.github/workflows/release.yml

name: mo-dump release

on:
  release:
    types: [published]
env:
  branch: main

jobs:
  linux-amd64-build-job:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout source
        uses: actions/checkout@v3
      - name: Get release
        id: get_release
        uses: bruceadams/get-release@v1.3.2
        env:
          GITHUB_TOKEN: ${{ secrets.TOKEN_ACTION }}
      - name: Echo some info
        run: |
          echo ${{ steps.get_release.outputs.upload_url }}
          echo ${{ steps.get_release.outputs.tag_name }}
      - name: Use Golang
        uses: actions/setup-go@v4
        with:
          go-version: "1.20.11"
          cache: false
      - name: Build normal
        run: |
          make build

          mkdir -p mo-dump-${{ steps.get_release.outputs.tag_name }}-linux-x86_64
          mv mo-dump mo-dump-${{ steps.get_release.outputs.tag_name }}-linux-x86_64/
          zip -r mo-dump-${{ steps.get_release.outputs.tag_name }}-linux-x86_64.zip mo-dump-${{ steps.get_release.outputs.tag_name }}-linux-x86_64
      - name: Upload Release normal linux x86_64
        uses: actions/upload-release-asset@v1.0.1
        env:
          GITHUB_TOKEN: ${{ secrets.TOKEN_ACTION }}
        with:
          upload_url: ${{ steps.get_release.outputs.upload_url }}
          asset_path: ./mo-dump-${{ steps.get_release.outputs.tag_name }}-linux-x86_64.zip
          asset_name: mo-dump-${{ steps.get_release.outputs.tag_name }}-linux-x86_64.zip
          asset_content_type: application/zip
  
  linux-arm64-build-job:
    runs-on: aws-arm64-runner
    steps:
      - name: Checkout source
        uses: actions/checkout@v3
      - name: Get release
        id: get_release
        uses: bruceadams/get-release@v1.3.2
        env:
          GITHUB_TOKEN: ${{ secrets.TOKEN_ACTION }}       
      - name: Echo some info
        run: |
          echo ${{ steps.get_release.outputs.upload_url }}
          echo ${{ steps.get_release.outputs.tag_name }}
      - name: Use Golang
        uses: actions/setup-go@v4
        with:
          go-version: "1.20.11"
          cache: false
      - name: Build normal
        run: |
          make build
          
          mkdir -p mo-dump-${{ steps.get_release.outputs.tag_name }}-linux-arm64/
          mv mo-dump mo-dump-${{ steps.get_release.outputs.tag_name }}-linux-arm64/
          zip -r mo-dump-${{ steps.get_release.outputs.tag_name }}-linux-arm64.zip mo-dump-${{ steps.get_release.outputs.tag_name }}-linux-arm64

      - name: Upload Release normal linux arm64
        uses: actions/upload-release-asset@v1.0.1
        env:
          GITHUB_TOKEN: ${{ secrets.TOKEN_ACTION }}
        with:
          upload_url: ${{ steps.get_release.outputs.upload_url }}
          asset_path: ./mo-dump-${{ steps.get_release.outputs.tag_name }}-linux-arm64.zip
          asset_name: mo-dump-${{ steps.get_release.outputs.tag_name }}-linux-arm64.zip
          asset_content_type: application/zip

  darwin-x86-build-job:
    runs-on: macos-latest
    steps:
    # GitHub Hosted MacOS runner cannot connect to time.apple.com, so use time.windows.com
      - name: Sync System Time
        run: |
          set +e;
          for i in {1..10}; do
            sudo sntp -sS time.windows.com;
            if [ "$?" == "0" ]; then
              exit 0;
            fi
          done
          exit 1;
      - name: Checkout source
        uses: actions/checkout@v3
      - name: Get release
        id: get_release
        uses: bruceadams/get-release@v1.3.2
        env:
          GITHUB_TOKEN: ${{ secrets.TOKEN_ACTION }}
      - name: Use Golang
        uses: actions/setup-go@v4
        with:
          go-version: "1.20.11"
          cache: false
      - name: Build normal
        run: |
          make build
      - name: Import Code-Signing Certificates
        uses: Apple-Actions/import-codesign-certs@v1
        with:
          # The certificates in a PKCS12 file encoded as a base64 string
          p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
          # The password used to import the PKCS12 file.
          p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}

