Improvements to ssl-keystore parameter #2804
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: GLPI Agent Packaging | |
# Set publish_development_build to "yes" to publish development builds as pre-release | |
# Set number_of_development_build_to_keep to the number of development build to keep | |
# Set number_of_nightly_build_to_keep to the number of nightly release to keep | |
# Set number_of_nightly_build_to_keep to 0 to not publish nightly builds | |
env: | |
publish_development_build: no | |
number_of_development_build_to_keep: 3 | |
number_of_nightly_build_to_keep: 3 | |
macosx_notarize_support: yes | |
on: | |
push: | |
pull_request: | |
branches: | |
- develop | |
schedule: | |
- cron: '10 1 * * *' | |
workflow_dispatch: | |
inputs: | |
nightly: | |
description: 'Nightly publishing' | |
required: true | |
default: true | |
type: boolean | |
jobs: | |
setup-release: | |
runs-on: ubuntu-latest | |
outputs: | |
version: ${{ steps.set-version.outputs.version }} | |
upload_url: ${{ steps.create-tagged-release.outputs.upload_url }} | |
create-release: ${{ steps.set-version.outputs.create-release }} | |
tag_name: ${{ steps.set-version.outputs.tag_name }} | |
build: ${{ steps.set-version.outputs.build }} | |
releaseid: ${{ steps.create-tagged-release.outputs.id }} | |
user-name: ${{ steps.set-version.outputs.user-name }} | |
user-email: ${{ steps.set-version.outputs.user-email }} | |
win32-signing: ${{ steps.set-version.outputs.win32-signing }} | |
macosx-signing: ${{ steps.set-version.outputs.macosx-signing }} | |
macosx-notarization: ${{ steps.set-version.outputs.macosx-notarization }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set version | |
id: set-version | |
run: | | |
if [ "${{ vars.WIN32_SIGNING }}" == "no" ]; then | |
echo "win32-signing=no" >>$GITHUB_OUTPUT | |
elif [ -n "$CODESIGN_COMMAND" ]; then | |
echo "win32-signing=alt" >>$GITHUB_OUTPUT | |
elif [ -n "$CST_USERNAME" ]; then | |
echo "win32-signing=cst" >>$GITHUB_OUTPUT | |
else | |
echo "win32-signing=no" >>$GITHUB_OUTPUT | |
fi | |
if [ -n "$APPSIGNID" -a -n "$INSTSIGNID" ]; then | |
echo "macosx-signing=yes" >>$GITHUB_OUTPUT | |
if [ "${{ env.macosx_notarize_support }}" == "yes" -a "${{ vars.MACOSX_NOTARIZE }}" != "no" ]; then | |
NOTARIZE="yes" | |
else | |
NOTARIZE="no" | |
fi | |
else | |
echo "macosx-signing=no" >>$GITHUB_OUTPUT | |
NOTARIZE="no" | |
fi | |
if [ -z "${GITHUB_REF##*refs/tags/*}" ]; then | |
# Abort publishing if MACOSX_SIGNING variable was set to "no" | |
if [ "${{ vars.MACOSX_SIGNING }}" == "no" -a -n "$APPSIGNID" -a -n "$INSTSIGNID" ]; then | |
echo "MACOSX_SIGNING has been disabled in GH variables. Fix it before publishing." >&2 | |
exit 1 | |
fi | |
# Abort publishing if MACOSX_NOTARIZE variable was set to "no" | |
if [ "${{ vars.MACOSX_NOTARIZE }}" == "no" -a "$NOTARIZE" == "yes" ]; then | |
echo "MACOSX_NOTARIZE has been disabled in GH variables. Fix it before publishing." >&2 | |
exit 1 | |
fi | |
VERSION="${GITHUB_REF#*refs/tags/}" | |
echo "New release on $VERSION $tag" | |
echo "create-release=yes" >>$GITHUB_OUTPUT | |
echo "build=yes" >>$GITHUB_OUTPUT | |
echo "tag_name=$VERSION" >>$GITHUB_OUTPUT | |
else | |
VERSION=$(perl -Ilib -MGLPI::Agent::Version -e 'print $GLPI::Agent::Version::VERSION') | |
VERSION=${VERSION%-dev}-git${GITHUB_SHA:0:8} | |
if [ "${{ github.event_name }}" = "schedule" -o "${{ inputs.nightly }}" = "true" -o "${{ env.publish_development_build }}" = "yes" ]; then | |
if [ "${{ github.event_name }}" = "schedule" -o "${{ inputs.nightly }}" = "true" ]; then | |
TYPE=nightly | |
if [ -z "$PUBLISHING_TOKEN" ]; then | |
echo "No PUBLISHING_TOKEN defined to publish GLPI-Agent nightly builds" | |
echo "create-release=no" >>$GITHUB_OUTPUT | |
echo "build=no" >>$GITHUB_OUTPUT | |
exit 0 | |
elif gh api /repos/{owner}/glpi-project.github.io/git/refs/tags/glpi-agent-development-$VERSION --silent 2>/dev/null; then | |
echo "GLPI-Agent v$VERSION still published as development build" | |
echo "create-release=no" >>$GITHUB_OUTPUT | |
echo "build=no" >>$GITHUB_OUTPUT | |
exit 0 | |
fi | |
else | |
TYPE=development | |
fi | |
SKIP_NIGHTLY="${{ env.number_of_nightly_build_to_keep }} $TYPE" | |
# For nightly, we also check if we had any commit during the last 24 hours unless it is a manually forced run for which INPUT_NIGHTLY should be set | |
if [ -z "$INPUT_NIGHTLY" -a "$SKIP_NIGHTLY" = "0 nightly" -o -z "$( git rev-list -n 1 --after="24 hours" ${{ github.sha }} )" ]; then | |
echo "No nightly release needed" | |
echo "create-release=no" >>$GITHUB_OUTPUT | |
echo "build=no" >>$GITHUB_OUTPUT | |
