Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Standardize repository structure (#17)
* Update README and add LICENSE file * Add issue template * Add workflow to check for certificates validity * Add .gitignore * Updated go lint dependency * Add Taskfile * Update test workflow * Add DistTasks.yml to generate file for distribution * Add release workflow * Add .prettierrc and .prettierignore * Add verify formatting workflow * Add stale issues workflow * Add link validation workflow * Add check notarization certificates workflow * Fix README.md formatting * Fix certificates workflows * Fix notarization in release workflow * Fix actions casing * Fix stale issues workflow * Fix test workflow * Fix LICENSE file * Update markdown link check config * Update README.md * Fix certificates workflow * Fix link validation workflow * Fix release workflow * Add gon config file for OS X notarization * Fix release workflow * Fix certificates workflows
- Loading branch information
1 parent
2737cb3
commit 5a37bc1
Showing
20 changed files
with
1,413 additions
and
185 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
--- | ||
name: 🐛 Bug Report | ||
about: If something isn't working as expected 🤔. | ||
--- | ||
|
||
## Bug Report | ||
|
||
### Current behavior | ||
|
||
<!-- Paste the full command you run --> | ||
|
||
<!-- Add a clear and concise description of the behavior. --> | ||
|
||
### Expected behavior | ||
|
||
<!-- Add a clear and concise description of what you expected to happen. --> | ||
|
||
### Environment | ||
|
||
- Updater version: | ||
- OS and platform: | ||
|
||
### Additional context | ||
|
||
<!-- (Optional) Add any other context about the problem here. --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
name: Check for issues with signing certificates | ||
|
||
on: | ||
schedule: | ||
# run every 10 hours | ||
- cron: "0 */10 * * *" | ||
# workflow_dispatch event allows the workflow to be triggered manually. | ||
# This could be used to run an immediate check after updating certificate secrets. | ||
# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows#workflow_dispatch | ||
workflow_dispatch: | ||
|
||
env: | ||
# Begin notifications when there are less than this many days remaining before expiration | ||
EXPIRATION_WARNING_PERIOD: 30 | ||
|
||
jobs: | ||
get-certificates-list: | ||
# This workflow would fail in forks that don't have the certificate secrets defined | ||
if: github.repository == 'arduino/FirmwareUpdater' | ||
runs-on: ubuntu-latest | ||
outputs: | ||
certificates: ${{ steps.get-files.outputs.certificates }} | ||
|
||
steps: | ||
- name: checkout | ||
uses: actions/checkout@v2 | ||
|
||
- name: Set certificates path environment variable | ||
run: | | ||
# See: https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable | ||
echo "FILES=\"$(ls ${{ github.workspace }}/certs/* | xargs | sed 's/ /","/g')\"" >> $GITHUB_ENV | ||
- name: Get files list | ||
id: get-files | ||
run: | | ||
JSON=$(echo '[${{ join(env.FILES) }}]' | jq -c '{"cert_file": .}') | ||
echo "::set-output name=certificates::$JSON" | ||
check-certificates: | ||
# This workflow would fail in forks that don't have the certificate secrets defined | ||
if: github.repository == 'arduino/FirmwareUpdater' | ||
runs-on: ubuntu-latest | ||
needs: get-certificates-list | ||
|
||
strategy: | ||
fail-fast: false | ||
matrix: ${{fromJSON(needs.get-certificates-list.outputs.certificates)}} | ||
|
||
steps: | ||