      - name: Clone gon
        uses: actions/checkout@v3
        with:
          fetch-depth: '1'
          repository: matrixorigin/gon
          ref: master
          path: ./gon
      - name: Build gon
        run: |
          cd $GITHUB_WORKSPACE/gon;
          make;
          chmod +x gon;
          echo "$(pwd)" >> $GITHUB_PATH;

      - name: Code signing and app notarization
        env:
          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
          AC_PROVIDER: ${{ secrets.AC_PROVIDER }}
        run: |
          cd $GITHUB_WORKSPACE
          # sign mo-service
          gon -log-json ./gon.json
          unzip -d ./mo-dump-darwin mo-dump.zip
          cd ./mo-dump-darwin
          spctl -a -vvv -t install mo-dump
          codesign --test-requirement="=notarized" -vv mo-dump
        
          # rename filepath
          cd .. && mv ./mo-dump-darwin mo-dump-${{ steps.get_release.outputs.tag_name }}-darwin-x86_64
          
          zip -r mo-dump-${{ steps.get_release.outputs.tag_name }}-darwin-x86_64.zip mo-dump-${{ steps.get_release.outputs.tag_name }}-darwin-x86_64

      - name: Upload Release normal darwin x86_64
        uses: actions/upload-release-asset@v1.0.1
        env:
          GITHUB_TOKEN: ${{ secrets.TOKEN_ACTION }}
        with:
          upload_url: ${{ steps.get_release.outputs.upload_url }}
          asset_path: ./mo-dump-${{ steps.get_release.outputs.tag_name }}-darwin-x86_64.zip
          asset_name: mo-dump-${{ steps.get_release.outputs.tag_name }}-darwin-x86_64.zip
          asset_content_type: application/zip

  #if the release for darwin-arm is failed, please contact guguducken to check runner status
  darwin-arm-build-job:
    runs-on: mac-arm64-mini
    steps:
      - name: Sync system time
        run: |
          set +e;
          for i in {1..10}; do
            sudo sntp -sS time.apple.com;
            if [ "$?" == "0" ]; then
              exit 0;
            fi
          done
          exit 1;
      - name: Checkout source
        uses: actions/checkout@v3
      - name: Get release
        id: get_release
        uses: bruceadams/get-release@v1.3.2
        env:
          GITHUB_TOKEN: ${{ secrets.TOKEN_ACTION }}
      - name: Check go version
        run: |
          go version
      - name: Build normal
        run: |
          make build
      - name: Remove Code-Signing Certificates
        run: |
          security list-keychains | grep sign | awk 'system("security delete-keychain "$1)'
          security find-identity -p codesigning | grep ID | awk 'NR=1{system("security delete-identity -Z "$2)}'
      - name: Import Code-Signing Certificates
        uses: Apple-Actions/import-codesign-certs@v1
        with:
          # The certificates in a PKCS12 file encoded as a base64 string
          p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
          # The password used to import the PKCS12 file.
          p12-password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
      - name: Code signing and app notarization
        env:
          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
          AC_PROVIDER: ${{ secrets.AC_PROVIDER }}
        run: |
          cat ./gon.json
          gon -log-json ./gon.json
          unzip -d ./mo-dump-darwin mo-dump.zip
          cd ./mo-dump-darwin
          spctl -a -vvv -t install mo-dump
          codesign --test-requirement="=notarized" -vv mo-dump

          # rename filepath
          cd .. && mv ./mo-dump-darwin mo-dump-${{ steps.get_release.outputs.tag_name }}-darwin-arm64

          zip -r mo-dump-${{ steps.get_release.outputs.tag_name }}-darwin-arm64.zip mo-dump-${{ steps.get_release.outputs.tag_name }}-darwin-arm64
      - name: Upload Release normal darwin arm64
        uses: actions/upload-release-asset@v1.0.1
        env:
          GITHUB_TOKEN: ${{ secrets.TOKEN_ACTION }}
        with:
          upload_url: ${{ steps.get_release.outputs.upload_url }}
          asset_path: ./mo-dump-${{ steps.get_release.outputs.tag_name }}-darwin-arm64.zip
          asset_name: mo-dump-${{ steps.get_release.outputs.tag_name }}-darwin-arm64.zip
          asset_content_type: application/zip
      - name: Remove Code-Signing Certificates
        if: ${{ always() }}
        run: |
          security list-keychains | grep sign | awk 'system("security delete-keychain "$1)'
          security find-identity -p codesigning | grep ID | awk 'NR=1{system("security delete-identity -Z "$2)}'