else | |
echo "New $TYPE release as $VERSION version" | |
echo "create-release=${{ env.publish_development_build }}" >>$GITHUB_OUTPUT | |
echo "build=yes" >>$GITHUB_OUTPUT | |
echo "tag_name=$TYPE-$VERSION" >>$GITHUB_OUTPUT | |
fi | |
else | |
echo "Just building $VERSION version" | |
echo "create-release=no" >>$GITHUB_OUTPUT | |
echo "build=yes" >>$GITHUB_OUTPUT | |
echo "tag_name=development-$VERSION" >>$GITHUB_OUTPUT | |
NOTARIZE="no" | |
fi | |
fi | |
echo "version=$VERSION" >>$GITHUB_OUTPUT | |
case "${VERSION#*-}" in | |
$VERSION) | |
echo "revname=v$VERSION" >>$GITHUB_OUTPUT | |
echo "prerelease=false" >>$GITHUB_OUTPUT | |
;; | |
test*) | |
echo "revname=v${VERSION%-test*} Test release ${VERSION#*-test}" >>$GITHUB_OUTPUT | |
echo "prerelease=true" >>$GITHUB_OUTPUT | |
;; | |
beta*) | |
echo "revname=v${VERSION%-beta*} Beta release ${VERSION#*-beta}" >>$GITHUB_OUTPUT | |
echo "prerelease=true" >>$GITHUB_OUTPUT | |
;; | |
*) | |
echo "revname=v$VERSION Development release" >>$GITHUB_OUTPUT | |
echo "prerelease=true" >>$GITHUB_OUTPUT | |
;; | |
esac | |
# Check if MacOSX packaging notarization is required | |
echo "macosx-notarization=$NOTARIZE" >>$GITHUB_OUTPUT | |
# Set user and mail for nightly release | |
echo "user-name=$(git log --format='%an' HEAD^!)" >>$GITHUB_OUTPUT | |
echo "user-email=$(git log --format='%ae' HEAD^!)" >>$GITHUB_OUTPUT | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
PUBLISHING_TOKEN: ${{ secrets.PUBLISHING_TOKEN }} | |
CODESIGN_COMMAND: ${{ secrets.CODESIGN_COMMAND }} | |
CST_USERNAME: ${{ secrets.CST_USERNAME }} | |
APPSIGNID: ${{ vars.MACOSX_APPSIGNID }} | |
INSTSIGNID: ${{ vars.MACOSX_INSTSIGNID }} | |
- name: Generate release description | |
id: github-release-body | |
if: ${{ steps.set-version.outputs.create-release == 'yes' }} | |
run: | | |
tools/github-release-description.sh --version ${{ steps.set-version.outputs.version }} --tag ${{ steps.set-version.outputs.tag_name }} | |
shell: bash | |
- name: Create Tagged Release | |
id: create-tagged-release | |
uses: ncipollo/release-action@v1 | |
if: ${{ steps.set-version.outputs.create-release == 'yes' }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
with: | |
tag: ${{ steps.set-version.outputs.tag_name }} | |
name: GLPI Agent ${{ steps.set-version.outputs.revname }} | |
bodyFile: release-description.md | |
draft: true | |
prerelease: ${{ steps.set-version.outputs.prerelease }} | |
windows-packaging: | |
runs-on: windows-latest | |
strategy: | |
matrix: | |
arch: [ x64 ] | |
if: ${{ needs.setup-release.outputs.build == 'yes' }} | |
needs: setup-release | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Create folders for cached datas | |
run: | | |
mkdir C:\Strawberry-perl-for-GLPI-Agent_build\download | |
mkdir C:\Strawberry-perl-for-GLPI-Agent_build\restore | |
shell: cmd | |
- name: Restore points cache | |
uses: actions/cache@v4 | |
id: built-perl-cache | |
with: | |
path: | | |
C:/Strawberry-perl-for-GLPI-Agent_build/restore | |
key: windows-packaging-perl-cache-${{ matrix.arch }}-${{ hashFiles('contrib\windows\glpi-agent-extlibs-build.pl', 'contrib\windows\glpi-agent-packaging.pl', 'contrib\windows\packaging\*') }} | |
- name: Restore ca.dll points cache | |
uses: actions/cache@v4 | |
id: built-ca-dll-cache | |
with: | |
path: contrib/windows/packaging/tools/ca/ca.dll | |
key: windows-packaging-ca-dll-cache-${{ matrix.arch }}-${{ hashFiles('contrib\windows\glpi-agent-extlibs-build.pl', 'contrib\windows\packaging\ToolchainBuildJob.pm', 'contrib\windows\packaging\CustomActionDllBuildJob.pm', 'contrib\windows\packaging\tools\ca\Makefile', 'contrib\windows\packaging\tools\ca\dll\*') }} | |
- name: Restore Toolchain points cache | |
uses: actions/cache@v4 | |
id: built-extlibs-cache | |
if: steps.built-perl-cache.outputs.cache-hit != 'true' || steps.built-ca-dll-cache.outputs.cache-hit != 'true' | |
with: | |
path: | | |
C:/Strawberry-perl-for-GLPI-Agent_build/download/winlibs*.zip | |
C:/Strawberry-perl-for-GLPI-Agent_build/download/extlibs.zip | |
key: windows-packaging-extlibs-cache-${{ matrix.arch }}-${{ hashFiles('contrib\windows\glpi-agent-extlibs-build.pl', 'contrib\windows\packaging\ToolchainBuildJob.pm', 'contrib\windows\packaging\*.patch') }} | |
- name: List files in cached paths | |
if: success() || failure() | |
run: | | |
dir C:\Strawberry-perl-for-GLPI-Agent_build\download | |
dir C:\Strawberry-perl-for-GLPI-Agent_build\restore | |
dir contrib\windows\packaging\tools\ca | |
shell: cmd | |
- name: Restore required perl libraries cache | |
uses: actions/cache@v4 | |
