element-desktop/.github/workflows/build_linux.yaml

# This workflow relies on actions/cache to store the hak dependency artifacts as they take a long time to build
# Due to this extra care must be taken to only ever run all build_* scripts against the same branch to ensure
# the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.
on:
    workflow_call:
        inputs:
            arch:
                type: string
                required: true
                description: "The architecture to build for, one of 'amd64' | 'arm64'"
            config:
                type: string
                required: true
                description: "The config directory to use"
            version:
                type: string
                required: false
                description: "Version string to override the one in package.json, used for non-release builds"
            sqlcipher:
                type: string
                required: true
                description: "How to link sqlcipher, one of 'system' | 'static'"
            docker-image:
                type: string
                required: false
                description: "The docker image to use for the build, defaults to ghcr.io/element-hq/element-desktop-dockerbuild"
jobs:
    build:
        runs-on: ubuntu-latest
        container:
            image: ${{ inputs.docker-image || format('ghcr.io/element-hq/element-desktop-dockerbuild:{0}', github.ref_name == 'master' && 'master' || 'develop') }}
        defaults:
            run:
                shell: bash
        steps:
            - uses: kanga333/variable-mapper@master
              id: config
              with:
                  key: "${{ inputs.arch }}"
                  export_to: output
                  map: |
                      {
                        "amd64": {
                          "target": "x86_64-unknown-linux-gnu",
                          "arch": "x86-64"
                        },
                        "arm64": {
                          "target": "aarch64-unknown-linux-gnu",
                          "arch": "aarch64",
                          "build-args": "--arm64"
                        }
                      }

            - uses: actions/checkout@v4

            - uses: actions/download-artifact@v4
              with:
                  name: webapp

            - name: Cache .hak
              id: cache
              uses: actions/cache@v4
              with:
                  key: ${{ runner.os }}-${{ inputs.docker-image || github.ref_name }}-${{ inputs.sqlcipher }}-${{ inputs.arch }}-${{ hashFiles('hakHash', 'electronVersion') }}
                  path: |
                      ./.hak

            - uses: actions/setup-node@v4
              with:
                  node-version-file: package.json
                  cache: "yarn"
              env:
                  # Workaround for https://github.com/actions/setup-node/issues/317
                  FORCE_COLOR: 0

            # Does not need branch matching as only analyses this layer
            - name: Install Deps
              run: "yarn install --frozen-lockfile"

            - name: Prepare for static sqlcipher build
              if: inputs.sqlcipher == 'static'
              run: |
                  echo "SQLCIPHER_BUNDLED=1" >> $GITHUB_ENV

            # Ideally the docker image would be ready for cross-compilation but libsqlcipher-dev is not Multi-Arch compatible
            # https://unix.stackexchange.com/a/349359
            - name: Prepare for cross compilation
              if: steps.cache.outputs.cache-hit != 'true' && inputs.arch == 'arm64'
              run: |
                  set -x
                  dpkg --add-architecture arm64
                  apt-get -qq update
                  apt-get -qq install --no-install-recommends crossbuild-essential-arm64 libsqlcipher-dev:arm64 libssl-dev:arm64 libsecret-1-dev:arm64
                  rustup target add aarch64-unknown-linux-gnu
                  mv dockerbuild/aarch64/.cargo .
                  cat dockerbuild/aarch64/.env >> $GITHUB_ENV

            - name: Build Natives
              if: steps.cache.outputs.cache-hit != 'true'
              run: "yarn build:native --target ${{ steps.config.outputs.target }}"

            - name: "[Nightly] Resolve version"
              if: inputs.version != ''
              run: |
                  echo "ED_NIGHTLY=${{ inputs.version }}" >> $GITHUB_ENV

            - name: Generate debian files and arguments
              run: |
                  if [ -f changelog.Debian ]; then
                      echo "ED_DEBIAN_CHANGELOG=changelog.Debian" >> $GITHUB_ENV
                  fi

            - name: Build App
              run: |
                  yarn build --publish never -l ${{ steps.config.outputs.build-args }}

            - name: Check native libraries
              run: |
                  set -x
                  shopt -s globstar

