Skip to content

CI Build

CI Build #1012

Workflow file for this run

name: CI
run-name: CI Build
on: [ push ]
jobs:
build-linux:
environment: PROD_2028
runs-on: ubuntu-latest
env:
CROSS_NO_WARNINGS: 0
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
show-progress: false
- name: Set up Docker Buildx
id: buildx
# Use the action from the master, as we've seen some inconsistencies with @v1
# Issue: https://github.com/docker/build-push-action/issues/286
uses: docker/setup-buildx-action@master
with:
install: true
- name: Build cross builder image for x86_64
uses: docker/build-push-action@v6
with:
context: ./cross/
builder: ${{ steps.buildx.outputs.name }}
file: cross/Dockerfile.linux_x86_64
push: false
tags: browsers.software/x86_64-unknown-linux-gnu-gtk:local
cache-from: type=gha,scope=x86_64
cache-to: type=gha,scope=x86_64,mode=max
load: true # load the created image into docker, so cross can find it
- name: Build cross builder image for aarch64
uses: docker/build-push-action@v6
with:
context: ./cross/
builder: ${{ steps.buildx.outputs.name }}
file: cross/Dockerfile.linux_aarch64
push: false
tags: browsers.software/aarch64-unknown-linux-gnu-gtk:local
cache-from: type=gha,scope=aarch64
cache-to: type=gha,scope=aarch64,mode=max
load: true # load the created image into docker, so cross can find it
- name: Build cross builder image for armv7
uses: docker/build-push-action@v6
with:
context: ./cross/
builder: ${{ steps.buildx.outputs.name }}
file: cross/Dockerfile.linux_armv7
push: false
tags: browsers.software/armv7-unknown-linux-gnueabihf-gtk:local
cache-from: type=gha,scope=armv7
cache-to: type=gha,scope=armv7,mode=max
load: true # load the created image into docker, so cross can find it
# even though we build inside a docker container via `cross`, then `cross` mounts
# target/
- name: Download cache
uses: actions/cache@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
~/.cargo/.crates.toml
~/.cargo/.crates2.json
target/
key: ${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
${{ runner.os }}-cargo-
- name: Install signify
run: cargo install signify --target-dir ./target/signify
- name: Install cross
# cargo install does check if dependency already exists,
# but there's some conflict with github cache about it, so checking manually
run: cargo install --list --target-dir ./target/cross | grep cross || cargo install --force cross --git https://github.com/cross-rs/cross --target-dir ./target/cross
- name: Test x86_64 binary
run: |
CROSS_BUILD_OPTS="--builder ${{ steps.buildx.outputs.name }} --cache-from type=gha,scope=x86_64 --cache-to type=gha,scope=x86_64,mode=max" cross build --target x86_64-unknown-linux-gnu --release
- name: Test aarch64 binaries
run: |
CROSS_BUILD_OPTS="--builder ${{ steps.buildx.outputs.name }} --cache-from type=gha,scope=aarch64 --cache-to type=gha,scope=aarch64,mode=max" cross build --target aarch64-unknown-linux-gnu --release
- name: Test armv7 binaries
run: |
CROSS_BUILD_OPTS="--builder ${{ steps.buildx.outputs.name }} --cache-from type=gha,scope=armv7 --cache-to type=gha,scope=armv7,mode=max" cross build --target armv7-unknown-linux-gnueabihf --release
- name: Build binaries and package
env:
APPCAST_SECRET_KEY_BASE64: ${{ secrets.APPCAST_SECRET_KEY_BASE64 }}
run: |
mkdir -p secrets
echo $APPCAST_SECRET_KEY_BASE64 | base64 --decode > secrets/appcast_seckey
export APPCAST_SECRET_KEY_FILE="${GITHUB_WORKSPACE}/secrets/appcast_seckey"
./build-linux.sh
shell: bash
- name: Test installer
run: |
# desktop-file-utils is required for running install.sh (desktop-file-install and update-desktop-database)
sudo apt-get install -y --no-install-recommends desktop-file-utils
target_dir='target/universal-unknown-linux-gnu/release'
cd "$target_dir"
set -x
./install.sh
shell: bash
- name: End-to-end test - run Browsers
run: |
install_dir="$HOME/.local/bin"
cd "$install_dir"
./browsers --no-gui https://browsers.software
shell: bash
- name: Upload release artifact
uses: actions/upload-artifact@v4
with:
name: browsers-linux-artifacts
path: |
target/universal-unknown-linux-gnu/release/browsers_linux.tar.gz
target/universal-unknown-linux-gnu/release/browsers_linux.tar.gz.sha256