id: perl-site-cache | |
with: | |
path: | | |
C:\Strawberry\perl\site\lib | |
C:\Strawberry\perl\site\bin | |
key: built-perl-windows-packaging-perl-site-cache-${{ matrix.arch }}-${{ hashFiles('contrib\windows\glpi-agent-extlibs-build.pl', 'contrib\windows\glpi-agent-packaging.pl', 'contrib\windows\packaging\*') }} | |
- name: Update environment | |
run: | | |
echo 'C:\Strawberry\perl\bin' >> $GITHUB_PATH | |
echo 'C:\Strawberry\perl\site\bin' >> $GITHUB_PATH | |
echo 'C:\Strawberry\c\bin' >> $GITHUB_PATH | |
shell: bash | |
- name: Show environment | |
run: | | |
echo "PATH=%PATH%" | |
perl --version | |
perl -V | |
shell: cmd | |
- name: Install Module::Install | |
if: steps.perl-site-cache.outputs.cache-hit != 'true' | |
run: cpan -T Module::Install | |
shell: cmd | |
- name: Prepare Makefile | |
run: perl Makefile.PL | |
shell: cmd | |
- name: Install latest Perl::Dist::Strawberry from github | |
if: steps.perl-site-cache.outputs.cache-hit != 'true' | |
run: | | |
cpanm --notest --verbose https://github.com/StrawberryPerl/Perl-Dist-Strawberry.git | |
shell: cmd | |
- name: Build Extlibs with Perl Toolchain | |
if: steps.built-perl-cache.outputs.cache-hit != 'true' && steps.built-extlibs-cache.outputs.cache-hit != 'true' | |
run: | | |
perl contrib\windows\glpi-agent-extlibs-build.pl --arch ${{ matrix.arch }} | |
shell: cmd | |
- name: Build ca.dll with Perl Toolchain | |
if: steps.built-ca-dll-cache.outputs.cache-hit != 'true' | |
run: | | |
perl contrib\windows\glpi-agent-extlibs-build.pl --arch ${{ matrix.arch }} --cadll | |
shell: cmd | |
- name: Build package | |
run: | | |
perl contrib\windows\glpi-agent-packaging.pl --arch ${{ matrix.arch }} | |
shell: cmd | |
- name: MSI Signing (CST) | |
if: ${{ needs.setup-release.outputs.win32-signing == 'cst' }} | |
run: | | |
perl tools\msi-signing.pl "C:\Strawberry-perl-for-GLPI-Agent_build" "GLPI-Agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.msi" | |
shell: cmd | |
env: | |
CST_USERNAME: ${{ secrets.CST_USERNAME }} | |
CST_PASSWORD: ${{ secrets.CST_PASSWORD }} | |
CST_SECRET: ${{ secrets.CST_SECRET }} | |
CST_CREDENTIALID: ${{ secrets.CST_CREDENTIALID }} | |
- name: MSI Signing (ALT) | |
if: ${{ needs.setup-release.outputs.win32-signing == 'alt' }} | |
run: | | |
cd "C:\\Strawberry-perl-for-GLPI-Agent_build" | |
umask 0077 | |
mkdir ~/.ssh | |
echo "$CODESIGN_KNOWNHOST" > ~/.ssh/known_hosts | |
echo "$CODESIGN_PRIVATE" > private.key | |
umask 0002 | |
MSI="GLPI-Agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.msi" | |
cat "output\\$MSI" | $CODESIGN_COMMAND codesign "$MSI" > "$MSI" | |
rm -f private.key ~/.ssh/known_hosts "output\\$MSI" | |
mv -vf "$MSI" "output\\$MSI" | |
shell: bash | |
env: | |
CODESIGN_KNOWNHOST: ${{ secrets.CODESIGN_KNOWNHOST }} | |
CODESIGN_COMMAND: ${{ secrets.CODESIGN_COMMAND }} | |
CODESIGN_PRIVATE: ${{ secrets.CODESIGN_PRIVATE }} | |
- name: List generated files | |
if: success() || failure() | |
run: | | |
dir C:\Strawberry-perl-for-GLPI-Agent_build\output | |
shell: cmd | |
- name: Upload windows built artifacts | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Windows-Build-${{ matrix.arch }} | |
path: C:\Strawberry-perl-for-GLPI-Agent_build\output | |
- name: Upload debug MSI-Build artifacts | |
if: failure() #success() || failure() # Only enable on failure or when debugging is required | |
uses: actions/upload-artifact@v4 | |
with: | |
name: MSI-Build-Debug-${{ matrix.arch }} | |
path: C:\Strawberry-perl-for-GLPI-Agent_build\build\msi | |
- name: VirusTotal Scan | |
uses: crazy-max/ghaction-virustotal@v4 | |
if: ${{ needs.setup-release.outputs.create-release == 'yes' || startsWith(needs.setup-release.outputs.tag_name, 'nightly') }} | |
with: | |
vt_api_key: ${{ secrets.VT_API_KEY }} | |
files: | | |
C:\Strawberry-perl-for-GLPI-Agent_build\output\GLPI-Agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.msi | |
C:\Strawberry-perl-for-GLPI-Agent_build\output\glpi-agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.zip | |
- name: VirusTotal Report Analysis | |
if: ${{ vars.VT_SKIP_REPORT_ANALYSIS != 'yes' && ( needs.setup-release.outputs.create-release == 'yes' || startsWith(needs.setup-release.outputs.tag_name, 'nightly') ) }} | |
run: | | |
perl tools\virustotal-report-analysis.pl --path C:\Strawberry-perl-for-GLPI-Agent_build\output GLPI-Agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.msi glpi-agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.zip | |
shell: cmd | |
env: | |
VT_API_KEY: ${{ secrets.VT_API_KEY }} | |
- name: Upload VirusTotal Report | |
