Skip to content

Improvements to ssl-keystore parameter #2804

Improvements to ssl-keystore parameter

Improvements to ssl-keystore parameter #2804

name: GLPI Agent Packaging
# Set publish_development_build to "yes" to publish development builds as pre-release
# Set number_of_development_build_to_keep to the number of development build to keep
# Set number_of_nightly_build_to_keep to the number of nightly release to keep
# Set number_of_nightly_build_to_keep to 0 to not publish nightly builds
env:
publish_development_build: no
number_of_development_build_to_keep: 3
number_of_nightly_build_to_keep: 3
macosx_notarize_support: yes
on:
push:
pull_request:
branches:
- develop
schedule:
- cron: '10 1 * * *'
workflow_dispatch:
inputs:
nightly:
description: 'Nightly publishing'
required: true
default: true
type: boolean
jobs:
setup-release:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.set-version.outputs.version }}
upload_url: ${{ steps.create-tagged-release.outputs.upload_url }}
create-release: ${{ steps.set-version.outputs.create-release }}
tag_name: ${{ steps.set-version.outputs.tag_name }}
build: ${{ steps.set-version.outputs.build }}
releaseid: ${{ steps.create-tagged-release.outputs.id }}
user-name: ${{ steps.set-version.outputs.user-name }}
user-email: ${{ steps.set-version.outputs.user-email }}
win32-signing: ${{ steps.set-version.outputs.win32-signing }}
macosx-signing: ${{ steps.set-version.outputs.macosx-signing }}
macosx-notarization: ${{ steps.set-version.outputs.macosx-notarization }}
steps:
- uses: actions/checkout@v4
- name: Set version
id: set-version
run: |
if [ "${{ vars.WIN32_SIGNING }}" == "no" ]; then
echo "win32-signing=no" >>$GITHUB_OUTPUT
elif [ -n "$CODESIGN_COMMAND" ]; then
echo "win32-signing=alt" >>$GITHUB_OUTPUT
elif [ -n "$CST_USERNAME" ]; then
echo "win32-signing=cst" >>$GITHUB_OUTPUT
else
echo "win32-signing=no" >>$GITHUB_OUTPUT
fi
if [ -n "$APPSIGNID" -a -n "$INSTSIGNID" ]; then
echo "macosx-signing=yes" >>$GITHUB_OUTPUT
if [ "${{ env.macosx_notarize_support }}" == "yes" -a "${{ vars.MACOSX_NOTARIZE }}" != "no" ]; then
NOTARIZE="yes"
else
NOTARIZE="no"
fi
else
echo "macosx-signing=no" >>$GITHUB_OUTPUT
NOTARIZE="no"
fi
if [ -z "${GITHUB_REF##*refs/tags/*}" ]; then
# Abort publishing if MACOSX_SIGNING variable was set to "no"
if [ "${{ vars.MACOSX_SIGNING }}" == "no" -a -n "$APPSIGNID" -a -n "$INSTSIGNID" ]; then
echo "MACOSX_SIGNING has been disabled in GH variables. Fix it before publishing." >&2
exit 1
fi
# Abort publishing if MACOSX_NOTARIZE variable was set to "no"
if [ "${{ vars.MACOSX_NOTARIZE }}" == "no" -a "$NOTARIZE" == "yes" ]; then
echo "MACOSX_NOTARIZE has been disabled in GH variables. Fix it before publishing." >&2
exit 1
fi
VERSION="${GITHUB_REF#*refs/tags/}"
echo "New release on $VERSION $tag"
echo "create-release=yes" >>$GITHUB_OUTPUT
echo "build=yes" >>$GITHUB_OUTPUT
echo "tag_name=$VERSION" >>$GITHUB_OUTPUT
else
VERSION=$(perl -Ilib -MGLPI::Agent::Version -e 'print $GLPI::Agent::Version::VERSION')
VERSION=${VERSION%-dev}-git${GITHUB_SHA:0:8}
if [ "${{ github.event_name }}" = "schedule" -o "${{ inputs.nightly }}" = "true" -o "${{ env.publish_development_build }}" = "yes" ]; then
if [ "${{ github.event_name }}" = "schedule" -o "${{ inputs.nightly }}" = "true" ]; then
TYPE=nightly
if [ -z "$PUBLISHING_TOKEN" ]; then
echo "No PUBLISHING_TOKEN defined to publish GLPI-Agent nightly builds"
echo "create-release=no" >>$GITHUB_OUTPUT
echo "build=no" >>$GITHUB_OUTPUT
exit 0
elif gh api /repos/{owner}/glpi-project.github.io/git/refs/tags/glpi-agent-development-$VERSION --silent 2>/dev/null; then
echo "GLPI-Agent v$VERSION still published as development build"
echo "create-release=no" >>$GITHUB_OUTPUT
echo "build=no" >>$GITHUB_OUTPUT
exit 0
fi
else
TYPE=development
fi
SKIP_NIGHTLY="${{ env.number_of_nightly_build_to_keep }} $TYPE"
# For nightly, we also check if we had any commit during the last 24 hours unless it is a manually forced run for which INPUT_NIGHTLY should be set
if [ -z "$INPUT_NIGHTLY" -a "$SKIP_NIGHTLY" = "0 nightly" -o -z "$( git rev-list -n 1 --after="24 hours" ${{ github.sha }} )" ]; then
