CI Build #1097
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
run-name: CI Build | |
on: [ push ] | |
jobs: | |
build-linux: | |
environment: PROD_2028 | |
runs-on: ubuntu-latest | |
env: | |
CROSS_NO_WARNINGS: 0 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Set up Docker Buildx | |
id: buildx | |
# Use the action from the master, as we've seen some inconsistencies with @v1 | |
# Issue: https://github.com/docker/build-push-action/issues/286 | |
uses: docker/setup-buildx-action@master | |
with: | |
install: true | |
- name: Build cross builder image for x86_64 | |
uses: docker/build-push-action@v6 | |
with: | |
context: ./cross/ | |
builder: ${{ steps.buildx.outputs.name }} | |
file: cross/Dockerfile.linux_x86_64 | |
push: false | |
tags: browsers.software/x86_64-unknown-linux-gnu-gtk:local | |
cache-from: type=gha,scope=x86_64 | |
cache-to: type=gha,scope=x86_64,mode=max | |
load: true # load the created image into docker, so cross can find it | |
- name: Build cross builder image for aarch64 | |
uses: docker/build-push-action@v6 | |
with: | |
context: ./cross/ | |
builder: ${{ steps.buildx.outputs.name }} | |
file: cross/Dockerfile.linux_aarch64 | |
push: false | |
tags: browsers.software/aarch64-unknown-linux-gnu-gtk:local | |
cache-from: type=gha,scope=aarch64 | |
cache-to: type=gha,scope=aarch64,mode=max | |
load: true # load the created image into docker, so cross can find it | |
- name: Build cross builder image for armv7 | |
uses: docker/build-push-action@v6 | |
with: | |
context: ./cross/ | |
builder: ${{ steps.buildx.outputs.name }} | |
file: cross/Dockerfile.linux_armv7 | |
push: false | |
tags: browsers.software/armv7-unknown-linux-gnueabihf-gtk:local | |
cache-from: type=gha,scope=armv7 | |
cache-to: type=gha,scope=armv7,mode=max | |
load: true # load the created image into docker, so cross can find it | |
# even though we build inside a docker container via `cross`, then `cross` mounts | |
# target/ | |
- name: Download cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
~/.cargo/.crates.toml | |
~/.cargo/.crates2.json | |
target/ | |
key: ${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} | |
restore-keys: | | |
${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
${{ runner.os }}-cargo- | |
- name: Install signify | |
run: cargo install signify --target-dir ./target/signify | |
- name: Install cross | |
# cargo install does check if dependency already exists, | |
# but there's some conflict with github cache about it, so checking manually | |
run: cargo install --list --target-dir ./target/cross | grep cross || cargo install --force cross --git https://github.com/cross-rs/cross --target-dir ./target/cross | |
- name: Test x86_64 binary | |
run: | | |
CROSS_BUILD_OPTS="--builder ${{ steps.buildx.outputs.name }} --cache-from type=gha,scope=x86_64 --cache-to type=gha,scope=x86_64,mode=max" cross build --target x86_64-unknown-linux-gnu --release | |
- name: Test aarch64 binaries | |
run: | | |
CROSS_BUILD_OPTS="--builder ${{ steps.buildx.outputs.name }} --cache-from type=gha,scope=aarch64 --cache-to type=gha,scope=aarch64,mode=max" cross build --target aarch64-unknown-linux-gnu --release | |
- name: Test armv7 binaries | |
run: | | |
CROSS_BUILD_OPTS="--builder ${{ steps.buildx.outputs.name }} --cache-from type=gha,scope=armv7 --cache-to type=gha,scope=armv7,mode=max" cross build --target armv7-unknown-linux-gnueabihf --release | |
- name: Build binaries and package | |
env: | |
APPCAST_SECRET_KEY_BASE64: ${{ secrets.APPCAST_SECRET_KEY_BASE64 }} | |
run: | | |
mkdir -p secrets | |
echo $APPCAST_SECRET_KEY_BASE64 | base64 --decode > secrets/appcast_seckey | |
export APPCAST_SECRET_KEY_FILE="${GITHUB_WORKSPACE}/secrets/appcast_seckey" | |
./build-linux.sh | |
shell: bash | |
- name: Test installer | |
run: | | |
