mirror of
https://github.com/vector-im/element-desktop.git
synced 2024-08-09 06:53:47 +00:00
a0a9ec830c
* Add way to provide apple ID and app password to notarise script * Add utility to generate electron-builder.json for release & nightly builds * Run Build & Test on staging too * First attempt at build & deploy for macOS with signing and notarisation * Fix quote mismatch * use correct quotes * add runs-on * Fix inputs.mode usage * remove quotes * chmod +x * Fix artifact paths * Fix deploy condition * Fix deploy condition * Fix artifact path * Iterate * Fix workflow * Fix env * Iterate * Fix missing env * Fix version calculation * Iterate * Fix config not taking effect * Update build_and_deploy.yaml * Fix alignments * delint * Fix alignment * Update build_macos.yaml * Add ability to EV sign using eSigner CKA * Initial work to build & sign Windows nightlies in CI * Format * Format * Fix gha * fix winSign * Fix install command * Add signtool to path * Update build_and_deploy.yaml * Fix quotes * Test * Fix comments * Fix cmd * Try again * arg slashes * Fix exe path * Fix matrix strategy * Use ampersand-call * fwd slash ftw? * ls * * 🌲 * tree dist * prepend path * Specify /fd and /td to modern signtool * /tr not /t for CKA * Test signing * missing comma * 🤦♂️ * Fix wrong mv * Lets sign * Fix config gen * Debug * Fix typo * Multiple drives why * Try NVL sandbox creds * Update * Attempt to disable logger * Try again * Iterate * Update build_macos.yaml * Update build_and_deploy.yaml * Update build_macos.yaml * Update build_and_deploy.yaml * Update build_and_deploy.yaml * Try custom build of eSigner CKA * Fix typos * Update build_windows.yaml * Update build_and_deploy.yaml * Update build_windows.yaml * Update build_and_deploy.yaml * Fix symlinking * Fix working-directory incantation * exe * remove debug * Prettier * Vendor check in SSL.com executable * Download CKA from packages.element.io instead * Use demo creds * StrictMode * Switch back to 0207 (unsigned) * Fix call syntax * Revert env inc * Partial rollback * Trace * Trace less * Fix CN being passed wrong * DEBUG * Debug 2 * Fix ConvertFrom-StringData * 0214 * Test * Test * Untested * Revert to 0207 * stash * Try with 20230221 * Restore scripts/electron_winSign.js * Prepare for merge * Update build_windows.yaml * Update build_and_deploy.yaml * Restore .github/workflows/build_and_deploy.yaml * Restore .github/workflows/build_and_deploy.yaml * Fix bad restore
