Archived
1
0
This repository has been archived on 2024-09-09. You can view files and clone it, but cannot push or open issues or pull requests.
code-server/.github/workflows/release.yaml
Asher 6275520348
Fix incorrect argon2 target in arm builds (#6453)
* Fix building from source on arm

Not building from source causes argon2 to pull the wrong arch, so we
have to build from source.

But building from source is causing the new Kerberos module to fail on
arm64 and keytar to fail on both.

The latter has been very difficult to debug because the GitHub image
provides a different result to containers based on Ubuntu 20.04.
Because of this, use a container instead.

Use debian:buster as the container because it is easier to set up the
architecture sources (no need to modify the sources) and because it
seems to come with glibc 2.28 rather than 2.31.

Also use the exact version of Node (18.15.0) for reproducibility.

* Set owner and group during tar to zero

Otherwise you get IDs that can cause (benign) errors while extracting,
which might be confusing.  At the very least, I did not see these errors
from previous tars (although they seem to use 1001).

There is no guarantee what IDs might exist so 0 seems the most
reasonable.
2023-09-27 19:17:47 -08:00

318 lines
9.8 KiB
YAML

name: Draft release
on:
workflow_dispatch:
inputs:
version:
description: The version to publish (include "v", i.e. "v4.9.1").
type: string
required: true
permissions:
contents: write # For creating releases.
discussions: write # For creating a discussion.
# Cancel in-progress runs for pull requests when developers push
# additional changes
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
# TODO: cache building yarn --production
# possibly 2m30s of savings(?)
# this requires refactoring our release scripts
package-linux-amd64:
name: x86-64 Linux build
runs-on: ubuntu-latest
timeout-minutes: 15
needs: npm-version
container: "centos:8"
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Install Node.js v18
uses: actions/setup-node@v3
with:
node-version: "18.15.0"
- name: Install development tools
run: |
cd /etc/yum.repos.d/
sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
yum install -y gcc-c++ make jq rsync python3 libsecret-devel krb5-devel
- name: Install nfpm and envsubst
run: |
mkdir -p ~/.local/bin
curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.22.2/nfpm_2.22.2_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
curl -sSfL https://github.com/a8m/envsubst/releases/download/v1.1.0/envsubst-`uname -s`-`uname -m` -o envsubst
chmod +x envsubst
mv envsubst ~/.local/bin
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Install yarn
run: npm install -g yarn
- name: Download npm package
uses: actions/download-artifact@v3
with:
name: npm-release-package
- name: Decompress npm package
run: tar -xzf package.tar.gz
- name: Build standalone release
run: npm run release:standalone
- name: Install test dependencies
run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
- name: Run integration tests on standalone release
run: yarn test:integration
- name: Upload coverage report to Codecov
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
if: success()
# NOTE@jsjoeio - we do this so we can strip out the v
# i.e. v4.9.1 -> 4.9.1
- name: Get and set VERSION
run: |
TAG="${{ inputs.version || github.ref_name }}"
echo "VERSION=${TAG#v}" >> $GITHUB_ENV
- name: Build packages with nfpm
env:
VERSION: ${{ env.VERSION }}
run: yarn package
- uses: softprops/action-gh-release@v1
with:
draft: true
discussion_category_name: "📣 Announcements"
files: ./release-packages/*
package-linux-cross:
name: Linux cross-compile builds
runs-on: ubuntu-latest
timeout-minutes: 15
needs: npm-version
container: "debian:buster"
strategy:
matrix:
include:
- prefix: aarch64-linux-gnu
npm_arch: arm64
apt_arch: arm64
- prefix: arm-linux-gnueabihf
npm_arch: armv7l
apt_arch: armhf
env:
AR: ${{ format('{0}-ar', matrix.prefix) }}
AS: ${{ format('{0}-as', matrix.prefix) }}
CC: ${{ format('{0}-gcc', matrix.prefix) }}
CPP: ${{ format('{0}-cpp', matrix.prefix) }}
CXX: ${{ format('{0}-g++', matrix.prefix) }}
FC: ${{ format('{0}-gfortran', matrix.prefix) }}
LD: ${{ format('{0}-ld', matrix.prefix) }}
STRIP: ${{ format('{0}-strip', matrix.prefix) }}
PKG_CONFIG_PATH: ${{ format('/usr/lib/{0}/pkgconfig', matrix.prefix) }}
TARGET_ARCH: ${{ matrix.apt_arch }}
npm_config_arch: ${{ matrix.npm_arch }}