                  FILES=$(file dist/**/*.node)
                  echo "$FILES"

                  if [ grep -v "$ARCH" ]; then
                      exit 1
                  fi

                  LIBS=$(readelf -d dist/**/*.node | grep NEEDED)
                  echo "$LIBS"

                  set +x
                  assert_contains_string() { [[ "$1" == *"$2"* ]]; }
                  ! assert_contains_string "$LIBS" "libcrypto.so.1.1"
                  if [ "$SQLCIPHER_BUNDLED" == "1" ]; then
                      ! assert_contains_string "$LIBS" "libsqlcipher.so.0"
                  else
                      assert_contains_string "$LIBS" "libsqlcipher.so.0"
                  fi
              env:
                  ARCH: ${{ steps.config.outputs.arch }}

            # We exclude *-unpacked as it loses permissions and the tarball contains it with correct permissions
            - name: Upload Artifacts
              uses: actions/upload-artifact@v4
              with:
                  name: linux-${{ inputs.arch }}-sqlcipher-${{ inputs.sqlcipher }}
                  path: |
                      dist
                      !dist/*-unpacked/**
                  retention-days: 1
Improve build time in CI through caching native modules (#482) * Improve caching of hak native modules * Avoid double-hashing * Skip native installs where cache is hit * Include Electron version in the hash, it affects the ABI * Add missing step IDs * Add comments 2022-12-13 14:12:40 +00:00			`# This workflow relies on actions/cache to store the hak dependency artifacts as they take a long time to build`
			`# Due to this extra care must be taken to only ever run all build_* scripts against the same branch to ensure`
			`# the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.`
Improve CI stability and tidy it up (#451) 2022-11-11 15:15:21 +00:00			`on:`
Format all files with prettier 2022-12-15 11:00:58 +00:00			`workflow_call:`
			`inputs:`
Add support for Linux arm64 (#446) 2023-04-18 10:38:26 +00:00			`arch:`
			`type: string`
			`required: true`
			`description: "The architecture to build for, one of 'amd64' \| 'arm64'"`
Include changelogs in deb package (#563) * Initial attempt at custom Debian changelogs * Iterate * Quotes... * Iterate * facepalm * Iterate * Remove reundant line * Ifs * Test * Iterate * Iterate * Brackets * inconsistent? * Update build_and_test.yaml * Update build_and_test.yaml 2023-03-07 15:53:53 +00:00			`config:`
			`type: string`
			`required: true`
			`description: "The config directory to use"`
Build & Package signed Linux builds (#527) 2023-02-20 12:09:45 +00:00			`version:`
			`type: string`
			`required: false`
			`description: "Version string to override the one in package.json, used for non-release builds"`
Format all files with prettier 2022-12-15 11:00:58 +00:00			`sqlcipher:`
			`type: string`
			`required: true`
			`description: "How to link sqlcipher, one of 'system' \| 'static'"`
Allow testing dockerbuild changes in pull requests (#625) 2023-04-14 12:00:19 +00:00			`docker-image:`
			`type: string`
			`required: false`
Update org is workflows and scripts 2023-12-13 10:02:45 +00:00			`description: "The docker image to use for the build, defaults to ghcr.io/element-hq/element-desktop-dockerbuild"`
Improve CI stability and tidy it up (#451) 2022-11-11 15:15:21 +00:00			`jobs:`
Format all files with prettier 2022-12-15 11:00:58 +00:00			`build:`
			`runs-on: ubuntu-latest`
Run build_linux in docker using an older glibc (#599) 2023-03-30 13:22:58 +00:00			`container:`
Update org is workflows and scripts 2023-12-13 10:02:45 +00:00			`image: ${{ inputs.docker-image \|\| format('ghcr.io/element-hq/element-desktop-dockerbuild:{0}', github.ref_name == 'master' && 'master' \|\| 'develop') }}`
Run build_linux in docker using an older glibc (#599) 2023-03-30 13:22:58 +00:00			`defaults:`
			`run:`
			`shell: bash`
Format all files with prettier 2022-12-15 11:00:58 +00:00			`steps:`
Add support for Linux arm64 (#446) 2023-04-18 10:38:26 +00:00			`- uses: kanga333/variable-mapper@master`
			`id: config`
			`with:`
			`key: "${{ inputs.arch }}"`
			`export_to: output`
			`map: \|`
			`{`
			`"amd64": {`
			`"target": "x86_64-unknown-linux-gnu",`
			`"arch": "x86-64"`
			`},`
			`"arm64": {`
			`"target": "aarch64-unknown-linux-gnu",`
			`"arch": "aarch64",`
			`"build-args": "--arm64"`
			`}`
			`}`

