OpsView/.github/workflows/release.yml at master · stormixus/OpsView · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
name: Release

on:
  push:
    tags:
      - "v*"

permissions:
  contents: write
  packages: write

env:
  GO_VERSION: "1.25"

jobs:
  build-agent:
    runs-on: windows-latest
    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-go@v5
        with:
          go-version: ${{ env.GO_VERSION }}
          cache-dependency-path: agent/go.sum

      - name: Build agent (windows/amd64)
        shell: bash
        run: |
          cd agent
          TAG="${{ github.event.release.tag_name || github.ref_name }}"
          GOOS=windows GOARCH=amd64 CGO_ENABLED=1 go build -ldflags="-s -w -H windowsgui -X main.Version=${TAG}" -o opsview-agent.exe .

      - name: Build installer
        shell: pwsh
        run: |
          $tag = "${{ github.event.release.tag_name || github.ref_name }}" -replace '^v', ''
          & 'C:\Program Files (x86)\Inno Setup 6\ISCC.exe' "/DMyAppVersion=$tag" agent\installer.iss

      - uses: actions/upload-artifact@v4
        with:
          name: opsview-agent-windows-amd64
          path: agent/opsview-agent-setup.exe

  build-viewer:
    strategy:
      fail-fast: false
      matrix:
        include:
          - os: windows-latest
            goos: windows
            goarch: amd64
            artifact: opsview-viewer-windows-amd64
            wails_flags: "-nsis"
          - os: ubuntu-22.04
            goos: linux
            goarch: amd64
            artifact: opsview-viewer-linux-amd64
            wails_flags: ""
          - os: macos-latest
            goos: darwin
            goarch: arm64
            artifact: opsview-viewer-darwin-arm64
            wails_flags: ""
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-go@v5
        with:
          go-version: ${{ env.GO_VERSION }}
          cache-dependency-path: viewer/go.sum

      - uses: actions/setup-node@v4
        with:
          node-version: "20"

      - name: Install Wails
        run: go install github.com/wailsapp/wails/v2/cmd/wails@latest

      - name: Install NSIS
        if: matrix.goos == 'windows'
        shell: pwsh
        run: |
          choco install nsis -y
          echo "C:\Program Files (x86)\NSIS" | Out-File -FilePath $env:GITHUB_PATH -Append

      - name: Install Linux dependencies
        if: matrix.goos == 'linux'
        run: |
          sudo apt-get update
          sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev

      - name: Build viewer
        shell: bash
        run: |
          cd viewer
          TAG="${{ github.event.release.tag_name || github.ref_name }}"
          wails build ${{ matrix.wails_flags }} -platform ${{ matrix.goos }}/${{ matrix.goarch }} -ldflags "-X main.Version=$TAG"

      - name: Download Real-ESRGAN
        shell: bash
        run: |
          ESRGAN_VER="20220424"
          case "${{ matrix.goos }}" in
            darwin)  ESRGAN_OS="macos" ;;
            windows) ESRGAN_OS="windows" ;;
            linux)   ESRGAN_OS="ubuntu" ;;
          esac
          curl -L "https://github.com/xinntao/Real-ESRGAN/releases/download/v0.2.5.0/realesrgan-ncnn-vulkan-${ESRGAN_VER}-${ESRGAN_OS}.zip" -o esrgan.zip
          mkdir -p esrgan
          unzip -o esrgan.zip -d esrgan-tmp
          cp esrgan-tmp/realesrgan-ncnn-vulkan* esrgan/ || true
          cp -r esrgan-tmp/models esrgan/
          rm -rf esrgan-tmp esrgan.zip

      - name: Package viewer (Windows)
        if: matrix.goos == 'windows'
        shell: pwsh
        run: |
          Copy-Item "viewer/build/bin/opsview-viewer-amd64-installer.exe" "${{ matrix.artifact }}-setup.exe"
          New-Item -ItemType Directory -Force -Path dist-esrgan/esrgan | Out-Null
          Copy-Item -Recurse esrgan/* dist-esrgan/esrgan/
          Compress-Archive -Path dist-esrgan/esrgan -DestinationPath "${{ matrix.artifact }}-esrgan.zip"

      - name: Bundle Real-ESRGAN into app (macOS)
        if: matrix.goos == 'darwin'
        run: |
          mkdir -p "viewer/build/bin/opsview-viewer.app/Contents/Resources/esrgan"
          cp esrgan/realesrgan-ncnn-vulkan "viewer/build/bin/opsview-viewer.app/Contents/Resources/esrgan/"
          cp -r esrgan/models "viewer/build/bin/opsview-viewer.app/Contents/Resources/esrgan/"