NODE_VERSION: v18.15.0
# Not building from source results in an x86_64 argon2, as if
# npm_config_arch is being ignored.
npm_config_build_from_source: true
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Install Node.js v18
uses: actions/setup-node@v3
with:
node-version: "18.15.0"
- name: Install cross-compiler and system dependencies
run: |
dpkg --add-architecture $TARGET_ARCH
apt-get update && apt-get install -y --no-install-recommends \
crossbuild-essential-$TARGET_ARCH \
libx11-dev:$TARGET_ARCH \
libx11-xcb-dev:$TARGET_ARCH \
libxkbfile-dev:$TARGET_ARCH \
libsecret-1-dev:$TARGET_ARCH \
libkrb5-dev:$TARGET_ARCH \
ca-certificates \
curl wget rsync gettext-base
- name: Install nfpm
run: |
mkdir -p ~/.local/bin
curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Download npm package
uses: actions/download-artifact@v3
with:
name: npm-release-package
- name: Decompress npm package
run: tar -xzf package.tar.gz
- name: Build standalone release
run: npm run release:standalone
- name: Replace node with cross-compile equivalent
run: |
wget https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-linux-${npm_config_arch}.tar.xz
tar -xf node-${NODE_VERSION}-linux-${npm_config_arch}.tar.xz node-${NODE_VERSION}-linux-${npm_config_arch}/bin/node --strip-components=2
mv ./node ./release-standalone/lib/node
# NOTE@jsjoeio - we do this so we can strip out the v
# i.e. v4.9.1 -> 4.9.1
- name: Get and set VERSION
run: |
TAG="${{ inputs.version || github.ref_name }}"
echo "VERSION=${TAG#v}" >> $GITHUB_ENV
- name: Build packages with nfpm
env:
VERSION: ${{ env.VERSION }}
run: npm run package ${npm_config_arch}
- uses: softprops/action-gh-release@v1
with:
draft: true
discussion_category_name: "📣 Announcements"
files: ./release-packages/*
package-macos-amd64:
name: x86-64 macOS build
runs-on: macos-latest
timeout-minutes: 15
needs: npm-version
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Install Node.js v18
uses: actions/setup-node@v3
with:
node-version: "18.15.0"
- name: Install nfpm
run: |
mkdir -p ~/.local/bin
curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Download npm package
uses: actions/download-artifact@v3
with:
name: npm-release-package
- name: Decompress npm package
run: tar -xzf package.tar.gz
- name: Build standalone release
run: npm run release:standalone
- name: Install test dependencies
run: SKIP_SUBMODULE_DEPS=1 yarn install
- name: Run native module tests on standalone release
run: yarn test:native
# NOTE@jsjoeio - we do this so we can strip out the v
# i.e. v4.9.1 -> 4.9.1
- name: Get and set VERSION
run: |
TAG="${{ inputs.version || github.ref_name }}"
echo "VERSION=${TAG#v}" >> $GITHUB_ENV
- name: Build packages with nfpm
env:
VERSION: ${{ env.VERSION }}
run: yarn package
- uses: softprops/action-gh-release@v1
with:
draft: true
discussion_category_name: "📣 Announcements"
files: ./release-packages/*
npm-package:
name: Upload npm package
runs-on: ubuntu-latest
timeout-minutes: 15
needs: npm-version
steps:
- name: Download npm package
uses: actions/download-artifact@v3
with:
name: npm-release-package
- uses: softprops/action-gh-release@v1
with:
draft: true
discussion_category_name: "📣 Announcements"
files: ./package.tar.gz
npm-version:
name: Modify package.json version
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Download artifacts
uses: dawidd6/action-download-artifact@v2
id: download
with:
branch: ${{ github.ref }}
workflow: build.yaml
workflow_conclusion: completed
name: npm-package
check_artifacts: false
if_no_artifact_found: fail
- name: Decompress npm package
run: tar -xzf package.tar.gz
# NOTE@jsjoeio - we do this so we can strip out the v
# i.e. v4.9.1 -> 4.9.1
- name: Get and set VERSION
run: |
TAG="${{ inputs.version || github.ref_name }}"
echo "VERSION=${TAG#v}" >> $GITHUB_ENV
- name: Modify version
env:
VERSION: ${{ env.VERSION }}
run: |
echo "Updating version in root package.json"
npm version --prefix release "$VERSION"
echo "Updating version in lib/vscode/product.json"
tmp=$(mktemp)
jq ".codeServerVersion = \"$VERSION\"" release/lib/vscode/product.json > "$tmp" && mv "$tmp" release/lib/vscode/product.json
# Ensure it has the same permissions as before
chmod 644 release/lib/vscode/product.json
- name: Compress release package
run: tar -czf package.tar.gz release
- name: Upload npm package artifact
uses: actions/upload-artifact@v3
with:
name: npm-release-package
path: ./package.tar.gz