ci: add constellation-windows-amd64.exe to release artifacts uploaded to GitHub (#2075)

2024-09-20 00:06:21 +00:00 · 2023-07-10 10:21:48 +02:00 · 2023-07-10 10:21:48 +02:00 · c6230ff8ca
commit c6230ff8ca
parent 2c1da48437
2 changed files with 47 additions and 5 deletions
--- a/.github/actions/build_cli/action.yml
+++ b/.github/actions/build_cli/action.yml
@ -49,7 +49,7 @@ runs:
      env:
        TARGET_GOOS: ${{ inputs.targetOS }}
        TARGET_GOARCH: ${{ inputs.targetArch }}
-        OUTPUT_PATH: ${{ inputs.outputPath || format('./build/constellation-{0}-{1}', inputs.targetOS, inputs.targetArch) }}
+        OUTPUT_PATH: ${{ inputs.outputPath || format('./build/constellation-{0}-{1}', inputs.targetOS, inputs.targetArch) }}${{ inputs.targetOS == 'windows' && '.exe' || '' }}
      run: |
        echo "::group::Build CLI"
        mkdir -p "$(dirname "${OUTPUT_PATH}")"
@ -100,7 +100,7 @@ runs:
        COSIGN_PUBLIC_KEY: ${{ inputs.cosignPublicKey }}
        COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
        COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
-        OUTPUT_PATH: ${{ github.workspace }}/${{ inputs.outputPath || format('./build/constellation-{0}-{1}', inputs.targetOS, inputs.targetArch) }}
+        OUTPUT_PATH: ${{ github.workspace }}/${{ inputs.outputPath || format('./build/constellation-{0}-{1}', inputs.targetOS, inputs.targetArch) }}${{ inputs.targetOS == 'windows' && '.exe' || '' }}
      run: |
        echo "$COSIGN_PUBLIC_KEY" > cosign.pub
        # Enabling experimental mode also publishes signature to Rekor
--- a/.github/workflows/release-cli.yml
+++ b/.github/workflows/release-cli.yml
@ -46,8 +46,21 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        arch: [amd64, arm64]
-        os: [linux, darwin]
+        include:
+          - arch: amd64
+            os: linux
+
+          - arch: amd64
+            os: darwin
+
+          - arch: amd64
+            os: windows
+
+          - arch: arm64
+            os: linux
+
+          - arch: arm64
+            os: darwin
    steps:
      - name: Checkout
        id: checkout
@ -70,14 +83,24 @@ jobs:
          cosignPrivateKey: ${{ inputs.key == 'release' && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
          cosignPassword: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}

-      - name: Upload CLI as artifact
+      - name: Upload CLI as artifact (unix)
        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        if : ${{ matrix.os != 'windows' }}
        with:
          name: constellation-${{ matrix.os }}-${{ matrix.arch }}
          path: |
            build/constellation-${{ matrix.os }}-${{ matrix.arch }}
            build/constellation-${{ matrix.os }}-${{ matrix.arch }}.sig

+      - name: Upload CLI as artifact (windows)
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        if : ${{ matrix.os == 'windows' }}
+        with:
+          name: constellation-${{ matrix.os }}-${{ matrix.arch }}
+          path: |
+            build/constellation-${{ matrix.os }}-${{ matrix.arch }}.exe
+            build/constellation-${{ matrix.os }}-${{ matrix.arch }}.exe.sig
+
  push-containers:
    runs-on: ubuntu-22.04
    if: inputs.pushContainers
@ -137,6 +160,11 @@ jobs:
        with:
          name: constellation-linux-arm64

+      - name: Download CLI binaries windows-amd64
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: constellation-windows-amd64
+
      - name: Download CLI SBOM
        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
        with:
@ -150,6 +178,7 @@ jobs:
            constellation-darwin-arm64 \
            constellation-linux-amd64 \
            constellation-linux-arm64 \
+            constellation-windows-amd64.exe \
            constellation.spdx.sbom)
          HASHESB64=$(echo "${HASHES}" | base64 -w0)
          echo "${HASHES}"
@ -253,6 +282,11 @@ jobs:
        with:
          name: constellation-linux-arm64

+      - name: Download CLI binaries windows-amd64
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: constellation-windows-amd64
+
      - name: Download CLI SBOM
        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
        with:
@ -282,6 +316,9 @@ jobs:
          slsa-verifier verify-artifact constellation-linux-arm64 \
            --provenance-path ${{ needs.provenance.outputs.provenance-name }} \
            --source-uri github.com/edgelesssys/constellation
+          slsa-verifier verify-artifact constellation-windows-amd64.exe \
+            --provenance-path ${{ needs.provenance.outputs.provenance-name }} \
+            --source-uri github.com/edgelesssys/constellation
          slsa-verifier verify-artifact constellation.spdx.sbom \
            --provenance-path ${{ needs.provenance.outputs.provenance-name }} \
            --source-uri github.com/edgelesssys/constellation
@ -320,6 +357,11 @@ jobs:
        with:
          name: constellation-linux-arm64

+      - name: Download CLI binaries windows-amd64
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+        with:
+          name: constellation-windows-amd64
+
      - name: Download Constellation CLI SBOM
        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
        with: