Enable autoupdate (#582)

* add new error since DiffURL is not used (no patch bin) and optimize code

* add first implementation of auto-update to release workflow

* fix go-selfupdate not being found

* use globally bash (for win compatibility) and move comment

* uniform test.yml to release.yml

Author: umbynos

Diff for: .github/workflows/release.yml

@@ -5,6 +5,16 @@ on:
     tags:
       - "[0-9]+.[0-9]+.[0-9]+*"
 
+env:
+  TARGET: "/CreateAgent/"
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  AWS_REGION: "us-east-1" # or https://github.com/aws/aws-cli/issues/5623
+  KEYCHAIN: "sign.keychain"
+  INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12"
+  AC_USERNAME: ${{ secrets.AC_USERNAME }} # used by gon
+  AC_PASSWORD: ${{ secrets.AC_PASSWORD }} # used by gon
+
 jobs:
   # The build job is responsible for: configuring the environment, testing and compiling process
   build:
@@ -14,16 +24,31 @@ jobs:
         - operating-system: ubuntu-18.04
         - operating-system: windows-2019
           arch: -386
+          ext: ".exe"
         - operating-system: windows-2019
           arch: -amd64
+          ext: ".exe"
         - operating-system: macos-10.15
 
+    defaults:
+      run:
+        shell: bash
+
     runs-on: ${{ matrix.operating-system }}
 
     steps:
-      - name: Set version
-        run: echo "TAG_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
-        shell: bash
+      - name: Set env vars
+        run: |
+          echo "TAG_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
+          echo $(go env GOPATH)/bin >> $GITHUB_PATH
+
+      - name: Identify Prerelease
+        # This is a workaround while waiting for create-release action to implement auto pre-release based on tag
+        id: prerelease
+        run: |
+          curl -L -s https://github.com/fsaintjacques/semver-tool/archive/3.1.0.zip -o /tmp/3.1.0.zip 
+          unzip -p /tmp/3.1.0.zip semver-tool-3.1.0/src/semver >/tmp/semver && chmod +x /tmp/semver
+          if [[ $(/tmp/semver get prerel ${GITHUB_REF/refs\/tags\//}) ]]; then echo "::set-output name=IS_PRE::true"; fi
 
       - name: Disable EOL conversions
         run: git config --global core.autocrlf false
@@ -48,7 +73,7 @@ jobs:
         run: |
           go get github.com/golangci/govet
           go get golang.org/x/lint/golint
-        shell: bash
+          go get -u github.com/sanbornm/go-selfupdate/...
 
       - name: Install Taskfile
         uses: arduino/actions/setup-taskfile@master
@@ -97,6 +122,19 @@ jobs:
         run: task build
         if: matrix.operating-system == 'macos-10.15'
 
+        # this will create `public/` dir with compressed full bin (<version>/<os>-<arch>.gz) and a json file
+      - name: Create autoupdate files
+        run: go-selfupdate arduino-create-agent${{ matrix.ext }} ${TAG_VERSION}
+        if: matrix.arch != '-386' && steps.prerelease.outputs.IS_PRE != 'true'
+
+      - name: Create autoupdate files for win32
+        run: go-selfupdate -platform windows${{ matrix.arch }} arduino-create-agent${{ matrix.ext }} ${TAG_VERSION}
+        if: matrix.arch == '-386' && steps.prerelease.outputs.IS_PRE != 'true'
+
+      - name: Upload autoupdate files to Arduino downloads servers
+        run: aws s3 sync public/ s3://${{ secrets.DOWNLOADS_BUCKET }}${{ env.TARGET }}
+        if: steps.prerelease.outputs.IS_PRE != 'true'
+
         # config.ini is required by the executable when it's run
       - name: Upload artifacts
         uses: actions/upload-artifact@v2
@@ -122,9 +160,6 @@ jobs:
           path: arduino-create-agent-${{ env.RUNS_ON }}
 
       - name: Import Code-Signing Certificates
-        env:
-          KEYCHAIN: "sign.keychain"
-          INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12"
         run: |
           echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > ${{ env.INSTALLER_CERT_MAC_PATH }}
           security create-keychain -p ${{ secrets.KEYCHAIN_PASSWORD }} ${{ env.KEYCHAIN }}
@@ -155,9 +190,6 @@ jobs:
           EOF
 
       - name: Code sign and notarize app
-        env:
-          AC_USERNAME: ${{ secrets.AC_USERNAME }}
-          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
         run: |
           echo "gon will notarize executable in arduino-create-agent-${{ env.RUNS_ON }}/arduino-create-agent"
           gon -log-level=debug -log-json gon.config.hcl
@@ -308,9 +340,6 @@ jobs:
         run: chmod -v +x ArduinoCreateAgent-osx/ArduinoCreateAgent-${GITHUB_REF##*/}-osx-installer-${{ matrix.browser }}.app/Contents/MacOS/*
 
       - name: Import Code-Signing Certificates
-        env:
-          KEYCHAIN: "sign.keychain"
-          INSTALLER_CERT_MAC_PATH: "/tmp/ArduinoCerts2020.p12"
         run: |
           echo "${{ secrets.INSTALLER_CERT_MAC_P12 }}" | base64 --decode > ${{ env.INSTALLER_CERT_MAC_PATH }}
           security create-keychain -p ${{ secrets.KEYCHAIN_PASSWORD }} ${{ env.KEYCHAIN }}
@@ -342,9 +371,6 @@ jobs:
           EOF
 
       - name: Code sign and notarize app
-        env:
-          AC_USERNAME: ${{ secrets.AC_USERNAME }}
-          AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
         run: |
           echo "gon will notarize executable in ArduinoCreateAgent-osx/ArduinoCreateAgent-${GITHUB_REF##*/}-osx-installer-${{ matrix.browser }}.app"
           gon -log-level=debug -log-json gon.config_installer.hcl
@@ -364,10 +390,6 @@ jobs:
   create-release:
     runs-on: ubuntu-18.04
     needs: code-sign-mac-installers
-    env:
-      TARGET: "/CreateBridgeStable/"
-      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
     steps:
       - name: Download artifact
@@ -377,7 +399,7 @@ jobs:
         # This is a workaround while waiting for create-release action to implement auto pre-release based on tag
         id: prerelease
         run: |
-          wget -q -P /tmp https://github.com/fsaintjacques/semver-tool/archive/3.1.0.zip
+          curl -L -s https://github.com/fsaintjacques/semver-tool/archive/3.1.0.zip -o /tmp/3.1.0.zip
           unzip -p /tmp/3.1.0.zip semver-tool-3.1.0/src/semver >/tmp/semver && chmod +x /tmp/semver
           if [[ $(/tmp/semver get prerel ${GITHUB_REF/refs\/tags\//}) ]]; then echo "::set-output name=IS_PRE::true"; fi
 

Diff for: .github/workflows/test.yml

@@ -14,6 +14,9 @@ jobs:
         - operating-system: windows-2019
           arch: -amd64
         - operating-system: macos-10.15
+    defaults:
+      run:
+        shell: bash
 
     runs-on: ${{ matrix.operating-system }}
 
@@ -41,7 +44,6 @@ jobs:
         run: |
           go get github.com/golangci/govet
           go get golang.org/x/lint/golint
-        shell: bash
 
       - name: Install Taskfile
         uses: arduino/actions/setup-taskfile@master

Diff for: updater/updater.go

@@ -55,9 +55,10 @@ const (
 const devValidTime = 7 * 24 * time.Hour
 
 var errHashMismatch = errors.New("new file hash mismatch after patch")
+var errDiffUrlUndefined = errors.New("DiffURL is not defined, I cannot fetch and apply patch, reverting to full bin")
 var up = update.New()
 
-// TempPath generates a temporary path for the executable
+// TempPath generates a temporary path for the executable (adding "-temp")
 func TempPath(path string) string {
 	if filepath.Ext(path) == "exe" {
 		path = strings.Replace(path, ".exe", "-temp.exe", -1)
@@ -68,7 +69,7 @@ func TempPath(path string) string {
 	return path
 }
 
-// TempPath generates the proper path for a temporary executable
+// BinPath generates the proper path for a temporary executable (removing "-temp")
 func BinPath(path string) string {
 	return strings.Replace(path, "-temp", "", -1)
 }
@@ -141,6 +142,9 @@ func verifySha(bin []byte, sha []byte) bool {
 }
 
 func (u *Updater) fetchAndApplyPatch(old io.Reader) ([]byte, error) {
+	if u.DiffURL == "" {
+		return nil, errDiffUrlUndefined
+	}
 	r, err := fetch(u.DiffURL + u.CmdName + "/" + u.CurrentVersion + "/" + u.Info.Version + "/" + plat)
 	if err != nil {
 		return nil, err
@@ -238,12 +242,13 @@ func (u *Updater) update() error {
 	}
 	bin, err := u.fetchAndVerifyPatch(old)
 	if err != nil {
-		if err == errHashMismatch {
+		switch err {
+		case errHashMismatch:
 			log.Println("update: hash mismatch from patched binary")
-		} else {
-			if u.DiffURL != "" {
-				log.Println("update: patching binary,", err)
-			}
+		case errDiffUrlUndefined:
+			log.Println("update: ", err)
+		default:
+			log.Println("update: patching binary, ", err)
 		}
 
 		bin, err = u.fetchAndVerifyFullBin()