emqx4.3/.github/workflows/build_packages.yaml

name: Cross build packages

concurrency:
  group: build-${{ github.event_name }}-${{ github.ref }}
  cancel-in-progress: true

on:
  push:
    branches:
    - 'ci/**'
    tags:
    - v*
    - e*
  workflow_dispatch:
    inputs:
      branch_or_tag:
        required: false
      profile:
        required: false

jobs:
  prepare:
    runs-on: ubuntu-22.04
    container: ghcr.io/emqx/emqx-builder/5.1-0:1.14.5-25.3.2-1-ubuntu22.04
    outputs:
      BUILD_PROFILE: ${{ steps.get_profile.outputs.BUILD_PROFILE }}
      IS_EXACT_TAG: ${{ steps.get_profile.outputs.IS_EXACT_TAG }}
      VERSION: ${{ steps.get_profile.outputs.VERSION }}
    steps:
      - uses: actions/checkout@v3
        with:
          ref: ${{ github.event.inputs.branch_or_tag }} # when input is not given, the event tag is used
          fetch-depth: 0

      - name: Get profile to build
        id: get_profile
        run: |
          git config --global --add safe.directory "$GITHUB_WORKSPACE"
          tag=${{ github.ref }}
          if git describe --tags --match "[v|e]*" --exact; then
            echo "WARN: This is an exact git tag, will publish release"
            is_exact_tag='true'
          else
            echo "WARN: This is NOT an exact git tag, will not publish release"
            is_exact_tag='false'
          fi
          echo "IS_EXACT_TAG=${is_exact_tag}" >> $GITHUB_OUTPUT
          case $tag in
            refs/tags/v*)
              PROFILE='emqx'
              ;;
            refs/tags/e*)
              PROFILE=emqx-enterprise
              ;;
            *)
              PROFILE=${{ github.event.inputs.profile }}
              case "$PROFILE" in
                emqx)
                  true
                  ;;
                emqx-enterprise)
                  true
                  ;;
                *)
                  # maybe triggered from schedule
                  echo "WARN: \"$PROFILE\" is not a valid profile."
                  echo "building the default profile 'emqx' instead"
                  PROFILE='emqx'
                  ;;
              esac
              ;;
          esac
          echo "BUILD_PROFILE=$PROFILE" >> $GITHUB_OUTPUT
          echo "VERSION=$(./pkg-vsn.sh $PROFILE)" >> $GITHUB_OUTPUT

  windows:
    runs-on: windows-2019
    if: startsWith(github.ref_name, 'v')
    strategy:
      fail-fast: false
      matrix:
        profile: # for now only CE for windows
          - emqx
    steps:
    - uses: actions/checkout@v3
      with:
        ref: ${{ github.event.inputs.branch_or_tag }}
        fetch-depth: 0

    - uses: ilammy/msvc-dev-cmd@v1.12.0
    - uses: erlef/setup-beam@v1.15.4
      with:
        otp-version: 25.3.2
    - name: build
      env:
        PYTHON: python
        DIAGNOSTIC: 1
      run: |
        # ensure crypto app (openssl)
        erl -eval "erlang:display(crypto:info_lib())" -s init stop
        make ${{ matrix.profile }}-tgz
    - name: run emqx
      timeout-minutes: 5
      run: |
        $ErrorActionPreference = "Stop"
        ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx start
        Start-Sleep -s 10
        $pingOutput = ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx ping
        if ($pingOutput = 'pong') {
          echo "EMQX started OK"
        } else {
          echo "Failed to ping EMQX $pingOutput"
          Exit 1
        }
        ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx stop
        echo "EMQX stopped"
        ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx install
        echo "EMQX installed"
        ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx uninstall
        echo "EMQX uninstalled"
    - uses: actions/upload-artifact@v3
      if: success()
      with:
        name: ${{ matrix.profile }}
        path: _packages/${{ matrix.profile }}/

  mac:
    needs: prepare
    strategy:
      fail-fast: false
      matrix:
        profile:
          - ${{ needs.prepare.outputs.BUILD_PROFILE }}
        otp:
          - 25.3.2-1
        os:
          - macos-11
          - macos-12
          - macos-12-arm64
    runs-on: ${{ matrix.os }}
    steps:
    - uses: emqx/self-hosted-cleanup-action@v1.0.3
    - uses: actions/checkout@v3
      with:
        ref: ${{ github.event.inputs.branch_or_tag }}
        fetch-depth: 0
    - uses: ./.github/actions/package-macos
      with:
        profile: ${{ matrix.profile }}
        otp: ${{ matrix.otp }}
        os: ${{ matrix.os }}
        apple_id_password: ${{ secrets.APPLE_ID_PASSWORD }}
        apple_developer_identity: ${{ secrets.APPLE_DEVELOPER_IDENTITY }}
        apple_developer_id_bundle: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE }}
        apple_developer_id_bundle_password: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE_PASSWORD }}
    - uses: actions/upload-artifact@v3
      if: success()
      with:
        name: ${{ matrix.profile }}
        path: _packages/${{ matrix.profile }}/

