GH Actions configuration to mimic Travis behavior.

Will do: - basic testing on PRs - publish KopiaUI release to <owner>/kopia (on tags) or <owner>/kopia-ui-release (on master) - publish RPM and APT packages from kopia/kopia/master
jkowalski · Dec 23, 2020 · 4fc7437 · 4fc7437
1 parent e03971f
commit 4fc7437
Show file tree

Hide file tree

Showing 6 changed files with 100 additions and 9 deletions.
diff --git a/.github/workflows/make.yml b/.github/workflows/make.yml
@@ -3,14 +3,41 @@ on:
   pull_request:
     branches: [ master ]
   push:
-    branches:
-      - "master"
+    # ci-sandbox is a branch dedicated to testing post-submit code.
+    branches: [ master, ci-sandbox ]
     tags:
-      - "v*"
+      - v*
   schedule:
     - cron:  '0 8,15 * * *'
 jobs:
   build:
+    env:
+      # encrypt various secrets stored as files
+      encrypted_fa1db4b894bb_key: ${{ secrets.ENCRYPTED_FA1DB4B894BB_KEY }}
+      encrypted_fa1db4b894bb_iv: ${{ secrets.ENCRYPTED_FA1DB4B894BB_IV }}
+
+      # Apple ID and app-specific password for notarizaton
+      APPLEID: ${{ secrets.APPLEID }}
+      APPLEIDPASS: ${{ secrets.APPLEIDPASS }}
+      KOPIA_UI_NOTARIZE: yes
+
+      # tool to install Windows signing certificate
+      WINDOWS_SIGNING_TOOLS_URL: ${{ secrets.WINDOWS_SIGNING_TOOLS_URL }}
+      WINDOWS_SIGN_USER: ${{ secrets.WINDOWS_SIGN_USER }}
+      WINDOWS_SIGN_AUTH: ${{ secrets.WINDOWS_SIGN_AUTH }}
+      WINDOWS_CERT_SHA1: ${{ secrets.WINDOWS_CERT_SHA1 }}     
+      WINDOWS_SIGN_TOOL: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.18362.0/x64/signtool.exe"
+
+      # macOS signing certificate (base64-encoded), used by Electron Builder
+      CSC_LINK: ${{ secrets.CSC_LINK }}
+      CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
+
+      # used to publish releases to GitHub by Electron Builder
+      GH_TOKEN: ${{ secrets.GH_TOKEN }}
+
+      # used to publish releases to GitHub by GoReleaser
+      GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+
     strategy:
       fail-fast: false
       matrix:
@@ -32,5 +59,9 @@ jobs:
       if: ${{ contains(matrix.os, 'macos') }}
     - name: Check out code into the Go module directory
       uses: actions/checkout@v2
-    - name: Make
-      run: make
+      with:
+        fetch-depth: 0
+    - name: Setup
+      run: make travis-setup
+    - name: Build
+      run: make travis-release
diff --git a/Makefile b/Makefile
@@ -187,7 +187,11 @@ goreleaser: $(goreleaser) print_build_info
 ifeq ($(TRAVIS_PULL_REQUEST),false)
 
 upload-coverage: $(GOVERALLS_TOOL)
-	$(GOVERALLS_TOOL) -service=travis-ci -coverprofile=tmp.cov
+ifeq ($(REPO_OWNER),kopia)
+	$(GOVERALLS_TOOL) -service=$(GOVERALLS_SERVICE) -coverprofile=tmp.cov
+else
+	@echo Not uploading coverage from a fork.
+endif
 
 else
 

diff --git a/app/Makefile b/app/Makefile
@@ -1,5 +1,4 @@
 SHELL:=/bin/bash
-REPO_OWNER=kopia
 
 include ../tools/tools.mk
 

diff --git a/tools/apt-publish.sh b/tools/apt-publish.sh
@@ -5,6 +5,11 @@ GPG_KEY_ID=A3B5843ED70529C23162E3687713E6D88ED70D9D
 PKGDIR=$1
 RETAIN_UNSTABLE_DEB_COUNT=15
 
