diff --git a/.github/workflows/development.yml b/.github/workflows/development.yml index 134c2f44..62830dda 100644 --- a/.github/workflows/development.yml +++ b/.github/workflows/development.yml @@ -5,6 +5,10 @@ on: branches: [2.6.x] pull_request: +permissions: + id-token: write + contents: read + jobs: test-deploy: name: Test and deploy @@ -13,11 +17,6 @@ jobs: matrix: go: ['1.22'] os: [ubuntu-latest, macos-latest] - upload-coverage: [true] - include: - - go: '1.22' - os: windows-latest - upload-coverage: false steps: - uses: actions/checkout@v4 @@ -30,7 +29,6 @@ jobs: go-version: ${{ matrix.go }} - name: Build for Linux/macOS x86_64 - if: startsWith(matrix.os, 'windows-') != true run: | go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=`git describe --always --abbrev=8 --dirty` -X github.com/drakkan/sftpgo/v2/internal/version.date=`date -u +%FT%TZ`" -o sftpgo cd tests/eventsearcher @@ -46,44 +44,11 @@ jobs: if: startsWith(matrix.os, 'macos-') == true run: CGO_ENABLED=1 GOOS=darwin GOARCH=arm64 SDKROOT=$(xcrun --sdk macosx --show-sdk-path) go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=`git describe --always --abbrev=8 --dirty` -X github.com/drakkan/sftpgo/v2/internal/version.date=`date -u +%FT%TZ`" -o sftpgo_arm64 - - name: Build for Windows - if: startsWith(matrix.os, 'windows-') - run: | - $GIT_COMMIT = (git describe --always --abbrev=8 --dirty) | Out-String - $DATE_TIME = ([datetime]::Now.ToUniversalTime().toString("yyyy-MM-ddTHH:mm:ssZ")) | Out-String - $LATEST_TAG = ((git describe --tags $(git rev-list --tags --max-count=1)) | Out-String).Trim() - $REV_LIST=$LATEST_TAG+"..HEAD" - $COMMITS_FROM_TAG= ((git rev-list $REV_LIST --count) | Out-String).Trim() - $FILE_VERSION = $LATEST_TAG.substring(1) + "." + $COMMITS_FROM_TAG - go install github.com/tc-hib/go-winres@latest - go-winres simply --arch amd64 --product-version $LATEST_TAG-dev-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo server" --product-name SFTPGo --copyright "AGPL-3.0 with additional terms" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico - go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=$GIT_COMMIT -X github.com/drakkan/sftpgo/v2/internal/version.date=$DATE_TIME" -o sftpgo.exe - cd tests/eventsearcher - go build -trimpath -ldflags "-s -w" -o eventsearcher.exe - cd ../.. - cd tests/ipfilter - go build -trimpath -ldflags "-s -w" -o ipfilter.exe - cd ../.. - mkdir arm64 - $Env:CGO_ENABLED='0' - $Env:GOOS='windows' - $Env:GOARCH='arm64' - go-winres simply --arch arm64 --product-version $LATEST_TAG-dev-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo server" --product-name SFTPGo --copyright "AGPL-3.0 with additional terms" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico - go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules,nosqlite -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=$GIT_COMMIT -X github.com/drakkan/sftpgo/v2/internal/version.date=$DATE_TIME" -o .\arm64\sftpgo.exe - mkdir x86 - $Env:GOARCH='386' - go-winres simply --arch 386 --product-version $LATEST_TAG-dev-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo server" --product-name SFTPGo --copyright "AGPL-3.0 with additional terms" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico - go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules,nosqlite -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=$GIT_COMMIT -X github.com/drakkan/sftpgo/v2/internal/version.date=$DATE_TIME" -o .