echo "No nightly release needed"
echo "create-release=no" >>$GITHUB_OUTPUT
echo "build=no" >>$GITHUB_OUTPUT
else
echo "New $TYPE release as $VERSION version"
echo "create-release=${{ env.publish_development_build }}" >>$GITHUB_OUTPUT
echo "build=yes" >>$GITHUB_OUTPUT
echo "tag_name=$TYPE-$VERSION" >>$GITHUB_OUTPUT
fi
else
echo "Just building $VERSION version"
echo "create-release=no" >>$GITHUB_OUTPUT
echo "build=yes" >>$GITHUB_OUTPUT
echo "tag_name=development-$VERSION" >>$GITHUB_OUTPUT
NOTARIZE="no"
fi
fi
echo "version=$VERSION" >>$GITHUB_OUTPUT
case "${VERSION#*-}" in
$VERSION)
echo "revname=v$VERSION" >>$GITHUB_OUTPUT
echo "prerelease=false" >>$GITHUB_OUTPUT
;;
test*)
echo "revname=v${VERSION%-test*} Test release ${VERSION#*-test}" >>$GITHUB_OUTPUT
echo "prerelease=true" >>$GITHUB_OUTPUT
;;
beta*)
echo "revname=v${VERSION%-beta*} Beta release ${VERSION#*-beta}" >>$GITHUB_OUTPUT
echo "prerelease=true" >>$GITHUB_OUTPUT
;;
*)
echo "revname=v$VERSION Development release" >>$GITHUB_OUTPUT
echo "prerelease=true" >>$GITHUB_OUTPUT
;;
esac
# Check if MacOSX packaging notarization is required
echo "macosx-notarization=$NOTARIZE" >>$GITHUB_OUTPUT
# Set user and mail for nightly release
echo "user-name=$(git log --format='%an' HEAD^!)" >>$GITHUB_OUTPUT
echo "user-email=$(git log --format='%ae' HEAD^!)" >>$GITHUB_OUTPUT
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PUBLISHING_TOKEN: ${{ secrets.PUBLISHING_TOKEN }}
CODESIGN_COMMAND: ${{ secrets.CODESIGN_COMMAND }}
CST_USERNAME: ${{ secrets.CST_USERNAME }}
APPSIGNID: ${{ vars.MACOSX_APPSIGNID }}
INSTSIGNID: ${{ vars.MACOSX_INSTSIGNID }}
- name: Generate release description
id: github-release-body
if: ${{ steps.set-version.outputs.create-release == 'yes' }}
run: |
tools/github-release-description.sh --version ${{ steps.set-version.outputs.version }} --tag ${{ steps.set-version.outputs.tag_name }}
shell: bash
- name: Create Tagged Release
id: create-tagged-release
uses: ncipollo/release-action@v1
if: ${{ steps.set-version.outputs.create-release == 'yes' }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
tag: ${{ steps.set-version.outputs.tag_name }}
name: GLPI Agent ${{ steps.set-version.outputs.revname }}
bodyFile: release-description.md
draft: true
prerelease: ${{ steps.set-version.outputs.prerelease }}
windows-packaging:
runs-on: windows-latest
strategy:
matrix:
arch: [ x64 ]
if: ${{ needs.setup-release.outputs.build == 'yes' }}
needs: setup-release
steps:
- uses: actions/checkout@v4
- name: Create folders for cached datas
run: |
mkdir C:\Strawberry-perl-for-GLPI-Agent_build\download
mkdir C:\Strawberry-perl-for-GLPI-Agent_build\restore
shell: cmd
- name: Restore points cache
uses: actions/cache@v4
id: built-perl-cache
with:
path: |
C:/Strawberry-perl-for-GLPI-Agent_build/restore
key: windows-packaging-perl-cache-${{ matrix.arch }}-${{ hashFiles('contrib\windows\glpi-agent-extlibs-build.pl', 'contrib\windows\glpi-agent-packaging.pl', 'contrib\windows\packaging\*') }}
- name: Restore ca.dll points cache
uses: actions/cache@v4
id: built-ca-dll-cache
with:
path: contrib/windows/packaging/tools/ca/ca.dll
key: windows-packaging-ca-dll-cache-${{ matrix.arch }}-${{ hashFiles('contrib\windows\glpi-agent-extlibs-build.pl', 'contrib\windows\packaging\ToolchainBuildJob.pm', 'contrib\windows\packaging\CustomActionDllBuildJob.pm', 'contrib\windows\packaging\tools\ca\Makefile', 'contrib\windows\packaging\tools\ca\dll\*') }}
- name: Restore Toolchain points cache
uses: actions/cache@v4
id: built-extlibs-cache
if: steps.built-perl-cache.outputs.cache-hit != 'true' || steps.built-ca-dll-cache.outputs.cache-hit != 'true'
with:
path: |
C:/Strawberry-perl-for-GLPI-Agent_build/download/winlibs*.zip
C:/Strawberry-perl-for-GLPI-Agent_build/download/extlibs.zip
key: windows-packaging-extlibs-cache-${{ matrix.arch }}-${{ hashFiles('contrib\windows\glpi-agent-extlibs-build.pl', 'contrib\windows\packaging\ToolchainBuildJob.pm', 'contrib\windows\packaging\*.patch') }}
- name: List files in cached paths
if: success() || failure()
run: |
dir C:\Strawberry-perl-for-GLPI-Agent_build\download
dir C:\Strawberry-perl-for-GLPI-Agent_build\restore