target/universal-unknown-linux-gnu/release/browsers_linux.tar.gz.sig
target/universal-unknown-linux-gnu/release/browsers_linux.tar.xz
target/universal-unknown-linux-gnu/release/browsers_linux.tar.xz.sha256
target/universal-unknown-linux-gnu/release/browsers_linux.tar.xz.sig
target/universal-unknown-linux-gnu/release/x86_64/browsers_amd64.deb
target/universal-unknown-linux-gnu/release/aarch64/browsers_arm64.deb
target/universal-unknown-linux-gnu/release/armv7l/browsers_armhf.deb
target/universal-unknown-linux-gnu/release/x86_64/browsers.x86_64.rpm
target/universal-unknown-linux-gnu/release/aarch64/browsers.aarch64.rpm
target/universal-unknown-linux-gnu/release/armv7l/browsers.armhfp.rpm
build-macos:
environment: PROD_2028
runs-on: macos-14
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
show-progress: false
- name: Download cache
uses: actions/cache@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
~/.cargo/.crates.toml
~/.cargo/.crates2.json
target/
key: ${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
${{ runner.os }}-cargo-
- name: Install signify
run: cargo install signify --target-dir ./target/signify
- name: Install apple-codesign
run: cargo install apple-codesign --target-dir ./target/apple-codesign
- name: Add Rust targets
run: |
rustup target add x86_64-apple-darwin
rustup target add aarch64-apple-darwin
- name: Test x86_64 binary
run: |
export MACOSX_DEPLOYMENT_TARGET=10.7
cargo build --target x86_64-apple-darwin --release
shell: bash
- name: Test aarch64 binaries
run: |
export MACOSX_DEPLOYMENT_TARGET=10.7
cargo build --target aarch64-apple-darwin --release
shell: bash
- name: Build Universal Binary
run: |
rm -rf target/universal-apple-darwin/release/
mkdir -p target/universal-apple-darwin/release/
lipo -create -output target/universal-apple-darwin/release/Browsers target/x86_64-apple-darwin/release/browsers target/aarch64-apple-darwin/release/browsers
- name: Build with signing
env:
APPLE_DEVELOPER_ID_APP_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_ID_APP_P12 }}
P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_APP_P12_PASSWORD }}
APP_STORE_CONNECT_JSON: ${{ secrets.APP_STORE_CONNECT_JSON }}
APPCAST_SECRET_KEY_BASE64: ${{ secrets.APPCAST_SECRET_KEY_BASE64 }}
run: |
mkdir -p secrets
echo $APPLE_DEVELOPER_ID_APP_P12_BASE64 | base64 --decode > secrets/DeveloperIDApplication.p12
export P12_FILE="${GITHUB_WORKSPACE}/secrets/DeveloperIDApplication.p12"
echo $APPCAST_SECRET_KEY_BASE64 | base64 --decode > secrets/appcast_seckey
export APPCAST_SECRET_KEY_FILE="${GITHUB_WORKSPACE}/secrets/appcast_seckey"
echo $APP_STORE_CONNECT_JSON > secrets/app_store_connect.json
export NOTARY_API_KEY_JSON_FILE="${GITHUB_WORKSPACE}/secrets/app_store_connect.json"
echo "1. P12_FILE=$P12_FILE"
./build-mac.sh
shell: bash
- name: Test app dir
run: |
target_dir='target/universal-apple-darwin/release'
cd "$target_dir"
cd "./Browsers.app/"
set -x
ls -altrh .
ls -altrh ./Contents/Resources/
shell: bash
- name: End-to-end test - run Browsers
run: |
target_dir='target/universal-apple-darwin/release'
cd "$target_dir"
set -x
open ./Browsers.app --env BROWSERS_LOG_LEVEL=DEBUG --stdout /tmp/my-stdout --stderr /tmp/my-stderr --args --no-gui https://browsers.software && cat /tmp/my-stdout && cat /tmp/my-stderr
shell: bash
- name: Upload mac artifacts
uses: actions/upload-artifact@v4
with:
name: browsers-mac-artifacts
path: |
target/universal-apple-darwin/release/Browsers.dmg
target/universal-apple-darwin/release/browsers_mac.tar.gz
target/universal-apple-darwin/release/browsers_mac.tar.gz.sha256
target/universal-apple-darwin/release/browsers_mac.tar.gz.sig
target/universal-apple-darwin/release/browsers_mac.tar.xz
target/universal-apple-darwin/release/browsers_mac.tar.xz.sha256
target/universal-apple-darwin/release/browsers_mac.tar.xz.sig
build-windows:
environment: PROD_2028
runs-on: windows-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
show-progress: false
- name: Download cache
uses: actions/cache@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
~/.cargo/.crates.toml
~/.cargo/.crates2.json
target/