\x86\sftpgo.exe - Remove-Item Env:\CGO_ENABLED - Remove-Item Env:\GOOS - Remove-Item Env:\GOARCH - - name: Run test cases using SQLite provider run: go test -v -tags nopgxregisterdefaulttypes,disable_grpc_modules -p 1 -timeout 15m ./... -coverprofile=coverage.txt -covermode=atomic - name: Upload coverage to Codecov - if: ${{ matrix.upload-coverage }} - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v5 with: file: ./coverage.txt fail_ci_if_error: false @@ -126,8 +91,120 @@ jobs: ./sftpgo gen man -d output/man/man1 gzip output/man/man1/* - - name: Prepare Windows installer - if: ${{ startsWith(matrix.os, 'windows-') && github.event_name != 'pull_request' }} + - name: Upload build artifact + if: startsWith(matrix.os, 'ubuntu-') != true + uses: actions/upload-artifact@v4 + with: + name: sftpgo-${{ matrix.os }}-go-${{ matrix.go }} + path: output + + test-deploy-windows: + name: Test and deploy Windows + environment: signing + runs-on: windows-latest + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Azure login + uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: '1.22' + + - name: Build + run: | + $GIT_COMMIT = (git describe --always --abbrev=8 --dirty) | Out-String + $DATE_TIME = ([datetime]::Now.ToUniversalTime().toString("yyyy-MM-ddTHH:mm:ssZ")) | Out-String + $LATEST_TAG = ((git describe --tags $(git rev-list --tags --max-count=1)) | Out-String).Trim() + $REV_LIST=$LATEST_TAG+"..HEAD" + $COMMITS_FROM_TAG= ((git rev-list $REV_LIST --count) | Out-String).Trim() + $FILE_VERSION = $LATEST_TAG.substring(1) + "." + $COMMITS_FROM_TAG + go install github.com/tc-hib/go-winres@latest + go-winres simply --arch amd64 --product-version $LATEST_TAG-dev-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo server" --product-name SFTPGo --copyright "AGPL-3.0 with additional terms" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico + go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=$GIT_COMMIT -X github.com/drakkan/sftpgo/v2/internal/version.date=$DATE_TIME" -o sftpgo.exe + cd tests/eventsearcher + go build -trimpath -ldflags "-s -w" -o eventsearcher.exe + cd ../.. + cd tests/ipfilter + go build -trimpath -ldflags "-s -w" -o ipfilter.exe + cd ../.. + mkdir arm64 + $Env:CGO_ENABLED='0' + $Env:GOOS='windows' + $Env:GOARCH='arm64' + go-winres simply --arch arm64 --product-version $LATEST_TAG-dev-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo server" --product-name SFTPGo --copyright "AGPL-3.0 with additional terms" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico + go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules,nosqlite -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=$GIT_COMMIT -X github.com/drakkan/sftpgo/v2/internal/version.date=$DATE_TIME" -o .\arm64\sftpgo.exe + mkdir x86 + $Env:GOARCH='386' + go-winres simply --arch 386 --product-version $LATEST_TAG-dev-$GIT_COMMIT --file-version $FILE_VERSION --file-description "SFTPGo server" --product-name SFTPGo --copyright "AGPL-3.0 with additional terms" --original-filename sftpgo.exe --icon .\windows-installer\icon.ico + go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules,nosqlite -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=$GIT_COMMIT -X github.com/drakkan/sftpgo/v2/internal/version.date=$DATE_TIME" -o .