      - name: Import signing certificate
        if: matrix.goos == 'darwin' && env.HAS_CERT == 'true'
        env:
          HAS_CERT: ${{ secrets.APPLE_CERTIFICATE_P12_BASE64 != '' }}
        run: |
          echo "${{ secrets.APPLE_CERTIFICATE_P12_BASE64 }}" | base64 --decode > cert.p12
          KEYCHAIN=build.keychain-db
          security create-keychain -p actions $KEYCHAIN
          security set-keychain-settings -lut 900 $KEYCHAIN
          security unlock-keychain -p actions $KEYCHAIN
          security import cert.p12 -k $KEYCHAIN -P "${{ secrets.APPLE_CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign
          security set-key-partition-list -S apple-tool:,apple: -s -k actions $KEYCHAIN
          security list-keychains -d user -s $KEYCHAIN login.keychain
          rm cert.p12

      - name: Sign app
        if: matrix.goos == 'darwin' && env.HAS_CERT == 'true'
        env:
          HAS_CERT: ${{ secrets.APPLE_CERTIFICATE_P12_BASE64 != '' }}
        run: |
          # Sign third-party esrgan binary first
          codesign --force --options runtime \
            --sign "${{ secrets.APPLE_SIGNING_IDENTITY }}" \
            viewer/build/bin/opsview-viewer.app/Contents/Resources/esrgan/realesrgan-ncnn-vulkan
          # Sign the entire app bundle
          codesign --deep --force --options runtime \
            --sign "${{ secrets.APPLE_SIGNING_IDENTITY }}" \
            --entitlements viewer/build/entitlements.plist \
            viewer/build/bin/opsview-viewer.app

      - name: Notarize app
        if: matrix.goos == 'darwin' && env.HAS_CERT == 'true'
        env:
          HAS_CERT: ${{ secrets.APPLE_CERTIFICATE_P12_BASE64 != '' }}
        run: |
          ditto -c -k --keepParent viewer/build/bin/opsview-viewer.app notarize.zip
          xcrun notarytool submit notarize.zip \
            --apple-id "${{ secrets.APPLE_ID }}" \
            --password "${{ secrets.APPLE_ID_PASSWORD }}" \
            --team-id "${{ secrets.APPLE_TEAM_ID }}" \
            --wait
          xcrun stapler staple viewer/build/bin/opsview-viewer.app
          rm notarize.zip

      - name: Package viewer (macOS)
        if: matrix.goos == 'darwin'
        run: |
          mkdir -p dmg-stage
          cp -R viewer/build/bin/opsview-viewer.app dmg-stage/
          ln -s /Applications dmg-stage/Applications
          hdiutil create -volname "OpsView Viewer" \
            -srcfolder dmg-stage \
            -ov -format UDZO \
            ${{ matrix.artifact }}.dmg
          rm -rf dmg-stage

      - name: Package viewer (Linux)
        if: matrix.goos == 'linux'
        run: |
          cd viewer/build/bin
          mkdir -p esrgan
          cp ../../../esrgan/realesrgan-ncnn-vulkan esrgan/
          chmod +x esrgan/realesrgan-ncnn-vulkan
          cp -r ../../../esrgan/models esrgan/
          tar czf ../../../${{ matrix.artifact }}.tar.gz opsview-viewer esrgan/

      - uses: actions/upload-artifact@v4
        with:
          name: ${{ matrix.artifact }}
          path: |
            ${{ matrix.artifact }}-setup.exe
            ${{ matrix.artifact }}-esrgan.zip
            ${{ matrix.artifact }}.dmg
            ${{ matrix.artifact }}.tar.gz

      - name: Cleanup keychain
        if: matrix.goos == 'darwin' && always()
        run: security delete-keychain build.keychain-db 2>/dev/null || true

  build-relay-docker:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Log in to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Extract tag
        id: tag
        run: echo "version=${{ github.event.release.tag_name || github.ref_name }}" >> "$GITHUB_OUTPUT"

      - name: Build and push relay image
        uses: docker/build-push-action@v6
        with:
          context: .
          file: relay/Dockerfile
          platforms: linux/amd64
          push: true
          tags: |
            ghcr.io/${{ github.repository_owner }}/opsview-relay:${{ steps.tag.outputs.version }}
            ghcr.io/${{ github.repository_owner }}/opsview-relay:latest

  release:
    needs: [build-agent, build-viewer]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/download-artifact@v4
        with:
          path: artifacts
          pattern: opsview-*
          merge-multiple: true

      - name: Create GitHub Release
        uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ github.event.release.tag_name || github.ref_name }}
          generate_release_notes: true
          append_body: true
          files: |
            artifacts/*.dmg
            artifacts/*-setup.exe
            artifacts/*.tar.gz
            artifacts/*.zip