arduino · per1234 · Jun 18, 2021 · Jun 17, 2021 · Jun 17, 2021 · Jun 17, 2021
diff --git a/workflow-templates/assets/release-go-task/DistTasks.yml b/workflow-templates/assets/release-go-task/DistTasks.yml
@@ -0,0 +1,212 @@
+# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/release-go-task/DistTasks.yml
+version: "3"
+
+# This taskfile is ideally meant to be project agnostic and could be dropped in
+# on other Go projects with minimal or no changes.
+#
+# To use it simply add the following lines to your main taskfile:
+#   includes:
+#     dist: ./DistTasks.yml
+#
+# The following variables must be declared in the including taskfile for the
+# build process to work correctly:
+# * DIST_DIR: the folder that will contain the final binaries and packages
+# * PROJECT_NAME: the name of the project, used in package name
+# * VERSION: the version of the project, used in package name and checksum file
+# * LD_FLAGS: flags used at build time
+#
+# The project MUST contain a LICENSE.txt file in the root folder or packaging will fail.
+
+tasks:
+  all:
+    desc: Build for distribution for all platforms
+    cmds:
+      - task: Windows_32bit
+      - task: Windows_64bit
+      - task: Linux_32bit
+      - task: Linux_64bit
+      - task: Linux_ARMv6
+      - task: Linux_ARMv7
+      - task: Linux_ARM64
+      - task: macOS_64bit
+
+  Windows_32bit:
+    desc: Builds Windows 32 bit binaries
+    dir: "{{ .DIST_DIR }}"
+    cmds:
+      - |
+        docker run -v `pwd`/..:/home/build -w /home/build \
+        -e CGO_ENABLED=1 \
+        {{ .CONTAINER }}:{{ .CONTAINER_TAG }} \
+        --build-cmd "{{ .BUILD_COMMAND }}" \
+        -p "{{ .BUILD_PLATFORM }}"
+
+        zip {{ .PACKAGE_NAME}} {{ .PLATFORM_DIR }}/{{ .PROJECT_NAME }}.exe ../LICENSE.txt -j
+        sha256sum {{ .PACKAGE_NAME }} >> {{ .CHECKSUM_FILE }}
+
+    vars:
+      PLATFORM_DIR: "{{ .PROJECT_NAME }}_windows_386"
+      BUILD_COMMAND: "go build -o {{ .DIST_DIR }}/{{ .PLATFORM_DIR }}/{{ .PROJECT_NAME }}.exe {{ .LDFLAGS }}"
+      BUILD_PLATFORM: "windows/386"
+      CONTAINER_TAG: "{{ .GO_VERSION }}-main"
+      PACKAGE_PLATFORM: "Windows_32bit"
+      PACKAGE_NAME: "{{ .PROJECT_NAME }}_{{ .VERSION }}_{{ .PACKAGE_PLATFORM }}.zip"
+
+  Windows_64bit:
+    desc: Builds Windows 64 bit binaries
+    dir: "{{ .DIST_DIR }}"
+    cmds:
+      - |
+        docker run -v `pwd`/..:/home/build -w /home/build \
+        -e CGO_ENABLED=1 \
+        {{ .CONTAINER }}:{{ .CONTAINER_TAG }} \
+        --build-cmd "{{ .BUILD_COMMAND }}" \
+        -p "{{ .BUILD_PLATFORM }}"
+