Update actions/checkout action to v4 (#1406) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> 2024-01-02 17:24:45 +00:00			`- uses: actions/checkout@v4`
Improve CI stability and tidy it up (#451) 2022-11-11 15:15:21 +00:00
Switch to artifact-v4 and move packages.element.io packing to deploy workflow (#1411) 2024-01-08 12:40:59 +00:00			`- uses: actions/download-artifact@v4`
Format all files with prettier 2022-12-15 11:00:58 +00:00			`with:`
			`name: webapp`
Improve CI stability and tidy it up (#451) 2022-11-11 15:15:21 +00:00
Format all files with prettier 2022-12-15 11:00:58 +00:00			`- name: Cache .hak`
			`id: cache`
Update actions/cache action to v4 (#1457) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> 2024-01-23 20:03:17 +00:00			`uses: actions/cache@v4`
Format all files with prettier 2022-12-15 11:00:58 +00:00			`with:`
Improve cache busting to consider the build scripts themselves (#633) 2023-04-26 14:04:17 +00:00			`key: ${{ runner.os }}-${{ inputs.docker-image \|\| github.ref_name }}-${{ inputs.sqlcipher }}-${{ inputs.arch }}-${{ hashFiles('hakHash', 'electronVersion') }}`
Format all files with prettier 2022-12-15 11:00:58 +00:00			`path: \|`
			`./.hak`
Improve CI stability and tidy it up (#451) 2022-11-11 15:15:21 +00:00
Update actions/setup-node action to v4 (#1404) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> 2024-01-02 17:37:20 +00:00			`- uses: actions/setup-node@v4`
Format all files with prettier 2022-12-15 11:00:58 +00:00			`with:`
Add knip unused code & dependency analyser (#1441) 2024-01-18 10:10:51 +00:00			`node-version-file: package.json`
Format all files with prettier 2022-12-15 11:00:58 +00:00			`cache: "yarn"`
Run build_linux in docker using an older glibc (#599) 2023-03-30 13:22:58 +00:00			`env:`
			`# Workaround for https://github.com/actions/setup-node/issues/317`
			`FORCE_COLOR: 0`
Improve CI stability and tidy it up (#451) 2022-11-11 15:15:21 +00:00
Format all files with prettier 2022-12-15 11:00:58 +00:00			`# Does not need branch matching as only analyses this layer`
			`- name: Install Deps`
Use frozen lockfile instead of pure lockfile on yarn install (#605) 2023-03-31 15:17:43 +00:00			`run: "yarn install --frozen-lockfile"`
Improve CI stability and tidy it up (#451) 2022-11-11 15:15:21 +00:00
Add support for Linux arm64 (#446) 2023-04-18 10:38:26 +00:00			`- name: Prepare for static sqlcipher build`
			`if: inputs.sqlcipher == 'static'`
			`run: \|`
Use a fully static seshat build (#631) Co-authored-by: Michael Telatynski <7t3chguy@gmail.com> 2023-04-24 12:19:10 +00:00			`echo "SQLCIPHER_BUNDLED=1" >> $GITHUB_ENV`
Add support for Linux arm64 (#446) 2023-04-18 10:38:26 +00:00
			`# Ideally the docker image would be ready for cross-compilation but libsqlcipher-dev is not Multi-Arch compatible`
			`# https://unix.stackexchange.com/a/349359`
			`- name: Prepare for cross compilation`
			`if: steps.cache.outputs.cache-hit != 'true' && inputs.arch == 'arm64'`
			`run: \|`
			`set -x`
			`dpkg --add-architecture arm64`
			`apt-get -qq update`
Upgrade to glibc 2.28 in the Docker image for Node20 compatibility (#1391) 2023-12-18 15:38:42 +00:00			`apt-get -qq install --no-install-recommends crossbuild-essential-arm64 libsqlcipher-dev:arm64 libssl-dev:arm64 libsecret-1-dev:arm64`
Add support for Linux arm64 (#446) 2023-04-18 10:38:26 +00:00			`rustup target add aarch64-unknown-linux-gnu`
			`mv dockerbuild/aarch64/.cargo .`
			`cat dockerbuild/aarch64/.env >> $GITHUB_ENV`