\x86\sftpgo.exe + Remove-Item Env:\CGO_ENABLED + Remove-Item Env:\GOOS + Remove-Item Env:\GOARCH + + - name: Sign binaries + uses: azure/trusted-signing-action@v0.5.0 + with: + endpoint: https://eus.codesigning.azure.net/ + trusted-signing-account-name: nicola + certificate-profile-name: SFTPGo + files: ${{ github.workspace }}\sftpgo.exe,${{ github.workspace }}\arm64\sftpgo.exe,${{ github.workspace }}\x86\sftpgo.exe + files-folder-filter: exe,dll + file-digest: SHA256 + timestamp-rfc3161: http://timestamp.acs.microsoft.com + timestamp-digest: SHA256 + exclude-environment-credential: true + exclude-workload-identity-credential: true + exclude-managed-identity-credential: true + exclude-shared-token-cache-credential: true + exclude-visual-studio-credential: true + exclude-visual-studio-code-credential: true + exclude-azure-cli-credential: false + exclude-azure-powershell-credential: true + exclude-azure-developer-cli-credential: true + exclude-interactive-browser-credential: true + + - name: Run test cases using SQLite provider + run: go test -v -tags nopgxregisterdefaulttypes,disable_grpc_modules -p 1 -timeout 15m ./... -coverprofile=coverage.txt -covermode=atomic + + - name: Run test cases using bolt provider + run: | + go test -v -tags nopgxregisterdefaulttypes,disable_grpc_modules -p 1 -timeout 2m ./internal/config -covermode=atomic + go test -v -tags nopgxregisterdefaulttypes,disable_grpc_modules -p 1 -timeout 5m ./internal/common -covermode=atomic + go test -v -tags nopgxregisterdefaulttypes,disable_grpc_modules -p 1 -timeout 5m ./internal/httpd -covermode=atomic + go test -v -tags nopgxregisterdefaulttypes,disable_grpc_modules -p 1 -timeout 8m ./internal/sftpd -covermode=atomic + go test -v -tags nopgxregisterdefaulttypes,disable_grpc_modules -p 1 -timeout 5m ./internal/ftpd -covermode=atomic + go test -v -tags nopgxregisterdefaulttypes,disable_grpc_modules -p 1 -timeout 5m ./internal/webdavd -covermode=atomic + go test -v -tags nopgxregisterdefaulttypes,disable_grpc_modules -p 1 -timeout 2m ./internal/telemetry -covermode=atomic + go test -v -tags nopgxregisterdefaulttypes,disable_grpc_modules -p 1 -timeout 2m ./internal/mfa -covermode=atomic + go test -v -tags nopgxregisterdefaulttypes,disable_grpc_modules -p 1 -timeout 2m ./internal/command -covermode=atomic + env: + SFTPGO_DATA_PROVIDER__DRIVER: bolt + SFTPGO_DATA_PROVIDER__NAME: 'sftpgo_bolt.db' + + - name: Run test cases using memory provider + run: go test -v -tags nopgxregisterdefaulttypes,disable_grpc_modules -p 1 -timeout 15m ./... -covermode=atomic + env: + SFTPGO_DATA_PROVIDER__DRIVER: memory + SFTPGO_DATA_PROVIDER__NAME: '' + + - name: Initialize data provider + run: | + rm sftpgo.db + ./sftpgo initprovider + shell: bash + + - name: Prepare Windows installers + if: ${{ github.event_name != 'pull_request' }} run: | Remove-Item -LiteralPath "output" -Force -Recurse -ErrorAction Ignore mkdir output @@ -146,15 +223,7 @@ jobs: $REV_LIST=$LATEST_TAG+"..HEAD" $COMMITS_FROM_TAG= ((git rev-list $REV_LIST --count) | Out-String).Trim() $Env:SFTPGO_ISS_DEV_VERSION = $LATEST_TAG + "." + $COMMITS_FROM_TAG - $CERT_PATH=(Get-Location -PSProvider FileSystem).ProviderPath + "\cert.pfx" - [IO.File]::WriteAllBytes($CERT_PATH,[System.Convert]::FromBase64String($Env:CERT_DATA)) - certutil -f -p "$Env:CERT_PASS" -importpfx MY "$CERT_PATH" - rm "$CERT_PATH" - & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.20348.0/x86/signtool.exe' sign /sm /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /n "Nicola Murino" /d "SFTPGo" .