key: ${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
${{ runner.os }}-cargo-
- name: Install signify
run: cargo install signify --target-dir ./target/signify
- name: Add Rust targets
run: |
rustup target add x86_64-pc-windows-msvc
rustup target add aarch64-pc-windows-msvc
- name: Test x86_64 binary
run: |
cargo build --target x86_64-pc-windows-msvc --release
shell: bash
- name: Test aarch64 binary
run: |
cargo build --target aarch64-pc-windows-msvc --release
shell: bash
- name: Install tools
run: |
curl https://raw.githubusercontent.com/Browsers-software/ci-utils/main/zip/bzip2.dll -o bzip2.dll
curl https://raw.githubusercontent.com/Browsers-software/ci-utils/main/zip/zip.exe -o zip.exe
cp bzip2.dll "C:\Program Files\Git\mingw64\bin"
cp zip.exe "C:\Program Files\Git\mingw64\bin"
shell: bash
- name: Build binaries and package
env:
APPCAST_SECRET_KEY_BASE64: ${{ secrets.APPCAST_SECRET_KEY_BASE64 }}
run: |
mkdir -p secrets
echo $APPCAST_SECRET_KEY_BASE64 | base64 --decode > secrets/appcast_seckey
export APPCAST_SECRET_KEY_FILE="${GITHUB_WORKSPACE}/secrets/appcast_seckey"
./build-windows.sh
shell: bash
- name: Test installer
run: |
target_dir='target/universal-pc-windows-msvc/release'
cd "$target_dir"
set -x
./install.bat --silent
shell: bash
- name: End-to-end test - run Browsers
run: |
install_dir="$PROGRAMFILES/software.Browsers"
cd "$install_dir"
./browsers.exe --no-gui https://browsers.software
shell: bash
- name: Upload release artifact
uses: actions/upload-artifact@v4
with:
name: browsers-windows-artifacts
path: |
target/universal-pc-windows-msvc/release/Browsers_windows.zip
target/universal-pc-windows-msvc/release/browsers_windows.tar.gz
target/universal-pc-windows-msvc/release/browsers_windows.tar.gz.sha256
target/universal-pc-windows-msvc/release/browsers_windows.tar.gz.sig
target/universal-pc-windows-msvc/release/browsers_windows.tar.xz
target/universal-pc-windows-msvc/release/browsers_windows.tar.xz.sha256
target/universal-pc-windows-msvc/release/browsers_windows.tar.xz.sig
release:
needs: [ build-linux, build-macos, build-windows ]
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
show-progress: false
- name: Download release artifacts
uses: actions/download-artifact@v4
with:
pattern: browsers-*-artifacts
- name: Verify directories exist
run: |
[ -e "browsers-linux-artifacts" ]
[ -e "browsers-mac-artifacts" ]
[ -e "browsers-windows-artifacts" ]
shell: bash
- name: Generate Changelog
if: startsWith(github.ref, 'refs/tags/')
# Search from CHANGELOG.md for the changelog of the version (tag name)
run: ./tools/extract_release_notes.sh ${{ github.ref_name }} < CHANGELOG.md > ${{ github.workspace }}-RELEASE_NOTES.md
shell: bash
- name: Release
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
with:
body_path: ${{ github.workspace }}-RELEASE_NOTES.md
fail_on_unmatched_files: true
files: |
browsers-linux-artifacts/browsers_linux.tar.gz
browsers-linux-artifacts/browsers_linux.tar.gz.sha256
browsers-linux-artifacts/browsers_linux.tar.gz.sig
browsers-linux-artifacts/browsers_linux.tar.xz
browsers-linux-artifacts/browsers_linux.tar.xz.sha256
browsers-linux-artifacts/browsers_linux.tar.xz.sig
browsers-linux-artifacts/x86_64/browsers_amd64.deb
browsers-linux-artifacts/aarch64/browsers_arm64.deb
browsers-linux-artifacts/armv7l/browsers_armhf.deb
browsers-linux-artifacts/x86_64/browsers.x86_64.rpm
browsers-linux-artifacts/aarch64/browsers.aarch64.rpm
browsers-linux-artifacts/armv7l/browsers.armhfp.rpm
browsers-mac-artifacts/Browsers.dmg
browsers-mac-artifacts/browsers_mac.tar.gz
browsers-mac-artifacts/browsers_mac.tar.gz.sha256
browsers-mac-artifacts/browsers_mac.tar.gz.sig
browsers-mac-artifacts/browsers_mac.tar.xz
browsers-mac-artifacts/browsers_mac.tar.xz.sha256
browsers-mac-artifacts/browsers_mac.tar.xz.sig
browsers-windows-artifacts/Browsers_windows.zip
browsers-windows-artifacts/browsers_windows.tar.gz
browsers-windows-artifacts/browsers_windows.tar.gz.sha256
browsers-windows-artifacts/browsers_windows.tar.gz.sig
browsers-windows-artifacts/browsers_windows.tar.xz
browsers-windows-artifacts/browsers_windows.tar.xz.sha256
browsers-windows-artifacts/browsers_windows.tar.xz.sig