFICATE_P12_BASE64 }}
79+
AC_CERTIFICATE_PASSWORD: ${{ secrets.AC_CERTIFICATE_PASSWORD }}
80+
AC_APIKEY_P8_BASE64: ${{ secrets.AC_APIKEY_P8_BASE64 }}
81+
82+
- name: Build dylibs
83+
run: |
84+
set -euxo pipefail
85+
go mod download
86+
87+
make gen/mark-fresh
88+
make build/coder-dylib
89+
env:
90+
CODER_SIGN_DARWIN: 1
91+
AC_CERTIFICATE_FILE: /tmp/apple_cert.p12
92+
AC_CERTIFICATE_PASSWORD_FILE: /tmp/apple_cert_password.txt
93+
94+
- name: Upload build artifacts
95+
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
96+
with:
97+
name: dylibs
98+
path: |
99+
./build/*.h
100+
./build/*.dylib
101+
retention-days: 7
102+
103+
- name: Delete Apple Developer certificate and API key
104+
run: rm -f /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
105+
35106
release:
36107
name: Build and publish
108+
needs: build-dylib
37109
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
38110
permissions:
39111
# Required to publish a release
@@ -145,6 +217,18 @@ jobs:
145217
- name: Install nsis and zstd
146218
run: sudo apt-get install -y nsis zstd
147219

220+
- name: Download dylibs
221+
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
222+
with:
223+
name: dylibs
224+
path: ./build
225+
226+
- name: Insert dylibs
227+
run: |
228+
mv ./build/*amd64.dylib ./site/out/bin/coder-vpn-darwin-amd64.dylib
229+
mv ./build/*arm64.dylib ./site/out/bin/coder-vpn-darwin-arm64.dylib
230+
mv ./build/*arm64.h ./site/out/bin/coder-vpn-darwin-dylib.h
231+
148232
- name: Install nfpm
149233
run: |
150234
set -euo pipefail

vpn/dylib/lib.go

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
//go:build darwin
2-
// +build darwin
32

43
package main
54

@@ -40,6 +39,7 @@ func OpenTunnel(cReadFD, cWriteFD int32) int32 {
4039
return 0
4140
}
4241

42+
// TODO: Replace with Dean's `vpn/bidiPipe` implementation once it's merged
4343
type pipeConn struct {
4444
r *os.File
4545
w *os.File
@@ -69,7 +69,6 @@ func newFdConn(cReadFD, cWriteFD int32) (io.ReadWriteCloser, error) {
6969
}
7070
reader := os.NewFile(uintptr(readFD), "PIPE")
7171
if reader == nil {
72-
unix.Close(readFD)
7372
return nil, xerrors.New("failed to create reader")
7473
}
7574

@@ -80,7 +79,6 @@ func newFdConn(cReadFD, cWriteFD int32) (io.ReadWriteCloser, error) {
8079
writer := os.NewFile(uintptr(writeFD), "PIPE")
8180
if writer == nil {
8281
unix.Close(readFD)
83-
unix.Close(writeFD)
8482
return nil, xerrors.New("failed to create writer")
8583
}
8684

0 commit comments

Comments
 (0)