dir contrib\windows\packaging\tools\ca
shell: cmd
- name: Restore required perl libraries cache
uses: actions/cache@v4
id: perl-site-cache
with:
path: |
C:\Strawberry\perl\site\lib
C:\Strawberry\perl\site\bin
key: built-perl-windows-packaging-perl-site-cache-${{ matrix.arch }}-${{ hashFiles('contrib\windows\glpi-agent-extlibs-build.pl', 'contrib\windows\glpi-agent-packaging.pl', 'contrib\windows\packaging\*') }}
- name: Update environment
run: |
echo 'C:\Strawberry\perl\bin' >> $GITHUB_PATH
echo 'C:\Strawberry\perl\site\bin' >> $GITHUB_PATH
echo 'C:\Strawberry\c\bin' >> $GITHUB_PATH
shell: bash
- name: Show environment
run: |
echo "PATH=%PATH%"
perl --version
perl -V
shell: cmd
- name: Install Module::Install
if: steps.perl-site-cache.outputs.cache-hit != 'true'
run: cpan -T Module::Install
shell: cmd
- name: Prepare Makefile
run: perl Makefile.PL
shell: cmd
- name: Install latest Perl::Dist::Strawberry from github
if: steps.perl-site-cache.outputs.cache-hit != 'true'
run: |
cpanm --notest --verbose https://github.com/StrawberryPerl/Perl-Dist-Strawberry.git
shell: cmd
- name: Build Extlibs with Perl Toolchain
if: steps.built-perl-cache.outputs.cache-hit != 'true' && steps.built-extlibs-cache.outputs.cache-hit != 'true'
run: |
perl contrib\windows\glpi-agent-extlibs-build.pl --arch ${{ matrix.arch }}
shell: cmd
- name: Build ca.dll with Perl Toolchain
if: steps.built-ca-dll-cache.outputs.cache-hit != 'true'
run: |
perl contrib\windows\glpi-agent-extlibs-build.pl --arch ${{ matrix.arch }} --cadll
shell: cmd
- name: Build package
run: |
perl contrib\windows\glpi-agent-packaging.pl --arch ${{ matrix.arch }}
shell: cmd
- name: MSI Signing (CST)
if: ${{ needs.setup-release.outputs.win32-signing == 'cst' }}
run: |
perl tools\msi-signing.pl "C:\Strawberry-perl-for-GLPI-Agent_build" "GLPI-Agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.msi"
shell: cmd
env:
CST_USERNAME: ${{ secrets.CST_USERNAME }}
CST_PASSWORD: ${{ secrets.CST_PASSWORD }}
CST_SECRET: ${{ secrets.CST_SECRET }}
CST_CREDENTIALID: ${{ secrets.CST_CREDENTIALID }}
- name: MSI Signing (ALT)
if: ${{ needs.setup-release.outputs.win32-signing == 'alt' }}
run: |
cd "C:\\Strawberry-perl-for-GLPI-Agent_build"
umask 0077
mkdir ~/.ssh
echo "$CODESIGN_KNOWNHOST" > ~/.ssh/known_hosts
echo "$CODESIGN_PRIVATE" > private.key
umask 0002
MSI="GLPI-Agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.msi"
cat "output\\$MSI" | $CODESIGN_COMMAND codesign "$MSI" > "$MSI"
rm -f private.key ~/.ssh/known_hosts "output\\$MSI"
mv -vf "$MSI" "output\\$MSI"
shell: bash
env:
CODESIGN_KNOWNHOST: ${{ secrets.CODESIGN_KNOWNHOST }}
CODESIGN_COMMAND: ${{ secrets.CODESIGN_COMMAND }}
CODESIGN_PRIVATE: ${{ secrets.CODESIGN_PRIVATE }}
- name: List generated files
if: success() || failure()
run: |
dir C:\Strawberry-perl-for-GLPI-Agent_build\output
shell: cmd
- name: Upload windows built artifacts
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: Windows-Build-${{ matrix.arch }}
path: C:\Strawberry-perl-for-GLPI-Agent_build\output
- name: Upload debug MSI-Build artifacts
if: failure() #success() || failure() # Only enable on failure or when debugging is required
uses: actions/upload-artifact@v4
with:
name: MSI-Build-Debug-${{ matrix.arch }}
path: C:\Strawberry-perl-for-GLPI-Agent_build\build\msi
- name: VirusTotal Scan
uses: crazy-max/ghaction-virustotal@v4
if: ${{ needs.setup-release.outputs.create-release == 'yes' || startsWith(needs.setup-release.outputs.tag_name, 'nightly') }}
with:
vt_api_key: ${{ secrets.VT_API_KEY }}
files: |
C:\Strawberry-perl-for-GLPI-Agent_build\output\GLPI-Agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.msi
C:\Strawberry-perl-for-GLPI-Agent_build\output\glpi-agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.zip
- name: VirusTotal Report Analysis
if: ${{ vars.VT_SKIP_REPORT_ANALYSIS != 'yes' && ( needs.setup-release.outputs.create-release == 'yes' || startsWith(needs.setup-release.outputs.tag_name, 'nightly') ) }}
run: |
perl tools\virustotal-report-analysis.pl --path C:\Strawberry-perl-for-GLPI-Agent_build\output GLPI-Agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.msi glpi-agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.zip
