add preview mode #1250
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Go package | |
| on: | |
| push: | |
| tags: | |
| - "v*" # push events to tagged commits | |
| branches: | |
| - "**" | |
| permissions: | |
| contents: read | |
| id-token: write # for GitHub id-token auth | |
| jobs: | |
| go-test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: src/go.mod | |
| cache-dependency-path: src/go.sum | |
| - name: Run Go unit tests | |
| run: go test -test.short -v ./... | |
| working-directory: src | |
| # - name: Build MacOS binary | |
| # run: GOOS=darwin go build ./cmd/cli | |
| # working-directory: src | |
| # - name: Build Windows binary | |
| # run: GOOS=windows go build ./cmd/cli | |
| # working-directory: src | |
| - name: Verify Go modules | |
| working-directory: src | |
| run: | | |
| go mod tidy | |
| git diff --exit-code go.mod go.sum || { echo "Go modules are not up to date"; exit 1; } | |
| nix-shell-test: | |
| runs-on: ubuntu-latest | |
| needs: go-test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Nix | |
| uses: cachix/install-nix-action@v26 | |
| with: | |
| nix_path: nixpkgs=channel:nixos-unstable | |
| - name: Check nix-shell default.nix | |
| run: | | |
| set -o pipefail | |
| nix-shell --pure -E 'with import <nixpkgs> {}; mkShell { buildInputs = [ (import ./default.nix {}) ]; }' --run defang 2>&1 | sed -u 's|\s\+got:|::error file=pkgs/defang/cli.nix,line=9::Replace the vendorHash with the correct value:|' | |
| # go-byoc-test: | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Configure AWS Credentials for CI | |
| # uses: aws-actions/configure-aws-credentials@v4 | |
| # with: | |
| # aws-region: us-west-2 | |
| # output-credentials: true | |
| # role-to-assume: arn:aws:iam::488659951590:role/ci-role-d4fe904 # ciRoleArn from defang-io/infrastructure stack | |
| # - name: Configure AWS Credentials for Staging | |
| # uses: aws-actions/configure-aws-credentials@v4 | |
| # with: | |
| # aws-region: us-west-2 | |
| # role-duration-seconds: 1200 | |
| # role-chaining: true | |
| # role-to-assume: arn:aws:iam::426819183542:role/admin # adminUserRoleArn from defang-io/bootstrap stack | |
| # - uses: actions/checkout@v4 | |
| # - name: Set up Go | |
| # uses: actions/setup-go@v5 | |
| # with: | |
| # go-version-file: src/go.mod | |
| # cache-dependency-path: src/go.sum | |
| # - name: Run sanity tests | |
| # run: go run ./cmd/cli compose up -f tests/compose.yaml | |
| # working-directory: src | |
| go-playground-test: | |
| runs-on: ubuntu-latest | |
| needs: go-test | |
| env: | |
| COMPOSE_PROJECT_NAME: ${{ github.run_id }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: src/go.mod | |
| cache-dependency-path: src/go.sum | |
| - name: Login using GitHub token | |
| run: go run ./cmd/cli login --debug | |
| working-directory: src | |
| - name: Add dummy config | |
| run: echo blah | go run ./cmd/cli config set -n dummy -f tests/sanity/compose.yaml --debug | |
| working-directory: src | |
| - name: Run sanity tests UP | |
| run: go run ./cmd/cli compose up -f tests/sanity/compose.yaml --debug | |
| working-directory: src | |
| - name: Run sanity tests DOWN | |
| run: go run ./cmd/cli compose stop -f tests/sanity/compose.yaml --debug | |
| working-directory: src | |
| build-and-sign: | |
| name: Build app and sign files with Trusted Signing | |
| needs: go-test | |
| runs-on: windows-latest # for signtool | |
| env: # from https://github.com/spiffe/spire/pull/5158 | |
| GOPATH: 'D:\golang\go' | |
| GOCACHE: 'D:\golang\cache' | |
| GOMODCACHE: 'D:\golang\modcache' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: src/go.mod | |
| cache-dependency-path: src/go.sum | |
| - name: Download Go dependencies | |
| run: go mod download | |
| working-directory: src | |
| - name: Run GoReleaser (Windows and Linux) | |
| uses: goreleaser/goreleaser-action@v5 | |
| with: | |
| # distribution: goreleaser-pro # either 'goreleaser' (default) or 'goreleaser-pro' | |
| # version: latest | |
| args: build --id defang-cli ${{ !startsWith(github.ref, 'refs/tags/v') && '--snapshot' || '' }} | |
| workdir: src | |
| # From https://github.com/Azure/trusted-signing-action/pull/37 | |
| - name: Azure login | |
| uses: azure/login@v1 | |
| if: startsWith(github.ref, 'refs/tags/v') # only run this step on tagged commits | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Trusted Signing | |
| uses: Azure/[email protected] | |
| if: startsWith(github.ref, 'refs/tags/v') # only run this step on tagged commits | |
| with: | |
| endpoint: https://wus2.codesigning.azure.net/ # from Azure portal | |
| trusted-signing-account-name: DefangLabs # from Azure portal | |
| certificate-profile-name: signed-binary-test # from Azure portal | |
| files-folder: ${{ github.workspace }}\src\dist | |
| files-folder-filter: exe # no dll | |
| files-folder-recurse: true | |
| file-digest: SHA256 | |
| timestamp-rfc3161: http://timestamp.acs.microsoft.com | |
| timestamp-digest: SHA256 | |
| exclude-environment-credential: true | |
| exclude-workload-identity-credential: true | |
| exclude-managed-identity-credential: true | |
| exclude-shared-token-cache-credential: true | |
| exclude-visual-studio-credential: true | |
| exclude-visual-studio-code-credential: true | |
| exclude-azure-cli-credential: false | |
| exclude-azure-powershell-credential: true | |
| exclude-azure-developer-cli-credential: true | |
| exclude-interactive-browser-credential: true | |
| - name: Upload dist-win folder | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist-win | |
| path: src/dist | |
| if-no-files-found: error | |
| build-and-sign-mac: | |
| name: Build app and sign MacOS | |
| needs: go-test | |
| runs-on: macos-latest # for codesign and notarytool | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: src/go.mod | |
| cache-dependency-path: src/go.sum | |
| # - name: Download Go dependencies | |
| # run: go mod download | |
| # working-directory: src | |
| - name: Run GoReleaser (macOS) | |
| uses: goreleaser/goreleaser-action@v5 | |
| with: | |
| # distribution: goreleaser-pro # either 'goreleaser' (default) or 'goreleaser-pro' | |
| # version: latest | |
| args: build --id defang-mac ${{ !startsWith(github.ref, 'refs/tags/v') && '--snapshot' || '' }} | |
| workdir: src | |
| env: | |
| MACOS_CERTIFICATE_NAME: ${{ secrets.MACOS_CERTIFICATE_NAME }} | |
| MACOS_P12_BASE64: ${{ secrets.MACOS_P12_BASE64 }} | |
| MACOS_P12_PASSWORD: ${{ secrets.MACOS_P12_PASSWORD }} | |
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
| - name: Upload dist-mac folder | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist-mac | |
| path: src/dist | |
| if-no-files-found: error | |
| go-release: | |
| if: startsWith(github.ref, 'refs/tags/v') # only run this step on tagged commits | |
| environment: release | |
| needs: | |
| - build-and-sign-mac | |
| - build-and-sign | |
| runs-on: macos-latest # for notarization | |
| permissions: | |
| contents: write # to upload archives as GitHub Releases | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # for release notes | |
| - name: Install Nix (for nix-prefetch-url) | |
| uses: cachix/install-nix-action@v26 | |
