Ything-RepoMirrors/litestream
1
0
Fork 0
mirror of https://github.com/benbjohnson/litestream.git synced 2026-01-25 05:06:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f99e629625d9cb046279a6a4a5a156eaced85190
litestream/.github/workflows/release.yml
Cory LaNou f99e629625 feat(release): add automated VFS builds for releases (#864) 
Co-authored-by: Claude <noreply@anthropic.com>
2025-12-01 13:23:30 -07:00

278 lines
9.1 KiB
YAML
Raw Blame History

name: Release
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
tag:
description: 'Release tag (e.g., v0.3.14)'
required: true
type: string
permissions:
contents: write
packages: write
id-token: write
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true
- name: Install cross-compilers
run: |
sudo apt-get update
sudo apt-get install -y gcc-aarch64-linux-gnu gcc-arm-linux-gnueabihf gcc-arm-linux-gnueabi
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Install Syft for SBOM generation
uses: anchore/sbom-action/download-syft@v0
with:
syft-version: latest
- name: Import GPG key
if: ${{ env.GPG_PRIVATE_KEY != '' }}
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
vfs-build-linux:
name: Build VFS (Linux ${{ matrix.arch }})
runs-on: ubuntu-20.04 # Use older Ubuntu for broader glibc compatibility (2.31)
needs: goreleaser
strategy:
matrix:
arch: [amd64, arm64]
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true
- name: Install cross-compiler (arm64)
if: matrix.arch == 'arm64'
run: |
sudo apt-get update
sudo apt-get install -y gcc-aarch64-linux-gnu
- name: Get version
id: version
run: |
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
echo "version=${{ inputs.tag }}" >> $GITHUB_OUTPUT
else
echo "version=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
fi
- name: Build VFS extension
run: make vfs-linux-${{ matrix.arch }}
- name: Verify artifact
run: |
file dist/litestream-vfs-linux-${{ matrix.arch }}.so
# For native arch, verify it can be loaded by SQLite
if [ "${{ matrix.arch }}" == "amd64" ]; then
sqlite3 ':memory:' ".load dist/litestream-vfs-linux-amd64.so" ".exit" && echo "Extension loads successfully"
fi
# For cross-compiled arch, verify ELF header and architecture
if [ "${{ matrix.arch }}" == "arm64" ]; then
readelf -h dist/litestream-vfs-linux-arm64.so | grep -E "(Class|Machine)"
echo "ARM64 ELF header verified"
fi
- name: Create archive
run: |
cd dist
cp litestream-vfs-linux-${{ matrix.arch }}.so litestream-vfs.so
tar -czvf litestream-vfs-${{ steps.version.outputs.version }}-linux-${{ matrix.arch }}.tar.gz \
litestream-vfs.so
- name: Generate checksum
run: |
cd dist
sha256sum litestream-vfs-${{ steps.version.outputs.version }}-linux-${{ matrix.arch }}.tar.gz \
> litestream-vfs-${{ steps.version.outputs.version }}-linux-${{ matrix.arch }}.tar.gz.sha256
- name: Upload to release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release upload ${{ steps.version.outputs.version }} \
dist/litestream-vfs-${{ steps.version.outputs.version }}-linux-${{ matrix.arch }}.tar.gz \
dist/litestream-vfs-${{ steps.version.outputs.version }}-linux-${{ matrix.arch }}.tar.gz.sha256 \
--clobber
vfs-build-darwin:
name: Build VFS (macOS ${{ matrix.arch }})
runs-on: ${{ matrix.runner }}
needs: goreleaser
strategy:
matrix:
include:
- arch: amd64
runner: macos-13
- arch: arm64
runner: macos-14
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true
- name: Get version
id: version
run: |
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
echo "version=${{ inputs.tag }}" >> $GITHUB_OUTPUT
else
echo "version=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
fi
- name: Build VFS extension
run: make vfs-darwin-${{ matrix.arch }}
- name: Verify artifact
run: |
file dist/litestream-vfs-darwin-${{ matrix.arch }}.dylib
# Verify the extension can be loaded by SQLite
sqlite3 ':memory:' ".load dist/litestream-vfs-darwin-${{ matrix.arch }}.dylib" ".exit" && echo "Extension loads successfully"
- name: Create archive
run: |
cd dist
cp litestream-vfs-darwin-${{ matrix.arch }}.dylib litestream-vfs.dylib
tar -czvf litestream-vfs-${{ steps.version.outputs.version }}-darwin-${{ matrix.arch }}.tar.gz \
litestream-vfs.dylib
- name: Generate checksum
run: |
cd dist
shasum -a 256 litestream-vfs-${{ steps.version.outputs.version }}-darwin-${{ matrix.arch }}.tar.gz \
> litestream-vfs-${{ steps.version.outputs.version }}-darwin-${{ matrix.arch }}.tar.gz.sha256
- name: Upload to release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release upload ${{ steps.version.outputs.version }} \
dist/litestream-vfs-${{ steps.version.outputs.version }}-darwin-${{ matrix.arch }}.tar.gz \
dist/litestream-vfs-${{ steps.version.outputs.version }}-darwin-${{ matrix.arch }}.tar.gz.sha256 \
--clobber
# macos-sign:
# runs-on: macos-latest
# needs: goreleaser
# strategy:
# matrix:
# arch: [amd64, arm64]
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# - name: Set up Go
# uses: actions/setup-go@v5
# with:
# go-version-file: go.mod
# - name: Download release artifacts
# uses: actions/download-artifact@v4
# with:
# name: litestream-darwin-${{ matrix.arch }}
# path: dist/
# - name: Import Apple Developer Certificate
# env:
# MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE_P12 }}
# MACOS_CERTIFICATE_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_PASSWORD }}
# run: |
# echo "$MACOS_CERTIFICATE" | base64 --decode > certificate.p12
# security create-keychain -p actions temp.keychain
# security default-keychain -s temp.keychain
# security unlock-keychain -p actions temp.keychain
# security import certificate.p12 -k temp.keychain -P "$MACOS_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
# security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k actions temp.keychain
# - name: Sign and Notarize
# env:
# APPLE_API_KEY: ${{ secrets.APPLE_API_KEY_P8 }}
# APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
# APPLE_API_ISSUER_ID: ${{ secrets.APPLE_API_ISSUER_ID }}
# AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
# run: |
# gon etc/gon-${{ matrix.arch }}.hcl
# - name: Upload signed binary
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# run: |
# gh release upload ${{ github.ref_name }} dist/litestream-*-darwin-${{ matrix.arch }}.zip
# windows-sign:
# runs-on: windows-latest
# needs: goreleaser
# strategy:
# matrix:
# arch: [amd64, arm64]
# steps:
# - name: Checkout
# uses: actions/checkout@v4
#
# - name: Download release artifacts
# uses: actions/download-artifact@v4
# with:
# name: litestream-windows-${{ matrix.arch }}
# path: dist/
#
# - name: Sign Windows binary
# env:
# WINDOWS_CERTIFICATE_PFX: ${{ secrets.WINDOWS_CERTIFICATE_PFX }}
# WINDOWS_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}
# run: |
# echo "$env:WINDOWS_CERTIFICATE_PFX" | base64 -d > cert.pfx
# & signtool sign /f cert.pfx /p "$env:WINDOWS_CERTIFICATE_PASSWORD" /fd SHA256 /td SHA256 /tr http://timestamp.digicert.com dist\litestream.exe
# Remove-Item cert.pfx
#
# - name: Upload signed binary
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# run: |
# gh release upload ${{ github.ref_name }} dist\litestream-*-windows-${{ matrix.arch }}.zip
Reference in New Issue View Git Blame Copy Permalink