\sftpgo.exe - & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.20348.0/x86/signtool.exe' sign /sm /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /n "Nicola Murino" /d "SFTPGo" .\arm64\sftpgo.exe - & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.20348.0/x86/signtool.exe' sign /sm /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /n "Nicola Murino" /d "SFTPGo" .\x86\sftpgo.exe - $INNO_S='/Ssigntool=$qC:/Program Files (x86)/Windows Kits/10/bin/10.0.20348.0/x86/signtool.exe$q sign /sm /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /n $qNicola Murino$q /d $qSFTPGo$q $f' - iscc "$INNO_S" .\windows-installer\sftpgo.iss + iscc .\windows-installer\sftpgo.iss rm .\output\sftpgo.exe rm .\output\sftpgo.db @@ -166,40 +235,57 @@ jobs: Remove-Item Env:\SFTPGO_DATA_PROVIDER__DRIVER Remove-Item Env:\SFTPGO_DATA_PROVIDER__NAME $Env:SFTPGO_ISS_ARCH='arm64' - iscc "$INNO_S" .\windows-installer\sftpgo.iss + iscc .\windows-installer\sftpgo.iss rm .\output\sftpgo.exe copy .\x86\sftpgo.exe .\output $Env:SFTPGO_ISS_ARCH='x86' - iscc "$INNO_S" .\windows-installer\sftpgo.iss - certutil -delstore MY "Nicola Murino" - env: - CERT_DATA: ${{ secrets.CERT_DATA }} - CERT_PASS: ${{ secrets.CERT_PASS }} + iscc .\windows-installer\sftpgo.iss + + - name: Sign installers + uses: azure/trusted-signing-action@v0.5.0 + with: + endpoint: https://eus.codesigning.azure.net/ + trusted-signing-account-name: nicola + certificate-profile-name: SFTPGo + files: ${{ github.workspace }}\sftpgo_windows_x86_64.exe,${{ github.workspace }}\sftpgo_windows_arm64.exe,${{ github.workspace }}\sftpgo_windows_x86.exe + files-folder-filter: exe,dll + file-digest: SHA256 + timestamp-rfc3161: http://timestamp.acs.microsoft.com + timestamp-digest: SHA256 + exclude-environment-credential: true + exclude-workload-identity-credential: true + exclude-managed-identity-credential: true + exclude-shared-token-cache-credential: true + exclude-visual-studio-credential: true + exclude-visual-studio-code-credential: true + exclude-azure-cli-credential: false + exclude-azure-powershell-credential: true + exclude-azure-developer-cli-credential: true + exclude-interactive-browser-credential: true - name: Upload Windows installer x86_64 artifact - if: ${{ startsWith(matrix.os, 'windows-') && github.event_name != 'pull_request' }} + if: ${{ github.event_name != 'pull_request' }} uses: actions/upload-artifact@v4 with: name: sftpgo_windows_installer_x86_64 path: ./sftpgo_windows_x86_64.exe - name: Upload Windows installer arm64 artifact - if: ${{ startsWith(matrix.os, 'windows-') && github.event_name != 'pull_request' }} + if: ${{ github.event_name != 'pull_request' }} uses: actions/upload-artifact@v4 with: name: sftpgo_windows_installer_arm64 path: ./sftpgo_windows_arm64.exe - name: Upload Windows installer x86 artifact - if: ${{ startsWith(matrix.os, 'windows-') && github.event_name != 'pull_request' }} + if: ${{ github.event_name != 'pull_request' }} uses: actions/upload-artifact@v4 with: name: sftpgo_windows_installer_x86 path: ./sftpgo_windows_x86.exe - name: Prepare build artifact for Windows - if: startsWith(matrix.os, 'windows-') run: | Remove-Item -LiteralPath "output" -Force -Recurse -ErrorAction Ignore mkdir output @@ -218,10 +304,9 @@ jobs: xcopy .