+        zip {{ .PACKAGE_NAME}} {{ .PLATFORM_DIR }}/{{ .PROJECT_NAME }}.exe ../LICENSE.txt -j
+        sha256sum {{ .PACKAGE_NAME }} >> {{ .CHECKSUM_FILE }}
+
+    vars:
+      PLATFORM_DIR: "{{ .PROJECT_NAME }}_windows_amd64"
+      BUILD_COMMAND: "go build -o {{ .DIST_DIR }}/{{ .PLATFORM_DIR }}/{{ .PROJECT_NAME }}.exe {{ .LDFLAGS }}"
+      BUILD_PLATFORM: "windows/amd64"
+      CONTAINER_TAG: "{{ .GO_VERSION }}-main"
+      PACKAGE_PLATFORM: "Windows_64bit"
+      PACKAGE_NAME: "{{ .PROJECT_NAME }}_{{ .VERSION }}_{{ .PACKAGE_PLATFORM }}.zip"
+
+  Linux_32bit:
+    desc: Builds Linux 32 bit binaries
+    dir: "{{ .DIST_DIR }}"
+    cmds:
+      - |
+        docker run -v `pwd`/..:/home/build -w /home/build \
+        -e CGO_ENABLED=1 \
+        {{ .CONTAINER }}:{{ .CONTAINER_TAG }} \
+        --build-cmd "{{ .BUILD_COMMAND }}" \
+        -p "{{ .BUILD_PLATFORM }}"
+
+        tar cz -C {{ .PLATFORM_DIR }} {{ .PROJECT_NAME }} -C ../.. LICENSE.txt  -f {{ .PACKAGE_NAME }}
+        sha256sum {{ .PACKAGE_NAME }} >> {{ .CHECKSUM_FILE }}
+
+    vars:
+      PLATFORM_DIR: "{{ .PROJECT_NAME }}_linux_amd32"
+      BUILD_COMMAND: "go build -o {{ .DIST_DIR }}/{{ .PLATFORM_DIR }}/{{ .PROJECT_NAME }} {{ .LDFLAGS }}"
+      BUILD_PLATFORM: "linux/386"
+      CONTAINER_TAG: "{{ .GO_VERSION }}-main"
+      PACKAGE_PLATFORM: "Linux_32bit"
+      PACKAGE_NAME: "{{ .PROJECT_NAME }}_{{ .VERSION }}_{{ .PACKAGE_PLATFORM }}.tar.gz"
+
+  Linux_64bit:
+    desc: Builds Linux 64 bit binaries
+    dir: "{{ .DIST_DIR }}"
+    cmds:
+      - |
+        docker run -v `pwd`/..:/home/build -w /home/build \
+        -e CGO_ENABLED=1 \
+        {{ .CONTAINER }}:{{ .CONTAINER_TAG }} \
+        --build-cmd "{{ .BUILD_COMMAND }}" \
+        -p "{{ .BUILD_PLATFORM }}"
+
+        tar cz -C {{ .PLATFORM_DIR }} {{ .PROJECT_NAME }} -C ../.. LICENSE.txt  -f {{ .PACKAGE_NAME }}
+        sha256sum {{ .PACKAGE_NAME }} >> {{ .CHECKSUM_FILE }}
+
+    vars:
+      PLATFORM_DIR: "{{ .PROJECT_NAME }}_linux_amd64"
+      BUILD_COMMAND: "go build -o {{ .DIST_DIR }}/{{ .PLATFORM_DIR }}/{{ .PROJECT_NAME }} {{ .LDFLAGS }}"
+      BUILD_PLATFORM: "linux/amd64"
+      CONTAINER_TAG: "{{ .GO_VERSION }}-main"
+      PACKAGE_PLATFORM: "Linux_64bit"
+      PACKAGE_NAME: "{{ .PROJECT_NAME }}_{{ .VERSION }}_{{ .PACKAGE_PLATFORM }}.tar.gz"
+
+  Linux_ARMv7:
+    desc: Builds Linux ARMv7 binaries
+    dir: "{{ .DIST_DIR }}"
+    cmds:
+      - |
+        docker run -v `pwd`/..:/home/build -w /home/build \
+        -e CGO_ENABLED=1 \
+        {{ .CONTAINER }}:{{ .CONTAINER_TAG }} \