shell: cmd
env:
VT_API_KEY: ${{ secrets.VT_API_KEY }}
- name: Upload VirusTotal Report
if: ${{ vars.VT_SKIP_REPORT_ANALYSIS != 'yes' && ( needs.setup-release.outputs.create-release == 'yes' || startsWith(needs.setup-release.outputs.tag_name, 'nightly') ) }}
uses: actions/upload-artifact@v4
with:
name: VirusTotal-Report-${{ matrix.arch }}
path: C:\Strawberry-perl-for-GLPI-Agent_build\output\*.json
- name: Upload Portable Archive Asset
id: upload-portable-archive-asset
if: ${{ needs.setup-release.outputs.create-release == 'yes' }}
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup-release.outputs.upload_url }}
asset_path: C:\Strawberry-perl-for-GLPI-Agent_build\output\GLPI-Agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.zip
asset_name: GLPI-Agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.zip
asset_content_type: application/zip
- name: Upload MSI Installer Asset
id: upload-msi-asset
if: ${{ needs.setup-release.outputs.create-release == 'yes' }}
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup-release.outputs.upload_url }}
asset_path: C:\Strawberry-perl-for-GLPI-Agent_build\output\GLPI-Agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.msi
asset_name: GLPI-Agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.msi
asset_content_type: application/x-msi
macosx-packaging:
runs-on: ${{ matrix.os }}
strategy:
matrix:
include:
- os: macos-latest
arch: x86_64
- os: macos-latest
arch: arm64
if: ${{ needs.setup-release.outputs.build == 'yes' }}
needs: setup-release
steps:
- uses: actions/checkout@v4
- name: Restore points cache
uses: actions/cache@v4
with:
path: |
contrib/macosx/*.gz
contrib/macosx/*.sha1
contrib/macosx/*.sha1.txt
contrib/macosx/munkipkg
contrib/macosx/build/perl*
contrib/macosx/build/openssl*
contrib/macosx/build/zlib*
contrib/macosx/build/Applications
key: macosx-packaging-restore-points-${{ matrix.os }}-${{ matrix.arch }}-${{ hashFiles('contrib/macosx/glpi-agent-packaging.sh') }}
- name: Import Application Signing Cert
id: application-signing-cert
uses: slidoapp/import-codesign-certs@1923310662e8682dd05b76b612b53301f431cd5d
if: ${{ needs.setup-release.outputs.macosx-signing == 'yes' && vars.MACOSX_SIGNING != 'no' }}
with:
p12-file-base64: ${{ secrets.MACOSX_APPLICATION_P12 }}
p12-password: ${{ secrets.MACOSX_P12_PASSWORD }}
- name: Import Installer Signing Cert
id: installer-signing-cert
uses: slidoapp/import-codesign-certs@1923310662e8682dd05b76b612b53301f431cd5d
if: ${{ needs.setup-release.outputs.macosx-signing == 'yes' && vars.MACOSX_SIGNING != 'no' }}
with:
p12-file-base64: ${{ secrets.MACOSX_INSTALLER_P12 }}
p12-password: ${{ secrets.MACOSX_P12_PASSWORD }}
create-keychain: false
keychain-password: ${{ steps.application-signing-cert.outputs.keychain-password }}
- name: Build package
run: |
# Handle repository variables to eventually disable code signing and notarization
if [ -n "${{ vars.MACOSX_SIGNING }}" -o -n "${{ vars.MACOSX_NOTARIZE }}" ]; then
echo "GH Variables:"
if [ -n "${{ vars.MACOSX_SIGNING }}" ]; then
echo " - MACOSX_SIGNING : ${{ vars.MACOSX_SIGNING }}"
if [ "${{ vars.MACOSX_SIGNING }}" == "no" ]; then
MACOSX_NOTARIZE="no"
unset APPSIGNID INSTSIGNID
fi
fi
if [ -n "${{ vars.MACOSX_NOTARIZE }}" ]; then
echo " - MACOSX_NOTARIZE: ${{ vars.MACOSX_NOTARIZE }}"
if [ "${{ vars.MACOSX_NOTARIZE }}" == "no" ]; then
MACOSX_NOTARIZE="no"
unset NOTARIZE_USER NOTARIZE_PASSWORD NOTARIZE_TEAMID
fi
fi
fi
./contrib/macosx/glpi-agent-packaging.sh --arch ${{ matrix.arch }} --notarize $MACOSX_NOTARIZE
env:
APPSIGNID: ${{ vars.MACOSX_APPSIGNID }}
INSTSIGNID: ${{ vars.MACOSX_INSTSIGNID }}
NOTARIZE_USER: ${{ secrets.MACOSX_NOTARIZE_USER }}
NOTARIZE_PASSWORD: ${{ secrets.MACOSX_NOTARIZE_PASSWORD }}
NOTARIZE_TEAMID: ${{ vars.MACOSX_NOTARIZE_TEAMID }}
MACOSX_NOTARIZE: ${{ needs.setup-release.outputs.macosx-notarization }}
shell: bash
- name: List generated files
if: success() || failure()
run: |
ls contrib/macosx/build
shell: bash
- name: Upload MacOSX built artifacts
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: MacOSX-Build-${{ matrix.arch }}
path: |
contrib/macosx/build/*.pkg