- name: checkout | ||
uses: actions/checkout@v2 | ||
|
||
- name: Get days remaining before certificate expiration date | ||
id: get-days-before-expiration | ||
run: | | ||
EXPIRATION_DATE="$( | ||
( | ||
openssl x509 \ | ||
-inform der \ | ||
-in ${{ matrix.cert_file }} \ | ||
-enddate -noout | ||
) | ( | ||
grep \ | ||
--max-count=1 \ | ||
--only-matching \ | ||
--perl-regexp \ | ||
'notAfter=(\K.*)' | ||
) | ||
)" | ||
DAYS_BEFORE_EXPIRATION="$((($(date --utc --date="$EXPIRATION_DATE" +%s) - $(date --utc +%s)) / 60 / 60 / 24))" | ||
# Display the expiration information in the log | ||
echo "Certificate expiration date: $EXPIRATION_DATE" | ||
echo "Days remaining before expiration: $DAYS_BEFORE_EXPIRATION" | ||
echo "::set-output name=days::$DAYS_BEFORE_EXPIRATION" | ||
- name: Check if expiration notification period has been reached | ||
id: check-expiration | ||
run: | | ||
DAYS=${{ steps.get-days-before-expiration.outputs.days }} | ||
if [[ $DAYS -lt ${{ env.EXPIRATION_WARNING_PERIOD }} ]]; then | ||
echo "::error::${{ matrix.cert_file }} will expire in $DAYS days!!!" | ||
exit 1 | ||
fi | ||
- name: Slack notification of pending certificate expiration | ||
# Don't send spurious expiration notification if verification fails | ||
if: failure() && steps.check-expiration.outcome == 'failure' | ||
uses: rtCamp/action-slack-notify@v2.1.0 | ||
env: | ||
SLACK_WEBHOOK: ${{ secrets.TEAM_TOOLING_CHANNEL_SLACK_WEBHOOK }} | ||
SLACK_MESSAGE: | | ||
:warning::warning::warning::warning: | ||
WARNING: ${{ github.repository }} ${{ matrix.cert_file }} will expire in ${{ steps.get-days-before-expiration.outputs.days }} days!!! | ||
:warning::warning::warning::warning: | ||
SLACK_COLOR: danger | ||
MSG_MINIMAL: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,121 @@ | ||
name: Check for issues with notarization certificates | ||
|
||
on: | ||
schedule: | ||
# run every 10 hours | ||
- cron: "0 */10 * * *" | ||
# workflow_dispatch event allows the workflow to be triggered manually. | ||
# This could be used to run an immediate check after updating certificate secrets. | ||
# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows#workflow_dispatch | ||
workflow_dispatch: | ||
|
||
env: | ||
# Begin notifications when there are less than this many days remaining before expiration | ||
EXPIRATION_WARNING_PERIOD: 30 | ||
|
||
jobs: | ||
check-certificates: | ||
# This workflow would fail in forks that don't have the certificate secrets defined | ||
if: github.repository == 'arduino/FirmwareUpdater' | ||
runs-on: ubuntu-latest | ||
|
||
strategy: | ||
fail-fast: false | ||
|
||
matrix: | ||
certificate: | ||
- identifier: macOS signing certificate # Text used to identify the certificate in notifications | ||
certificate-secret: INSTALLER_CERT_MAC_P12 # The name of the secret that contains the certificate | ||
password-secret: INSTALLER_CERT_MAC_PASSWORD # The name of the secret that contains the certificate password | ||
|
||
steps: | ||
- name: Set certificate path environment variable | ||
run: | | ||
# See: https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable | ||
echo "CERTIFICATE_PATH=${{ runner.temp }}/certificate.p12" >> "$GITHUB_ENV" | ||
- name: Decode certificate | ||
env: | ||
CERTIFICATE: ${{ secrets[matrix.certificate.certificate-secret] }} | ||
run: | | ||
echo "${{ env.CERTIFICATE }}" | base64 --decode > "${{ env.CERTIFICATE_PATH }}" | ||
- name: Verify certificate | ||
env: | ||
