attempt reusable sign-binary workflow #67

Workflow file for this run

.github/workflows/dev-release.yml at ff5683d

	name: Create Dev Releases

	on:
	push:
	branches:
	- main
	- 'preview-**'
	pull_request:

	jobs:
	package:
	uses: ./.github/workflows/pkg-binary.yml
	strategy:
	fail-fast: false
	matrix:
	arch:
	- x64
	- arm64
	os:
	- linux
	- macos
	- win
	fatcore:
	- false
	# - true
	with:
	arch: ${{ matrix.arch }}
	edge: true
	fatcore: ${{ matrix.fatcore }}
	filename: lando-${{ matrix.os }}-${{ matrix.arch }}${{ matrix.fatcore == false && '-slim' \|\| '' }}-${{ github.sha }}
	node-version: "20"
	os: ${{ matrix.os }}

	sign:
	uses: ./.github/workflows/sign-binary.yml
	needs:
	- package
	strategy:
	fail-fast: false
	matrix:
	include:
	- file: lando-linux-x64-${{ github.sha }}.exe
	os:
	- file: lando-macos-x64-${{ github.sha }}.exe
	os:
	- file: lando-win-x64-${{ github.sha }}.exe
	os:
	- file: lando-mac-arm64-${{ github.sha }}.exe
	os: macos

	with:
	file: ${{ matrix.file }}
	os: ${{ matrix.os }}
	secrets:
	apple-notary-user: ${{ secrets.APPLE_NOTARY_USER }}
	apple-notary-password: ${{ secrets.APPLE_NOTARY_PASSWORD }}
	certificate-data: ${{ contains(matrix.file, 'macos') && secrets.APPLE_CERT_DATA \|\| secrets.KEYLOCKER_CLIENT_CERT }}
	certificate-password: ${{ contains(matrix.file, 'macos') && secrets.APPLE_CERT_PASSWORD \|\| secrets.KEYLOCKER_CLIENT_CERT_PASSWORD }}
	keylocker-api-key: ${{ secrets.KEYLOCKER_API_KEY }}
	keylocker-cert-sha1-hash: ${{ secrets.KEYLOCKER_CERT_SHA1_HASH }}
	keylocker-keypair-alias: ${{ secrets.KEYLOCKER_KEYPAIR_ALIAS }}


	# - os: windows-2022
	# key: lando-win-x64-${{ github.sha }}
	# file: lando/core.exe
	# certificate-data: KEYLOCKER_CLIENT_CERT
	# certificate-password: KEYLOCKER_CLIENT_CERT_PASSWORD
	# result: lando-win-x64-${{ github.ref_name }}.exe
	# - os: windows-2022
	# key: lando-win-arm64-${{ github.sha }}
	# file: lando/core.exe
	# certificate-data: KEYLOCKER_CLIENT_CERT
	# certificate-password: KEYLOCKER_CLIENT_CERT_PASSWORD
	# result: lando-win-arm64-${{ github.ref_name }}.exe
	# - os: windows-2022
	# key: lando-win-x64-slim-${{ github.sha }}
	# file: lando/core.exe
	# certificate-data: KEYLOCKER_CLIENT_CERT
	# certificate-password: KEYLOCKER_CLIENT_CERT_PASSWORD
	# result: lando-win-x64-${{ github.ref_name }}-slim.exe
	# - os: windows-2022
	# key: lando-win-arm64-slim-${{ github.sha }}
	# file: lando/core.exe
	# certificate-data: KEYLOCKER_CLIENT_CERT
	# certificate-password: KEYLOCKER_CLIENT_CERT_PASSWORD
	# result: lando-win-arm64-${{ github.ref_name }}-slim.exe
	# - os: macos-14
	# key: lando-macos-x64-${{ github.sha }}
	# file: lando/core
	# certificate-data: APPLE_CERT_DATA
	# certificate-password: APPLE_CERT_PASSWORD
	# apple-product-id: dev.lando.cli
	# apple-team-id: FY8GAUX282
	# apple-notary-user: APPLE_NOTARY_USER
	# apple-notary-password: APPLE_NOTARY_PASSWORD
	# options: --options runtime --entitlements entitlements.xml
	# result: lando-macos-x64-${{ github.ref_name }}
	# - os: macos-14
	# key: lando-macos-arm64-${{ github.sha }}
	# file: lando/core
	# certificate-data: APPLE_CERT_DATA
	# certificate-password: APPLE_CERT_PASSWORD
	# apple-product-id: dev.lando.cli
	# apple-team-id: FY8GAUX282
	# apple-notary-user: APPLE_NOTARY_USER
	# apple-notary-password: APPLE_NOTARY_PASSWORD
	# options: --options runtime --entitlements entitlements.xml
	# result: lando-macos-arm64-${{ github.ref_name }}
	# - os: macos-14
	# key: lando-macos-x64-slim-${{ github.sha }}
	# file: lando/core
	# certificate-data: APPLE_CERT_DATA
	# certificate-password: APPLE_CERT_PASSWORD
	# apple-product-id: dev.lando.cli
	# apple-team-id: FY8GAUX282
	# apple-notary-user: APPLE_NOTARY_USER
	# apple-notary-password: APPLE_NOTARY_PASSWORD
	# options: --options runtime --entitlements entitlements.xml
	# result: lando-macos-x64-${{ github.ref_name }}-slim
	# - os: macos-14
	# key: lando-macos-arm64-slim-${{ github.sha }}
	# file: lando/core
	# certificate-data: APPLE_CERT_DATA
	# certificate-password: APPLE_CERT_PASSWORD
	# apple-product-id: dev.lando.cli
	# apple-team-id: FY8GAUX282
	# apple-notary-user: APPLE_NOTARY_USER
	# apple-notary-password: APPLE_NOTARY_PASSWORD
	# options: --options runtime --entitlements entitlements.xml
	# result: lando-macos-arm64-${{ github.ref_name }}-slim

