紧急更新:CVE-2024-45338 #270
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build & Release | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
tags: | |
- "v*" | |
paths: | |
- "**/*.go" | |
- "go.mod" | |
- "go.sum" | |
- ".github/workflows/*.yml" | |
pull_request: | |
types: [opened, synchronize, reopened] | |
paths: | |
- "**/*.go" | |
- "go.mod" | |
- "go.sum" | |
- ".github/workflows/*.yml" | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
# Include amd64 on all platforms. | |
goos: [windows, freebsd, openbsd, linux, dragonfly, darwin] | |
goarch: [amd64, 386] | |
exclude: | |
# Exclude i386 on darwin and dragonfly. | |
- goarch: 386 | |
goos: dragonfly | |
- goarch: 386 | |
goos: darwin | |
include: | |
# BEIGIN MacOS ARM64 | |
- goos: darwin | |
goarch: arm64 | |
# END macOS ARM64 | |
# BEGIN Linux ARM 5 6 7 | |
- goos: linux | |
goarch: arm | |
goarm: 7 | |
- goos: linux | |
goarch: arm | |
goarm: 6 | |
- goos: linux | |
goarch: arm | |
goarm: 5 | |
# END Linux ARM 5 6 7 | |
# BEGIN Android ARM 8 | |
- goos: android | |
goarch: arm64 | |
# END Android ARM 8 | |
# Windows ARM | |
- goos: windows | |
goarch: arm64 | |
- goos: windows | |
goarch: arm | |
goarm: 7 | |
# BEGIN Other architectures | |
# BEGIN riscv64 & ARM64 | |
- goos: linux | |
goarch: arm64 | |
- goos: linux | |
goarch: riscv64 | |
# END riscv64 & ARM64 | |
# BEGIN MIPS | |
- goos: linux | |
goarch: mips64 | |
- goos: linux | |
goarch: mips64le | |
- goos: linux | |
goarch: mipsle | |
- goos: linux | |
goarch: mips | |
- goos: linux | |
goarch: mipsle | |
gomips: softfloat | |
- goos: linux | |
goarch: mips | |
gomips: softfloat | |
# END MIPS | |
# BEGIN PPC | |
- goos: linux | |
goarch: ppc64 | |
- goos: linux | |
goarch: ppc64le | |
# END PPC | |
# BEGIN FreeBSD ARM | |
- goos: freebsd | |
goarch: arm64 | |
- goos: freebsd | |
goarch: arm | |
goarm: 7 | |
# END FreeBSD ARM | |
# BEGIN S390X | |
- goos: linux | |
goarch: s390x | |
# END S390X | |
# END Other architectures | |
# BEGIN OPENBSD ARM | |
- goos: openbsd | |
goarch: arm64 | |
- goos: openbsd | |
goarch: arm | |
goarm: 7 | |
env: | |
GOOS: ${{ matrix.goos }} | |
GOARCH: ${{ matrix.goarch }} | |
GOARM: ${{ matrix.goarm }} | |
GOMIPS: ${{ matrix.gomips }} | |
CGO_ENABLED: 0 | |
steps: | |
- name: Checkout codebase | |
uses: actions/checkout@v4 | |
- name: Show workflow information | |
run: | | |
if [ ! -z $GOARM ]; then | |
export GOARM=v$GOARM | |
fi | |
export _NAME="nexttrace_${GOOS}_${GOARCH}${GOARM}" | |
if [ "$GOOS" == "windows" ]; then | |
export _NAME="$_NAME.exe" | |
fi | |
if [ "$GOMIPS" == "softfloat" ]; then | |
export _NAME="${_NAME}_softfolat" | |
fi | |
echo "GOOS: $GOOS, GOARCH: $GOARCH, GOARM: $GOARM, GOMIPS: $GOMIPS, RELEASE_NAME: $_NAME" | |
echo "ASSET_NAME=$_NAME" >> $GITHUB_ENV | |
echo "BUILD_VERSION=$(git describe --tags --always)" >> $GITHUB_ENV | |
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_ENV | |
echo "COMMIT_SHA1=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: '1.22' | |
- name: Get project dependencies | |
run: go mod download | |
- name: Build | |
run: | | |
go build -trimpath -o dist/${ASSET_NAME} \ | |
-ldflags "-X 'github.com/nxtrace/NTrace-core/config.Version=${BUILD_VERSION}' \ | |
-X 'github.com/nxtrace/NTrace-core/config.BuildDate=${BUILD_DATE}' \ | |
-X 'github.com/nxtrace/NTrace-core/config.CommitID=${COMMIT_SHA1}'\ | |
-w -s" | |
- name: Upload files to Artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.ASSET_NAME }} | |
path: | | |
dist/${{ env.ASSET_NAME }} | |
- name: Release | |
if: startsWith(github.ref, 'refs/tags/v') | |
uses: softprops/action-gh-release@v2 | |
with: # 将下述可执行文件 release 上去 | |
draft: true # Release草稿 | |
files: | | |
dist/* | |
env: | |
GITHUB_TOKEN: ${{ secrets.GT_Token }} | |
publish-new-formula: | |
needs: build | |
# The type of runner that the job will run on | |
runs-on: ubuntu-latest | |
if: startsWith(github.ref, 'refs/tags/v') | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
# Runs a single command using the runners shell | |
- name: config git | |
run: | | |
git config --global user.email "${{ secrets.git_mail }}" | |
git config --global user.name "${{ secrets.git_name }}" | |
- name: Clone repo | |
run: | | |
git clone https://github.com/nxtrace/homebrew-nexttrace.git | |
- name: Exec scipt | |
run: | | |
cd homebrew-nexttrace | |
bash genFormula.sh | |
# - name: setup SSH keys and known_hosts | |
# run: | | |
# mkdir -p ~/.ssh | |
# ssh-keyscan github.com >> ~/.ssh/known_hosts | |
# ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
# ssh-add - <<< "${{ secrets.ID_RSA }}" | |
# env: | |
# SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
- name: Git Push | |
run: | | |
cd homebrew-nexttrace | |
git commit -am 'Publish a new version with Formula' || true | |
git remote set-url origin https://${{ secrets.gt_token }}@github.com/nxtrace/homebrew-nexttrace.git | |
git push | |
# env: | |
# SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
- run: echo "🍏 This job's status is ${{ job.status }}." |