if: ${{ vars.VT_SKIP_REPORT_ANALYSIS != 'yes' && ( needs.setup-release.outputs.create-release == 'yes' || startsWith(needs.setup-release.outputs.tag_name, 'nightly') ) }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: VirusTotal-Report-${{ matrix.arch }} | |
path: C:\Strawberry-perl-for-GLPI-Agent_build\output\*.json | |
- name: Upload Portable Archive Asset | |
id: upload-portable-archive-asset | |
if: ${{ needs.setup-release.outputs.create-release == 'yes' }} | |
uses: shogo82148/actions-upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.setup-release.outputs.upload_url }} | |
asset_path: C:\Strawberry-perl-for-GLPI-Agent_build\output\GLPI-Agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.zip | |
asset_name: GLPI-Agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.zip | |
asset_content_type: application/zip | |
- name: Upload MSI Installer Asset | |
id: upload-msi-asset | |
if: ${{ needs.setup-release.outputs.create-release == 'yes' }} | |
uses: shogo82148/actions-upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.setup-release.outputs.upload_url }} | |
asset_path: C:\Strawberry-perl-for-GLPI-Agent_build\output\GLPI-Agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.msi | |
asset_name: GLPI-Agent-${{ needs.setup-release.outputs.version }}-${{ matrix.arch }}.msi | |
asset_content_type: application/x-msi | |
macosx-packaging: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
include: | |
- os: macos-latest | |
arch: x86_64 | |
- os: macos-latest | |
arch: arm64 | |
if: ${{ needs.setup-release.outputs.build == 'yes' }} | |
needs: setup-release | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Restore points cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
contrib/macosx/*.gz | |
contrib/macosx/*.sha1 | |
contrib/macosx/*.sha1.txt | |
contrib/macosx/munkipkg | |
contrib/macosx/build/perl* | |
contrib/macosx/build/openssl* | |
contrib/macosx/build/zlib* | |
contrib/macosx/build/Applications | |
key: macosx-packaging-restore-points-${{ matrix.os }}-${{ matrix.arch }}-${{ hashFiles('contrib/macosx/glpi-agent-packaging.sh') }} | |
- name: Import Application Signing Cert | |
id: application-signing-cert | |
uses: slidoapp/import-codesign-certs@1923310662e8682dd05b76b612b53301f431cd5d | |
if: ${{ needs.setup-release.outputs.macosx-signing == 'yes' && vars.MACOSX_SIGNING != 'no' }} | |
with: | |
p12-file-base64: ${{ secrets.MACOSX_APPLICATION_P12 }} | |
p12-password: ${{ secrets.MACOSX_P12_PASSWORD }} | |
- name: Import Installer Signing Cert | |
id: installer-signing-cert | |
uses: slidoapp/import-codesign-certs@1923310662e8682dd05b76b612b53301f431cd5d | |
if: ${{ needs.setup-release.outputs.macosx-signing == 'yes' && vars.MACOSX_SIGNING != 'no' }} | |
with: | |
p12-file-base64: ${{ secrets.MACOSX_INSTALLER_P12 }} | |
p12-password: ${{ secrets.MACOSX_P12_PASSWORD }} | |
create-keychain: false | |
keychain-password: ${{ steps.application-signing-cert.outputs.keychain-password }} | |
- name: Build package | |
run: | | |
# Handle repository variables to eventually disable code signing and notarization | |
if [ -n "${{ vars.MACOSX_SIGNING }}" -o -n "${{ vars.MACOSX_NOTARIZE }}" ]; then | |
echo "GH Variables:" | |
if [ -n "${{ vars.MACOSX_SIGNING }}" ]; then | |
echo " - MACOSX_SIGNING : ${{ vars.MACOSX_SIGNING }}" | |
if [ "${{ vars.MACOSX_SIGNING }}" == "no" ]; then | |
MACOSX_NOTARIZE="no" | |
unset APPSIGNID INSTSIGNID | |
fi | |
fi | |
if [ -n "${{ vars.MACOSX_NOTARIZE }}" ]; then | |
echo " - MACOSX_NOTARIZE: ${{ vars.MACOSX_NOTARIZE }}" | |
if [ "${{ vars.MACOSX_NOTARIZE }}" == "no" ]; then | |
MACOSX_NOTARIZE="no" | |
unset NOTARIZE_USER NOTARIZE_PASSWORD NOTARIZE_TEAMID | |
fi | |
fi | |
fi | |
./contrib/macosx/glpi-agent-packaging.sh --arch ${{ matrix.arch }} --notarize $MACOSX_NOTARIZE | |
env: | |
APPSIGNID: ${{ vars.MACOSX_APPSIGNID }} | |
INSTSIGNID: ${{ vars.MACOSX_INSTSIGNID }} | |
NOTARIZE_USER: ${{ secrets.MACOSX_NOTARIZE_USER }} | |
NOTARIZE_PASSWORD: ${{ secrets.MACOSX_NOTARIZE_PASSWORD }} | |
NOTARIZE_TEAMID: ${{ vars.MACOSX_NOTARIZE_TEAMID }} | |
MACOSX_NOTARIZE: ${{ needs.setup-release.outputs.macosx-notarization }} | |
shell: bash | |
- name: List generated files | |
if: success() || failure() | |
run: | | |
ls contrib/macosx/build | |
shell: bash | |
- name: Upload MacOSX built artifacts | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: MacOSX-Build-${{ matrix.arch }} | |
path: | | |
contrib/macosx/build/*.pkg | |
contrib/macosx/build/*.dmg | |
- name: Upload MacOSX Perl building debug artifacts | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: MacOSX-Perl-Config-${{ matrix.arch }} | |