+        --build-cmd "{{ .BUILD_COMMAND }}" \
+        -p "{{ .BUILD_PLATFORM }}"
+
+        tar cz -C {{ .PLATFORM_DIR }} {{ .PROJECT_NAME }} -C ../.. LICENSE.txt  -f {{ .PACKAGE_NAME }}
+        sha256sum {{ .PACKAGE_NAME }} >> {{ .CHECKSUM_FILE }}
+
+    vars:
+      PLATFORM_DIR: "{{ .PROJECT_NAME }}_linux_arm_7"
+      BUILD_COMMAND: "go build -o {{ .DIST_DIR }}/{{ .PLATFORM_DIR }}/{{ .PROJECT_NAME }} {{ .LDFLAGS }}"
+      BUILD_PLATFORM: "linux/armv7"
+      CONTAINER_TAG: "{{ .GO_VERSION }}-arm"
+      PACKAGE_PLATFORM: "Linux_ARMv7"
+      PACKAGE_NAME: "{{ .PROJECT_NAME }}_{{ .VERSION }}_{{ .PACKAGE_PLATFORM }}.tar.gz"
+
+  Linux_ARMv6:
+    desc: Builds Linux ARMv6 binaries
+    dir: "{{ .DIST_DIR }}"
+    cmds:
+      - |
+        docker run -v `pwd`/..:/home/build -w /home/build \
+        -e CGO_ENABLED=1 \
+        {{ .CONTAINER }}:{{ .CONTAINER_TAG }} \
+        --build-cmd "{{ .BUILD_COMMAND }}" \
+        -p "{{ .BUILD_PLATFORM }}"
+
+        tar cz -C {{ .PLATFORM_DIR }} {{ .PROJECT_NAME }} -C ../.. LICENSE.txt  -f {{ .PACKAGE_NAME }}
+        sha256sum {{ .PACKAGE_NAME }} >> {{ .CHECKSUM_FILE }}
+
+    vars:
+      PLATFORM_DIR: "{{ .PROJECT_NAME }}_linux_arm_6"
+      BUILD_COMMAND: "go build -o {{ .DIST_DIR }}/{{ .PLATFORM_DIR }}/{{ .PROJECT_NAME }} {{ .LDFLAGS }}"
+      BUILD_PLATFORM: "linux/armv6"
+      CONTAINER_TAG: "{{ .GO_VERSION }}-arm"
+      PACKAGE_PLATFORM: "Linux_ARMv6"
+      PACKAGE_NAME: "{{ .PROJECT_NAME }}_{{ .VERSION }}_{{ .PACKAGE_PLATFORM }}.tar.gz"
+
+  Linux_ARM64:
+    desc: Builds Linux ARM64 binaries
+    dir: "{{ .DIST_DIR }}"
+    cmds:
+      - |
+        docker run -v `pwd`/..:/home/build -w /home/build \
+        -e CGO_ENABLED=1 \
+        {{ .CONTAINER }}:{{ .CONTAINER_TAG }} \
+        --build-cmd "{{ .BUILD_COMMAND }}" \
+        -p "{{ .BUILD_PLATFORM }}"
+
+        tar cz -C {{ .PLATFORM_DIR }} {{ .PROJECT_NAME }} -C ../.. LICENSE.txt  -f {{ .PACKAGE_NAME }}
+        sha256sum {{ .PACKAGE_NAME }} >> {{ .CHECKSUM_FILE }}
+
+    vars:
+      PLATFORM_DIR: "{{ .PROJECT_NAME }}_linux_arm_6"
+      BUILD_COMMAND: "go build -o {{ .DIST_DIR }}/{{ .PLATFORM_DIR }}/{{ .PROJECT_NAME }} {{ .LDFLAGS }}"
+      BUILD_PLATFORM: "linux/arm64"
+      CONTAINER_TAG: "{{ .GO_VERSION }}-arm"
+      PACKAGE_PLATFORM: "Linux_ARM64"
+      PACKAGE_NAME: "{{ .PROJECT_NAME }}_{{ .VERSION }}_{{ .PACKAGE_PLATFORM }}.tar.gz"
+
+  macOS_64bit:
+    desc: Builds Mac OS X 64 bit binaries
+    dir: "{{ .DIST_DIR }}"
+    cmds:
+      - |
+        docker run -v `pwd`/..:/home/build -w /home/build \