129 lines
5.4 KiB
YAML
129 lines
5.4 KiB
YAML
# This workflow relies on actions/cache to store the hak dependency artifacts as they take a long time to build
|
|
# Due to this extra care must be taken to only ever run all build_* scripts against the same branch to ensure
|
|
# the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.
|
|
on:
|
|
workflow_call:
|
|
secrets:
|
|
GPG_PRIVATE_KEY:
|
|
required: false
|
|
GPG_PASSPHRASE:
|
|
required: false
|
|
CF_R2_ACCESS_KEY_ID:
|
|
required: false
|
|
CF_R2_TOKEN:
|
|
required: false
|
|
CF_R2_S3_API:
|
|
required: false
|
|
inputs:
|
|
version:
|
|
type: string
|
|
required: false
|
|
description: "Version string to override the one in package.json, used for non-release builds"
|
|
sqlcipher:
|
|
type: string
|
|
required: true
|
|
description: "How to link sqlcipher, one of 'system' | 'static'"
|
|
deploy-mode:
|
|
type: string
|
|
required: false
|
|
description: "Whether to arrange artifacts in the arrangement needed for deployment, skipping unrelated ones, this uses reprepro and requires 'packages.element.io' environment"
|
|
jobs:
|
|
build:
|
|
runs-on: ubuntu-latest
|
|
environment: ${{ inputs.deploy-mode && 'packages.element.io' || '' }}
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
|
|
- uses: actions/download-artifact@v3
|
|
with:
|
|
name: webapp
|
|
|
|
- name: Cache .hak
|
|
id: cache
|
|
uses: actions/cache@v3
|
|
with:
|
|
key: ${{ runner.os }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
|
|
path: |
|
|
./.hak
|
|
|
|
- name: Install Rust
|
|
if: steps.cache.outputs.cache-hit != 'true'
|
|
uses: actions-rs/toolchain@v1
|
|
with:
|
|
toolchain: stable
|
|
|
|
- name: Install libsqlcipher-dev
|
|
if: steps.cache.outputs.cache-hit != 'true' && inputs.sqlcipher == 'system'
|
|
run: sudo apt-get install -y libsqlcipher-dev
|
|
|
|
- uses: actions/setup-node@v3
|
|
with:
|
|
cache: "yarn"
|
|
|
|
# Does not need branch matching as only analyses this layer
|
|
- name: Install Deps
|
|
run: "yarn install --pure-lockfile"
|
|
|
|
- name: Build Natives
|
|
if: steps.cache.outputs.cache-hit != 'true'
|
|
run: "yarn build:native"
|
|
env:
|
|
SQLCIPHER_STATIC: ${{ inputs.sqlcipher == 'static' && '1' || '' }}
|
|
|
|
- name: "[Nightly] Resolve version"
|
|
id: nightly
|
|
if: inputs.version != ''
|
|
run: |
|
|
echo "config-args=--nightly '${{ inputs.version }}'" >> $GITHUB_OUTPUT
|
|
|
|
- name: Generate debian control file
|
|
run: |
|
|
cp element.io/${{ inputs.version && 'nightly' || 'release' }}/control.template debcontrol
|
|
INPUT_VERSION="${{ inputs.version }}"
|
|
VERSION=${INPUT_VERSION:-$(cat package.json | jq -r .version)}
|
|
echo "Version: $VERSION" >> debcontrol
|
|
|
|
- name: Build App
|
|
run: |
|
|
scripts/generate-builder-config.ts ${{ steps.nightly.outputs.config-args }} --deb-custom-control=debcontrol
|
|
yarn build --publish never -l --config electron-builder.json
|
|
|
|
- name: Load GPG key
|
|
if: inputs.deploy-mode
|
|
uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5
|
|
with:
|
|
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
|
|
passphrase: ${{ secrets.GPG_PASSPHRASE }}
|
|
fingerprint: 75741890063E5E9A46135D01C2850B265AC085BD
|
|
|
|
- name: Prepare artifacts for deployment (reprepro)
|
|
if: inputs.deploy-mode
|
|
run: |
|
|
# Clear out the template packages.element.io directory, it has a dedicated deploy workflow
|
|
rm -R packages.element.io/*
|
|
|
|
# Install reprepro
|
|
sudo apt-get install -y reprepro
|
|
|
|
# Fetch reprepro database
|
|
aws s3 cp --recursive s3://$R2_BUCKET debian/db/ --endpoint-url $R2_URL --region auto
|
|
|
|
grep Codename debian/conf/distributions | sed -n 's/Codename: //p' | while read -r target ; do
|
|
reprepro -b debian includedeb "$target" ./dist/*.deb
|
|
done
|
|
|
|
# Store reprepro database
|
|
aws s3 cp --recursive debian/db/ s3://$R2_BUCKET --endpoint-url $R2_URL --region auto
|
|
env:
|
|
R2_BUCKET: packages-element-io-db
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
|
|
R2_URL: ${{ secrets.CF_R2_S3_API }}
|
|
|
|
- name: Upload Artifacts
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: ${{ inputs.deploy-mode && 'packages.element.io' || format('linux-sqlcipher-{0}', inputs.sqlcipher) }}
|
|
path: ${{ inputs.deploy-mode && 'packages.element.io' || 'dist' }}
|
|
retention-days: 1
|