Skip to content
Release naisdevice

ansible: more correct conditions for iptables rules #545

# to view logs

ansible: more correct conditions for iptables rules

ansible: more correct conditions for iptables rules #545

Workflow file for this run

.github/workflows/frontends.yml at 0d23790
name: Release naisdevice
on:
push:
branches:
- master
tags:
- "*"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
strategy:
fail-fast: false
matrix:
os: ["ubuntu-22.04", "macOS-latest"]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- id: tool_versions
run: echo "go=$(grep golang .tool-versions | awk '{print $2}')" >> $GITHUB_OUTPUT
- uses: actions/setup-go@v5
with:
go-version: ${{ steps.tool_versions.outputs.go }}
- if: matrix.os == 'ubuntu-22.04'
run: |
sudo apt-get update
sudo apt-get install --yes build-essential
- run: "make test"
- run: "make check"
- run: "go vet ./..."
set-version:
runs-on: ubuntu-22.04
outputs:
version: ${{ steps.set-version.outputs.version }}
steps:
- uses: actions/checkout@v4
- name: set version
id: set-version
run: echo "version=${GITHUB_REF#refs/*/}" >> ${GITHUB_OUTPUT}
build-windows:
needs:
- set-version
runs-on: ubuntu-22.04
strategy:
matrix:
include:
- gotags: ""
output-suffix: ""
- gotags: "tenant"
output-suffix: "-tenant"
steps:
- uses: actions/checkout@v4
- id: tool_versions
run: echo "go=$(grep golang .tool-versions | awk '{print $2}')" >> $GITHUB_OUTPUT
- uses: actions/setup-go@v5
with:
go-version: ${{ steps.tool_versions.outputs.go }}
- name: build binaries and installer
env:
MSI_SIGN_CERT: "${{ secrets.MSI_SIGN_CERT }}"
MSI_SIGN_KEY: "${{ secrets.MSI_SIGN_KEY }}"
run: |
sudo apt-get update
sudo apt-get install --yes nsis osslsigncode
echo "${MSI_SIGN_CERT}" > packaging/windows/naisdevice.crt
echo "${MSI_SIGN_KEY}" > packaging/windows/naisdevice.key
make nsis GOTAGS=${{ matrix.gotags }} VERSION=${{ needs.set-version.outputs.version }}
mv packaging/windows/naisdevice.exe naisdevice${{ matrix.output-suffix }}.exe
- name: upload windows-installer
uses: actions/upload-artifact@v4
with:
name: installer-windows${{ matrix.output-suffix }}
path: naisdevice${{ matrix.output-suffix }}.exe
if-no-files-found: error
build-macos:
strategy:
matrix:
include:
- gotags: ""
output-suffix: ""
- gotags: "tenant"
output-suffix: "-tenant"
needs:
- set-version
runs-on: macos-13
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: "1.22.8" # Hard coded as 1.23 breaks wireguard
- name: Build wireguard
run: |
make wg
make wireguard-go
- id: tool_versions
run: echo "go=$(grep golang .tool-versions | awk '{print $2}')" >> $GITHUB_OUTPUT
- uses: actions/setup-go@v5
with:
go-version: ${{ steps.tool_versions.outputs.go }}
- name: Import Code-Signing Certificates
uses: Apple-Actions/import-codesign-certs@v3
with:
p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
- name: build pkg
env:
APPLE_NOTARIZE_AUTH_KEY_P8_BASE64: "${{ secrets.APPLE_NOTARIZE_AUTH_KEY_P8_BASE64 }}"
APPLE_NOTARIZE_D: "${{ secrets.APPLE_NOTARIZE_D }}"
APPLE_NOTARIZE_I: "${{ secrets.APPLE_NOTARIZE_I }}"
run: |
brew install imagemagick || brew link --overwrite python@3.12
make pkg GOTAGS=${{ matrix.gotags }} VERSION=${{ needs.set-version.outputs.version }} RELEASE=${{ startsWith(github.ref, 'refs/tags/') && 'true' || 'false' }}
if [[ -n "${{ matrix.output-suffix }}" ]]; then
mv naisdevice.pkg naisdevice${{ matrix.output-suffix }}.pkg
fi
- name: upload pkg
uses: actions/upload-artifact@v4
with:
name: installer-macos${{ matrix.output-suffix }}
path: naisdevice${{ matrix.output-suffix }}.pkg
if-no-files-found: error
build-linux:
strategy:
matrix:
include:
- gotags: ""
output-suffix: ""
- gotags: "tenant"
output-suffix: "-tenant"
needs:
- set-version
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- id: tool_versions
run: echo "go=$(grep golang .tool-versions | awk '{print $2}')" >> $GITHUB_OUTPUT
- uses: actions/setup-go@v5
with:
go-version: ${{ steps.tool_versions.outputs.go }}
- name: create debian package
env:
SUFFIX: "${{ matrix.output-suffix }}"
run: |
sudo apt-get update
sudo apt-get install --yes build-essential ruby ruby-dev rubygems
sudo gem install --no-document fpm -v 1.15.1
make deb GOTAGS=${{ matrix.gotags }} VERSION=${{ needs.set-version.outputs.version }}
mv naisdevice*.deb "naisdevice${{ matrix.output-suffix }}.deb"
- name: upload debian package
uses: actions/upload-artifact@v4
with:
name: installer-linux${{ matrix.output-suffix }}
path: naisdevice${{ matrix.output-suffix }}.deb
if-no-files-found: error
release:
permissions:
contents: write
needs:
- set-version
- test
- build-macos
- build-windows
- build-linux
runs-on: ubuntu-22.04
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: download artifacts
id: download-artifacts
uses: actions/download-artifact@v4
- name: sha256 sums
run: |
for file in ${{ steps.download-artifacts.outputs.download-path }}/*/*; do
sha256sum "$file" | awk {'print $1}' > "$file.sha256"
done
- name: print artifacts
run: ls -R ${{ steps.download-artifacts.outputs.download-path }}
- name: create release
if: startsWith(github.ref, 'refs/tags/')
uses: softprops/action-gh-release@v2
with:
name: Release ${{ needs.set-version.outputs.version }}
tag_name: ${{ needs.set-version.outputs.version }}
draft: false
prerelease: false
generate_release_notes: true
files: |
${{ steps.download-artifacts.outputs.download-path }}/*/*