  linux:
    needs: prepare
    runs-on: ${{ matrix.build_machine }}
    # always run in builder container because the host might have the wrong OTP version etc.
    # otherwise buildx.sh does not run docker if arch and os matches the target arch and os.
    container:
      image: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os }}"

    strategy:
      fail-fast: false
      matrix:
        profile:
          - ${{ needs.prepare.outputs.BUILD_PROFILE }}
        otp:
          - 25.3.2-1
        arch:
          - amd64
          - arm64
        os:
          - ubuntu22.04
          - ubuntu20.04
          - ubuntu18.04
          - debian11
          - debian10
          - el9
          - el8
          - el7
          - amzn2
        build_machine:
          - aws-arm64
          - ubuntu-22.04
        builder:
          - 5.1-0
        elixir:
          - 1.14.5
        with_elixir:
          - 'no'
        exclude:
          - arch: arm64
            build_machine: ubuntu-22.04
          - arch: amd64
            build_machine: aws-arm64
        include:
          - profile: emqx
            otp: 25.3.2-1
            arch: amd64
            os: ubuntu22.04
            build_machine: ubuntu-22.04
            builder: 5.1-0
            elixir: 1.14.5
            with_elixir: 'yes'
          - profile: emqx
            otp: 25.3.2-1
            arch: amd64
            os: amzn2
            build_machine: ubuntu-22.04
            builder: 5.1-0
            elixir: 1.14.5
            with_elixir: 'yes'

    defaults:
      run:
        shell: bash

    steps:
    - uses: AutoModality/action-clean@v1
      if: matrix.build_machine == 'aws-arm64'

    - uses: actions/checkout@v3
      with:
        ref: ${{ github.event.inputs.branch_or_tag }}
        fetch-depth: 0

    - name: build emqx packages
      env:
        ELIXIR: ${{ matrix.elixir }}
        PROFILE: ${{ matrix.profile }}
        ARCH: ${{ matrix.arch }}
      run: |
        set -eu
        git config --global --add safe.directory "$GITHUB_WORKSPACE"
        # Align path for CMake caches
        if [ ! "$PWD" = "/emqx" ]; then
          ln -s $PWD /emqx
          cd /emqx
        fi
        echo "pwd is $PWD"
        PKGTYPES="tgz pkg"
        IS_ELIXIR=${{ matrix.with_elixir }}
        if [ "${IS_ELIXIR:-}" == 'yes' ]; then
          PKGTYPES="tgz"
        fi
        for PKGTYPE in ${PKGTYPES};
        do
          ./scripts/buildx.sh \
            --profile "${PROFILE}" \
            --pkgtype "${PKGTYPE}" \
            --arch "${ARCH}" \
            --elixir "${IS_ELIXIR}" \
            --builder "force_host"
        done
    - uses: actions/upload-artifact@v3
      if: success()
      with:
        name: ${{ matrix.profile }}
        path: _packages/${{ matrix.profile }}/

  publish_artifacts:
    runs-on: ubuntu-22.04
    needs: [prepare, mac, linux]
    if: needs.prepare.outputs.IS_EXACT_TAG == 'true'
    strategy:
      fail-fast: false
      matrix:
        profile:
          - ${{ needs.prepare.outputs.BUILD_PROFILE }}
    steps:
    - uses: actions/download-artifact@v3
      with:
        name: ${{ matrix.profile }}
        path: packages/${{ matrix.profile }}
    - name: install dos2unix
      run: sudo apt-get update && sudo apt install -y dos2unix
    - name: get packages
      run: |
        set -e -u
        cd packages/${{ matrix.profile }}
        # fix the .sha256 file format
        for var in $(ls | grep emqx | grep -v sha256); do
          dos2unix $var.sha256
          echo "$(cat $var.sha256) $var" | sha256sum -c || exit 1
        done
        cd -
    - uses: aws-actions/configure-aws-credentials@v2
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
    - name: upload to aws s3
      env:
        PROFILE: ${{ matrix.profile }}
      run: |
        set -e -u
        if [ $PROFILE = 'emqx' ]; then
            s3dir='emqx-ce'
        elif [ $PROFILE = 'emqx-enterprise' ]; then
            s3dir='emqx-ee'
        else
            echo "unknown profile $PROFILE"
            exit 1
        fi
        aws s3 cp --recursive packages/$PROFILE s3://${{ secrets.AWS_S3_BUCKET }}/$s3dir/${{ github.ref_name }}
        aws cloudfront create-invalidation --distribution-id ${{ secrets.AWS_CLOUDFRONT_ID }} --paths "/$s3dir/${{ github.ref_name }}/*"