deploy/.github/workflows/release.yml at 2bc4bece287c4a08b4a7b4e43909ebbdf90dfce1 · https-cert/deploy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
name: Build and Release

permissions:
  contents: write

on:
  push:
    tags:
      - "v*"
  workflow_dispatch:
    inputs:
      version:
        description: "Version to release (e.g., v1.0.0). Leave empty to auto-bump from latest tag."
        required: false
        default: ""

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: stable
          cache: true

      - name: Cache Go modules
        uses: actions/cache@v4
        with:
          path: ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-

      - name: Install UPX
        run: |
          sudo apt-get update
          sudo apt-get install -y upx

      # 取得版本号：
      # - workflow_dispatch：若未填写则自动 vX.Y.(Z+1)，并创建/推送该 tag
      # - push tag：使用该 tag
      - name: Get version
        id: version
        run: |
          set -e
          git fetch --tags --force --prune

          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            INPUT_VER="${{ github.event.inputs.version }}"
            if [ -n "$INPUT_VER" ]; then
              NEW_VER="$INPUT_VER"
            else
              LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "v0.0.0")
              ver="${LAST_TAG#v}"
              IFS='.' read -r MAJ MIN PAT <<< "$ver"
              : "${MAJ:=0}" ; : "${MIN:=0}" ; : "${PAT:=0}"
              NEW_VER="v${MAJ}.${MIN}.$((PAT+1))"
            fi
            echo "VERSION=$NEW_VER" >> $GITHUB_OUTPUT
          else
            echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
          fi

      - name: Create and push tag (manual dispatch only)
        if: github.event_name == 'workflow_dispatch'
        run: |
          set -e
          TAG="${{ steps.version.outputs.VERSION }}"
          echo "Ensure tag exists: $TAG"
          if ! git rev-parse -q --verify "refs/tags/$TAG" >/dev/null; then
            git config user.name "github-actions[bot]"
            git config user.email "github-actions[bot]@users.noreply.github.com"
            git tag -a "$TAG" -m "Release $TAG"
          fi
          git push origin "$TAG"

      - name: Download dependencies
        run: go mod download

      - name: Verify dependencies
        run: go mod verify

      - name: Run tests
        run: go test -v ./...

      - name: Build for multiple platforms
        env:
          CGO_ENABLED: 0
        run: |
          mkdir -p release
          LDFLAGS="-s -w -X 'main.version=${{ steps.version.outputs.VERSION }}'"

          echo "Build macOS..."
          GOOS=darwin  GOARCH=amd64  go build -ldflags="${LDFLAGS}" -trimpath -o release/cert-deploy-mac main.go
          GOOS=darwin  GOARCH=arm64  go build -ldflags="${LDFLAGS}" -trimpath -o release/cert-deploy-mac-arm64 main.go

          echo "Build Linux..."
          GOOS=linux   GOARCH=amd64  go build -ldflags="${LDFLAGS}" -trimpath -o release/cert-deploy-linux main.go
          GOOS=linux   GOARCH=arm64  go build -ldflags="${LDFLAGS}" -trimpath -o release/cert-deploy-linux-arm64 main.go

          echo "Build Windows..."
          GOOS=windows GOARCH=amd64  go build -ldflags="${LDFLAGS}" -trimpath -o release/cert-deploy-windows.exe main.go
          GOOS=windows GOARCH=arm64  go build -ldflags="${LDFLAGS}" -trimpath -o release/cert-deploy-windows-arm64.exe main.go

      - name: Show build info
        run: |
          echo "=== Build Info ==="
          echo "Version: ${{ steps.version.outputs.VERSION }}"
          echo "Go: $(go version)"
          echo "UPX: $(upx --version)"
          echo "Files:"
          ls -lh release/

