diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c9462be1c..4ca98a0b1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,16 @@ on: tags: - "[0-9]+.[0-9]+.[0-9]+*" +env: + TARGET: "/CreateAgent/" + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_REGION: "us-east-1" # or https://github.com/aws/aws-cli/issues/5623 + KEYCHAIN: "sign.keychain" + INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12" + AC_USERNAME: ${{ secrets.AC_USERNAME }} # used by gon + AC_PASSWORD: ${{ secrets.AC_PASSWORD }} # used by gon + jobs: # The build job is responsible for: configuring the environment, testing and compiling process build: @@ -14,16 +24,31 @@ jobs: - operating-system: ubuntu-18.04 - operating-system: windows-2019 arch: -386 + ext: ".exe" - operating-system: windows-2019 arch: -amd64 + ext: ".exe" - operating-system: macos-10.15 + defaults: + run: + shell: bash + runs-on: ${{ matrix.operating-system }} steps: - - name: Set version - run: echo "TAG_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV - shell: bash + - name: Set env vars + run: | + echo "TAG_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV + echo $(go env GOPATH)/bin >> $GITHUB_PATH + + - name: Identify Prerelease + # This is a workaround while waiting for create-release action to implement auto pre-release based on tag + id: prerelease + run: | + curl -L -s https://github.com/fsaintjacques/semver-tool/archive/3.1.0.zip -o /tmp/3.1.0.zip + unzip -p /tmp/3.1.0.zip semver-tool-3.1.0/src/semver >/tmp/semver && chmod +x /tmp/semver + if [[ $(/tmp/semver get prerel ${GITHUB_REF/refs\/tags\//}) ]]; then echo "::set-output name=IS_PRE::true"; fi - name: Disable EOL conversions run: git config --global core.autocrlf false @@ -48,7 +73,7 @@ jobs: run: | go get github.com/golangci/govet go get golang.org/x/lint/golint - shell: bash + go get -u github.com/sanbornm/go-selfupdate/... - name: Install Taskfile uses: arduino/actions/setup-taskfile@master @@ -97,6 +122,19 @@ jobs: run: task build if: matrix.operating-system == 'macos-10.15' + # this will create `public/` dir with compressed full bin (/-.gz) and a json file + - name: Create autoupdate files + run: go-selfupdate arduino-create-agent${{ matrix.ext }} ${TAG_VERSION} + if: matrix.arch != '-386' && steps.prerelease.outputs.IS_PRE != 'true' + + - name: Create autoupdate files for win32 + run: go-selfupdate -platform windows${{ matrix.arch }} arduino-create-agent${{ matrix.ext }} ${TAG_VERSION} + if: matrix.arch == '-386' && steps.prerelease.outputs.IS_PRE != 'true' + + - name: Upload autoupdate files to Arduino downloads servers + run: aws s3 sync public/ s3://${{ secrets.DOWNLOADS_BUCKET }}${{ env.TARGET }} + if: steps.prerelease.outputs.IS_PRE != 'true' + # config.ini is required by the executable when it's run - name: Upload artifacts uses: actions/upload-artifact@v2 @@ -122,9 +160,6 @@ jobs: path: arduino-create-agent-${{ env.RUNS_ON }} - name: Import Code-Signing Certificates - env: - KEYCHAIN: "sign.keychain" - INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12" run: | echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > ${{ env.INSTALLER_CERT_MAC_PATH }} security create-keychain -p ${{ secrets.KEYCHAIN_PASSWORD }} ${{ env.KEYCHAIN }} @@ -155,9 +190,6 @@ jobs: EOF - name: Code sign and notarize app - env: - AC_USERNAME: ${{ secrets.AC_USERNAME }} - AC_PASSWORD: ${{ secrets.AC_PASSWORD }} run: | echo "gon will notarize executable in arduino-create-agent-${{ env.RUNS_ON }}/arduino-create-agent" gon -log-level=debug -log-json gon.config.hcl @@ -308,9 +340,6 @@ jobs: run: chmod -v +x ArduinoCreateAgent-osx/ArduinoCreateAgent-${GITHUB_REF##*/}-osx-installer-${{ matrix.browser }}.app/Contents/MacOS/* - name: Import Code-Signing Certificates - env: - KEYCHAIN: "sign.keychain" - INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12" run: | echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > ${{ env.INSTALLER_CERT_MAC_PATH }} security create-keychain -p ${{ secrets.KEYCHAIN_PASSWORD }} ${{ env.KEYCHAIN }} @@ -342,9 +371,6 @@ jobs: EOF - name: Code sign and notarize app - env: - AC_USERNAME: ${{ secrets.AC_USERNAME }} - AC_PASSWORD: ${{ secrets.AC_PASSWORD }} run: | echo "gon will notarize executable in ArduinoCreateAgent-osx/ArduinoCreateAgent-${GITHUB_REF##*/}-osx-installer-${{ matrix.browser }}.app" gon -log-level=debug -log-json gon.config_installer.hcl @@ -364,10 +390,6 @@ jobs: create-release: runs-on: ubuntu-18.04 needs: code-sign-mac-installers - env: - TARGET: "/CreateBridgeStable/" - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} steps: - name: Download artifact @@ -377,7 +399,7 @@ jobs: # This is a workaround while waiting for create-release action to implement auto pre-release based on tag id: prerelease run: | - wget -q -P /tmp https://github.com/fsaintjacques/semver-tool/archive/3.1.0.zip + curl -L -s https://github.com/fsaintjacques/semver-tool/archive/3.1.0.zip -o /tmp/3.1.0.zip unzip -p /tmp/3.1.0.zip semver-tool-3.1.0/src/semver >/tmp/semver && chmod +x /tmp/semver if [[ $(/tmp/semver get prerel ${GITHUB_REF/refs\/tags\//}) ]]; then echo "::set-output name=IS_PRE::true"; fi diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5e082621a..27f78908a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,6 +14,9 @@ jobs: - operating-system: windows-2019 arch: -amd64 - operating-system: macos-10.15 + defaults: + run: + shell: bash runs-on: ${{ matrix.operating-system }} @@ -41,7 +44,6 @@ jobs: run: | go get github.com/golangci/govet go get golang.org/x/lint/golint - shell: bash - name: Install Taskfile uses: arduino/actions/setup-taskfile@master diff --git a/updater/updater.go b/updater/updater.go index 4b5faaf71..0d339bf59 100644 --- a/updater/updater.go +++ b/updater/updater.go @@ -55,9 +55,10 @@ const ( const devValidTime = 7 * 24 * time.Hour var errHashMismatch = errors.New("new file hash mismatch after patch") +var errDiffUrlUndefined = errors.New("DiffURL is not defined, I cannot fetch and apply patch, reverting to full bin") var up = update.New() -// TempPath generates a temporary path for the executable +// TempPath generates a temporary path for the executable (adding "-temp") func TempPath(path string) string { if filepath.Ext(path) == "exe" { path = strings.Replace(path, ".exe", "-temp.exe", -1) @@ -68,7 +69,7 @@ func TempPath(path string) string { return path } -// TempPath generates the proper path for a temporary executable +// BinPath generates the proper path for a temporary executable (removing "-temp") func BinPath(path string) string { return strings.Replace(path, "-temp", "", -1) } @@ -141,6 +142,9 @@ func verifySha(bin []byte, sha []byte) bool { } func (u *Updater) fetchAndApplyPatch(old io.Reader) ([]byte, error) { + if u.DiffURL == "" { + return nil, errDiffUrlUndefined + } r, err := fetch(u.DiffURL + u.CmdName + "/" + u.CurrentVersion + "/" + u.Info.Version + "/" + plat) if err != nil { return nil, err @@ -238,12 +242,13 @@ func (u *Updater) update() error { } bin, err := u.fetchAndVerifyPatch(old) if err != nil { - if err == errHashMismatch { + switch err { + case errHashMismatch: log.Println("update: hash mismatch from patched binary") - } else { - if u.DiffURL != "" { - log.Println("update: patching binary,", err) - } + case errDiffUrlUndefined: + log.Println("update: ", err) + default: + log.Println("update: patching binary, ", err) } bin, err = u.fetchAndVerifyFullBin()