| - name: Download dist-mac folder | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist-mac | |
| path: src/dist | |
| - name: Download dist-win folder | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist-win | |
| path: src/dist | |
| - name: List files | |
| run: ls -lR src/dist | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v5 | |
| with: | |
| distribution: goreleaser-pro # either 'goreleaser' (default) or 'goreleaser-pro' | |
| # version: latest | |
| args: release --config .goreleaser-prebuilt.yml | |
| workdir: src | |
| env: | |
| GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} | |
| GH_PAT_WINGET: ${{ secrets.GH_PAT_WINGET }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN is limited to the current repository | |
| DISCORD_WEBHOOK_ID: ${{ secrets.DISCORD_WEBHOOK_ID }} | |
| DISCORD_WEBHOOK_TOKEN: ${{ secrets.DISCORD_WEBHOOK_TOKEN }} | |
| - name: Notarize macOS app # TODO: move to goreleaser.yml | |
| shell: bash | |
| run: | | |
| bin/notarize.sh dist/defang_*_macOS.zip | |
| working-directory: src | |
| env: | |
| MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.MACOS_NOTARIZATION_APPLE_ID }} | |
| MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.MACOS_NOTARIZATION_TEAM_ID }} | |
| MACOS_NOTARIZATION_APP_PW: ${{ secrets.MACOS_NOTARIZATION_APP_PW }} | |
| post-release: | |
| runs-on: ubuntu-latest | |
| needs: go-release | |
| env: | |
| NODE_VERSION: "21" | |
| NPM_REGISTRY_URL: "https://registry.npmjs.org" | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: ./pkgs/npm | |
| steps: | |
| - name: Update Windows s.defang.io/defang_win_amd64.zip short link | |
| run: | | |
| curl --request POST \ | |
| --url https://api.short.io/links/$DEFANG_WIN_AMD64_LNK \ | |
| --header "Authorization: $SHORTIO_PK" \ | |
| --header 'accept: application/json' \ | |
| --header 'content-type: application/json' \ | |
| --data "{\"originalURL\":\"https://github.com/DefangLabs/defang/releases/download/${TAG}/defang_${TAG#v}_windows_amd64.zip\"}" | |
| env: | |
| SHORTIO_PK: ${{ secrets.SHORTIO_PK }} | |
| TAG: ${{ github.ref_name }} | |
| DEFANG_WIN_AMD64_LNK: "lnk_4vSQ_CDukZ5POEE4o0mMDysr2U" | |
| - name: Trigger CLI Autodoc | |
| uses: peter-evans/repository-dispatch@v3 | |
| with: | |
| token: ${{ secrets.DOCS_ACTION_TRIGGER_TOKEN }} | |
| repository: DefangLabs/defang-docs | |
| event-type: cli-autodoc | |
| client-payload: '{"version": "${{ github.ref_name }}"}' | |
| - name: Trigger Homebrew Formula Update | |
| uses: peter-evans/repository-dispatch@v3 | |
| with: | |
| token: ${{ secrets.HOMEBREW_ACTION_TRIGGER_TOKEN }} | |
| repository: DefangLabs/homebrew-defang | |
| event-type: update-homebrew-formula | |
| client-payload: '{"version": "${{ github.ref_name }}"}' | |
| - name: Checkout tag | |
| uses: actions/checkout@v4 | |
| - name: Install node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| registry-url: ${{ env.NPM_REGISTRY_URL }} | |
| - name: Publish to NPM | |
| run: | | |
| # Get version number without the 'v' | |
| export version_number=`echo "${{ github.ref_name }}" | cut -c2- ` | |
| echo "Setting version number to ${version_number}" | |
| # update version placeholder in package.json with version matching binary. | |
| npm version ${version_number} | |
| # install dependencies | |
| npm ci --ignore-scripts | |
| # build | |
| npm run build | |
| # make the cli.js executable | |
| chmod u+x ./bin/cli.js | |
| # publish the package | |
| npm publish --access public | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPMJS_AUTH_TOKEN }} |