contrib/macosx/build/*.dmg
- name: Upload MacOSX Perl building debug artifacts
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: MacOSX-Perl-Config-${{ matrix.arch }}
path: |
contrib/macosx/build/perl-*/config.h
contrib/macosx/build/perl-*/config.sh
contrib/macosx/build/perl-*/cflags
contrib/macosx/build/perl-*/myconfig
contrib/macosx/build/perl-*/Makefile
contrib/macosx/build/perl-*/Policy.sh
contrib/macosx/build/perl-*/hints/darwin.sh
- name: Upload MacOSX PKG installer
id: upload-macosx-pkg-asset
if: ${{ needs.setup-release.outputs.create-release == 'yes' }}
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup-release.outputs.upload_url }}
asset_path: contrib/macosx/build/GLPI-Agent-${{ needs.setup-release.outputs.version }}_${{ matrix.arch }}.pkg
asset_name: GLPI-Agent-${{ needs.setup-release.outputs.version }}_${{ matrix.arch }}.pkg
asset_content_type: application/octet-stream
- name: Upload MacOSX DMG installer image
id: upload-macosx-dmg-asset
if: ${{ needs.setup-release.outputs.create-release == 'yes' }}
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup-release.outputs.upload_url }}
asset_path: contrib/macosx/build/GLPI-Agent-${{ needs.setup-release.outputs.version }}_${{ matrix.arch }}.dmg
asset_name: GLPI-Agent-${{ needs.setup-release.outputs.version }}_${{ matrix.arch }}.dmg
asset_content_type: application/octet-stream
linux-snap-packaging:
runs-on: ubuntu-latest
if: ${{ needs.setup-release.outputs.build == 'yes' }}
needs: setup-release
steps:
- uses: actions/checkout@v4
- uses: snapcore/action-build@v1
id: snapcraft
env:
TERM: ${{ env.TERM }}:${{ needs.setup-release.outputs.version }}
- name: Upload Snap built artifacts
uses: actions/upload-artifact@v4
with:
name: Snap-Build
path: ${{ steps.snapcraft.outputs.snap }}
- name: Upload Snap Package
id: upload-linux-snap-asset
if: ${{ needs.setup-release.outputs.create-release == 'yes' }}
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.setup-release.outputs.upload_url }}
asset_path: ${{ steps.snapcraft.outputs.snap }}
asset_name: ${{ steps.snapcraft.outputs.snap }}
asset_content_type: application/octet-stream
linux-debian-packaging:
runs-on: ubuntu-latest
if: ${{ needs.setup-release.outputs.build == 'yes' }}
needs: setup-release
steps:
- uses: actions/checkout@v4
- name: Install build dependencies packages
run: |
sudo rm /etc/apt/sources.list.d/microsoft-prod.list
sudo apt update
sudo apt -y install dpkg-dev debhelper libmodule-install-perl \
libclone-perl libdigest-sha-perl libfile-copy-recursive-perl \
libfile-which-perl libhttp-cookies-perl libhttp-daemon-perl \
libhttp-proxy-perl libhttp-server-simple-perl libdatetime-perl \
libhttp-server-simple-authen-perl libio-capture-perl \
libipc-run-perl libjson-pp-perl libnet-ip-perl \
libnet-snmp-perl libio-socket-ssl-perl libparse-edid-perl \
libproc-daemon-perl libparallel-forkmanager-perl \
libtest-compile-perl libtest-deep-perl libtest-nowarnings-perl \
libtest-exception-perl libtest-mockmodule-perl \
libtest-mockobject-perl libtext-template-perl \
libsocket-getaddrinfo-perl libuniversal-require-perl liburi-perl \
libwww-perl libxml-libxml-perl libyaml-perl \
libossp-uuid-perl libcpanel-json-xs-perl devscripts
shell: bash
- name: Build debian packages
id: debbuild
run: |
echo "debpath=$(dirname $PWD)" >>$GITHUB_OUTPUT
# make -gitXXXXXXXX release when not tagged
if [ -z "${VERSION##*-*}" ]; then
tools/make-release.sh --no-git $VERSION
fi
dpkg-buildpackage -d -b --no-sign
shell: bash
env:
VERSION: ${{ needs.setup-release.outputs.version }}
- name: Run lintian
run: |
sudo apt -y install lintian
lintian --profile debian --show-overrides -L ">=pedantic"
shell: bash
- name: Upload built deb artifacts
uses: actions/upload-artifact@v4
with:
name: Debian-Build
path: |
${{ steps.debbuild.outputs.debpath }}/*.deb
${{ steps.debbuild.outputs.debpath }}/*.buildinfo
${{ steps.debbuild.outputs.debpath }}/*.changes
- name: Upload Deb Packages
id: upload-linux-deb-asset
if: ${{ needs.setup-release.outputs.create-release == 'yes' }}
run: |
gh release upload ${{ needs.setup-release.outputs.tag_name }} ../*.deb
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
