porter/.github/workflows/release.yaml

on:
  push:
    tags:
    - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10

name: Create release w/ binaries and docker image

jobs:
  docker-build-push:
    runs-on: ubuntu-latest
    steps:
    - name: Get tag name
      id: tag_name
      run: |
        tag=${GITHUB_TAG/refs\/tags\//}
        echo ::set-output name=tag::$tag
      env:
        GITHUB_TAG: ${{ github.ref }}
    - name: Set up Cloud SDK
      uses: google-github-actions/setup-gcloud@master
      with:
        project_id: ${{ secrets.GCP_PROJECT_ID }}
        service_account_key: ${{ secrets.GCP_SA_KEY }}
        export_default_credentials: true
    - name: Log in to gcloud CLI
      run: gcloud auth configure-docker
    - name: Checkout
      uses: actions/checkout@v2.3.4
    - name: Write Dashboard Environment Variables
      run: |
        cat >./dashboard/.env <<EOL
        NODE_ENV=production
        API_SERVER=dashboard.getporter.dev
        FULLSTORY_ORG_ID=${{secrets.FULLSTORY_ORG_ID}}
        DISCORD_KEY=${{secrets.DISCORD_KEY}}
        DISCORD_CID=${{secrets.DISCORD_CID}}
        FEEDBACK_ENDPOINT=${{secrets.FEEDBACK_ENDPOINT}}
        EOL

        cat ./dashboard/.env
    - name: Build
      run: |
        DOCKER_BUILDKIT=1 docker build . -t gcr.io/porter-dev-273614/porter-prov:${{steps.tag_name.outputs.tag}} -f ./docker/Dockerfile
    - name: Push
      run: |
        docker push gcr.io/porter-dev-273614/porter-prov:${{steps.tag_name.outputs.tag}}
  build:
    name: Build binaries
    runs-on: ubuntu-latest
    steps:
      - name: Get tag name
        id: tag_name
        run: |
          tag=${GITHUB_TAG/refs\/tags\//}
          echo ::set-output name=tag::$tag
        env:
          GITHUB_TAG: ${{ github.ref }}
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Set up Go
        uses: actions/setup-go@v2
        with:
          go-version: 1.15
      - name: Build Linux binaries
        run: |
          go build -ldflags="-w -s -X 'github.com/porter-dev/porter/cli/cmd.Version=${{steps.tag_name.outputs.tag}}'" -a -tags cli -o ./porter ./cli &
          go build -ldflags="-w -s -X 'main.Version=${{steps.tag_name.outputs.tag}}'" -a -o ./docker-credential-porter ./cmd/docker-credential-porter/ &
          go build -ldflags="-w -s" -a -o ./portersvr ./cmd/app/ &
          wait
        env:
          GOOS: linux
          GOARCH: amd64
      # Note: we have to zip all binaries before uploading them as artifacts --
      # without this step, the binaries will be uploaded but the file metadata will
      # be listed as plaintext after downloading the artifact in a later step
      # 
      # TODO: investigate
      - name: Zip Linux binaries
        run: |
          mkdir -p ./release/linux
          zip --junk-paths ./release/linux/porter_${{steps.tag_name.outputs.tag}}_Linux_x86_64.zip ./porter
          zip --junk-paths ./release/linux/portersvr_${{steps.tag_name.outputs.tag}}_Linux_x86_64.zip ./portersvr
          zip --junk-paths ./release/linux/docker-credential-porter_${{steps.tag_name.outputs.tag}}_Linux_x86_64.zip ./docker-credential-porter
      - name: Build Darwin binaries
        run: |
          go build -ldflags="-w -s -X 'github.com/porter-dev/porter/cli/cmd.Version=${{steps.tag_name.outputs.tag}}'" -a -tags cli -o ./porter ./cli &
