feat: Add download files signature check (#472) #146
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
branches: | |
- main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
jobs: | |
release: | |
name: Create Release PR or Release | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
contents: write | |
steps: | |
- name: Get Release Bot Token | |
id: get-release-bot-token | |
uses: peter-murray/workflow-application-token-action@v1 | |
with: | |
application_id: ${{ secrets.RELEASE_BOT_ID }} | |
application_private_key: ${{ secrets.RELEASE_BOT_PRIVATE_KEY }} | |
organization: "Lilypad-Tech" | |
# Create release PR or release | |
# - Release PRs are created or updated on user-facing changes (feat, fix, or any breaking changes). | |
# If a release PR exists, new user-facing changes are added to it. | |
# - Releases are created when release-please finds an unpublished release commit | |
# from one of its release PRs. | |
- name: Create Release PR or Release | |
id: release | |
uses: googleapis/release-please-action@v4 | |
with: | |
token: ${{ steps.get-release-bot-token.outputs.token }} | |
outputs: | |
prs_created: ${{ steps.release.outputs.prs_created }} | |
releases_created: ${{ steps.release.outputs.releases_created }} | |
sha: ${{ steps.release.outputs.sha }} | |
tag_name: ${{ steps.release.outputs.tag_name }} | |
extend-notes: | |
if: needs.release.outputs.releases_created == 'true' && needs.release.outputs.prs_created == 'false' | |
name: Extend Release Notes | |
needs: release | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
contents: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ needs.release.outputs.tag_name }} | |
- name: Get Release Bot Token | |
id: get-release-bot-token | |
uses: peter-murray/workflow-application-token-action@v1 | |
with: | |
application_id: ${{ secrets.RELEASE_BOT_ID }} | |
application_private_key: ${{ secrets.RELEASE_BOT_PRIVATE_KEY }} | |
organization: "Lilypad-Tech" | |
- name: Extend Release Notes | |
env: | |
GH_TOKEN: ${{ steps.get-release-bot-token.outputs.token }} | |
run: | | |
BODY=$(gh release view ${{ needs.release.outputs.tag_name }} --json body | jq -r '.body') | |
EXTENSION=$(cat .github/releases/release_notes.md) | |
# Build up notes from BODY and EXTENSION separated by two newlines | |
# https://trstringer.com/github-actions-multiline-strings/#option-2---environment-variable | |
NOTES=$(cat << EOF | |
$BODY | |
$EXTENSION | |
EOF | |
) | |
echo "NOTES<<EOF" >> $GITHUB_ENV | |
echo "$NOTES" >> $GITHUB_ENV | |
echo "EOF" >> $GITHUB_ENV | |
gh release edit ${{ needs.release.outputs.tag_name }} --notes "$NOTES" | |
publish-binaries: | |
if: needs.release.outputs.releases_created == 'true' && needs.release.outputs.prs_created == 'false' | |
name: Build and Publish Binaries | |
needs: release | |
strategy: | |
matrix: | |
include: | |
- goos: linux | |
goarch: amd64 | |
gpu: true | |
runner: ubuntu-latest | |
- goos: linux | |
goarch: arm64 | |
gpu: true | |
runner: linux-arm64 | |
- goos: darwin | |
goarch: amd64 | |
gpu: false | |
runner: macos-13 # uses amd64 | |
- goos: darwin | |
goarch: arm64 | |
gpu: false | |
runner: macos-latest # uses M1 | |
runs-on: ${{ matrix.runner }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ needs.release.outputs.tag_name }} | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: "1.22" | |
- name: Build for ${{ matrix.goos }}/${{ matrix.goarch }} CPU-only | |
env: | |
GOOS: ${{ matrix.goos }} | |
GOARCH: ${{ matrix.goarch }} | |
CGO_ENABLED: 1 | |
GH_TOKEN: ${{ github.token }} | |
run: | | |
echo "-------------- OS: ${GOOS} : Arch: ${GOARCH} ---------- start" | |
mkdir -p build | |
# Debug: Print environment variables for the build | |
echo "Building for ${GOOS}/${GOARCH} with GOOS=$GOOS, GOARCH=$GOARCH" | |
echo "Excluding CUDA. Use the 'cuda' build tag to include it." | |
go build -o "build/lilypad-${GOOS}-${GOARCH}-cpu" -v -ldflags="-X 'github.com/lilypad-tech/lilypad/pkg/system.Version=${{ needs.release.outputs.tag_name }}' -X 'github.com/lilypad-tech/lilypad/pkg/system.CommitSHA=${{ needs.release.outputs.sha }}'" | |
echo "-------------- OS: ${GOOS} : Arch: ${GOARCH} ---------- done" | |
# Upload binary to release | |
gh release upload ${{ needs.release.outputs.tag_name }} "build/lilypad-${GOOS}-${GOARCH}-cpu" | |
- name: Install NVIDIA CUDA Toolkit | |
if: ${{ matrix.gpu }} | |
run: | | |
sudo apt-get install -y gnupg2 curl | |
sudo mkdir -p /usr/share/keyrings | |
curl -fsSL https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/x86_64/3bf863cc.pub | sudo gpg --dearmor -o /usr/share/keyrings/nvidia-drivers.gpg | |
echo "deb [signed-by=/usr/share/keyrings/nvidia-drivers.gpg] https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2404/x86_64/ /" | sudo tee /etc/apt/sources.list.d/nvidia-drivers.list | |
sudo apt-get update || true # Ignore errors from this command | |
sudo apt-get install -y nvidia-cuda-toolkit | |
export PATH=/usr/local/cuda/bin:$PATH | |
- name: Build for ${{ matrix.goos }}/${{ matrix.goarch }} GPU | |
if: ${{ matrix.gpu }} | |
env: | |
GOOS: ${{ matrix.goos }} | |
GOARCH: ${{ matrix.goarch }} | |
CGO_ENABLED: 1 | |
CUDA_HOME: /usr/local/cuda | |
LD_LIBRARY_PATH: /usr/local/cuda/lib64:$LD_LIBRARY_PATH | |
GH_TOKEN: ${{ github.token }} | |
run: | | |
echo "-------------- OS: ${GOOS} : Arch: ${GOARCH} ---------- start" | |
mkdir -p build | |
# Debug: Print environment variables for the build | |
echo "Building for ${GOOS}/${GOARCH} with GOOS=$GOOS, GOARCH=$GOARCH" | |
echo "CUDA_HOME: $CUDA_HOME" | |
echo "LD_LIBRARY_PATH: $LD_LIBRARY_PATH" | |
go build -o "build/lilypad-${GOOS}-${GOARCH}-gpu" -v -tags cuda -ldflags="-X 'github.com/lilypad-tech/lilypad/pkg/system.Version=${{ needs.release.outputs.tag_name }}' -X 'github.com/lilypad-tech/lilypad/pkg/system.CommitSHA=${{ needs.release.outputs.sha }}'" | |
echo "-------------- OS: ${GOOS} : Arch: ${GOARCH} ---------- done" | |
# Upload binary to release | |
gh release upload ${{ needs.release.outputs.tag_name }} "build/lilypad-${GOOS}-${GOARCH}-gpu" |