From be842a0c3c6ce7fdff8bb2ea5e7902ca40efa77e Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 15:30:24 +0000 Subject: [PATCH 01/11] chore: split release workflow so the majority happens on Linux --- .github/workflows/coder.yaml | 8 +- .github/workflows/release.yaml | 148 +++++++++++++++++++++++++++++---- .goreleaser-release.yaml | 126 ++++++++++++++++++++++++++++ .goreleaser.yaml | 82 +----------------- scripts/sign_macos.sh | 26 +++--- 5 files changed, 278 insertions(+), 112 deletions(-) create mode 100644 .goreleaser-release.yaml diff --git a/.github/workflows/coder.yaml b/.github/workflows/coder.yaml index 39a20bba18348..ee1be2621da68 100644 --- a/.github/workflows/coder.yaml +++ b/.github/workflows/coder.yaml @@ -226,7 +226,7 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} files: ./gotests.coverage flags: unittest-go-${{ matrix.os }} - # this flakes and sometimes fails the build + # this flakes and sometimes fails the build fail_ci_if_error: false test-go-postgres: @@ -310,7 +310,7 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} files: ./gotests.coverage flags: unittest-go-postgres-${{ matrix.os }} - # this flakes and sometimes fails the build + # this flakes and sometimes fails the build fail_ci_if_error: false deploy: @@ -318,6 +318,8 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork + needs: + - test-go-postgres permissions: contents: read id-token: write @@ -437,7 +439,7 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} files: ./site/coverage/lcov.info flags: unittest-js - # this flakes and sometimes fails the build + # this flakes and sometimes fails the build fail_ci_if_error: false - name: Upload DataDog Trace diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1736a45ce1d9d..3a51f25e745d3 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -6,28 +6,82 @@ on: workflow_dispatch: jobs: - goreleaser: - runs-on: macos-latest - env: - # Necessary for Docker manifest - DOCKER_CLI_EXPERIMENTAL: "enabled" + linux-windows: + runs-on: ubuntu-latest steps: - # Docker is not included on macos-latest - - uses: docker-practice/actions-setup-docker@1.0.10 - - uses: actions/checkout@v3 with: fetch-depth: 0 - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + - uses: actions/setup-go@v3 + with: + go-version: "~1.18" - - name: Docker Login - uses: docker/login-action@v2 + - name: Echo Go Cache Paths + id: go-cache-paths + run: | + echo "::set-output name=go-build::$(go env GOCACHE)" + echo "::set-output name=go-mod::$(go env GOMODCACHE)" + + - name: Go Build Cache + uses: actions/cache@v3 with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} + path: ${{ steps.go-cache-paths.outputs.go-build }} + key: ${{ runner.os }}-release-go-build-${{ hashFiles('**/go.sum') }} + + - name: Go Mod Cache + uses: actions/cache@v3 + with: + path: ${{ steps.go-cache-paths.outputs.go-mod }} + key: ${{ runner.os }}-release-go-mod-${{ hashFiles('**/go.sum') }} + + - name: Cache Node + id: cache-node + uses: actions/cache@v3 + with: + path: | + **/node_modules + .eslintcache + key: js-${{ runner.os }}-test-${{ hashFiles('**/yarn.lock') }} + restore-keys: | + js-${{ runner.os }}- + + - name: Build Site + run: make site/out/index.html + + - name: Build Linux binaries with GoReleaser + uses: goreleaser/goreleaser-action@v3 + with: + version: latest + args: build --rm-dist --timeout 60m --id coder-linux + + - name: Build Windows binaries with GoReleaser + uses: goreleaser/goreleaser-action@v3 + with: + version: latest + args: build --rm-dist --timeout 60m --id coder-windows + + - name: Upload Linux binary artifacts + uses: actions/upload-artifact@v3 + with: + name: linux + path: ./dist/coder-linux-* + + - name: Upload Windows binary artifacts + uses: actions/upload-artifact@v3 + with: + name: windows + path: ./dist/coder-windows-* + + # The mac binaries get built on mac runners because they need to be signed, + # and the signing tool only runs on mac. This darwin job only builds the Mac + # binaries and uploads them as job artifacts used by the publish step. + darwin: + runs-on: macos-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 - uses: actions/setup-go@v3 with: @@ -79,12 +133,72 @@ jobs: - name: Build Site run: make site/out/index.html - - name: Run GoReleaser + - name: Build darwin binaries with GoReleaser + uses: goreleaser/goreleaser-action@v3 + with: + version: latest + args: build --rm-dist --timeout 60m --id coder-darwin + env: + AC_USERNAME: ${{ secrets.AC_USERNAME }} + AC_PASSWORD: ${{ secrets.AC_PASSWORD }} + + - name: Upload binary artifacts + uses: actions/upload-artifact@v3 + with: + name: darwin + path: ./dist/coder-darwin-* + + publish: + runs-on: ubuntu-latest + needs: + - linux-windows + - darwin + env: + # Necessary for Docker manifest + DOCKER_CLI_EXPERIMENTAL: "enabled" + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Docker Login + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: mkdir artifacts + run: mkdir artifacts + + - name: Download Linux artifacts + uses: actions/download-artifact@v3 + with: + name: linux + path: ./artifacts + + - name: Download Windows artifacts + uses: actions/download-artifact@v3 + with: + name: windows + path: ./artifacts + + - name: Download darwin artifacts + uses: actions/download-artifact@v3 + with: + name: darwin + path: ./artifacts + + # This will build Docker images and Linux packages. + - name: Publish release uses: goreleaser/goreleaser-action@v3 with: + # we use the "prebuilt" builder here which is a pro-only feature + distribution: goreleaser-pro version: latest - args: release --rm-dist --timeout 60m + args: release -f ./.goreleaser-release.yaml --rm-dist --timeout 60m env: + GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} diff --git a/.goreleaser-release.yaml b/.goreleaser-release.yaml new file mode 100644 index 0000000000000..5977e7223f9f2 --- /dev/null +++ b/.goreleaser-release.yaml @@ -0,0 +1,126 @@ +archives: + - id: coder-linux + builds: [release-prebuilt-linux] + format: tar.gz + + - id: coder-windows + builds: [release-prebuilt-windows] + format: zip + + - id: coder-darwin + builds: [release-prebuilt-darwin] + format: zip + +builds: + - id: release-prebuilt-linux + builder: prebuilt + goos: [linux] + goarch: [amd64, arm, arm64] + goarm: ["7"] + prebuilt: + path: artifacts/coder-linux_{{.Os}}_{{.Arch}}/coder + + - id: release-prebuilt-windows + builder: prebuilt + goos: [windows] + goarch: [amd64, arm64] + prebuilt: + path: artifacts/coder-windows_{{.Os}}_{{.Arch}}/coder.exe + + - id: release-prebuilt-darwin + builder: prebuilt + goos: [darwin] + goarch: [amd64, arm64] + prebuilt: + path: artifacts/coder-darwin_{{.Os}}_{{.Arch}}/coder + +env: + # Apple identity for signing! + - AC_APPLICATION_IDENTITY=BDB050EB749EDD6A80C6F119BF1382ECA119CCCC + +nfpms: + - id: packages + vendor: Coder + homepage: https://coder.com + maintainer: Coder + description: | + Provision development environments with infrastructure with code + formats: + - apk + - deb + - rpm + suggests: + - postgresql + builds: + - coder-linux + bindir: /usr/bin + contents: + - src: coder.env + dst: /etc/coder.d/coder.env + type: "config|noreplace" + - src: coder.service + dst: /usr/lib/systemd/system/coder.service + +# Image templates are empty on snapshots to avoid lengthy builds for +# development. +dockers: + - image_templates: ["{{ if not .IsSnapshot }}ghcr.io/coder/coder:{{ .Tag }}-amd64{{ end }}"] + id: coder-linux + dockerfile: Dockerfile + use: buildx + build_flag_templates: + - --platform=linux/amd64 + - --label=org.opencontainers.image.title=Coder + - --label=org.opencontainers.image.description=A tool for provisioning self-hosted development environments with Terraform. + - --label=org.opencontainers.image.url=https://github.com/coder/coder + - --label=org.opencontainers.image.source=https://github.com/coder/coder + - --label=org.opencontainers.image.version={{ .Version }} + - --label=org.opencontainers.image.revision={{ .FullCommit }} + - --label=org.opencontainers.image.licenses=AGPL-3.0 + - image_templates: ["{{ if not .IsSnapshot }}ghcr.io/coder/coder:{{ .Tag }}-arm64{{ end }}"] + goarch: arm64 + dockerfile: Dockerfile + use: buildx + build_flag_templates: + - --platform=linux/arm64/v8 + - --label=org.opencontainers.image.title=coder + - --label=org.opencontainers.image.description=A tool for provisioning self-hosted development environments with Terraform. + - --label=org.opencontainers.image.url=https://github.com/coder/coder + - --label=org.opencontainers.image.source=https://github.com/coder/coder + - --label=org.opencontainers.image.version={{ .Tag }} + - --label=org.opencontainers.image.revision={{ .FullCommit }} + - --label=org.opencontainers.image.licenses=AGPL-3.0 + - image_templates: ["{{ if not .IsSnapshot }}ghcr.io/coder/coder:{{ .Tag }}-armv7{{ end }}"] + goarch: arm + goarm: "7" + dockerfile: Dockerfile + use: buildx + build_flag_templates: + - --platform=linux/arm/v7 + - --label=org.opencontainers.image.title=Coder + - --label=org.opencontainers.image.description=A tool for provisioning self-hosted