+        -e CGO_ENABLED=1 \
+        {{ .CONTAINER }}:{{ .CONTAINER_TAG }} \
+        --build-cmd "{{ .BUILD_COMMAND }}" \
+        -p "{{ .BUILD_PLATFORM }}"
+
+        tar cz -C {{ .PLATFORM_DIR }} {{ .PROJECT_NAME }} -C ../.. LICENSE.txt  -f {{ .PACKAGE_NAME }}
+        sha256sum {{ .PACKAGE_NAME }} >> {{ .CHECKSUM_FILE }}
+
+    vars:
+      PLATFORM_DIR: "{{ .PROJECT_NAME }}_osx_darwin_amd64"
+      BUILD_COMMAND: "go build -o {{ .DIST_DIR }}/{{ .PLATFORM_DIR }}/{{ .PROJECT_NAME }} {{ .LDFLAGS }}"
+      BUILD_PLATFORM: "darwin/amd64"
+      CONTAINER_TAG: "{{ .GO_VERSION }}-darwin"
+      PACKAGE_PLATFORM: "macOS_64bit"
+      PACKAGE_NAME: "{{ .PROJECT_NAME }}_{{ .VERSION }}_{{ .PACKAGE_PLATFORM }}.tar.gz"
+
+vars:
+  CONTAINER: "docker.elastic.co/beats-dev/golang-crossbuild"
+  GO_VERSION: "1.14.7"
+  CHECKSUM_FILE: "{{ .VERSION }}-checksums.txt"
diff --git a/workflow-templates/assets/release-go-task/Taskfile.yml b/workflow-templates/assets/release-go-task/Taskfile.yml
@@ -0,0 +1,29 @@
+# See: https://taskfile.dev/#/usage
+version: "3"
+
+includes:
+  dist: ./DistTasks.yml
+
+vars:
+  # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/release-go-task/Taskfile.yml
+  PROJECT_NAME: "arduino-cli"
+  DIST_DIR: "dist"
+  # build vars
+  COMMIT:
+    sh: echo "$(git log -n 1 --format=%h)"
+  TIMESTAMP:
+    sh: echo "$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
+  TIMESTAMP_SHORT:
+    sh: echo "{{now | date "20060102"}}"
+  TAG:
+    sh: echo "`git tag --points-at=HEAD 2> /dev/null | head -n1`"
+  VERSION: "{{ if .NIGHTLY }}nightly-{{ .TIMESTAMP_SHORT }}{{ else if .TAG }}{{ .TAG }}{{ else }}{{ .PACKAGE_NAME_PREFIX }}git-snapshot{{ end }}"
+  LDFLAGS: >
+    -ldflags
+    '
+    -X github.com/arduino/arduino-cli/version.versionString={{.VERSION}}
+    -X github.com/arduino/arduino-cli/version.commit={{ .COMMIT }}
+    -X github.com/arduino/arduino-cli/version.date={{.TIMESTAMP}}
+    '
+
+tasks: {}
diff --git a/workflow-templates/assets/shared/gon.config.hcl b/workflow-templates/assets/shared/gon.config.hcl
@@ -0,0 +1,14 @@
+# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/release-go-task/gon.config.hcl
+# See: https://github.com/mitchellh/gon#configuration-file
+source = ["dist/arduino-cli_osx_darwin_amd64/arduino-cli"]
+bundle_id = "cc.arduino.arduino-cli"
+
+sign {
+  application_identity = "Developer ID Application: ARDUINO SA (7KT7ZWMCJT)"
+}
+
+# Ask Gon for zip output to force notarization process to take place.
+# The CI will ignore the zip output, using the signed binary only.