+if [ "$REPO_OWNER" != "kopia" ]; then
+  echo Not publishing APT package because current repo owner is $REPO_OWNER
+  exit 0
+fi
+
 if [ -z "$PKGDIR" ]; then
   echo usage $0: /path/to/dist
   exit 1

diff --git a/tools/rpm-publish.sh b/tools/rpm-publish.sh
@@ -13,6 +13,11 @@ if [ -z "$PKGDIR" ]; then
   exit 1
 fi
 
+if [ "$REPO_OWNER" != "kopia" ]; then
+  echo Not publishing RPM package because current repo owner is $REPO_OWNER
+  exit 0
+fi
+
 if [ ! -d "$PKGDIR" ]; then
   echo $PKGDIR must be a directory containing '*.rpm' files
   exit 1

diff --git a/tools/tools.mk b/tools/tools.mk
@@ -10,7 +10,7 @@ ifeq ($(TRAVIS_OS_NAME),windows)
 UNIX_SHELL_ON_WINDOWS=true
 endif
 
-ifeq ($(GITHUB_ACTIONS),true)
+ifneq ($(GITHUB_ACTIONS),)
 UNIX_SHELL_ON_WINDOWS=true
 endif
 
@@ -84,6 +84,53 @@ else
 	date_full := $(shell date)
 endif
 
+ifneq ($(GITHUB_ACTIONS),)
+
+# running on GitHub actions.
+# emulate Travis CI environment variables, so we can use TRAVIS logic everywhere
+
+ifeq ($(GITHUB_HEAD_REF),)
+export TRAVIS_PULL_REQUEST=false
+else
+export TRAVIS_PULL_REQUEST=true
+endif
+
+# try parsing tag name out of GITHUB_REF
+gh_tag_tmp=$(GITHUB_REF:refs/tags/%=%)
+
+ifneq ($(gh_tag_tmp),$(GITHUB_REF))
+export TRAVIS_TAG=$(gh_tag_tmp)
+endif
+
+ifeq ($(uname),Windows)
+export TRAVIS_OS_NAME=windows
+endif
+
+ifeq ($(uname),Linux)
+export TRAVIS_OS_NAME=linux
+endif
+
+ifeq ($(uname),Darwin)
+export TRAVIS_OS_NAME=osx
+endif
+
+endif
+
+# detect REPO_OWNER
+export REPO_OWNER=unknown-repo-owner
+
+# running on Travis
+ifneq ($(TRAVIS_REPO_SLUG),)
+GOVERALLS_SERVICE=travis-ci
+export REPO_OWNER=$(TRAVIS_REPO_SLUG:%/kopia=%)
+endif
+
+# When running on GitHub actions
+ifneq ($(GITHUB_REPOSITORY),)
+export REPO_OWNER=$(GITHUB_REPOSITORY:%/kopia=%)
+GOVERALLS_SERVICE=github
+endif
+
 # compute build date and time from the current commit
 commit_date_ymd:=$(subst -,,$(word 1, $(shell git show -s --format=%ci HEAD)))
 
@@ -264,7 +311,7 @@ ifneq ($(WINDOWS_SIGNING_TOOLS_URL),)
 	-$(mkdir) $(windows_signing_dir)
 	curl -LsS -o $(windows_signing_dir).zip $(WINDOWS_SIGNING_TOOLS_URL)
 	unzip -a -q $(windows_signing_dir).zip -d $(windows_signing_dir)
-	powershell -noprofile -executionpolicy bypass $(windows_signing_dir)\\setup.ps1
+	pwsh -noprofile -executionpolicy bypass $(windows_signing_dir)\\setup.ps1
 else
 	echo Not installing Windows signing tools because WINDOWS_SIGNING_TOOLS_URL is not set
 endif