development environments with Terraform. + - --label=org.opencontainers.image.url=https://github.com/coder/coder + - --label=org.opencontainers.image.source=https://github.com/coder/coder + - --label=org.opencontainers.image.version={{ .Tag }} + - --label=org.opencontainers.image.revision={{ .FullCommit }} + - --label=org.opencontainers.image.licenses=AGPL-3.0 + +docker_manifests: + - name_template: ghcr.io/coder/coder:{{ .Tag }} + image_templates: + - ghcr.io/coder/coder:{{ .Tag }}-amd64 + - ghcr.io/coder/coder:{{ .Tag }}-arm64 + - ghcr.io/coder/coder:{{ .Tag }}-armv7 + +release: + ids: [release-prebuilt-linux, release-prebuilt-windows, release-prebuilt-darwin, packages] + footer: | + ## Container Image + - `docker pull ghcr.io/coder/coder:{{ .Tag }}` + +signs: + - ids: [coder-darwin] + artifacts: archive + cmd: ./scripts/sign_macos.sh + args: ["${artifact}"] + output: true diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 7bcedf5087db5..90a79bbd9363e 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -1,16 +1,3 @@ -archives: - - id: coder-linux - builds: [coder-linux] - format: tar.gz - - - id: coder-darwin - builds: [coder-darwin] - format: zip - - - id: coder-windows - builds: [coder-windows] - format: zip - before: hooks: - go mod tidy @@ -67,10 +54,7 @@ builds: post: | sh -c 'codesign -s {{.Env.AC_APPLICATION_IDENTITY}} -f -v --timestamp --options runtime {{.Path}} || true' -env: - # Apple identity for signing! - - AC_APPLICATION_IDENTITY=BDB050EB749EDD6A80C6F119BF1382ECA119CCCC - +# This section is also contained in .goreleaser-release.yaml. nfpms: - id: packages vendor: Coder @@ -94,67 +78,9 @@ nfpms: - src: coder.service dst: /usr/lib/systemd/system/coder.service -# Image templates are empty on snapshots to avoid lengthy builds for development. -dockers: - - image_templates: ["{{ if not .IsSnapshot }}ghcr.io/coder/coder:{{ .Tag }}-amd64{{ end }}"] - id: coder-linux - dockerfile: Dockerfile - use: buildx - build_flag_templates: - - --platform=linux/amd64 - - --label=org.opencontainers.image.title=Coder - - --label=org.opencontainers.image.description=A tool for provisioning self-hosted development environments with Terraform. - - --label=org.opencontainers.image.url=https://github.com/coder/coder - - --label=org.opencontainers.image.source=https://github.com/coder/coder - - --label=org.opencontainers.image.version={{ .Version }} - - --label=org.opencontainers.image.revision={{ .FullCommit }} - - --label=org.opencontainers.image.licenses=AGPL-3.0 - - image_templates: ["{{ if not .IsSnapshot }}ghcr.io/coder/coder:{{ .Tag }}-arm64{{ end }}"] - goarch: arm64 - dockerfile: Dockerfile - use: buildx - build_flag_templates: - - --platform=linux/arm64/v8 - - --label=org.opencontainers.image.title=coder - - --label=org.opencontainers.image.description=A tool for provisioning self-hosted development environments with Terraform. - - --label=org.opencontainers.image.url=https://github.com/coder/coder - - --label=org.opencontainers.image.source=https://github.com/coder/coder - - --label=org.opencontainers.image.version={{ .Tag }} - - --label=org.opencontainers.image.revision={{ .FullCommit }} - - --label=org.opencontainers.image.licenses=AGPL-3.0 - - image_templates: ["{{ if not .IsSnapshot }}ghcr.io/coder/coder:{{ .Tag }}-armv7{{ end }}"] - goarch: arm - goarm: "7" - dockerfile: Dockerfile - use: buildx - build_flag_templates: - - --platform=linux/arm/v7 - - --label=org.opencontainers.image.title=Coder - - --label=org.opencontainers.image.description=A tool for provisioning self-hosted development environments with Terraform. - - --label=org.opencontainers.image.url=https://github.com/coder/coder - - --label=org.opencontainers.image.source=https://github.com/coder/coder - - --label=org.opencontainers.image.version={{ .Tag }} - - --label=org.opencontainers.image.revision={{ .FullCommit }} - - --label=org.opencontainers.image.licenses=AGPL-3.0 -docker_manifests: - - name_template: ghcr.io/coder/coder:{{ .Tag }} - image_templates: - - ghcr.io/coder/coder:{{ .Tag }}-amd64 - - ghcr.io/coder/coder:{{ .Tag }}-arm64 - - ghcr.io/coder/coder:{{ .Tag }}-armv7 - -release: - ids: [coder-linux, coder-darwin, coder-windows, packages] - footer: | - ## Container Image - - `docker pull ghcr.io/coder/coder:{{ .Tag }}` - -signs: - - ids: [coder-darwin] - artifacts: archive - cmd: ./scripts/sign_macos.sh - args: ["${artifact}"] - output: true +env: + # Apple identity for signing! + - AC_APPLICATION_IDENTITY=BDB050EB749EDD6A80C6F119BF1382ECA119CCCC snapshot: name_template: "{{ .Version }}-devel+{{ .ShortCommit }}" diff --git a/scripts/sign_macos.sh b/scripts/sign_macos.sh index 26d3fd181bbcb..525bc1be68c6b 100755 --- a/scripts/sign_macos.sh +++ b/scripts/sign_macos.sh @@ -5,19 +5,17 @@ set -euo pipefail SCRIPT_DIR=$(dirname "${BASH_SOURCE[0]}") PROJECT_ROOT=$(cd "$SCRIPT_DIR" && git rev-parse --show-toplevel) -( - cd "${PROJECT_ROOT}" +cd "${PROJECT_ROOT}" - codesign -s "$AC_APPLICATION_IDENTITY" -f -v --timestamp --options runtime "$1" +codesign -s "$AC_APPLICATION_IDENTITY" -f -v --timestamp --options runtime "$1" - config=$(mktemp -d)/gon.json - jq -r --null-input --arg path "$(pwd)/$1" '{ - "notarize": [ - { - "path": $path, - "bundle_id": "com.coder.cli" - } - ] - }' >"$config" - gon "$config" -) +config=$(mktemp -d)/gon.json +jq -r --null-input --arg path "$(pwd)/$1" '{ + "notarize": [ + { + "path": $path, + "bundle_id": "com.coder.cli" + } + ] +}' >"$config" +gon "$config" From 9ddb587dc11733d7d2bd938349f26e6551fc6c77 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 16:30:01 +0000 Subject: [PATCH 02/11] fixup! chore: split release workflow so the majority happens on Linux --- .github/workflows/release.yaml | 43 ++++++++----------------- .goreleaser-release-darwin.yaml | 57 +++++++++++++++++++++++++++++++++ .goreleaser-release-linux.yaml | 52 ++++++++++++++++++++++++++++++ .goreleaser-release.yaml | 45 ++++++-------------------- 4 files changed, 132 insertions(+), 65 deletions(-) create mode 100644 .goreleaser-release-darwin.yaml create mode 100644 .goreleaser-release-linux.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 3a51f25e745d3..212f90c7e96ce 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -49,29 +49,17 @@ jobs: - name: Build Site run: make site/out/index.html - - name: Build Linux binaries with GoReleaser + - name: Build Linux and Windows binaries with GoReleaser uses: goreleaser/goreleaser-action@v3 with: version: latest - args: build --rm-dist --timeout 60m --id coder-linux + args: release -f ./.goreleaser-linux.yaml --rm-dist --timeout 60m --snapshot - - name: Build Windows binaries with GoReleaser - uses: goreleaser/goreleaser-action@v3 - with: - version: latest - args: build --rm-dist --timeout 60m --id coder-windows - - - name: Upload Linux binary artifacts + - name: Upload binary artifacts uses: actions/upload-artifact@v3 with: name: linux - path: ./dist/coder-linux-* - - - name: Upload Windows binary artifacts - uses: actions/upload-artifact@v3 - with: - name: windows - path: ./dist/coder-windows-* + path: ./dist/coder* # The mac binaries get built on mac runners because they need to be signed, # and the signing tool only runs on mac. This darwin job only builds the Mac @@ -133,11 +121,11 @@ jobs: - name: Build Site run: make site/out/index.html - - name: Build darwin binaries with GoReleaser + - name: Build Darwin binaries with GoReleaser uses: goreleaser/goreleaser-action@v3 with: version: latest - args: build --rm-dist --timeout 60m --id coder-darwin + args: release -f ./.goreleaser-darwin.yaml --rm-dist --timeout 60m --snapshot env: AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} @@ -146,7 +134,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: darwin - path: ./dist/coder-darwin-* + path: ./dist/coder* publish: runs-on: ubuntu-latest @@ -171,23 +159,20 @@ jobs: - name: mkdir artifacts run: mkdir artifacts - - name: Download Linux artifacts + - name: Download darwin artifacts uses: actions/download-artifact@v3 with: - name: linux + name: darwin path: ./artifacts - - name: Download Windows artifacts + - name: Download Linux and Windows artifacts uses: actions/download-artifact@v3 with: - name: windows + name: linux path: ./artifacts - - name: Download darwin artifacts - uses: actions/download-artifact@v3 - with: - name: darwin - path: ./artifacts + - name: ls ./artifacts + run: ls ./artifacts # This will build Docker images and Linux packages. - name: Publish release @@ -196,7 +181,7 @@ jobs: # we use the "prebuilt" builder here which is a pro-only feature distribution: goreleaser-pro version: latest - args: release -f ./.goreleaser-release.yaml --rm-dist --timeout 60m + args: release -f ./.goreleaser-release.yaml --rm-dist --timeout 60m --snapshot env: GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.goreleaser-release-darwin.yaml b/.goreleaser-release-darwin.yaml new file mode 100644 index 0000000000000..179c930c0f2de --- /dev/null +++ b/.goreleaser-release-darwin.yaml @@ -0,0 +1,57 @@ +before: + hooks: + - go mod tidy + - rm -f site/out/bin/coder* + +archives: + - id: coder-darwin + builds: [coder-darwin] + format: zip + +builds: + - id: coder-slim + dir: cmd/coder + ldflags: ["-s -w -X github.com/coder/coder/buildinfo.tag={{ .Version }}"] + env: [CGO_ENABLED=0] + goos: [darwin, linux, windows] + goarch: [amd64, arm, arm64] + goarm: ["7"] + # Only build arm 7 for Linux + ignore: + - goos: windows + goarm: "7" + - goos: darwin + goarm: "7" + hooks: + # The "trimprefix" appends ".exe" on Windows. + post: | + cp {{.Path}} site/out/bin/coder-{{ .Os }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ trimprefix .Name "coder" }} + + - id: coder-darwin + dir: cmd/coder + flags: [-tags=embed] + ldflags: ["-s -w -X github.com/coder/coder/buildinfo.tag={{ .Version }}"] + env: [CGO_ENABLED=0] + goos: [darwin] + goarch: [amd64, arm64] + hooks: + # This signs the binary that will be located inside the zip. + # MacOS requires the binary to be signed for notarization. + # + # If it doesn't successfully sign, the zip sign step will error. + post: | + sh -c 'codesign -s {{.Env.AC_APPLICATION_IDENTITY}} -f -v --timestamp --options runtime {{.Path}} || true' + +env: + # Apple identity for signing! + - AC_APPLICATION_IDENTITY=BDB050EB749EDD6A80C6F119BF1382ECA119CCCC + +signs: + - ids: [coder-darwin] + artifacts: archive + cmd: ./scripts/sign_macos.sh + args: ["${artifact}"] + output: true + +snapshot: + name_template: "{{ .Version }}-devel+{{ .ShortCommit }}" diff --git a/.goreleaser-release-linux.yaml b/.goreleaser-release-linux.yaml new file mode 100644 index 0000000000000..313d34f7ef231 --- /dev/null +++ b/.goreleaser-release-linux.yaml @@ -0,0 +1,52 @@ +before: + hooks: + - go mod tidy + - rm -f site/out/bin/coder* + +archives: + - id: coder-linux + builds: [coder-linux] + format: tar.gz + + - id: coder-windows + builds: [coder-windows] + format: zip + +builds: + - id: coder-slim + dir: cmd/coder + ldflags: ["-s -w -X github.com/coder/coder/buildinfo.tag={{ .Version }}"] + env: [CGO_ENABLED=0] + goos: [darwin, linux, windows] + goarch: [amd64, arm, arm64] + goarm: ["7"] + # Only build arm 7 for Linux + ignore: + - goos: windows + goarm: "7" + - goos: darwin + goarm: "7" + hooks: + # The "trimprefix" appends ".exe" on Windows. + post: | + cp {{.Path}} site/out/bin/coder-{{ .Os }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ trimprefix .Name "coder" }} + + - id: coder-linux + dir: cmd/coder + flags: [-tags=embed] + ldflags: ["-s -w -X github.com/coder/coder/buildinfo.tag={{ .Version }}"] + env: [CGO_ENABLED=0] + goos: [linux] + goarch: [amd64, arm, arm64] + goarm: ["7"] + + - id: coder-windows + dir: cmd/coder + flags: [-tags=embed] + ldflags: ["-s -w -X github.com/coder/coder/buildinfo.tag={{ .Version }}"] + env: [CGO_ENABLED=0] + goos: [windows] + goarch: [amd64, arm64] + +snapshot: + name_template: "{{ .Version }}-devel+{{ .ShortCommit }}" diff --git a/.goreleaser-release.yaml b/.goreleaser-release.yaml index 5977e7223f9f2..4edad63e93ce7 100644 --- a/.goreleaser-release.yaml +++ b/.goreleaser-release.yaml @@ -3,14 +3,6 @@ archives: builds: [release-prebuilt-linux] format: tar.gz - - id: coder-windows - builds: [release-prebuilt-windows] - format: zip - - - id: coder-darwin - builds: [release-prebuilt-darwin] - format: zip - builds: - id: release-prebuilt-linux builder: prebuilt @@ -20,24 +12,7 @@ builds: prebuilt: path: artifacts/coder-linux_{{.Os}}_{{.Arch}}/coder - - id: release-prebuilt-windows - builder: prebuilt - goos: [windows] - goarch: [amd64, arm64] - prebuilt: - path: artifacts/coder-windows_{{.Os}}_{{.Arch}}/coder.exe - - - id: release-prebuilt-darwin - builder: prebuilt - goos: [darwin] - goarch: [amd64, arm64] - prebuilt: - path: artifacts/coder-darwin_{{.Os}}_{{.Arch}}/coder - -env: - # Apple identity for signing! - - AC_APPLICATION_IDENTITY=BDB050EB749EDD6A80C6F119BF1382ECA119CCCC - +# This section is also contained in .goreleaser.yaml. nfpms: - id: packages vendor: Coder @@ -52,7 +27,7 @@ nfpms: suggests: - postgresql builds: - - coder-linux + - release-prebuilt-linux bindir: /usr/bin contents: - src: coder.env @@ -65,7 +40,7 @@ nfpms: # development. dockers: - image_templates: ["{{ if not .IsSnapshot }}ghcr.io/coder/coder:{{ .Tag }}-amd64{{ end }}"] - id: coder-linux + id: release-prebuilt-linux dockerfile: Dockerfile use: buildx build_flag_templates: @@ -113,14 +88,12 @@ docker_manifests: - ghcr.io/coder/coder:{{ .Tag }}-armv7 release: - ids: [release-prebuilt-linux, release-prebuilt-windows, release-prebuilt-darwin, packages] + ids: [release-prebuilt-linux, packages] footer: | ## Container Image - `docker pull ghcr.io/coder/coder:{{ .Tag }}` - -signs: - - ids: [coder-darwin] - artifacts: archive - cmd: ./scripts/sign_macos.sh - args: ["${artifact}"] - output: true + # All non-Linux files should just be used as is. We have to import the Linux + # builds so that the docker images get built and package creation works. + extra_files: + - glob: ./artifacts/coder_*_darwin* + - glob: ./artifacts/coder_*_windows* From 2b8d9cb83fb130eafe3c82a5ee0fadaeeb8c5d93 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 16:55:33 +0000 Subject: [PATCH 03/11] chore: add dry-run functionality to release workflow --- .github/workflows/release.yaml | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 212f90c7e96ce..e31a18589a957 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -4,6 +4,11 @@ on: tags: - "v*" workflow_dispatch: + inputs: + snapshot: + description: Perform a snapshot/dry-run release (required if the ref is not a tag) + type: boolean + required: true jobs: linux-windows: @@ -53,7 +58,7 @@ jobs: uses: goreleaser/goreleaser-action@v3 with: version: latest - args: release -f ./.goreleaser-linux.yaml --rm-dist --timeout 60m --snapshot + args: release -f ./.goreleaser-release-linux.yaml --rm-dist --timeout 60m --skip-publish --skip-announce ${{ github.event.inputs.snapshot && '--snapshot' }} - name: Upload binary artifacts uses: actions/upload-artifact@v3 @@ -125,7 +130,7 @@ jobs: uses: goreleaser/goreleaser-action@v3 with: version: latest - args: release -f ./.goreleaser-darwin.yaml --rm-dist --timeout 60m --snapshot + args: release -f ./.goreleaser-release-darwin.yaml --rm-dist --timeout 60m --skip-publish --skip-announce ${{ github.event.inputs.snapshot && '--snapshot' }} env: AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} @@ -181,9 +186,15 @@ jobs: # we use the "prebuilt" builder here which is a pro-only feature distribution: goreleaser-pro version: latest - args: release -f ./.goreleaser-release.yaml --rm-dist --timeout 60m --snapshot + args: release -f ./.goreleaser-release.yaml --rm-dist --timeout 60m ${{ github.event.inputs.snapshot && '--snapshot' }} env: GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} + + - name: Upload artifacts + uses: actions/upload-artifact@v3 + with: + name: release + path: ./dist/* From d638c6efac9c2f35aab83dc70f3b08c3cdb7ebb0 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 18:40:10 +0000 Subject: [PATCH 04/11] fixup! chore: add dry-run functionality to release workflow --- .goreleaser-release-darwin.yaml | 11 ++++++----- .goreleaser-release-linux.yaml | 3 +++ .goreleaser-release.yaml | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/.goreleaser-release-darwin.yaml b/.goreleaser-release-darwin.yaml index 179c930c0f2de..1c6ea3f5d20d3 100644 --- a/.goreleaser-release-darwin.yaml +++ b/.goreleaser-release-darwin.yaml @@ -35,12 +35,10 @@ builds: goos: [darwin] goarch: [amd64, arm64] hooks: - # This signs the binary that will be located inside the zip. - # MacOS requires the binary to be signed for notarization. - # - # If it doesn't successfully sign, the zip sign step will error. + # This signs the binary that will be located inside the zip. MacOS + # requires the binary to be signed for notarization. post: | - sh -c 'codesign -s {{.Env.AC_APPLICATION_IDENTITY}} -f -v --timestamp --options runtime {{.Path}} || true' + sh -c 'codesign -s {{.Env.AC_APPLICATION_IDENTITY}} -f -v --timestamp --options runtime {{.Path}}' env: # Apple identity for signing! @@ -53,5 +51,8 @@ signs: args: ["${artifact}"] output: true +release: + ids: [coder-darwin] + snapshot: name_template: "{{ .Version }}-devel+{{ .ShortCommit }}" diff --git a/.goreleaser-release-linux.yaml b/.goreleaser-release-linux.yaml index 313d34f7ef231..d2d20a322ea6a 100644 --- a/.goreleaser-release-linux.yaml +++ b/.goreleaser-release-linux.yaml @@ -48,5 +48,8 @@ builds: goos: [windows] goarch: [amd64, arm64] +release: + ids: [coder-windows, coder-linux] + snapshot: name_template: "{{ .Version }}-devel+{{ .ShortCommit }}" diff --git a/.goreleaser-release.yaml b/.goreleaser-release.yaml index 4edad63e93ce7..3b8f947add255 100644 --- a/.goreleaser-release.yaml +++ b/.goreleaser-release.yaml @@ -10,7 +10,7 @@ builds: goarch: [amd64, arm, arm64] goarm: ["7"] prebuilt: - path: artifacts/coder-linux_{{.Os}}_{{.Arch}}/coder + path: artifacts/coder-linux_{{.Os}}_{{.Arch}}{{ with .Arm }}_{{ . }}{{ end }}/coder # This section is also contained in .goreleaser.yaml. nfpms: From ec1064b5367d6ceb335df45dd47aa2f4ace64704 