path: | | |
contrib/macosx/build/perl-*/config.h | |
contrib/macosx/build/perl-*/config.sh | |
contrib/macosx/build/perl-*/cflags | |
contrib/macosx/build/perl-*/myconfig | |
contrib/macosx/build/perl-*/Makefile | |
contrib/macosx/build/perl-*/Policy.sh | |
contrib/macosx/build/perl-*/hints/darwin.sh | |
- name: Upload MacOSX PKG installer | |
id: upload-macosx-pkg-asset | |
if: ${{ needs.setup-release.outputs.create-release == 'yes' }} | |
uses: shogo82148/actions-upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.setup-release.outputs.upload_url }} | |
asset_path: contrib/macosx/build/GLPI-Agent-${{ needs.setup-release.outputs.version }}_${{ matrix.arch }}.pkg | |
asset_name: GLPI-Agent-${{ needs.setup-release.outputs.version }}_${{ matrix.arch }}.pkg | |
asset_content_type: application/octet-stream | |
- name: Upload MacOSX DMG installer image | |
id: upload-macosx-dmg-asset | |
if: ${{ needs.setup-release.outputs.create-release == 'yes' }} | |
uses: shogo82148/actions-upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.setup-release.outputs.upload_url }} | |
asset_path: contrib/macosx/build/GLPI-Agent-${{ needs.setup-release.outputs.version }}_${{ matrix.arch }}.dmg | |
asset_name: GLPI-Agent-${{ needs.setup-release.outputs.version }}_${{ matrix.arch }}.dmg | |
asset_content_type: application/octet-stream | |
linux-snap-packaging: | |
runs-on: ubuntu-latest | |
if: ${{ needs.setup-release.outputs.build == 'yes' }} | |
needs: setup-release | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: snapcore/action-build@v1 | |
id: snapcraft | |
env: | |
TERM: ${{ env.TERM }}:${{ needs.setup-release.outputs.version }} | |
- name: Upload Snap built artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Snap-Build | |
path: ${{ steps.snapcraft.outputs.snap }} | |
- name: Upload Snap Package | |
id: upload-linux-snap-asset | |
if: ${{ needs.setup-release.outputs.create-release == 'yes' }} | |
uses: shogo82148/actions-upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ needs.setup-release.outputs.upload_url }} | |
asset_path: ${{ steps.snapcraft.outputs.snap }} | |
asset_name: ${{ steps.snapcraft.outputs.snap }} | |
asset_content_type: application/octet-stream | |
linux-debian-packaging: | |
runs-on: ubuntu-latest | |
if: ${{ needs.setup-release.outputs.build == 'yes' }} | |
needs: setup-release | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install build dependencies packages | |
run: | | |
sudo rm /etc/apt/sources.list.d/microsoft-prod.list | |
sudo apt update | |
sudo apt -y install dpkg-dev debhelper libmodule-install-perl \ | |
libclone-perl libdigest-sha-perl libfile-copy-recursive-perl \ | |
libfile-which-perl libhttp-cookies-perl libhttp-daemon-perl \ | |
libhttp-proxy-perl libhttp-server-simple-perl libdatetime-perl \ | |
libhttp-server-simple-authen-perl libio-capture-perl \ | |
libipc-run-perl libjson-pp-perl libnet-ip-perl \ | |
libnet-snmp-perl libio-socket-ssl-perl libparse-edid-perl \ | |
libproc-daemon-perl libparallel-forkmanager-perl \ | |
libtest-compile-perl libtest-deep-perl libtest-nowarnings-perl \ | |
libtest-exception-perl libtest-mockmodule-perl \ | |
libtest-mockobject-perl libtext-template-perl \ | |
libsocket-getaddrinfo-perl libuniversal-require-perl liburi-perl \ | |
libwww-perl libxml-libxml-perl libyaml-perl \ | |
libossp-uuid-perl libcpanel-json-xs-perl devscripts | |
shell: bash | |
- name: Build debian packages | |
id: debbuild | |
run: | | |
echo "debpath=$(dirname $PWD)" >>$GITHUB_OUTPUT | |
# make -gitXXXXXXXX release when not tagged | |
if [ -z "${VERSION##*-*}" ]; then | |
tools/make-release.sh --no-git $VERSION | |
fi | |
dpkg-buildpackage -d -b --no-sign | |
shell: bash | |
env: | |
VERSION: ${{ needs.setup-release.outputs.version }} | |
- name: Run lintian | |
run: | | |
sudo apt -y install lintian | |
lintian --profile debian --show-overrides -L ">=pedantic" | |
shell: bash | |
- name: Upload built deb artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Debian-Build | |
path: | | |
${{ steps.debbuild.outputs.debpath }}/*.deb | |
${{ steps.debbuild.outputs.debpath }}/*.buildinfo | |
${{ steps.debbuild.outputs.debpath }}/*.changes | |
- name: Upload Deb Packages | |
id: upload-linux-deb-asset | |
if: ${{ needs.setup-release.outputs.create-release == 'yes' }} | |
run: | | |
gh release upload ${{ needs.setup-release.outputs.tag_name }} ../*.deb | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
linux-rpm-packaging: | |
runs-on: ubuntu-latest | |
if: ${{ needs.setup-release.outputs.build == 'yes' }} | |