\openapi .\output\openapi\ /E - name: Upload build artifact - if: startsWith(matrix.os, 'ubuntu-') != true uses: actions/upload-artifact@v4 with: - name: sftpgo-${{ matrix.os }}-go-${{ matrix.go }} + name: sftpgo-windows-portable path: output test-build-flags: @@ -524,4 +609,5 @@ jobs: - name: Run golangci-lint uses: golangci/golangci-lint-action@v6 with: + args: --timeout=10m version: latest diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3b1360e9..0b24d2a9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,6 +4,10 @@ on: push: tags: 'v*' +permissions: + id-token: write + contents: write + env: GO_VERSION: 1.22.9 @@ -38,12 +42,10 @@ jobs: path: ./sftpgo_${{ steps.get_version.outputs.VERSION }}_src_with_deps.tar.xz retention-days: 1 - prepare-window-mac: - name: Prepare binaries - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [macos-12, windows-2022] + prepare-windows: + name: Prepare Windows binaries + environment: signing + runs-on: windows-2022 steps: - uses: actions/checkout@v4 @@ -52,34 +54,19 @@ jobs: with: go-version: ${{ env.GO_VERSION }} + - name: Azure login + uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Get SFTPGo version id: get_version run: echo "VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT shell: bash - - name: Get OS name - id: get_os_name - run: | - if [[ $MATRIX_OS =~ ^macos.* ]] - then - echo "OS=macOS" >> $GITHUB_OUTPUT - else - echo "OS=windows" >> $GITHUB_OUTPUT - fi - shell: bash - env: - MATRIX_OS: ${{ matrix.os }} - - - name: Build for macOS x86_64 - if: startsWith(matrix.os, 'windows-') != true - run: go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=`git describe --always --abbrev=8 --dirty` -X github.com/drakkan/sftpgo/v2/internal/version.date=`date -u +%FT%TZ`" -o sftpgo - - - name: Build for macOS arm64 - if: startsWith(matrix.os, 'macos-') == true - run: CGO_ENABLED=1 GOOS=darwin GOARCH=arm64 SDKROOT=$(xcrun --sdk macosx --show-sdk-path) go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=`git describe --always --abbrev=8 --dirty` -X github.com/drakkan/sftpgo/v2/internal/version.date=`date -u +%FT%TZ`" -o sftpgo_arm64 - - - name: Build for Windows - if: startsWith(matrix.os, 'windows-') + - name: Build run: | $GIT_COMMIT = (git describe --always --abbrev=8 --dirty) | Out-String $DATE_TIME = ([datetime]::Now.ToUniversalTime().toString("yyyy-MM-ddTHH:mm:ssZ")) | Out-String @@ -103,43 +90,33 @@ jobs: env: SFTPGO_VERSION: ${{ steps.get_version.outputs.VERSION }} + - name: Sign binaries + uses: azure/trusted-signing-action@v0.5.0 + with: + endpoint: https://eus.codesigning.azure.net/ + trusted-signing-account-name: nicola + certificate-profile-name: SFTPGo + files: ${{ github.workspace }}\sftpgo.exe,${{ github.workspace }}\arm64\sftpgo.exe,${{ github.workspace }}\x86\sftpgo.exe + files-folder-filter: exe,dll + file-digest: SHA256 + timestamp-rfc3161: http://timestamp.acs.microsoft.com + timestamp-digest: SHA256 + exclude-environment-credential: true + exclude-workload-identity-credential: true + exclude-managed-identity-credential: true + exclude-shared-token-cache-credential: true + exclude-visual-studio-credential: true + exclude-visual-studio-code-credential: true + exclude-azure-cli-credential: false + exclude-azure-powershell-credential: true + exclude-azure-developer-cli-credential: true + exclude-interactive-browser-credential: true + - name: Initialize data provider run: ./sftpgo initprovider shell: bash - - name: Prepare Release for macOS - if: startsWith(matrix.os, 'macos-') - run: | - mkdir -p output/{init,sqlite,bash_completion,zsh_completion} - echo "For documentation please take a look here:" > output/README.txt - echo "" >> output/README.txt - echo "https://docs.sftpgo.com" >> output/README.txt - cp LICENSE output/ - cp NOTICE output/ - cp sftpgo output/ - cp sftpgo.json output/ - cp sftpgo.db output/sqlite/ - cp -r static output/ - cp -r openapi output/ - cp -r templates output/ - cp init/com.github.drakkan.sftpgo.plist output/init/ - ./sftpgo gen completion bash > output/bash_completion/sftpgo - ./sftpgo gen completion zsh > output/zsh_completion/_sftpgo - ./sftpgo gen man -d output/man/man1 - gzip output/man/man1/* - cd output - tar cJvf ../sftpgo_${SFTPGO_VERSION}_${OS}_x86_64.tar.xz * - cd .. - cp sftpgo_arm64 output/sftpgo - cd output - tar cJvf ../sftpgo_${SFTPGO_VERSION}_${OS}_arm64.tar.xz * - cd .. - env: - SFTPGO_VERSION: ${{ steps.get_version.outputs.VERSION }} - OS: ${{ steps.get_os_name.outputs.OS }} - - - name: Prepare Release for Windows - if: startsWith(matrix.os, 'windows-') + - name: Prepare Release run: | mkdir output copy .\sftpgo.exe .\output @@ -153,16 +130,7 @@ jobs: xcopy .\static .\output\static\ /E mkdir output\openapi xcopy .\openapi .\output\openapi\ /E - $CERT_PATH=(Get-Location -PSProvider FileSystem).ProviderPath + "\cert.pfx" - [IO.File]::WriteAllBytes($CERT_PATH,[System.Convert]::FromBase64String($Env:CERT_DATA)) - certutil -f -p "$Env:CERT_PASS" -importpfx MY "$CERT_PATH" - rm "$CERT_PATH" - & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.20348.0/x86/signtool.exe' sign /sm /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /n "Nicola Murino" /d "SFTPGo" .\sftpgo.exe - & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.20348.0/x86/signtool.exe' sign /sm /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /n "Nicola Murino" /d "SFTPGo" .\arm64\sftpgo.exe - & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.20348.0/x86/signtool.exe' sign /sm /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /n "Nicola Murino" /d "SFTPGo" .\x86\sftpgo.exe - $INNO_S='/Ssigntool=$qC:/Program Files (x86)/Windows Kits/10/bin/10.0.20348.0/x86/signtool.exe$q sign /sm /tr http://timestamp.sectigo.com /td sha256 /fd sha256 /n $qNicola Murino$q /d $qSFTPGo$q $f' - iscc "$INNO_S" .\windows-installer\sftpgo.iss - + iscc .\windows-installer\sftpgo.iss rm .\output\sftpgo.exe rm .\output\sftpgo.db copy .\arm64\sftpgo.exe .\output @@ -173,20 +141,38 @@ jobs: Remove-Item Env:\SFTPGO_DATA_PROVIDER__DRIVER Remove-Item Env:\SFTPGO_DATA_PROVIDER__NAME $Env:SFTPGO_ISS_ARCH='arm64' - iscc "$INNO_S" .\windows-installer\sftpgo.iss + iscc .\windows-installer\sftpgo.iss rm .\output\sftpgo.exe copy .\x86\sftpgo.exe .\output $Env:SFTPGO_ISS_ARCH='x86' - iscc "$INNO_S" .\windows-installer\sftpgo.iss - certutil -delstore MY "Nicola Murino" + iscc .