Merge pull request #203 from arduino/iam-roles #1476
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: | |
| - main | |
| schedule: | |
| - cron: '0 4 * * MON-FRI' # run every weekday at 4AM (https://docs.github.com/en/actions/reference/events-that-trigger-workflows#scheduled-events-schedule) | |
| workflow_dispatch: | |
| pull_request: | |
| branches: | |
| - main | |
| env: | |
| # As defined by the Taskfile's PROJECT_NAME variable | |
| PROJECT_NAME: arduino-language-server | |
| ARTIFACT_PREFIX: dist- | |
| AWS_REGION: "us-east-1" | |
| # The project's folder on Arduino's download server for uploading builds | |
| AWS_PLUGIN_TARGET: /arduino-language-server/nightly/ | |
| # As defined by the Taskfile's DIST_DIR variable | |
| DIST_DIR: dist | |
| jobs: | |
| build: | |
| env: | |
| BUILD_OUTPUT_DIRECTORY: dist | |
| EXECUTABLE_NAME: arduino-language-server | |
| strategy: | |
| matrix: | |
| config: | |
| - artifact-suffix: Linux_64bit | |
| os: ubuntu-latest | |
| ExecutableSuffix: '' | |
| Exports: '' | |
| - artifact-suffix: macOS_ARM64 | |
| os: macos-latest | |
| ExecutableSuffix: '' | |
| Exports: 'CGO_ENABLED=1 MACOSX_DEPLOYMENT_TARGET=10.14 ' | |
| - artifact-suffix: Windows_64bit | |
| os: windows-2019 | |
| ExecutableSuffix: '.exe' | |
| Exports: '' | |
| runs-on: ${{ matrix.config.os }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.21.5' | |
| - name: Build and Test | |
| run: | | |
| ${{ matrix.config.Exports }}go build -o "${{ github.workspace }}/${{ env.BUILD_OUTPUT_DIRECTORY }}/${{ runner.OS }}_amd64/${{ env.EXECUTABLE_NAME }}${{ matrix.config.ExecutableSuffix }}" | |
| go test ./... | |
| - name: Create archive | |
| run: 7z a "${{ github.workspace }}/${{ env.BUILD_OUTPUT_DIRECTORY }}/archive/${{ env.EXECUTABLE_NAME }}_${{ runner.OS }}_amd64.zip" "${{ github.workspace }}/${{ env.BUILD_OUTPUT_DIRECTORY }}/${{ runner.OS }}_amd64/*" | |
| - name: Upload Workflow Artifact [GitHub Actions] | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.ARTIFACT_PREFIX }}${{ matrix.config.artifact-suffix }} | |
| # this makes the artifact a .zip of the .zip archive, which is currently necessary to preserve the executable file permissions | |
| # see: https://github.com/actions/upload-artifact/issues/38 | |
| path: ${{ env.BUILD_OUTPUT_DIRECTORY }}/archive/${{ env.EXECUTABLE_NAME }}_${{ runner.OS }}_amd64.zip | |
| publish: | |
| needs: build | |
| if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main') | |
| runs-on: ubuntu-latest | |
| environment: production | |
| permissions: | |
| contents: write | |
| id-token: write # This is required for requesting the JWT | |
| steps: | |
| - name: Download Workflow Artifact [GitHub Actions] | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: ${{ env.ARTIFACT_PREFIX }}* | |
| merge-multiple: true | |
| path: ${{ env.DIST_DIR }} | |
| - name: configure aws credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| role-session-name: "github_${{ env.PROJECT_NAME }}" | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Upload release files on Arduino downloads servers | |
| run: aws s3 sync ${{ env.DIST_DIR }} s3://${{ secrets.DOWNLOADS_BUCKET }}${{ env.AWS_PLUGIN_TARGET }} |