needs: setup-release | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install build dependencies packages | |
run: | | |
sudo rm /etc/apt/sources.list.d/microsoft-prod.list | |
sudo apt update | |
sudo apt -y install rpm devscripts \ | |
libfile-which-perl libuniversal-require-perl libmodule-install-perl | |
shell: bash | |
- name: Build rpm packages | |
id: rpmbuild | |
run: | | |
contrib/unix/glpi-agent-rpm-build.sh --nodeps | |
shell: bash | |
- name: Test rpm local install & uninstall | |
run: | | |
sudo rpm -ivh --nodeps ${{ steps.rpmbuild.outputs.glpi-agent-rpm }} \ | |
${{ steps.rpmbuild.outputs.glpi-agent-task-network-rpm }} \ | |
${{ steps.rpmbuild.outputs.glpi-agent-task-collect-rpm }} \ | |
${{ steps.rpmbuild.outputs.glpi-agent-task-deploy-rpm }} \ | |
${{ steps.rpmbuild.outputs.glpi-agent-task-wakeonlan-rpm }} \ | |
${{ steps.rpmbuild.outputs.glpi-agent-task-esx-rpm }} \ | |
${{ steps.rpmbuild.outputs.glpi-agent-cron-rpm }} | |
sudo rpm -e glpi-agent glpi-agent-task-network glpi-agent-task-collect \ | |
glpi-agent-task-deploy glpi-agent-task-wakeonlan \ | |
glpi-agent-task-esx glpi-agent-cron | |
shell: bash | |
- name: Upload built rpm artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: RPM-Build | |
path: | | |
${{ steps.rpmbuild.outputs.rpmdir }}/noarch/*.rpm | |
- name: Upload rpm sources artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: RPM-Sources | |
path: | | |
${{ steps.rpmbuild.outputs.srpmdir }}/*.rpm | |
${{ steps.rpmbuild.outputs.srcdir }}/glpi-agent-*.tar.gz | |
- name: Upload RPM Packages | |
id: upload-linux-rpm-asset | |
if: ${{ needs.setup-release.outputs.create-release == 'yes' }} | |
run: | | |
RPMDIR=`rpm --eval "%{_rpmdir}"` | |
gh release upload ${{ needs.setup-release.outputs.tag_name }} $RPMDIR/*/*.rpm | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
linux-installer: | |
runs-on: ubuntu-latest | |
if: ${{ needs.setup-release.outputs.build == 'yes' }} | |
needs: [ setup-release, linux-snap-packaging, linux-debian-packaging, linux-rpm-packaging ] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: RPM-Build | |
- uses: actions/download-artifact@v4 | |
with: | |
name: Debian-Build | |
- uses: actions/download-artifact@v4 | |
with: | |
name: Snap-Build | |
- name: Build installer | |
id: installer-build | |
run: | | |
contrib/unix/make-linux-installer.sh --version $VERSION --rpm *.rpm \ | |
contrib/unix/glpi-agent.init.redhat \ | |
--deb *.deb --snap *.snap | |
mv glpi-agent-$VERSION-linux-installer.pl glpi-agent-$VERSION-with-snap-linux-installer.pl | |
contrib/unix/make-linux-installer.sh --version $VERSION --rpm *.rpm \ | |
contrib/unix/glpi-agent.init.redhat \ | |
--deb *.deb | |
ls -l | |
sha1sum *.rpm *.deb *.snap *.pl | |
sha256sum *.rpm *.deb *.snap *.pl | |
shell: bash | |
env: | |
VERSION: ${{ needs.setup-release.outputs.version }} | |
- name: Upload built installer artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Linux-Installer-Build | |
path: | | |
glpi-agent-*-linux-installer.pl | |
- name: Upload linux installers | |
id: upload-linux-installer-assets | |
if: ${{ needs.setup-release.outputs.create-release == 'yes' }} | |
run: | | |
gh release upload ${{ needs.setup-release.outputs.tag_name }} glpi-agent-*-linux-installer.pl | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
linux-appimage: | |
runs-on: ubuntu-latest | |
if: ${{ needs.setup-release.outputs.build == 'yes' }} | |
needs: [ setup-release, linux-debian-packaging ] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install build dependencies packages | |
run: | | |
sudo rm /etc/apt/sources.list.d/microsoft-prod.list | |
sudo apt update | |
sudo apt -y install pipx zsync | |
shell: bash | |
# We use AppImage Builder development version as 1.1 is failing | |
- name: Install AppImage Builder development version | |
id: install-appimage-builder | |
run: | | |
if command -v pipx >/dev/null; then | |
echo ~/.local/bin >> $GITHUB_PATH | |
pipx install git+https://github.com/AppImageCrafters/appimage-builder.git | |
else | |
pip3 install git+https://github.com/AppImageCrafters/appimage-builder.git | |
fi | |
shell: bash | |
- uses: actions/download-artifact@v4 | |
with: | |
name: Debian-Build | |
- name: Make AppImage | |
id: make-appimage | |
run: | | |
contrib/unix/make-linux-appimage.sh --version $VERSION | |
shell: bash | |
env: | |
VERSION: ${{ needs.setup-release.outputs.version }} | |
- name: Quick tests | |
run: | | |
echo ==== | |
echo Install libfuse2 as required by AppImage | |
sudo apt update | |
sudo apt -y install libfuse2 | |
