Build Binaries and Deploy #44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Binaries and Deploy | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: "Version number" | |
required: true | |
type: string | |
defaults: | |
run: | |
working-directory: ./backend | |
jobs: | |
build-and-deploy: | |
runs-on: ubuntu-latest | |
container: "debian:buster" | |
strategy: | |
matrix: | |
arch: [x64, arm64] | |
os: [linux, win] | |
include: | |
- os: linux | |
target: node18-linux | |
# - os: win | |
# target: node18-win | |
env: | |
npm_config_arch: ${{ matrix.arch }} | |
# Not doing this results in argon2 seemingly being built as x86_64 on arm64. | |
npm_config_build_from_source: true | |
# Only relevant for arm64 linux builds | |
TARGET_ARCH: arm64 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Set up Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
- name: Install cross-compiler and system dependencies | |
if: matrix.arch == 'arm64' | |
run: | | |
dpkg --add-architecture $TARGET_ARCH | |
apt-get update && apt-get install -y --no-install-recommends \ | |
crossbuild-essential-$TARGET_ARCH \ | |
libx11-dev:$TARGET_ARCH \ | |
libx11-xcb-dev:$TARGET_ARCH \ | |
libxkbfile-dev:$TARGET_ARCH \ | |
libsecret-1-dev:$TARGET_ARCH \ | |
libkrb5-dev:$TARGET_ARCH \ | |
ca-certificates \ | |
curl wget rsync gettext-base | |
- name: Install pkg | |
run: npm install -g @yao-pkg/pkg | |
- name: Install dependencies (backend) | |
run: npm install | |
- name: Install dependencies (frontend) | |
run: npm install --prefix ../frontend | |
- name: Prerequisites for pkg | |
run: npm run binary:build | |
- name: Package into node binary | |
run: | | |
if [ "${{ matrix.os }}" != "linux" ]; then | |
pkg --no-bytecode --public-packages "*" --public --compress Brotli --target ${{ matrix.target }}-${{ matrix.arch }} --output ./binary/infisical-core-${{ matrix.os }}-${{ matrix.arch }} . | |
else | |
pkg --no-bytecode --public-packages "*" --public --compress Brotli --target ${{ matrix.target }}-${{ matrix.arch }} --output ./binary/infisical-core . | |
fi | |
# Set up .deb package structure (Debian/Ubuntu only) | |
- name: Set up .deb package structure | |
if: matrix.os == 'linux' | |
run: | | |
mkdir -p infisical-core/DEBIAN | |
mkdir -p infisical-core/usr/local/bin | |
cp ./binary/infisical-core infisical-core/usr/local/bin/ | |
chmod +x infisical-core/usr/local/bin/infisical-core | |
- name: Create control file | |
if: matrix.os == 'linux' | |
run: | | |
cat <<EOF > infisical-core/DEBIAN/control | |
Package: infisical-core | |
Version: ${{ github.event.inputs.version }} | |
Section: base | |
Priority: optional | |
Architecture: ${{ matrix.arch == 'x64' && 'amd64' || matrix.arch }} | |
Maintainer: Infisical <[email protected]> | |
Description: Infisical Core standalone executable (app.infisical.com) | |
EOF | |
# Build .deb file (Debian/Ubunutu only) | |
- name: Build .deb package | |
if: matrix.os == 'linux' | |
run: | | |
dpkg-deb --build infisical-core | |
mv infisical-core.deb ./binary/infisical-core-${{matrix.arch}}.deb | |
- uses: actions/setup-python@v4 | |
- run: pip install --upgrade cloudsmith-cli | |
- uses: actions/upload-artifact@v4 | |
if: matrix.arch == 'arm64' | |
with: | |
name: test-binary | |
path: ./binary/infisical-core-${{ matrix.arch }}.deb | |
# Publish .deb file to Cloudsmith (Debian/Ubuntu only) | |
# - name: Publish to Cloudsmith (Debian/Ubuntu) | |
# if: matrix.os == 'linux' | |
# working-directory: ./backend | |
# run: cloudsmith push deb --republish --no-wait-for-sync --api-key=${{ secrets.CLOUDSMITH_API_KEY }} infisical/infisical-core/any-distro/any-version ./binary/infisical-core-${{ matrix.arch }}.deb | |
# # Publish .exe file to Cloudsmith (Windows only) | |
# - name: Publish to Cloudsmith (Windows) | |
# if: matrix.os == 'win' | |
# working-directory: ./backend | |
# run: cloudsmith push raw infisical/infisical-core ./binary/infisical-core-${{ matrix.os }}-${{ matrix.arch }}.exe --republish --no-wait-for-sync --version ${{ github.event.inputs.version }} --api-key ${{ secrets.CLOUDSMITH_API_KEY }} |