c/ooni-probe-cli
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6a0ae5c70b
ooni-probe-cli/CLI/build-linux
Simone Basso fdbf871103
[forwardport] ci/cd: publish binaries onto a release when we create a tag (#609) (#611) 
This diff forwardports 856e436e20d511a4f0d618546da7921fa9f8c5f6 to the master branch

Original commit message:

- - -

This pull request changes `mk` and github workflows to build and publish binaries on tag. We also update the documentation to explain this new branching model. Basically, we have release branches where we produce binary packages and we add extra code, on tag, to publish such packages inside a release.

We discussed removing most secrets from builds in this repository and having a different tool/repository that takes in input also secrets for doing follow-up actions after publishing. As a consequence, this pull request also removes all pieces of code that require secrets. The next step is to reinstate this code in this new repository/tool.

The existing code in `mk` also implemented caching. This feature was useful when doing local builds because it reduced the time required to obtain binary releases. With builds running as part of GitHub actions, we don't need caching because we spawn parallel machines to build binaries. Therefore, let us also remove caching, which makes the code simpler. (Caching in itself is hard and in https://github.com/ooni/probe/issues/1875 I noted that, for example, caching of the `ooni/go` repository was leading to some unwanted behaviour when changing the branch. Without caching, this behaviour is gone and we always generally use fresh information to produce builds.) Of course, this means that local builds are now slower, but I do not think this is a problem _because_ we want to use GitHub actions for building in the common case.

Reference issues: https://github.com/ooni/probe/issues/1879 and https://github.com/ooni/probe/issues/1875.

The final aspect to mention to conclude this description is an implementation one:

```
          gh release create -p $tag --target $GITHUB_SHA || true
```

The code above uses `|| true` because there could already be a release. So, basically, it means that, if a release does not already exist, then we're going to create one. Otherwise, it does not matter because there's already a release.
2021-11-23 15:56:25 +01:00

25 lines
732 B
Bash
Executable File
Raw Blame History

#!/bin/sh
# This script is executed by `./mk` when building inside
# an Alpine Linux docker container. Using Alpine Linux, which
# uses musl libc, allows us to emit static binaries.
set -e
if [ "$GOARCH" = "" ]; then
echo 'fatal: GOARCH is not set' 1>&2
exit 1
fi
set -x
apk update
apk upgrade
apk add --no-progress gcc git linux-headers musl-dev
# some of the following exports are redundant but are however
# useful because they provide explicit logging
export GOARM=$GOARM
export CGO_ENABLED=1
export GOOS=linux
export GOARCH=$GOARCH
archname=$GOARCH
if [ "$GOARCH" = "arm" -a "$GOARM" = "7" ]; then
archname="armv7"
fi
go build -o "./CLI/ooniprobe-linux-$archname" -ldflags='-s -w -extldflags "-static"' "$@" ./cmd/ooniprobe
Reference in New Issue View Git Blame Copy Permalink