      - name: Compress Linux binaries with UPX
        run: |
          echo "UPX Linux binaries..."
          for f in release/cert-deploy-linux release/cert-deploy-linux-arm64; do
            if [ -f "$f" ]; then
              echo "UPX -> $f"
              upx --best "$f" || echo "⚠️ ignore UPX failure: $f"
            fi
          done
          echo "Done."
          ls -lh release/cert-deploy-linux*

      # 不再打包 zip/tar.gz；直接上传可执行文件
      - name: Generate checksums
        run: |
          cd release
          sha256sum cert-deploy-* > checksums.txt
          echo "checksums generated:"
          cat checksums.txt

      # 生成详细的更新日志
      - name: Generate changelog
        id: changelog
        run: |
          set -e

          # 获取上一个 tag
          PREVIOUS_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
          CURRENT_TAG="${{ steps.version.outputs.VERSION }}"

          echo "Generating changelog from ${PREVIOUS_TAG} to ${CURRENT_TAG}..."

          # 创建 changelog 文件
          CHANGELOG_FILE="release/CHANGELOG.md"

          echo "## 📝 更新内容" > $CHANGELOG_FILE
          echo "" >> $CHANGELOG_FILE

          if [ -z "$PREVIOUS_TAG" ]; then
            # 首次发布，列出所有提交
            git log --pretty=format:"- %s ([%h](https://github.com/${{ github.repository }}/commit/%H))" >> $CHANGELOG_FILE
          else
            # 列出自上个版本以来的所有提交
            git log ${PREVIOUS_TAG}..HEAD --pretty=format:"- %s ([%h](https://github.com/${{ github.repository }}/commit/%H))" >> $CHANGELOG_FILE
          fi

          echo "" >> $CHANGELOG_FILE
          echo "" >> $CHANGELOG_FILE
          echo "---" >> $CHANGELOG_FILE
          echo "" >> $CHANGELOG_FILE

          if [ -z "$PREVIOUS_TAG" ]; then
            echo "**初始版本发布**" >> $CHANGELOG_FILE
          else
            echo "**完整更新日志**: https://github.com/${{ github.repository }}/compare/${PREVIOUS_TAG}...${CURRENT_TAG}" >> $CHANGELOG_FILE
          fi

          # 输出到控制台查看
          echo "Generated changelog:"
          cat $CHANGELOG_FILE

          # 将 changelog 内容保存到环境变量（用于 release body）
          echo "CHANGELOG_CONTENT<<EOF" >> $GITHUB_OUTPUT
          cat $CHANGELOG_FILE >> $GITHUB_OUTPUT
          echo "EOF" >> $GITHUB_OUTPUT

      - name: Upload release artifacts (for job debug/download)
        uses: actions/upload-artifact@v4
        with:
          name: release-files
          path: release/
          retention-days: 30

      - name: Create GitHub Release (push trigger)
        uses: softprops/action-gh-release@v2
        if: github.event_name == 'push'
        with:
          body: ${{ steps.changelog.outputs.CHANGELOG_CONTENT }}
          files: |
            release/cert-deploy-mac
            release/cert-deploy-mac-arm64
            release/cert-deploy-linux
            release/cert-deploy-linux-arm64
            release/cert-deploy-windows.exe
            release/cert-deploy-windows-arm64.exe
            release/checksums.txt
            release/CHANGELOG.md
          draft: false
          prerelease: false

      - name: Create GitHub Release (manual trigger)
        uses: softprops/action-gh-release@v2
        if: github.event_name == 'workflow_dispatch'
        with:
          tag_name: ${{ steps.version.outputs.VERSION }}
          name: Release ${{ steps.version.outputs.VERSION }}
          body: ${{ steps.changelog.outputs.CHANGELOG_CONTENT }}
          files: |
            release/cert-deploy-mac
            release/cert-deploy-mac-arm64
            release/cert-deploy-linux
            release/cert-deploy-linux-arm64
            release/cert-deploy-windows.exe
            release/cert-deploy-windows-arm64.exe
            release/checksums.txt
            release/CHANGELOG.md
          draft: false
          prerelease: false