linux-rpm-packaging:
runs-on: ubuntu-latest
if: ${{ needs.setup-release.outputs.build == 'yes' }}
needs: setup-release
steps:
- uses: actions/checkout@v4
- name: Install build dependencies packages
run: |
sudo rm /etc/apt/sources.list.d/microsoft-prod.list
sudo apt update
sudo apt -y install rpm devscripts \
libfile-which-perl libuniversal-require-perl libmodule-install-perl
shell: bash
- name: Build rpm packages
id: rpmbuild
run: |
contrib/unix/glpi-agent-rpm-build.sh --nodeps
shell: bash
- name: Test rpm local install & uninstall
run: |
sudo rpm -ivh --nodeps ${{ steps.rpmbuild.outputs.glpi-agent-rpm }} \
${{ steps.rpmbuild.outputs.glpi-agent-task-network-rpm }} \
${{ steps.rpmbuild.outputs.glpi-agent-task-collect-rpm }} \
${{ steps.rpmbuild.outputs.glpi-agent-task-deploy-rpm }} \
${{ steps.rpmbuild.outputs.glpi-agent-task-wakeonlan-rpm }} \
${{ steps.rpmbuild.outputs.glpi-agent-task-esx-rpm }} \
${{ steps.rpmbuild.outputs.glpi-agent-cron-rpm }}
sudo rpm -e glpi-agent glpi-agent-task-network glpi-agent-task-collect \
glpi-agent-task-deploy glpi-agent-task-wakeonlan \
glpi-agent-task-esx glpi-agent-cron
shell: bash
- name: Upload built rpm artifacts
uses: actions/upload-artifact@v4
with:
name: RPM-Build
path: |
${{ steps.rpmbuild.outputs.rpmdir }}/noarch/*.rpm
- name: Upload rpm sources artifacts
uses: actions/upload-artifact@v4
with:
name: RPM-Sources
path: |
${{ steps.rpmbuild.outputs.srpmdir }}/*.rpm
${{ steps.rpmbuild.outputs.srcdir }}/glpi-agent-*.tar.gz
- name: Upload RPM Packages
id: upload-linux-rpm-asset
if: ${{ needs.setup-release.outputs.create-release == 'yes' }}
run: |
RPMDIR=`rpm --eval "%{_rpmdir}"`
gh release upload ${{ needs.setup-release.outputs.tag_name }} $RPMDIR/*/*.rpm
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
linux-installer:
runs-on: ubuntu-latest
if: ${{ needs.setup-release.outputs.build == 'yes' }}
needs: [ setup-release, linux-snap-packaging, linux-debian-packaging, linux-rpm-packaging ]
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: RPM-Build
- uses: actions/download-artifact@v4
with:
name: Debian-Build
- uses: actions/download-artifact@v4
with:
name: Snap-Build
- name: Build installer
id: installer-build
run: |
contrib/unix/make-linux-installer.sh --version $VERSION --rpm *.rpm \
contrib/unix/glpi-agent.init.redhat \
--deb *.deb --snap *.snap
mv glpi-agent-$VERSION-linux-installer.pl glpi-agent-$VERSION-with-snap-linux-installer.pl
contrib/unix/make-linux-installer.sh --version $VERSION --rpm *.rpm \
contrib/unix/glpi-agent.init.redhat \
--deb *.deb
ls -l
sha1sum *.rpm *.deb *.snap *.pl
sha256sum *.rpm *.deb *.snap *.pl
shell: bash
env:
VERSION: ${{ needs.setup-release.outputs.version }}
- name: Upload built installer artifacts
uses: actions/upload-artifact@v4
with:
name: Linux-Installer-Build
path: |
glpi-agent-*-linux-installer.pl
- name: Upload linux installers
id: upload-linux-installer-assets
if: ${{ needs.setup-release.outputs.create-release == 'yes' }}
run: |
gh release upload ${{ needs.setup-release.outputs.tag_name }} glpi-agent-*-linux-installer.pl
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
linux-appimage:
runs-on: ubuntu-latest
if: ${{ needs.setup-release.outputs.build == 'yes' }}
needs: [ setup-release, linux-debian-packaging ]
steps:
- uses: actions/checkout@v4
- name: Install build dependencies packages
run: |
sudo rm /etc/apt/sources.list.d/microsoft-prod.list
sudo apt update
sudo apt -y install pipx zsync
shell: bash
# We use AppImage Builder development version as 1.1 is failing
- name: Install AppImage Builder development version
id: install-appimage-builder
run: |
if command -v pipx >/dev/null; then
echo ~/.local/bin >> $GITHUB_PATH
pipx install git+https://github.com/AppImageCrafters/appimage-builder.git
else
pip3 install git+https://github.com/AppImageCrafters/appimage-builder.git
fi
shell: bash
- uses: actions/download-artifact@v4
with:
name: Debian-Build
- name: Make AppImage
id: make-appimage
run: |
contrib/unix/make-linux-appimage.sh --version $VERSION
shell: bash
env:
VERSION: ${{ needs.setup-release.outputs.version }}
- name: Quick tests
run: |