\windows-installer\sftpgo.iss env: SFTPGO_ISS_VERSION: ${{ steps.get_version.outputs.VERSION }} - CERT_DATA: ${{ secrets.CERT_DATA }} - CERT_PASS: ${{ secrets.CERT_PASS }} - - name: Prepare Portable Release for Windows - if: startsWith(matrix.os, 'windows-') + - name: Sign installers + uses: azure/trusted-signing-action@v0.5.0 + with: + endpoint: https://eus.codesigning.azure.net/ + trusted-signing-account-name: nicola + certificate-profile-name: SFTPGo + files: ${{ github.workspace }}\sftpgo_windows_x86_64.exe,${{ github.workspace }}\sftpgo_windows_arm64.exe,${{ github.workspace }}\sftpgo_windows_x86.exe + files-folder-filter: exe,dll + file-digest: SHA256 + timestamp-rfc3161: http://timestamp.acs.microsoft.com + timestamp-digest: SHA256 + exclude-environment-credential: true + exclude-workload-identity-credential: true + exclude-managed-identity-credential: true + exclude-shared-token-cache-credential: true + exclude-visual-studio-credential: true + exclude-visual-studio-code-credential: true + exclude-azure-cli-credential: false + exclude-azure-powershell-credential: true + exclude-azure-developer-cli-credential: true + exclude-interactive-browser-credential: true + + - name: Prepare Portable Release run: | mkdir win-portable copy .\sftpgo.exe .\win-portable @@ -207,54 +193,103 @@ jobs: xcopy .\openapi .\win-portable\openapi\ /E Compress-Archive .\win-portable\* sftpgo_portable.zip - - name: Upload macOS x86_64 artifact - if: startsWith(matrix.os, 'macos-') - uses: actions/upload-artifact@v4 - with: - name: sftpgo_${{ steps.get_version.outputs.VERSION }}_${{ steps.get_os_name.outputs.OS }}_x86_64.tar.xz - path: ./sftpgo_${{ steps.get_version.outputs.VERSION }}_${{ steps.get_os_name.outputs.OS }}_x86_64.tar.xz - retention-days: 1 - - - name: Upload macOS arm64 artifact - if: startsWith(matrix.os, 'macos-') - uses: actions/upload-artifact@v4 - with: - name: sftpgo_${{ steps.get_version.outputs.VERSION }}_${{ steps.get_os_name.outputs.OS }}_arm64.tar.xz - path: ./sftpgo_${{ steps.get_version.outputs.VERSION }}_${{ steps.get_os_name.outputs.OS }}_arm64.tar.xz - retention-days: 1 - - name: Upload Windows installer x86_64 artifact - if: startsWith(matrix.os, 'windows-') uses: actions/upload-artifact@v4 with: - name: sftpgo_${{ steps.get_version.outputs.VERSION }}_${{ steps.get_os_name.outputs.OS }}_x86_64.exe + name: sftpgo_${{ steps.get_version.outputs.VERSION }}_windows_x86_64.exe path: ./sftpgo_windows_x86_64.exe retention-days: 1 - name: Upload Windows installer arm64 artifact - if: startsWith(matrix.os, 'windows-') uses: actions/upload-artifact@v4 with: - name: sftpgo_${{ steps.get_version.outputs.VERSION }}_${{ steps.get_os_name.outputs.OS }}_arm64.exe + name: sftpgo_${{ steps.get_version.outputs.VERSION }}_windows_arm64.exe path: ./sftpgo_windows_arm64.exe retention-days: 1 - name: Upload Windows installer x86 artifact - if: startsWith(matrix.os, 'windows-') uses: actions/upload-artifact@v4 with: - name: sftpgo_${{ steps.get_version.outputs.VERSION }}_${{ steps.get_os_name.outputs.OS }}_x86.exe + name: sftpgo_${{ steps.get_version.outputs.VERSION }}_windows_x86.exe path: ./sftpgo_windows_x86.exe retention-days: 1 - name: Upload Windows portable artifact - if: startsWith(matrix.os, 'windows-') uses: actions/upload-artifact@v4 with: - name: sftpgo_${{ steps.get_version.outputs.VERSION }}_${{ steps.get_os_name.outputs.OS }}_portable.zip + name: sftpgo_${{ steps.get_version.outputs.VERSION }}_windows_portable.zip path: ./sftpgo_portable.zip retention-days: 1 + prepare-mac: + name: Prepare macOS binaries + runs-on: macos-12 + + steps: + - uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GO_VERSION }} + + - name: Get SFTPGo version + id: get_version + run: echo "VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT + shell: bash + + - name: Build for macOS x86_64 + run: go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=`git describe --always --abbrev=8 --dirty` -X github.com/drakkan/sftpgo/v2/internal/version.date=`date -u +%FT%TZ`" -o sftpgo + + - name: Build for macOS arm64 + run: CGO_ENABLED=1 GOOS=darwin GOARCH=arm64 SDKROOT=$(xcrun --sdk macosx --show-sdk-path) go build -trimpath -tags nopgxregisterdefaulttypes,disable_grpc_modules -ldflags "-s -w -X github.com/drakkan/sftpgo/v2/internal/version.commit=`git describe --always --abbrev=8 --dirty` -X github.com/drakkan/sftpgo/v2/internal/version.date=`date -u +%FT%TZ`" -o sftpgo_arm64 + + - name: Initialize data provider + run: ./sftpgo initprovider + shell: bash + + - name: Prepare Release + run: | + mkdir -p output/{init,sqlite,bash_completion,zsh_completion} + echo "For documentation please take a look here:" > output/README.txt + echo "" >> output/README.txt + echo "https://docs.sftpgo.com" >> output/README.txt + cp LICENSE output/ + cp NOTICE output/ + cp sftpgo output/ + cp sftpgo.json output/ + cp sftpgo.db output/sqlite/ + cp -r static output/ + cp -r openapi output/ + cp -r templates output/ + cp init/com.github.drakkan.sftpgo.plist output/init/ + ./sftpgo gen completion bash > output/bash_completion/sftpgo + ./sftpgo gen completion zsh > output/zsh_completion/_sftpgo + ./sftpgo gen man -d output/man/man1 + gzip output/man/man1/* + cd output + tar cJvf ../sftpgo_${SFTPGO_VERSION}_macOS_x86_64.tar.xz * + cd .. + cp sftpgo_arm64 output/sftpgo + cd output + tar cJvf ../sftpgo_${SFTPGO_VERSION}_macOS_arm64.tar.xz * + cd .. + env: + SFTPGO_VERSION: ${{ steps.get_version.outputs.VERSION }} + + - name: Upload macOS x86_64 artifact + uses: actions/upload-artifact@v4 + with: + name: sftpgo_${{ steps.get_version.outputs.VERSION }}_macOS_x86_64.tar.xz + path: ./sftpgo_${{ steps.get_version.outputs.VERSION }}_macOS_x86_64.tar.xz + retention-days: 1 + + - name: Upload macOS arm64 artifact + uses: actions/upload-artifact@v4 + with: + name: sftpgo_${{ steps.get_version.outputs.VERSION }}_macOS_arm64.tar.xz + path: ./sftpgo_${{ steps.get_version.outputs.VERSION }}_macOS_arm64.tar.xz + retention-days: 1 + prepare-linux: name: Prepare Linux binaries runs-on: ubuntu-latest @@ -479,7 +514,7 @@ jobs: create-release: name: Release - needs: [prepare-linux-bundle, prepare-sources-with-deps, prepare-window-mac] + needs: [prepare-linux-bundle, prepare-sources-with-deps, prepare-mac, prepare-windows] runs-on: ubuntu-latest steps: diff --git a/windows-installer/sftpgo.iss b/windows-installer/sftpgo.iss index d5a733ce..2f960fd2 100644 --- a/windows-installer/sftpgo.iss +++ b/windows-installer/sftpgo.iss @@ -49,14 +49,12 @@ ArchitecturesAllowed={#MyAppArch} MinVersion=10.0.14393 VersionInfoVersion={#MyVersionInfo} VersionInfoCopyright=AGPL-3.0 with additional terms -SignTool=signtool -SignedUninstaller=yes [Languages] Name: "english"; MessagesFile: "compiler:Default.isl" [Files] -Source: "{#MyAppDir}\sftpgo.exe"; DestDir: "{app}"; Flags: ignoreversion signonce +Source: "{#MyAppDir}\sftpgo.exe"; DestDir: "{app}"; Flags: ignoreversion Source: "{#MyAppDir}\sftpgo.db"; DestDir: "{commonappdata}\{#MyAppName}"; Flags: onlyifdoesntexist uninsneveruninstall Source: "{#MyAppDir}\LICENSE.txt"; DestDir: "{app}"; Flags: ignoreversion Source: "{#MyAppDir}\NOTICE.txt"; DestDir: "{app}"; Flags: ignoreversion