echo ==== | |
echo Installer version: | |
./glpi-agent-$VERSION-x86_64.AppImage --version | |
echo ==== | |
echo Embedded perl version: | |
./glpi-agent-$VERSION-x86_64.AppImage --perl --version | |
echo ==== | |
echo Embedded GLPI Agent version: | |
./glpi-agent-$VERSION-x86_64.AppImage --script=glpi-agent --version | |
echo ==== | |
env: | |
VERSION: ${{ needs.setup-release.outputs.version }} | |
- name: Upload built installer artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Linux-AppImage-Build | |
path: | | |
*.AppImage | |
*.AppImage.zsync | |
- name: Upload linux AppImage | |
id: upload-linux-appimage-assets | |
if: ${{ needs.setup-release.outputs.create-release == 'yes' }} | |
run: | | |
unset FILES | |
for file in *.AppImage{,.zsync} | |
do | |
[ -e "$file" ] && FILES="$FILES $file" | |
done | |
gh release upload ${{ needs.setup-release.outputs.tag_name }} $FILES | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
sources: | |
runs-on: ubuntu-latest | |
if: ${{ needs.setup-release.outputs.build == 'yes' }} | |
needs: setup-release | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install build dependencies packages | |
run: | | |
sudo rm /etc/apt/sources.list.d/microsoft-prod.list | |
sudo apt update | |
sudo apt -y install libmodule-install-perl libuniversal-require-perl \ | |
libwww-perl libdigest-sha-perl | |
shell: bash | |
- name: Build sources archive | |
id: srcbuild | |
run: | | |
# make -gitXXXXXXXX release when not tagged | |
if [ -z "${VERSION##*-*}" ]; then | |
tools/make-release.sh --no-git --no-deb-changelog $VERSION | |
fi | |
perl Makefile.PL | |
make manifest | |
make | |
make dist DISTVNAME=GLPI-Agent-$VERSION | |
shell: bash | |
env: | |
VERSION: ${{ needs.setup-release.outputs.version }} | |
- name: Upload built archive artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Sources | |
path: | | |
GLPI-Agent-*.tar.gz | |
- name: Upload Sources Archive | |
id: upload-sources-asset | |
if: ${{ needs.setup-release.outputs.create-release == 'yes' }} | |
run: | | |
gh release upload ${{ needs.setup-release.outputs.tag_name }} GLPI-Agent-*.tar.gz | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
publish-release: | |
runs-on: ubuntu-latest | |
if: ${{ needs.setup-release.outputs.create-release == 'yes' }} | |
needs: [ setup-release, windows-packaging, macosx-packaging, linux-snap-packaging, linux-debian-packaging, linux-rpm-packaging, linux-installer, sources ] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: Linux-Installer-Build | |
- uses: actions/download-artifact@v4 | |
with: | |
name: RPM-Build | |
- uses: actions/download-artifact@v4 | |
with: | |
name: Debian-Build | |
- uses: actions/download-artifact@v4 | |
with: | |
name: Snap-Build | |
- uses: actions/download-artifact@v4 | |
with: | |
name: Linux-AppImage-Build | |
- uses: actions/download-artifact@v4 | |
with: | |
pattern: MacOSX-Build-* | |
merge-multiple: true | |
- uses: actions/download-artifact@v4 | |
with: | |
pattern: Windows-Build-* | |
merge-multiple: true | |
- uses: actions/download-artifact@v4 | |
with: | |
name: Sources | |
- name: Generate and upload sha256 file | |
id: upload-sha256-asset | |
run: | | |
# Clean up not published files from Debian-Build | |
rm -f *.buildinfo *.changes | |
sha256sum *$VERSION* > glpi-agent-$VERSION.sha256 | |
gh release upload ${{ needs.setup-release.outputs.tag_name }} glpi-agent-$VERSION.sha256 | |
shell: bash | |
env: | |
VERSION: ${{ needs.setup-release.outputs.version }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Publish release | |
id: publish-release | |
run: | | |
gh api /repos/{owner}/{repo}/releases/${{ needs.setup-release.outputs.releaseid }} \ | |
--method PATCH --field draft=false --jq '{id: .id, name: .name, tag_name: .tag_name, target_commitish: .target_commitish, draft: .draft, prerelease: .prerelease, body: .body}' | |
# Only keep a given number of development or nightly releases | |
case "${{ needs.setup-release.outputs.tag_name }}" in | |
development-release-*) | |
let COUNT=${{ env.number_of_development_build_to_keep }} | |
TYPE=development | |
;; | |
nightly-release-*) | |
let COUNT=${{ env.number_of_nightly_build_to_keep }} | |
TYPE=nightly | |
;; | |
*) | |
exit 0 | |
;; | |
esac | |
gh api /repos/{owner}/{repo}/releases --jq '.[].id' | \ | |
while read id | |
do | |
set x $(gh api /repos/{owner}/{repo}/releases/$id --jq '.draft,.tag_name,.name') | |
shift | |
DRAFT="$1" | |
shift | |
TAG="$1" | |
[ -n "$TAG" -a -z "${TAG%$TYPE-release*}" ] || continue | |
shift | |
if (( COUNT-- > 0 )); then | |