echo ====
echo Install libfuse2 as required by AppImage
sudo apt update
sudo apt -y install libfuse2
echo ====
echo Installer version:
./glpi-agent-$VERSION-x86_64.AppImage --version
echo ====
echo Embedded perl version:
./glpi-agent-$VERSION-x86_64.AppImage --perl --version
echo ====
echo Embedded GLPI Agent version:
./glpi-agent-$VERSION-x86_64.AppImage --script=glpi-agent --version
echo ====
env:
VERSION: ${{ needs.setup-release.outputs.version }}
- name: Upload built installer artifacts
uses: actions/upload-artifact@v4
with:
name: Linux-AppImage-Build
path: |
*.AppImage
*.AppImage.zsync
- name: Upload linux AppImage
id: upload-linux-appimage-assets
if: ${{ needs.setup-release.outputs.create-release == 'yes' }}
run: |
unset FILES
for file in *.AppImage{,.zsync}
do
[ -e "$file" ] && FILES="$FILES $file"
done
gh release upload ${{ needs.setup-release.outputs.tag_name }} $FILES
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
sources:
runs-on: ubuntu-latest
if: ${{ needs.setup-release.outputs.build == 'yes' }}
needs: setup-release
steps:
- uses: actions/checkout@v4
- name: Install build dependencies packages
run: |
sudo rm /etc/apt/sources.list.d/microsoft-prod.list
sudo apt update
sudo apt -y install libmodule-install-perl libuniversal-require-perl \
libwww-perl libdigest-sha-perl
shell: bash
- name: Build sources archive
id: srcbuild
run: |
# make -gitXXXXXXXX release when not tagged
if [ -z "${VERSION##*-*}" ]; then
tools/make-release.sh --no-git --no-deb-changelog $VERSION
fi
perl Makefile.PL
make manifest
make
make dist DISTVNAME=GLPI-Agent-$VERSION
shell: bash
env:
VERSION: ${{ needs.setup-release.outputs.version }}
- name: Upload built archive artifacts
uses: actions/upload-artifact@v4
with:
name: Sources
path: |
GLPI-Agent-*.tar.gz
- name: Upload Sources Archive
id: upload-sources-asset
if: ${{ needs.setup-release.outputs.create-release == 'yes' }}
run: |
gh release upload ${{ needs.setup-release.outputs.tag_name }} GLPI-Agent-*.tar.gz
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
publish-release:
runs-on: ubuntu-latest
if: ${{ needs.setup-release.outputs.create-release == 'yes' }}
needs: [ setup-release, windows-packaging, macosx-packaging, linux-snap-packaging, linux-debian-packaging, linux-rpm-packaging, linux-installer, sources ]
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: Linux-Installer-Build
- uses: actions/download-artifact@v4
with:
name: RPM-Build
- uses: actions/download-artifact@v4
with:
name: Debian-Build
- uses: actions/download-artifact@v4
with:
name: Snap-Build
- uses: actions/download-artifact@v4
with:
name: Linux-AppImage-Build
- uses: actions/download-artifact@v4
with:
pattern: MacOSX-Build-*
merge-multiple: true
- uses: actions/download-artifact@v4
with:
pattern: Windows-Build-*
merge-multiple: true
- uses: actions/download-artifact@v4
with:
name: Sources
- name: Generate and upload sha256 file
id: upload-sha256-asset
run: |
# Clean up not published files from Debian-Build
rm -f *.buildinfo *.changes
sha256sum *$VERSION* > glpi-agent-$VERSION.sha256
gh release upload ${{ needs.setup-release.outputs.tag_name }} glpi-agent-$VERSION.sha256
shell: bash
env:
VERSION: ${{ needs.setup-release.outputs.version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Publish release
id: publish-release
run: |
gh api /repos/{owner}/{repo}/releases/${{ needs.setup-release.outputs.releaseid }} \
--method PATCH --field draft=false --jq '{id: .id, name: .name, tag_name: .tag_name, target_commitish: .target_commitish, draft: .draft, prerelease: .prerelease, body: .body}'
# Only keep a given number of development or nightly releases
case "${{ needs.setup-release.outputs.tag_name }}" in
development-release-*)
let COUNT=${{ env.number_of_development_build_to_keep }}
TYPE=development
;;
nightly-release-*)
let COUNT=${{ env.number_of_nightly_build_to_keep }}
TYPE=nightly
;;
*)
exit 0
;;
esac
gh api /repos/{owner}/{repo}/releases --jq '.[].id' | \
while read id
do
set x $(gh api /repos/{owner}/{repo}/releases/$id --jq '.draft,.tag_name,.name')
shift
DRAFT="$1"
shift
TAG="$1"
[ -n "$TAG" -a -z "${TAG%$TYPE-release*}" ] || continue
shift