	# - os: ubuntu-24.04
	# key: lando-linux-x64-${{ github.sha }}
	# file: lando/core
	# certificate-data: KEYLOCKER_CLIENT_CERT
	# certificate-password: KEYLOCKER_CLIENT_CERT_PASSWORD
	# result: lando-linux-x64-${{ github.ref_name }}
	# - os: ubuntu-24.04
	# key: lando-linux-arm64-${{ github.sha }}
	# file: lando/core
	# certificate-data: KEYLOCKER_CLIENT_CERT
	# certificate-password: KEYLOCKER_CLIENT_CERT_PASSWORD
	# result: lando-linux-arm64-${{ github.ref_name }}
	# - os: ubuntu-24.04
	# key: lando-linux-x64-slim-${{ github.sha }}
	# file: lando/core
	# certificate-data: KEYLOCKER_CLIENT_CERT
	# certificate-password: KEYLOCKER_CLIENT_CERT_PASSWORD
	# result: lando-linux-x64-${{ github.ref_name }}-slim
	# - os: ubuntu-24.04
	# key: lando-linux-arm64-slim-${{ github.sha }}
	# file: lando/core
	# certificate-data: KEYLOCKER_CLIENT_CERT
	# certificate-password: KEYLOCKER_CLIENT_CERT_PASSWORD
	# result: lando-linux-arm64-${{ github.ref_name }}-slim

	# - name: Rename as needed
	# shell: bash
	# run: \|
	# # naming things
	# mkdir -p releases
	# cp ${{ steps.code-sign-action.outputs.file }} releases/${{ matrix.result }}
	# cp releases/${{ matrix.result }} "releases/$(echo ${{ matrix.result }} \| sed 's/${{ github.ref_name }}/latest/;')"
	# cp releases/${{ matrix.result }} "releases/$(echo ${{ matrix.result }} \| sed 's/${{ github.ref_name }}/dev/;')"

	# # exec and confirm
	# chmod +x releases/*
	# ls -lsa releases

	# - name: Configure S3 Credentials
	# uses: aws-actions/configure-aws-credentials@v4
	# with:
	# aws-access-key-id: ${{ secrets.S3_ACCESS_KEY_ID }}
	# aws-secret-access-key: ${{ secrets.S3_SECRET_ACCESS_KEY }}
	# aws-region: us-east-1
	# - name: Upload dev releases to S3
	# shell: bash
	# run: \|
	# aws s3 sync releases s3://files.lando.dev
	# aws s3 sync releases s3://files.lando.dev/cli
	# aws s3 sync releases s3://files.lando.dev/core
	# - name: Upload to artifacts
	# uses: actions/upload-artifact@v4
	# with:
	# retention-days: 1
	# name: ${{ matrix.key }}
	# overwrite: true
	# path: releases/*

	# verify:
	# runs-on: ubuntu-24.04
	# needs:
	# - sign
	# env:
	# TERM: xterm
	# steps:
	# - name: Checkout code
	# uses: actions/checkout@v4
	# - name: Download for checksumming
	# uses: actions/download-artifact@v4
	# with:
	# path: artifacts
	# - name: Combine artifacts
	# run: \|
	# mkdir -p dist
	# find "artifacts" -mindepth 2 -maxdepth 2 -type f -exec mv {} "dist" \;
	# ls -lsa dist
	# - name: Checksum artifacts
	# run: ./scripts/generate-checksums.sh --directory dist --output sha256sum.txt --show
	# - name: Configure S3 Credentials
	# uses: aws-actions/configure-aws-credentials@v4
	# with:
	# aws-access-key-id: ${{ secrets.S3_ACCESS_KEY_ID }}
	# aws-secret-access-key: ${{ secrets.S3_SECRET_ACCESS_KEY }}
	# aws-region: us-east-1
	# - name: Upload Checksums to S3
	# shell: bash
	# run: \|
	# aws s3 cp sha256sum.txt s3://files.lando.dev/sha256sum-${{ github.ref_name }}.txt
	# aws s3 cp sha256sum.txt s3://files.lando.dev/cli/sha256sum-${{ github.ref_name }}.txt
	# aws s3 cp sha256sum.txt s3://files.lando.dev/core/sha256sum-${{ github.ref_name }}.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

attempt reusable sign-binary workflow #67

Workflow file

attempt reusable sign-binary workflow #67

Jobs

Run details

Workflow file for this run