CERTIFICATE_PASSWORD: ${{ secrets[matrix.certificate.password-secret] }} | ||
run: | | ||
( | ||
openssl pkcs12 \ | ||
-in "${{ env.CERTIFICATE_PATH }}" \ | ||
-noout -passin env:CERTIFICATE_PASSWORD | ||
) || ( | ||
echo "::error::Verification of ${{ matrix.certificate.identifier }} failed!!!" | ||
exit 1 | ||
) | ||
# See: https://github.com/rtCamp/action-slack-notify | ||
- name: Slack notification of certificate verification failure | ||
if: failure() | ||
uses: rtCamp/action-slack-notify@v2.1.0 | ||
env: | ||
SLACK_WEBHOOK: ${{ secrets.TEAM_TOOLING_CHANNEL_SLACK_WEBHOOK }} | ||
SLACK_MESSAGE: | | ||
:warning::warning::warning::warning: | ||
WARNING: ${{ github.repository }} ${{ matrix.certificate.identifier }} verification failed!!! | ||
:warning::warning::warning::warning: | ||
SLACK_COLOR: danger | ||
MSG_MINIMAL: true | ||
|
||
- name: Get days remaining before certificate expiration date | ||
env: | ||
CERTIFICATE_PASSWORD: ${{ secrets[matrix.certificate.password-secret] }} | ||
id: get-days-before-expiration | ||
run: | | ||
EXPIRATION_DATE="$( | ||
( | ||
openssl pkcs12 \ | ||
-in "${{ env.CERTIFICATE_PATH }}" \ | ||
-clcerts \ | ||
-nodes \ | ||
-passin env:CERTIFICATE_PASSWORD | ||
) | ( | ||
openssl x509 \ | ||
-noout \ | ||
-enddate | ||
) | ( | ||
grep \ | ||
--max-count=1 \ | ||
--only-matching \ | ||
--perl-regexp \ | ||
'notAfter=(\K.*)' | ||
) | ||
)" | ||
DAYS_BEFORE_EXPIRATION="$((($(date --utc --date="$EXPIRATION_DATE" +%s) - $(date --utc +%s)) / 60 / 60 / 24))" | ||
# Display the expiration information in the log | ||
echo "Certificate expiration date: $EXPIRATION_DATE" | ||
echo "Days remaining before expiration: $DAYS_BEFORE_EXPIRATION" | ||
echo "::set-output name=days::$DAYS_BEFORE_EXPIRATION" | ||
- name: Check if expiration notification period has been reached | ||
id: check-expiration | ||
run: | | ||
if [[ ${{ steps.get-days-before-expiration.outputs.days }} -lt ${{ env.EXPIRATION_WARNING_PERIOD }} ]]; then | ||
echo "::error::${{ matrix.certificate.identifier }} will expire in ${{ steps.get-days-before-expiration.outputs.days }} days!!!" | ||
exit 1 | ||
fi | ||
- name: Slack notification of pending certificate expiration | ||
# Don't send spurious expiration notification if verification fails | ||
if: failure() && steps.check-expiration.outcome == 'failure' | ||
uses: rtCamp/action-slack-notify@v2.1.0 | ||
env: | ||
SLACK_WEBHOOK: ${{ secrets.TEAM_TOOLING_CHANNEL_SLACK_WEBHOOK }} | ||
SLACK_MESSAGE: | | ||
:warning::warning::warning::warning: | ||
WARNING: ${{ github.repository }} ${{ matrix.certificate.identifier }} will expire in ${{ steps.get-days-before-expiration.outputs.days }} days!!! | ||
:warning::warning::warning::warning: | ||
SLACK_COLOR: danger | ||
MSG_MINIMAL: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
name: Verifies documentation links | ||
|
||
on: | ||
push: | ||
pull_request: | ||
schedule: | ||
- cron: "0 3 * * 1" # Every Monday at 03:00 | ||
|
||
jobs: | ||
verify-links: | ||
# Don't trigger on schedule event when in a fork | ||
if: github.event_name != 'schedule' || (github.event_name == 'schedule' && github.repository == 'arduino/FirmwareUpdater') | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
|
||
- name: Install Taskfile | ||
uses: arduino/actions/setup-taskfile@master | ||
with: | ||
repo-token: ${{ secrets.GITHUB_TOKEN }} | ||
version: 3.x | ||
|
||
- name: Verify links | ||
run: task docs:check-links |
Oops, something went wrong.