Format all files with prettier 2022-12-15 11:00:58 +00:00			`- name: Build Natives`
			`if: steps.cache.outputs.cache-hit != 'true'`
Add support for Linux arm64 (#446) 2023-04-18 10:38:26 +00:00			`run: "yarn build:native --target ${{ steps.config.outputs.target }}"`
Improve CI stability and tidy it up (#451) 2022-11-11 15:15:21 +00:00
Build & EV Sign Windows builds (#517 * Add way to provide apple ID and app password to notarise script * Add utility to generate electron-builder.json for release & nightly builds * Run Build & Test on staging too * First attempt at build & deploy for macOS with signing and notarisation * Fix quote mismatch * use correct quotes * add runs-on * Fix inputs.mode usage * remove quotes * chmod +x * Fix artifact paths * Fix deploy condition * Fix deploy condition * Fix artifact path * Iterate * Fix workflow * Fix env * Iterate * Fix missing env * Fix version calculation * Iterate * Fix config not taking effect * Update build_and_deploy.yaml * Fix alignments * delint * Fix alignment * Update build_macos.yaml * Add ability to EV sign using eSigner CKA * Initial work to build & sign Windows nightlies in CI * Format * Format * Fix gha * fix winSign * Fix install command * Add signtool to path * Update build_and_deploy.yaml * Fix quotes * Test * Fix comments * Fix cmd * Try again * arg slashes * Fix exe path * Fix matrix strategy * Use ampersand-call * fwd slash ftw? * ls * * 🌲 * tree dist * prepend path * Specify /fd and /td to modern signtool * /tr not /t for CKA * Test signing * missing comma * 🤦‍♂️ * Fix wrong mv * Lets sign * Fix config gen * Debug * Fix typo * Multiple drives why * Try NVL sandbox creds * Update * Attempt to disable logger * Try again * Iterate * Update build_macos.yaml * Update build_and_deploy.yaml * Update build_macos.yaml * Update build_and_deploy.yaml * Update build_and_deploy.yaml * Try custom build of eSigner CKA * Fix typos * Update build_windows.yaml * Update build_and_deploy.yaml * Update build_windows.yaml * Update build_and_deploy.yaml * Fix symlinking * Fix working-directory incantation * exe * remove debug * Prettier * Vendor check in SSL.com executable * Download CKA from packages.element.io instead * Use demo creds * StrictMode * Switch back to 0207 (unsigned) * Fix call syntax * Revert env inc * Partial rollback * Trace * Trace less * Fix CN being passed wrong * DEBUG * Debug 2 * Fix ConvertFrom-StringData * 0214 * Test * Test * Untested * Revert to 0207 * stash * Try with 20230221 * Restore scripts/electron_winSign.js * Prepare for merge * Update build_windows.yaml * Update build_and_deploy.yaml * Restore .github/workflows/build_and_deploy.yaml * Restore .github/workflows/build_and_deploy.yaml * Fix bad restore 2023-02-22 13:51:19 +00:00			`- name: "[Nightly] Resolve version"`
Build & Package signed Linux builds (#527) 2023-02-20 12:09:45 +00:00			`if: inputs.version != ''`
			`run: \|`
Move electron-builder config to javascript file (#1402) 2024-01-03 16:29:48 +00:00			`echo "ED_NIGHTLY=${{ inputs.version }}" >> $GITHUB_ENV`
Build & Package signed Linux builds (#527) 2023-02-20 12:09:45 +00:00
Include changelogs in deb package (#563) * Initial attempt at custom Debian changelogs * Iterate * Quotes... * Iterate * facepalm * Iterate * Remove reundant line * Ifs * Test * Iterate * Iterate * Brackets * inconsistent? * Update build_and_test.yaml * Update build_and_test.yaml 2023-03-07 15:53:53 +00:00			`- name: Generate debian files and arguments`
Build & Package signed Linux builds (#527) 2023-02-20 12:09:45 +00:00			`run: \|`
Include changelogs in deb package (#563) * Initial attempt at custom Debian changelogs * Iterate * Quotes... * Iterate * facepalm * Iterate * Remove reundant line * Ifs * Test * Iterate * Iterate * Brackets * inconsistent? * Update build_and_test.yaml * Update build_and_test.yaml 2023-03-07 15:53:53 +00:00			`if [ -f changelog.Debian ]; then`
Move electron-builder config to javascript file (#1402) 2024-01-03 16:29:48 +00:00			`echo "ED_DEBIAN_CHANGELOG=changelog.Debian" >> $GITHUB_ENV`
Include changelogs in deb package (#563) * Initial attempt at custom Debian changelogs * Iterate * Quotes... * Iterate * facepalm * Iterate * Remove reundant line * Ifs * Test * Iterate * Iterate * Brackets * inconsistent? * Update build_and_test.yaml * Update build_and_test.yaml 2023-03-07 15:53:53 +00:00			`fi`
Run build_linux in docker using an older glibc (#599) 2023-03-30 13:22:58 +00:00
Format all files with prettier 2022-12-15 11:00:58 +00:00			`- name: Build App`
Build & Package signed Linux builds (#527) 2023-02-20 12:09:45 +00:00			`run: \|`
Move electron-builder config to javascript file (#1402) 2024-01-03 16:29:48 +00:00			`yarn build --publish never -l ${{ steps.config.outputs.build-args }}`
Improve CI stability and tidy it up (#451) 2022-11-11 15:15:21 +00:00
Add support for Linux arm64 (#446) 2023-04-18 10:38:26 +00:00			`- name: Check native libraries`
Fix wrong sqlcipher build being used due to cache conflict (#606) 2023-04-03 15:31:14 +00:00			`run: \|`
Add support for Linux arm64 (#446) 2023-04-18 10:38:26 +00:00			`set -x`
			`shopt -s globstar`