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 19:43:32 +0000 Subject: [PATCH 05/11] fixup! chore: add dry-run functionality to release workflow --- .github/workflows/release.yaml | 7 +++++++ .goreleaser-release.yaml | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e31a18589a957..eee3860cacc0d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,3 +1,10 @@ +# GitHub release workflow. +# +# This workflow is a bit complicated because we have to build darwin binaries on +# a mac runner, but the mac runners are extremely slow. So instead of running +# the entire release on a mac (which will take an hour to run), we run only the +# mac build on a mac, and the rest on a linux runner. The final release is then +# published using a final linux runner. name: release on: push: diff --git a/.goreleaser-release.yaml b/.goreleaser-release.yaml index 3b8f947add255..932b645792993 100644 --- a/.goreleaser-release.yaml +++ b/.goreleaser-release.yaml @@ -1,3 +1,6 @@ +# This goreleaser config file requires GoReleaser Pro as it uses the prebuilt +# builder type. + archives: - id: coder-linux builds: [release-prebuilt-linux] @@ -97,3 +100,6 @@ release: extra_files: - glob: ./artifacts/coder_*_darwin* - glob: ./artifacts/coder_*_windows* + +snapshot: + name_template: "{{ .Version }}-devel+{{ .ShortCommit }}" From 6b09749e29165702a8083bbc03635f7acb8a0531 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 20:14:32 +0000 Subject: [PATCH 06/11] fixup! chore: add dry-run functionality to release workflow --- .goreleaser-release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.goreleaser-release.yaml b/.goreleaser-release.yaml index 932b645792993..822bab9d5bcbb 100644 --- a/.goreleaser-release.yaml +++ b/.goreleaser-release.yaml @@ -98,8 +98,8 @@ release: # All non-Linux files should just be used as is. We have to import the Linux # builds so that the docker images get built and package creation works. extra_files: - - glob: ./artifacts/coder_*_darwin* - - glob: ./artifacts/coder_*_windows* + - glob: ./artifacts/coder_*_darwin*/coder + - glob: ./artifacts/coder_*_windows*/coder.exe snapshot: name_template: "{{ .Version }}-devel+{{ .ShortCommit }}" From 8d0992d555cd03f5f703d2db67f1ef6df1d0bcc6 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 20:52:22 +0000 Subject: [PATCH 07/11] chore: add retry for apple notarization --- scripts/sign_macos.sh | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/scripts/sign_macos.sh b/scripts/sign_macos.sh index 525bc1be68c6b..523649d7c5cf4 100755 --- a/scripts/sign_macos.sh +++ b/scripts/sign_macos.sh @@ -18,4 +18,23 @@ jq -r --null-input --arg path "$(pwd)/$1" '{ } ] }' >"$config" -gon "$config" + +# The notarization process is very fragile and heavily dependent on Apple's +# notarization server not returning server errors, so we retry this step 5 +# times with a delay of 30 seconds between each attempt. +rc=0 +for i in $(seq 1 5); do + gon "$config" && rc=0 && break || rc=$? + echo "gon exit code: $rc" + if [ "$i" -lt 5 ]; then + echo + echo "Retrying notarization in 30 seconds" + echo + sleep 30 + else + echo + echo "Giving up :(" + fi +done + +exit $rc From 5cf8b28848c8e314f85aa619dabea0ca4c448512 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 21:03:33 +0000 Subject: [PATCH 08/11] fixup! chore: add retry for apple notarization --- .goreleaser-release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.goreleaser-release.yaml b/.goreleaser-release.yaml index 822bab9d5bcbb..ee050b830f9b1 100644 --- a/.goreleaser-release.yaml +++ b/.goreleaser-release.yaml @@ -98,8 +98,8 @@ release: # All non-Linux files should just be used as is. We have to import the Linux # builds so that the docker images get built and package creation works. extra_files: - - glob: ./artifacts/coder_*_darwin*/coder - - glob: ./artifacts/coder_*_windows*/coder.exe + - glob: ./artifacts/coder_*_darwin_*.zip + - glob: ./artifacts/coder_*_windows_*.zip snapshot: name_template: "{{ .Version }}-devel+{{ .ShortCommit }}" From ea01e6ee9bc7cf98858de444a589f22780663b36 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 21:48:59 +0000 Subject: [PATCH 09/11] fixup! chore: add retry for apple notarization --- .../.goreleaser-release-darwin.yaml | 0 .../.goreleaser-release-linux.yaml | 0 .../.goreleaser-release.yaml | 0 .github/workflows/release.yaml | 12 +++--------- 4 files changed, 3 insertions(+), 9 deletions(-) rename .goreleaser-release-darwin.yaml => .github/.goreleaser-release-darwin.yaml (100%) rename .goreleaser-release-linux.yaml => .github/.goreleaser-release-linux.yaml (100%) rename .goreleaser-release.yaml => .github/.goreleaser-release.yaml (100%) diff --git a/.goreleaser-release-darwin.yaml b/.github/.goreleaser-release-darwin.yaml similarity index 100% rename from .goreleaser-release-darwin.yaml rename to .github/.goreleaser-release-darwin.yaml diff --git a/.goreleaser-release-linux.yaml b/.github/.goreleaser-release-linux.yaml similarity index 100% rename from .goreleaser-release-linux.yaml rename to .github/.goreleaser-release-linux.yaml diff --git a/.goreleaser-release.yaml b/.github/.goreleaser-release.yaml similarity index 100% rename from .goreleaser-release.yaml rename to .github/.goreleaser-release.