echo "Keeping $* $TYPE release ($TAG)" | |
else | |
echo "Removing $* $TYPE release ($TAG)" | |
gh api /repos/{owner}/{repo}/releases/$id --method DELETE | |
if [ "$DRAFT" != "true" ]; then | |
echo "Removing $TAG tag" | |
gh api /repos/{owner}/{repo}/git/refs/tags/$TAG --method DELETE | |
fi | |
fi | |
done | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
publish-nightly: | |
runs-on: ubuntu-latest | |
#if: ${{ needs.setup-release.outputs.create-release == 'no' && needs.setup-release.outputs.build == 'yes' }} | |
if: ${{ needs.setup-release.outputs.create-release == 'no' && needs.setup-release.outputs.build == 'yes' && startsWith(needs.setup-release.outputs.tag_name, 'nightly') }} | |
needs: [ setup-release, windows-packaging, macosx-packaging, linux-snap-packaging, linux-debian-packaging, linux-rpm-packaging, linux-installer, sources ] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
repository: ${{ github.repository_owner }}/glpi-project.github.io | |
token: ${{ secrets.PUBLISHING_TOKEN }} | |
fetch-depth: 0 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: Linux-Installer-Build | |
path: glpi-agent | |
- uses: actions/download-artifact@v4 | |
with: | |
name: RPM-Build | |
path: glpi-agent | |
- uses: actions/download-artifact@v4 | |
with: | |
name: Debian-Build | |
path: glpi-agent | |
- uses: actions/download-artifact@v4 | |
with: | |
name: Snap-Build | |
path: glpi-agent | |
- uses: actions/download-artifact@v4 | |
with: | |
name: Linux-AppImage-Build | |
path: glpi-agent | |
- uses: actions/download-artifact@v4 | |
with: | |
pattern: MacOSX-Build-* | |
path: glpi-agent | |
merge-multiple: true | |
- uses: actions/download-artifact@v4 | |
with: | |
pattern: Windows-Build-* | |
path: glpi-agent | |
merge-multiple: true | |
- uses: actions/download-artifact@v4 | |
with: | |
name: Sources | |
path: glpi-agent | |
- name: Cleanup nightly | |
run: | | |
# Clean up Debian-Build | |
rm -f glpi-agent/*.buildinfo glpi-agent/*.changes | |
# Clean up Windows-Build | |
rm -f glpi-agent/*_debug_dir.zip | |
ls -lt glpi-agent | |
shell: bash | |
- name: Publish nightly | |
id: publish-nightly | |
run: | | |
# Only keep a given number of nightly releases | |
TAGNAME="${{ needs.setup-release.outputs.tag_name }}" | |
[ -z "$TAGNAME" ] && TAGNAME="development-${{ needs.setup-release.outputs.version }}" | |
case "$TAGNAME" in | |
development-*) | |
let COUNT=${{ env.number_of_development_build_to_keep }} | |
;; | |
nightly-*) | |
let COUNT=${{ env.number_of_nightly_build_to_keep }} | |
;; | |
*) | |
let COUNT=1 | |
;; | |
esac | |
# Get script to prepare page | |
curl -L -s -o github-nightly-description.sh https://github.com/glpi-project/glpi-agent/raw/develop/tools/github-nightly-description.sh | |
chmod +x github-nightly-description.sh | |
cd glpi-agent | |
echo "Generating glpi-agent ${{ needs.setup-release.outputs.version }} packages sha256 file" | |
sha256sum *${{ needs.setup-release.outputs.version }}* > glpi-agent-${{ needs.setup-release.outputs.version }}.sha256 | |
cd .. | |
./github-nightly-description.sh --header --version ${{ needs.setup-release.outputs.version }} >glpi-agent/index.md.new | |
git config --local user.email "${{ needs.setup-release.outputs.user-email }}" | |
git config --local user.name "${{ needs.setup-release.outputs.user-name }}" | |
egrep '^# ' glpi-agent/index.md | \ | |
while read dash agent version x | |
do | |
VERSION="${version#v}" | |
if (( --COUNT > 0 )); then | |
echo "Keeping glpi-agent $VERSION build" | |
if [ ! -e glpi-agent/glpi-agent-$VERSION.sha256 ]; then | |
cd glpi-agent | |
echo "Generating glpi-agent $VERSION packages sha256 file" | |
sha256sum *$VERSION* > glpi-agent-$VERSION.sha256 | |
cd .. | |
fi | |
read date time tz <<<$(git log -n1 --pretty=%ci -- glpi-agent/glpi-agent_${VERSION}_all.deb) | |
./github-nightly-description.sh --version $VERSION --date "$date $time UTC" >>glpi-agent/index.md.new | |
else | |
echo "Removing glpi-agent $VERSION build" | |
git filter-branch --prune-empty -f --index-filter "git rm --cached --ignore-unmatch *$VERSION*" HEAD | |
fi | |
done | |
mv -vf glpi-agent/index.md.new glpi-agent/index.md | |
rm -f github-nightly-description.sh | |
echo "Repository status:" | |
git status | |
ls -lt glpi-agent | |
# Prepare commit | |
echo "Adding GLPI-Agent ${{ needs.setup-release.outputs.version }} build" | |
git add glpi-agent/* | |
git commit -m "Add GLPI-Agent ${{ needs.setup-release.outputs.version }} build" | |
# Force commit | |
git push --force | |
git status | |
shell: bash | |
env: | |
FILTER_BRANCH_SQUELCH_WARNING: 1 |