if (( COUNT-- > 0 )); then
echo "Keeping $* $TYPE release ($TAG)"
else
echo "Removing $* $TYPE release ($TAG)"
gh api /repos/{owner}/{repo}/releases/$id --method DELETE
if [ "$DRAFT" != "true" ]; then
echo "Removing $TAG tag"
gh api /repos/{owner}/{repo}/git/refs/tags/$TAG --method DELETE
fi
fi
done
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
publish-nightly:
runs-on: ubuntu-latest
#if: ${{ needs.setup-release.outputs.create-release == 'no' && needs.setup-release.outputs.build == 'yes' }}
if: ${{ needs.setup-release.outputs.create-release == 'no' && needs.setup-release.outputs.build == 'yes' && startsWith(needs.setup-release.outputs.tag_name, 'nightly') }}
needs: [ setup-release, windows-packaging, macosx-packaging, linux-snap-packaging, linux-debian-packaging, linux-rpm-packaging, linux-installer, sources ]
steps:
- uses: actions/checkout@v4
with:
repository: ${{ github.repository_owner }}/glpi-project.github.io
token: ${{ secrets.PUBLISHING_TOKEN }}
fetch-depth: 0
- uses: actions/download-artifact@v4
with:
name: Linux-Installer-Build
path: glpi-agent
- uses: actions/download-artifact@v4
with:
name: RPM-Build
path: glpi-agent
- uses: actions/download-artifact@v4
with:
name: Debian-Build
path: glpi-agent
- uses: actions/download-artifact@v4
with:
name: Snap-Build
path: glpi-agent
- uses: actions/download-artifact@v4
with:
name: Linux-AppImage-Build
path: glpi-agent
- uses: actions/download-artifact@v4
with:
pattern: MacOSX-Build-*
path: glpi-agent
merge-multiple: true
- uses: actions/download-artifact@v4
with:
pattern: Windows-Build-*
path: glpi-agent
merge-multiple: true
- uses: actions/download-artifact@v4
with:
name: Sources
path: glpi-agent
- name: Cleanup nightly
run: |
# Clean up Debian-Build
rm -f glpi-agent/*.buildinfo glpi-agent/*.changes
# Clean up Windows-Build
rm -f glpi-agent/*_debug_dir.zip
ls -lt glpi-agent
shell: bash
- name: Publish nightly
id: publish-nightly
run: |
# Only keep a given number of nightly releases
TAGNAME="${{ needs.setup-release.outputs.tag_name }}"
[ -z "$TAGNAME" ] && TAGNAME="development-${{ needs.setup-release.outputs.version }}"
case "$TAGNAME" in
development-*)
let COUNT=${{ env.number_of_development_build_to_keep }}
;;
nightly-*)
let COUNT=${{ env.number_of_nightly_build_to_keep }}
;;
*)
let COUNT=1
;;
esac
# Get script to prepare page
curl -L -s -o github-nightly-description.sh https://github.com/glpi-project/glpi-agent/raw/develop/tools/github-nightly-description.sh
chmod +x github-nightly-description.sh
cd glpi-agent
echo "Generating glpi-agent ${{ needs.setup-release.outputs.version }} packages sha256 file"
sha256sum *${{ needs.setup-release.outputs.version }}* > glpi-agent-${{ needs.setup-release.outputs.version }}.sha256
cd ..
./github-nightly-description.sh --header --version ${{ needs.setup-release.outputs.version }} >glpi-agent/index.md.new
git config --local user.email "${{ needs.setup-release.outputs.user-email }}"
git config --local user.name "${{ needs.setup-release.outputs.user-name }}"
egrep '^# ' glpi-agent/index.md | \
while read dash agent version x
do
VERSION="${version#v}"
if (( --COUNT > 0 )); then
echo "Keeping glpi-agent $VERSION build"
if [ ! -e glpi-agent/glpi-agent-$VERSION.sha256 ]; then
cd glpi-agent
echo "Generating glpi-agent $VERSION packages sha256 file"
sha256sum *$VERSION* > glpi-agent-$VERSION.sha256
cd ..
fi
read date time tz <<<$(git log -n1 --pretty=%ci -- glpi-agent/glpi-agent_${VERSION}_all.deb)
./github-nightly-description.sh --version $VERSION --date "$date $time UTC" >>glpi-agent/index.md.new
else
echo "Removing glpi-agent $VERSION build"
git filter-branch --prune-empty -f --index-filter "git rm --cached --ignore-unmatch *$VERSION*" HEAD
fi
done
mv -vf glpi-agent/index.md.new glpi-agent/index.md
rm -f github-nightly-description.sh
echo "Repository status:"
git status
ls -lt glpi-agent
# Prepare commit
echo "Adding GLPI-Agent ${{ needs.setup-release.outputs.version }} build"
git add glpi-agent/*
git commit -m "Add GLPI-Agent ${{ needs.setup-release.outputs.version }} build"
# Force commit
git push --force
git status
shell: bash
env:
FILTER_BRANCH_SQUELCH_WARNING: 1