			`FILES=$(file dist/*/.node)`
			`echo "$FILES"`

			`if [ grep -v "$ARCH" ]; then`
			`exit 1`
			`fi`

			`LIBS=$(readelf -d dist/*/.node \| grep NEEDED)`
			`echo "$LIBS"`

Use a fully static seshat build (#631) Co-authored-by: Michael Telatynski <7t3chguy@gmail.com> 2023-04-24 12:19:10 +00:00			`set +x`
			`assert_contains_string() { [[ "$1" == "$2" ]]; }`
			`! assert_contains_string "$LIBS" "libcrypto.so.1.1"`
			`if [ "$SQLCIPHER_BUNDLED" == "1" ]; then`
			`! assert_contains_string "$LIBS" "libsqlcipher.so.0"`
Fix wrong sqlcipher build being used due to cache conflict (#606) 2023-04-03 15:31:14 +00:00			`else`
Use a fully static seshat build (#631) Co-authored-by: Michael Telatynski <7t3chguy@gmail.com> 2023-04-24 12:19:10 +00:00			`assert_contains_string "$LIBS" "libsqlcipher.so.0"`
Fix wrong sqlcipher build being used due to cache conflict (#606) 2023-04-03 15:31:14 +00:00			`fi`
			`env:`
Add support for Linux arm64 (#446) 2023-04-18 10:38:26 +00:00			`ARCH: ${{ steps.config.outputs.arch }}`
Fix wrong sqlcipher build being used due to cache conflict (#606) 2023-04-03 15:31:14 +00:00
Exclude some artifacts from PR builds (#891) 2023-04-24 11:24:36 +00:00			`# We exclude *-unpacked as it loses permissions and the tarball contains it with correct permissions`
Format all files with prettier 2022-12-15 11:00:58 +00:00			`- name: Upload Artifacts`
Switch to artifact-v4 and move packages.element.io packing to deploy workflow (#1411) 2024-01-08 12:40:59 +00:00			`uses: actions/upload-artifact@v4`
Format all files with prettier 2022-12-15 11:00:58 +00:00			`with:`
Switch to artifact-v4 and move packages.element.io packing to deploy workflow (#1411) 2024-01-08 12:40:59 +00:00			`name: linux-${{ inputs.arch }}-sqlcipher-${{ inputs.sqlcipher }}`
Exclude some artifacts from PR builds (#891) 2023-04-24 11:24:36 +00:00			`path: \|`
			`dist`
			`!dist/-unpacked/*`
Format all files with prettier 2022-12-15 11:00:58 +00:00			`retention-days: 1`