+zip {
+  output_path = "arduino-cli.zip"
+}
diff --git a/...mplates/dependabot/workflow-template-copies/.github/workflows/publish-go-nightly-task.yml b/...mplates/dependabot/workflow-template-copies/.github/workflows/publish-go-nightly-task.yml
@@ -0,0 +1,133 @@
+# Source: https://github.com/arduino/.github/blob/master/workflow-templates/publish-go-nightly-task.md
+name: Publish Nightly Build
+
+on:
+  schedule:
+    # run every day at 1AM
+    - cron: "0 1 * * *"
+
+jobs:
+  create-nightly-artifacts:
+    # This workflow is only of value to the arduino/arduino-cli repository and
+    # would always fail in forks
+    if: github.repository == 'arduino/arduino-cli'
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v1
+        with:
+          fetch-depth: 0
+
+      - name: Install Taskfile
+        uses: arduino/setup-task@v1
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          version: 3.x
+
+      - name: Build
+        env:
+          NIGHTLY: true
+        run: task dist:all
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: dist
+          path: dist
+
+  notarize-macos:
+    runs-on: macos-latest
+    needs: create-nightly-artifacts
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Download artifacts
+        uses: actions/download-artifact@v2
+        with:
+          name: dist
+          # to ensure compatibility with v1
+          path: dist
+
+      - name: Import Code-Signing Certificates
+        env:
+          KEYCHAIN: "sign.keychain"
+          INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12"
+        run: |
+          echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > "${{ env.INSTALLER_CERT_MAC_PATH }}"
+          security create-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
+          security default-keychain -s "${{ env.KEYCHAIN }}"
+          security unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
+          security import "${{ env.INSTALLER_CERT_MAC_PATH }}" -k "${{ env.KEYCHAIN }}" -f pkcs12 -A -T /usr/bin/codesign -P "${{ secrets.INSTALLER_CERT_MAC_PASSWORD }}"
+          security set-key-partition-list -S apple-tool:,apple: -s -k "${{ secrets.KEYCHAIN_PASSWORD }}" "${{ env.KEYCHAIN }}"
+
+      - name: Install gon for code signing and app notarization
+        run: |
+          wget -q https://github.com/mitchellh/gon/releases/download/v0.2.3/gon_macos.zip
+          unzip gon_macos.zip -d /usr/local/bin
+
+      - name: Sign and notarize binary
+        env:
+          AC_USERNAME: ${{ secrets.AC_USERNAME }}
+          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
+        run: |
+          gon gon.config.hcl
+
+      - name: Re-package binary and update checksum
+        # This step performs the following:
+        # 1. Repackage the signed binary replaced in place by Gon (ignoring the output zip file)
+        # 2. Recalculate package checksum and replace it in the nnnnnn-checksums.txt file
+        run: |
+          # GitHub's upload/download-artifact@v2 actions don't preserve file permissions,
+          # so we need to add execution permission back until the action is made to do this.
+          chmod +x dist/arduino-cli_osx_darwin_amd64/arduino-cli
+          PACKAGE_FILENAME="$(basename dist/arduino-cli_nightly-*_macOS_64bit.tar.gz)"
+          tar -czvf "dist/$PACKAGE_FILENAME" \
+          -C dist/arduino-cli_osx_darwin_amd64/  arduino-cli   \
+          -C ../../ LICENSE.txt
+          CLI_CHECKSUM="$(shasum -a 256 "dist/$PACKAGE_FILENAME" | cut -d " " -f 1)"
+          perl -pi -w -e "s/.*${PACKAGE_FILENAME}/${CLI_CHECKSUM}  ${PACKAGE_FILENAME}/g;" dist/*-checksums.txt
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: dist
+          path: dist
+
+  publish-nightly:
+    runs-on: ubuntu-latest
+    needs: notarize-macos
+
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v2
+        with:
+          name: dist
+          # to ensure compatibility with v1
+          path: dist
+
+      - name: Upload release files on Arduino downloads servers
+        uses: docker://plugins/s3
+        env:
+          PLUGIN_SOURCE: "dist/*"
+          PLUGIN_TARGET: "/arduino-cli/nightly"
+          PLUGIN_STRIP_PREFIX: "dist/"
+          PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+      - name: Report failure
+        if: failure()
+        uses: masci/datadog@v1
+        with:
+          api-key: ${{ secrets.DD_API_KEY }}
+          events: |
+            - title: "Arduino CLI nightly build failed"
+              text: "Nightly build workflow has failed"
+              alert_type: "error"
+              host: ${{ github.repository }}
+              tags:
+                - "project:arduino-cli"
+                - "workflow:${{ github.workflow }}"