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index eee3860cacc0d..9aca440806b2a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -65,7 +65,7 @@ jobs: uses: goreleaser/goreleaser-action@v3 with: version: latest - args: release -f ./.goreleaser-release-linux.yaml --rm-dist --timeout 60m --skip-publish --skip-announce ${{ github.event.inputs.snapshot && '--snapshot' }} + args: release -f ./.github/.goreleaser-release-linux.yaml --rm-dist --timeout 60m --skip-publish --skip-announce ${{ github.event.inputs.snapshot && '--snapshot' }} - name: Upload binary artifacts uses: actions/upload-artifact@v3 @@ -137,7 +137,7 @@ jobs: uses: goreleaser/goreleaser-action@v3 with: version: latest - args: release -f ./.goreleaser-release-darwin.yaml --rm-dist --timeout 60m --skip-publish --skip-announce ${{ github.event.inputs.snapshot && '--snapshot' }} + args: release -f ./.github/.goreleaser-release-darwin.yaml --rm-dist --timeout 60m --skip-publish --skip-announce ${{ github.event.inputs.snapshot && '--snapshot' }} env: AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} @@ -193,15 +193,9 @@ jobs: # we use the "prebuilt" builder here which is a pro-only feature distribution: goreleaser-pro version: latest - args: release -f ./.goreleaser-release.yaml --rm-dist --timeout 60m ${{ github.event.inputs.snapshot && '--snapshot' }} + args: release -f ./.github/.goreleaser-release.yaml --rm-dist --timeout 60m ${{ github.event.inputs.snapshot && '--snapshot' }} env: GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} AC_USERNAME: ${{ secrets.AC_USERNAME }} AC_PASSWORD: ${{ secrets.AC_PASSWORD }} - - - name: Upload artifacts - uses: actions/upload-artifact@v3 - with: - name: release - path: ./dist/* From 211660183eeea337d45498ea1589999980c79414 Mon Sep 17 00:00:00 2001 From: deansheather Date: Mon, 6 Jun 2022 21:49:57 +0000 Subject: [PATCH 10/11] fixup! chore: add retry for apple notarization --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9aca440806b2a..0a7025130b24e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -13,7 +13,7 @@ on: workflow_dispatch: inputs: snapshot: - description: Perform a snapshot/dry-run release (required if the ref is not a tag) + description: Perform a snapshot/dry-run release (will not create a GitHub release, required if the ref is not a tag) type: boolean required: true From 2c3a65a59b7320b3a46d6dfd5f33cdd42bbcd59b Mon Sep 17 00:00:00 2001 From: deansheather Date: Tue, 7 Jun 2022 15:10:00 +0000 Subject: [PATCH 11/11] fixup! chore: add retry for apple notarization --- .github/workflows/coder.yaml | 2 -- .goreleaser.yaml | 11 ----------- 2 files changed, 13 deletions(-) diff --git a/.github/workflows/coder.yaml b/.github/workflows/coder.yaml index ee1be2621da68..8cbfac7756dcd 100644 --- a/.github/workflows/coder.yaml +++ b/.github/workflows/coder.yaml @@ -318,8 +318,6 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork - needs: - - test-go-postgres permissions: contents: read id-token: write diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 90a79bbd9363e..602023d91e3d1 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -46,13 +46,6 @@ builds: env: [CGO_ENABLED=0] goos: [darwin] goarch: [amd64, arm64] - hooks: - # This signs the binary that will be located inside the zip. - # MacOS requires the binary to be signed for notarization. - # - # If it doesn't successfully sign, the zip sign step will error. - post: | - sh -c 'codesign -s {{.Env.AC_APPLICATION_IDENTITY}} -f -v --timestamp --options runtime {{.Path}} || true' # This section is also contained in .goreleaser-release.yaml. nfpms: @@ -78,9 +71,5 @@ nfpms: - src: coder.service dst: /usr/lib/systemd/system/coder.service -env: - # Apple identity for signing! - - AC_APPLICATION_IDENTITY=BDB050EB749EDD6A80C6F119BF1382ECA119CCCC - snapshot: name_template: "{{ .Version }}-devel+{{ .ShortCommit }}"