mirror of
https://github.com/phishingclub/phishingclub.git
synced 2026-07-04 11:27:57 +02:00
@@ -3,6 +3,18 @@ name: Test Build
|
||||
on:
|
||||
push:
|
||||
branches: [test-build]
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
build_arm:
|
||||
description: "Also build arm64 (default builds amd64 only)"
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
# BUILD_ARM controls whether arm64 is built alongside amd64.
|
||||
# defaults to false so a normal push to test-build only builds amd64.
|
||||
# trigger the workflow manually and tick "build_arm" to also build arm64.
|
||||
env:
|
||||
BUILD_ARM: ${{ github.event.inputs.build_arm || 'false' }}
|
||||
|
||||
jobs:
|
||||
test-build:
|
||||
@@ -63,30 +75,33 @@ jobs:
|
||||
|
||||
- name: Build binaries for multiple architectures
|
||||
run: |
|
||||
mkdir -p build/arm64 /tmp/go-build-cache
|
||||
mkdir -p build/amd64 build/arm64 /tmp/go-build-cache
|
||||
|
||||
# amd64 build disabled for test builds — rarely used, arm64 only below
|
||||
# mkdir -p build/amd64
|
||||
# # build amd64 binary — static musl so no glibc floor on target systems
|
||||
# sudo docker run --rm \
|
||||
# -v "$(pwd)":/app \
|
||||
# -v /tmp/go-build-cache:/root/.cache/go-build \
|
||||
# -w /app/backend \
|
||||
# golang@sha256:c4ea15b4a7912716eb362a022e2b12317762eca387423760bc59c0f9ae69423c `# golang:1.25.10-alpine linux/amd64` \
|
||||
# sh -c "apk add --no-cache gcc musl-dev && go build -trimpath \
|
||||
# -ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }} -linkmode=external -extldflags=-static' \
|
||||
# -tags production -o ../build/amd64/phishingclub main.go"
|
||||
|
||||
# build arm64 binary — run natively under QEMU (already set up above)
|
||||
# build amd64 binary — static musl so no glibc floor on target systems
|
||||
sudo docker run --rm \
|
||||
--platform linux/arm64 \
|
||||
-v "$(pwd)":/app \
|
||||
-v /tmp/go-build-cache:/root/.cache/go-build \
|
||||
-w /app/backend \
|
||||
golang@sha256:5331adf7f8a0803631d9dc28843e288874789c14b97a3d0b54ed13e59f9e0589 `# golang:1.25.10-alpine linux/arm64` \
|
||||
golang@sha256:c4ea15b4a7912716eb362a022e2b12317762eca387423760bc59c0f9ae69423c `# golang:1.25.10-alpine linux/amd64` \
|
||||
sh -c "apk add --no-cache gcc musl-dev && go build -trimpath \
|
||||
-ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }} -linkmode=external -extldflags=-static' \
|
||||
-tags production -o ../build/arm64/phishingclub main.go"
|
||||
-tags production -o ../build/amd64/phishingclub main.go"
|
||||
|
||||
# build arm64 binary — run natively under QEMU (already set up above)
|
||||
# only when opted in via the BUILD_ARM variable
|
||||
if [ "${BUILD_ARM}" = "true" ]; then
|
||||
sudo docker run --rm \
|
||||
--platform linux/arm64 \
|
||||
-v "$(pwd)":/app \
|
||||
-v /tmp/go-build-cache:/root/.cache/go-build \
|
||||
-w /app/backend \
|
||||
golang@sha256:5331adf7f8a0803631d9dc28843e288874789c14b97a3d0b54ed13e59f9e0589 `# golang:1.25.10-alpine linux/arm64` \
|
||||
sh -c "apk add --no-cache gcc musl-dev && go build -trimpath \
|
||||
-ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }} -linkmode=external -extldflags=-static' \
|
||||
-tags production -o ../build/arm64/phishingclub main.go"
|
||||
else
|
||||
echo "BUILD_ARM not enabled - skipping arm64 build"
|
||||
fi
|
||||
|
||||
- name: Fix build directory permissions
|
||||
run: |
|
||||
@@ -107,11 +122,17 @@ jobs:
|
||||
echo "${{ secrets.SIGNKEY_1 }}" > /tmp/keys/private1.pem
|
||||
chmod 600 /tmp/keys/private1.pem
|
||||
|
||||
# amd64 signing disabled for test builds (amd64 build is off)
|
||||
# sign arm64 binary with primary key
|
||||
# sign amd64 binary with primary key
|
||||
openssl pkeyutl -sign -inkey /tmp/keys/private1.pem \
|
||||
-rawin -in build/arm64/phishingclub \
|
||||
-out build/arm64/phishingclub.sig
|
||||
-rawin -in build/amd64/phishingclub \
|
||||
-out build/amd64/phishingclub.sig
|
||||
|
||||
# sign arm64 binary with primary key (only when built)
|
||||
if [ -f build/arm64/phishingclub ]; then
|
||||
openssl pkeyutl -sign -inkey /tmp/keys/private1.pem \
|
||||
-rawin -in build/arm64/phishingclub \
|
||||
-out build/arm64/phishingclub.sig
|
||||
fi
|
||||
|
||||
# clean up keys
|
||||
rm -rf /tmp/keys
|
||||
@@ -125,23 +146,37 @@ jobs:
|
||||
run: |
|
||||
mkdir -p packages
|
||||
|
||||
# amd64 packaging disabled for test builds (amd64 build is off)
|
||||
|
||||
# test packaging for arm64
|
||||
if [ -f build/arm64/phishingclub.sig ]; then
|
||||
tar -czf packages/phishingclub_${{ steps.get_version.outputs.VERSION }}_linux_arm64.tar.gz \
|
||||
-C build/arm64 \
|
||||
# package amd64 binary with signature
|
||||
if [ -f build/amd64/phishingclub.sig ]; then
|
||||
tar -czf packages/phishingclub_${{ steps.get_version.outputs.VERSION }}_linux_amd64.tar.gz \
|
||||
-C build/amd64 \
|
||||
phishingclub \
|
||||
phishingclub.sig
|
||||
echo "✅ ARM64 package created with signature"
|
||||
echo "✅ AMD64 package created with signature"
|
||||
else
|
||||
tar -czf packages/phishingclub_${{ steps.get_version.outputs.VERSION }}_linux_arm64.tar.gz \
|
||||
-C build/arm64 \
|
||||
tar -czf packages/phishingclub_${{ steps.get_version.outputs.VERSION }}_linux_amd64.tar.gz \
|
||||
-C build/amd64 \
|
||||
phishingclub
|
||||
echo "✅ ARM64 package created without signature"
|
||||
echo "✅ AMD64 package created without signature"
|
||||
fi
|
||||
|
||||
# legacy amd64 package disabled for test builds (amd64 build is off)
|
||||
# test packaging for arm64 (only when built)
|
||||
if [ -f build/arm64/phishingclub ]; then
|
||||
if [ -f build/arm64/phishingclub.sig ]; then
|
||||
tar -czf packages/phishingclub_${{ steps.get_version.outputs.VERSION }}_linux_arm64.tar.gz \
|
||||
-C build/arm64 \
|
||||
phishingclub \
|
||||
phishingclub.sig
|
||||
echo "✅ ARM64 package created with signature"
|
||||
else
|
||||
tar -czf packages/phishingclub_${{ steps.get_version.outputs.VERSION }}_linux_arm64.tar.gz \
|
||||
-C build/arm64 \
|
||||
phishingclub
|
||||
echo "✅ ARM64 package created without signature"
|
||||
fi
|
||||
else
|
||||
echo "BUILD_ARM not enabled - skipping arm64 package"
|
||||
fi
|
||||
|
||||
# - name: Build and push test multi-arch Docker image
|
||||
# uses: docker/build-push-action@v5
|
||||
@@ -165,26 +200,49 @@ jobs:
|
||||
run: |
|
||||
echo "=== Build Summary ==="
|
||||
echo ""
|
||||
# amd64 verification disabled for test builds (amd64 build is off)
|
||||
echo "ARM64 Binary size: $(du -h build/arm64/phishingclub | cut -f1)"
|
||||
echo "ARM64 Binary info:"
|
||||
file build/arm64/phishingclub
|
||||
echo "AMD64 Binary size: $(du -h build/amd64/phishingclub | cut -f1)"
|
||||
echo "AMD64 Binary info:"
|
||||
file build/amd64/phishingclub
|
||||
|
||||
if [ -f build/arm64/phishingclub.sig ]; then
|
||||
echo "ARM64 Signature size: $(du -h build/arm64/phishingclub.sig | cut -f1)"
|
||||
if [ -f build/amd64/phishingclub.sig ]; then
|
||||
echo "AMD64 Signature size: $(du -h build/amd64/phishingclub.sig | cut -f1)"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "ARM64 Package size: $(du -h packages/phishingclub_${{ steps.get_version.outputs.VERSION }}_linux_arm64.tar.gz | cut -f1)"
|
||||
echo "ARM64 Package contents:"
|
||||
tar -tzf packages/phishingclub_${{ steps.get_version.outputs.VERSION }}_linux_arm64.tar.gz
|
||||
echo "AMD64 Package size: $(du -h packages/phishingclub_${{ steps.get_version.outputs.VERSION }}_linux_amd64.tar.gz | cut -f1)"
|
||||
echo "AMD64 Package contents:"
|
||||
tar -tzf packages/phishingclub_${{ steps.get_version.outputs.VERSION }}_linux_amd64.tar.gz
|
||||
|
||||
if [ -f build/arm64/phishingclub ]; then
|
||||
echo ""
|
||||
echo "ARM64 Binary size: $(du -h build/arm64/phishingclub | cut -f1)"
|
||||
echo "ARM64 Binary info:"
|
||||
file build/arm64/phishingclub
|
||||
|
||||
if [ -f build/arm64/phishingclub.sig ]; then
|
||||
echo "ARM64 Signature size: $(du -h build/arm64/phishingclub.sig | cut -f1)"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "ARM64 Package size: $(du -h packages/phishingclub_${{ steps.get_version.outputs.VERSION }}_linux_arm64.tar.gz | cut -f1)"
|
||||
echo "ARM64 Package contents:"
|
||||
tar -tzf packages/phishingclub_${{ steps.get_version.outputs.VERSION }}_linux_arm64.tar.gz
|
||||
else
|
||||
echo ""
|
||||
echo "ARM64 not built (BUILD_ARM not enabled)"
|
||||
fi
|
||||
|
||||
- name: Upload build artifacts (for review)
|
||||
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
|
||||
with:
|
||||
name: phishingclub-test-build-${{ steps.get_version.outputs.HASH }}
|
||||
# arm64 paths are only present when BUILD_ARM is enabled
|
||||
if-no-files-found: ignore
|
||||
path: |
|
||||
build/amd64/phishingclub
|
||||
build/amd64/phishingclub.sig
|
||||
build/arm64/phishingclub
|
||||
build/arm64/phishingclub.sig
|
||||
packages/phishingclub_${{ steps.get_version.outputs.VERSION }}_linux_amd64.tar.gz
|
||||
packages/phishingclub_${{ steps.get_version.outputs.VERSION }}_linux_arm64.tar.gz
|
||||
retention-days: 2
|
||||
|
||||
Reference in New Issue
Block a user