          go build -ldflags="-w -s -X 'main.Version=${{steps.tag_name.outputs.tag}}'" -a -o ./docker-credential-porter ./cmd/docker-credential-porter/ &
          go build -ldflags="-w -s" -a -o ./portersvr ./cmd/app/ &
          wait
        env:
          GOOS: darwin
          GOARCH: amd64
      - name: Zip Darwin binaries
        run: |
          mkdir -p ./release/darwin
          zip --junk-paths ./release/darwin/UNSIGNED_porter_${{steps.tag_name.outputs.tag}}_Darwin_x86_64.zip ./porter
          zip --junk-paths ./release/darwin/UNSIGNED_portersvr_${{steps.tag_name.outputs.tag}}_Darwin_x86_64.zip ./portersvr
          zip --junk-paths ./release/darwin/UNSIGNED_docker-credential-porter_${{steps.tag_name.outputs.tag}}_Darwin_x86_64.zip ./docker-credential-porter
      - name: Build Windows binaries
        run: |
          go build -ldflags="-w -s -X 'github.com/porter-dev/porter/cli/cmd.Version=${{steps.tag_name.outputs.tag}}'" -a -tags cli -o ./porter.exe ./cli &
          go build -ldflags="-w -s -X 'main.Version=${{steps.tag_name.outputs.tag}}'" -a -o ./docker-credential-porter.exe ./cmd/docker-credential-porter/ &
          go build -ldflags="-w -s" -a -o ./portersvr.exe ./cmd/app/ &
          wait
        env:
          GOOS: windows
          GOARCH: amd64
      - name: Zip Windows binaries
        run: |
          mkdir -p ./release/windows
          zip --junk-paths ./release/windows/porter_${{steps.tag_name.outputs.tag}}_Windows_x86_64.zip ./porter.exe
          zip --junk-paths ./release/windows/portersvr_${{steps.tag_name.outputs.tag}}_Windows_x86_64.zip ./portersvr.exe
          zip --junk-paths ./release/windows/docker-credential-porter_${{steps.tag_name.outputs.tag}}_Windows_x86_64.zip ./docker-credential-porter.exe
      - name: Build and zip static folder
        run: |
          mkdir -p ./release/static
          cd dashboard
          npm i
          npm run build
          cd ..
          zip --junk-paths ./release/static/static_${{steps.tag_name.outputs.tag}}.zip ./dashboard/build/*
        env:
          NODE_ENV: production
          API_SERVER: ${{ secrets.API_SERVER }}
          FULLSTORY_ORG_ID: ${{ secrets.FULLSTORY_ORG_ID }}
          DISCORD_KEY: ${{ secrets.DISCORD_KEY }}
          DISCORD_CID: ${{ secrets.DISCORD_CID }}
          FEEDBACK_ENDPOINT: ${{ secrets.FEEDBACK_ENDPOINT }}
      - name: Upload binaries
        uses: actions/upload-artifact@v2
        with:
          path: ./release
          name: binaries
          retention-days: 1
  notarize:
    name: Notarize Darwin binaries
    runs-on: macos-latest
    needs: build
    steps:
      - name: Get tag name
        id: tag_name
        run: |
          tag=${GITHUB_TAG/refs\/tags\//}
          echo ::set-output name=tag::$tag
        env:
          GITHUB_TAG: ${{ github.ref }}
      - name: Download binaries
        uses: actions/download-artifact@v2
        with:
          name: binaries
          path: release/
      - name: Unzip Darwin binaries
        run: |
          unzip ./release/darwin/UNSIGNED_porter_${{steps.tag_name.outputs.tag}}_Darwin_x86_64.zip
          unzip ./release/darwin/UNSIGNED_portersvr_${{steps.tag_name.outputs.tag}}_Darwin_x86_64.zip
          unzip ./release/darwin/UNSIGNED_docker-credential-porter_${{steps.tag_name.outputs.tag}}_Darwin_x86_64.zip
      - name: Import Code-Signing Certificates
        uses: Apple-Actions/import-codesign-certs@v1
        with:
          # The certificates in a PKCS12 file encoded as a base64 string
          p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
          # The password used to import the PKCS12 file.
          p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
      - name: Install gon via HomeBrew for code signing and app notarization
        run: |
          brew tap mitchellh/gon
          brew install mitchellh/gon/gon  
      - name: Create a porter.gon.json file
        run: |
          echo "
          {
              \"source\": [\"./porter\"],
              \"bundle_id\": \"cli.porter\",
              \"apple_id\": {
                  \"password\":  \"@env:AC_PASSWORD\"
              },
              \"sign\": {
                  \"application_identity\": \"${{ secrets.AC_APPLICATION_IDENTITY }}\"
              },
              \"zip\": {
                  \"output_path\": \"./release/darwin/porter_${{steps.tag_name.outputs.tag}}_Darwin_x86_64.zip\"
              }
          }
          " > ./porter.gon.json
      - name: Create a portersvr.gon.json file
        run: |
          echo "
          {
              \"source\": [\"./portersvr\"],
              \"bundle_id\": \"cli.portersvr\",
              \"apple_id\": {
                  \"password\":  \"@env:AC_PASSWORD\"
              },
              \"sign\": {
                  \"application_identity\": \"${{ secrets.AC_APPLICATION_IDENTITY }}\"
              },
              \"zip\": {
                  \"output_path\": \"./release/darwin/portersvr_${{steps.tag_name.outputs.tag}}_Darwin_x86_64.zip\"
              }
          }
          " > ./portersvr.gon.json
      - name: Create a docker-credential-porter.gon.json file
        run: |
          echo "
          {
              \"source\": [\"./docker-credential-porter\"],
              \"bundle_id\": \"cli.docker-credential-porter\",
              \"apple_id\": {
                  \"password\":  \"@env:AC_PASSWORD\"
              },
              \"sign\": {
                  \"application_identity\": \"${{ secrets.AC_APPLICATION_IDENTITY }}\"
              },
              \"zip\": {
                  \"output_path\": \"./release/darwin/docker-credential-porter_${{steps.tag_name.outputs.tag}}_Darwin_x86_64.zip\"
              }
          }
          " > ./docker-credential-porter.gon.json
      - name: Sign the mac binaries with Gon
        env:
          AC_USERNAME: ${{ secrets.AC_USERNAME }}
          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
        run: |
          gon ./porter.gon.json &
          gon ./portersvr.gon.json &
          gon ./docker-credential-porter.gon.json &
          wait
      - name: Upload binaries
        uses: actions/upload-artifact@v2
        with:
          path: ./release
          name: binaries
          retention-days: 1
  release:
    name: Zip binaries, create release and upload assets
    runs-on: ubuntu-latest
    needs: notarize
    steps:
      - name: Get tag name
        id: tag_name
        run: |
          tag=${GITHUB_TAG/refs\/tags\//}
          echo ::set-output name=tag::$tag
        env:
          GITHUB_TAG: ${{ github.ref }}
      - name: Download binaries
        uses: actions/download-artifact@v2
        with:
          name: binaries
          path: release/
      - name: Create Release
        id: create_release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: ${{ github.ref }}
          release_name: Release ${{ github.ref }}
          draft: false
          prerelease: true
      - name: Upload Linux CLI Release Asset
        id: upload-linux-cli-release-asset 
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_TAG: ${{ github.ref }}
        with:
          upload_url: ${{ steps.create_release.outputs.upload_url }}
          asset_path: ./release/linux/porter_${{steps.tag_name.outputs.tag}}_Linux_x86_64.zip
          asset_name: porter_${{steps.tag_name.outputs.tag}}_Linux_x86_64.zip
          asset_content_type: application/zip
      - name: Upload Linux Server Release Asset
        id: upload-linux-server-release-asset 
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_TAG: ${{ github.ref }}
        with:
          upload_url: ${{ steps.create_release.outputs.upload_url }}
          asset_path: ./release/linux/portersvr_${{steps.tag_name.outputs.tag}}_Linux_x86_64.zip
          asset_name: portersvr_${{steps.tag_name.outputs.tag}}_Linux_x86_64.zip
          asset_content_type: application/zip
      - name: Upload Linux Docker Credential Release Asset
        id: upload-linux-docker-cred-release-asset 
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_TAG: ${{ github.ref }}
        with:
          upload_url: ${{ steps.create_release.outputs.upload_url }}
          asset_path: ./release/linux/docker-credential-porter_${{steps.tag_name.outputs.tag}}_Linux_x86_64.zip
          asset_name: docker-credential-porter_${{steps.tag_name.outputs.tag}}_Linux_x86_64.zip
          asset_content_type: application/zip
      - name: Upload Darwin CLI Release Asset
        id: upload-darwin-cli-release-asset 
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_TAG: ${{ github.ref }}
        with:
          upload_url: ${{ steps.create_release.outputs.upload_url }}
          asset_path: ./release/darwin/porter_${{steps.tag_name.outputs.tag}}_Darwin_x86_64.zip
          asset_name: porter_${{steps.tag_name.outputs.tag}}_Darwin_x86_64.zip
          asset_content_type: application/zip
      - name: Upload Darwin Server Release Asset
        id: upload-darwin-server-release-asset 
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_TAG: ${{ github.ref }}
        with:
          upload_url: ${{ steps.create_release.outputs.upload_url }}
          asset_path: ./release/darwin/portersvr_${{steps.tag_name.outputs.tag}}_Darwin_x86_64.zip
          asset_name: portersvr_${{steps.tag_name.outputs.tag}}_Darwin_x86_64.zip
          asset_content_type: application/zip
      - name: Upload Darwin Docker Credential Release Asset
        id: upload-darwin-docker-cred-release-asset 
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_TAG: ${{ github.ref }}
        with:
          upload_url: ${{ steps.create_release.outputs.upload_url }}
          asset_path: ./release/darwin/docker-credential-porter_${{steps.tag_name.outputs.tag}}_Darwin_x86_64.zip
          asset_name: docker-credential-porter_${{steps.tag_name.outputs.tag}}_Darwin_x86_64.zip
          asset_content_type: application/zip
      - name: Upload Windows CLI Release Asset
        id: upload-windows-cli-release-asset 
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_TAG: ${{ github.ref }}
        with:
          upload_url: ${{ steps.create_release.outputs.upload_url }}
          asset_path: ./release/windows/porter_${{steps.tag_name.outputs.tag}}_Windows_x86_64.zip
          asset_name: porter_${{steps.tag_name.outputs.tag}}_Windows_x86_64.zip
          asset_content_type: application/zip
      - name: Upload Windows Server Release Asset
        id: upload-windows-server-release-asset 
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_TAG: ${{ github.ref }}
        with:
          upload_url: ${{ steps.create_release.outputs.upload_url }}
          asset_path: ./release/windows/portersvr_${{steps.tag_name.outputs.tag}}_Windows_x86_64.zip
          asset_name: portersvr_${{steps.tag_name.outputs.tag}}_Windows_x86_64.zip
          asset_content_type: application/zip
      - name: Upload Windows Docker Credential Release Asset
        id: upload-windows-docker-cred-release-asset 
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_TAG: ${{ github.ref }}
        with:
          upload_url: ${{ steps.create_release.outputs.upload_url }}
          asset_path: ./release/windows/docker-credential-porter_${{steps.tag_name.outputs.tag}}_Windows_x86_64.zip
          asset_name: docker-credential-porter_${{steps.tag_name.outputs.tag}}_Windows_x86_64.zip
          asset_content_type: application/zip
      - name: Upload Static Release Asset
        id: upload-static-release-asset 
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_TAG: ${{ github.ref }}
        with:
          upload_url: ${{ steps.create_release.outputs.upload_url }}
          asset_path: ./release/static/static_${{steps.tag_name.outputs.tag}}.zip
          asset_name: static_${{steps.tag_name.outputs.tag}}.zip
          asset_content_type: application/zip