ci(release): 优化发布流程并简化构建产物 #6
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Release | |
| permissions: | |
| contents: write | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: "Version to release (e.g., v1.0.0). Leave empty to auto-bump from latest tag." | |
| required: false | |
| default: "" | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: stable | |
| cache: true | |
| - name: Cache Go modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Install UPX | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y upx | |
| # 取得版本号: | |
| # - workflow_dispatch:若未填写则自动 vX.Y.(Z+1),并创建/推送该 tag | |
| # - push tag:使用该 tag | |
| - name: Get version | |
| id: version | |
| run: | | |
| set -e | |
| git fetch --tags --force --prune | |
| if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then | |
| INPUT_VER="${{ github.event.inputs.version }}" | |
| if [ -n "$INPUT_VER" ]; then | |
| NEW_VER="$INPUT_VER" | |
| else | |
| LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "v0.0.0") | |
| ver="${LAST_TAG#v}" | |
| IFS='.' read -r MAJ MIN PAT <<< "$ver" | |
| : "${MAJ:=0}" ; : "${MIN:=0}" ; : "${PAT:=0}" | |
| NEW_VER="v${MAJ}.${MIN}.$((PAT+1))" | |
| fi | |
| echo "VERSION=$NEW_VER" >> $GITHUB_OUTPUT | |
| else | |
| echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Create and push tag (manual dispatch only) | |
| if: github.event_name == 'workflow_dispatch' | |
| run: | | |
| set -e | |
| TAG="${{ steps.version.outputs.VERSION }}" | |
| echo "Ensure tag exists: $TAG" | |
| if ! git rev-parse -q --verify "refs/tags/$TAG" >/dev/null; then | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git tag -a "$TAG" -m "Release $TAG" | |
| fi | |
| git push origin "$TAG" | |
| - name: Download dependencies | |
| run: go mod download | |
| - name: Verify dependencies | |
| run: go mod verify | |
| - name: Run tests | |
| run: go test -v ./... | |
| - name: Build for multiple platforms | |
| env: | |
| CGO_ENABLED: 0 | |
| run: | | |
| mkdir -p release | |
| LDFLAGS="-s -w -X 'main.version=${{ steps.version.outputs.VERSION }}'" | |
| echo "Build macOS..." | |
| GOOS=darwin GOARCH=amd64 go build -ldflags="${LDFLAGS}" -trimpath -o release/cert-deploy-mac main.go | |
| GOOS=darwin GOARCH=arm64 go build -ldflags="${LDFLAGS}" -trimpath -o release/cert-deploy-mac-arm64 main.go | |
| echo "Build Linux..." | |
| GOOS=linux GOARCH=amd64 go build -ldflags="${LDFLAGS}" -trimpath -o release/cert-deploy-linux main.go | |
| GOOS=linux GOARCH=arm64 go build -ldflags="${LDFLAGS}" -trimpath -o release/cert-deploy-linux-arm64 main.go | |
| echo "Build Windows..." | |
| GOOS=windows GOARCH=amd64 go build -ldflags="${LDFLAGS}" -trimpath -o release/cert-deploy-windows.exe main.go | |
| GOOS=windows GOARCH=arm64 go build -ldflags="${LDFLAGS}" -trimpath -o release/cert-deploy-windows-arm64.exe main.go | |
| - name: Show build info | |
| run: | | |
| echo "=== Build Info ===" | |
| echo "Version: ${{ steps.version.outputs.VERSION }}" | |
| echo "Go: $(go version)" | |
| echo "UPX: $(upx --version)" | |
| echo "Files:" | |
| ls -lh release/ | |
| - name: Compress Linux binaries with UPX | |
| run: | | |
| echo "UPX Linux binaries..." | |
| for f in release/cert-deploy-linux release/cert-deploy-linux-arm64; do | |
| if [ -f "$f" ]; then | |
| echo "UPX -> $f" | |
| upx --best "$f" || echo "⚠️ ignore UPX failure: $f" | |
| fi | |
| done | |
| echo "Done." | |
| ls -lh release/cert-deploy-linux* | |
| # 不再打包 zip/tar.gz;直接上传可执行文件 | |
| - name: Generate checksums | |
| run: | | |
| cd release | |
| sha256sum cert-deploy-* > checksums.txt | |
| echo "checksums generated:" | |
| cat checksums.txt | |
| - name: Upload release artifacts (for job debug/download) | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: release-files | |
| path: release/ | |
| retention-days: 30 | |
| - name: Create GitHub Release (push trigger) | |
| uses: softprops/action-gh-release@v2 | |
| if: github.event_name == 'push' | |
| with: | |
| generate_release_notes: true | |
| files: | | |
| release/cert-deploy-mac | |
| release/cert-deploy-mac-arm64 | |
| release/cert-deploy-linux | |
| release/cert-deploy-linux-arm64 | |
| release/cert-deploy-windows.exe | |
| release/cert-deploy-windows-arm64.exe | |
| release/checksums.txt | |
| draft: false | |
| prerelease: false | |
| - name: Create GitHub Release (manual trigger) | |
| uses: softprops/action-gh-release@v2 | |
| if: github.event_name == 'workflow_dispatch' | |
| with: | |
| tag_name: ${{ steps.version.outputs.VERSION }} | |
| name: Release ${{ steps.version.outputs.VERSION }} | |
| generate_release_notes: true | |
| files: | | |
| release/cert-deploy-mac | |
| release/cert-deploy-mac-arm64 | |
| release/cert-deploy-linux | |
| release/cert-deploy-linux-arm64 | |
| release/cert-deploy-windows.exe | |
| release/cert-deploy-windows-arm64.exe | |
| release/checksums.txt | |
| draft: false | |
| prerelease: false |