# desktop-file-utils is required for running install.sh (desktop-file-install and update-desktop-database) | |
sudo apt-get install -y --no-install-recommends desktop-file-utils | |
target_dir='target/universal-unknown-linux-gnu/release' | |
cd "$target_dir" | |
set -x | |
./install.sh | |
shell: bash | |
- name: End-to-end test - run Browsers | |
run: | | |
install_dir="$HOME/.local/bin" | |
cd "$install_dir" | |
command_output=$(./browsers --no-gui https://browsers.software) | |
echo $command_output | |
if $command_output | grep -q 'Firefox Web Browser'; then | |
echo "matched Firefox Web Browser" | |
fi | |
if $command_output | grep -q 'Google Chrome'; then | |
echo "matched Google Chrome" | |
fi | |
if $command_output | grep -q 'Microsoft Edge'; then | |
echo "matched Microsoft Edge" | |
fi | |
shell: bash | |
- name: Upload release artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: browsers-linux-artifacts | |
path: | | |
target/universal-unknown-linux-gnu/release/browsers_linux.tar.gz | |
target/universal-unknown-linux-gnu/release/browsers_linux.tar.gz.sha256 | |
target/universal-unknown-linux-gnu/release/browsers_linux.tar.gz.sig | |
target/universal-unknown-linux-gnu/release/browsers_linux.tar.xz | |
target/universal-unknown-linux-gnu/release/browsers_linux.tar.xz.sha256 | |
target/universal-unknown-linux-gnu/release/browsers_linux.tar.xz.sig | |
target/universal-unknown-linux-gnu/release/x86_64/browsers_amd64.deb | |
target/universal-unknown-linux-gnu/release/aarch64/browsers_arm64.deb | |
target/universal-unknown-linux-gnu/release/armv7l/browsers_armhf.deb | |
target/universal-unknown-linux-gnu/release/x86_64/browsers.x86_64.rpm | |
target/universal-unknown-linux-gnu/release/aarch64/browsers.aarch64.rpm | |
target/universal-unknown-linux-gnu/release/armv7l/browsers.armhfp.rpm | |
build-macos: | |
environment: PROD_2028 | |
runs-on: macos-14 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Download cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
~/.cargo/.crates.toml | |
~/.cargo/.crates2.json | |
target/ | |
key: ${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} | |
restore-keys: | | |
${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
${{ runner.os }}-cargo- | |
- name: Install signify | |
run: cargo install signify --target-dir ./target/signify | |
- name: Install apple-codesign | |
run: cargo install apple-codesign --target-dir ./target/apple-codesign | |
- name: Add Rust targets | |
run: | | |
rustup target add x86_64-apple-darwin | |
rustup target add aarch64-apple-darwin | |
- name: Test x86_64 binary | |
run: | | |
export MACOSX_DEPLOYMENT_TARGET=10.7 | |
cargo build --target x86_64-apple-darwin --release | |
shell: bash | |
- name: Test aarch64 binaries | |
run: | | |
export MACOSX_DEPLOYMENT_TARGET=10.7 | |
cargo build --target aarch64-apple-darwin --release | |
shell: bash | |
- name: Build Universal Binary | |
run: | | |
rm -rf target/universal-apple-darwin/release/ | |
mkdir -p target/universal-apple-darwin/release/ | |
lipo -create -output target/universal-apple-darwin/release/Browsers target/x86_64-apple-darwin/release/browsers target/aarch64-apple-darwin/release/browsers | |
- name: Build with signing | |
env: | |
APPLE_DEVELOPER_ID_APP_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_ID_APP_P12 }} | |
P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_APP_P12_PASSWORD }} | |
APP_STORE_CONNECT_JSON: ${{ secrets.APP_STORE_CONNECT_JSON }} | |
APPCAST_SECRET_KEY_BASE64: ${{ secrets.APPCAST_SECRET_KEY_BASE64 }} | |
run: | | |
mkdir -p secrets | |
echo $APPLE_DEVELOPER_ID_APP_P12_BASE64 | base64 --decode > secrets/DeveloperIDApplication.p12 | |
export P12_FILE="${GITHUB_WORKSPACE}/secrets/DeveloperIDApplication.p12" | |
echo $APPCAST_SECRET_KEY_BASE64 | base64 --decode > secrets/appcast_seckey | |
export APPCAST_SECRET_KEY_FILE="${GITHUB_WORKSPACE}/secrets/appcast_seckey" | |
echo $APP_STORE_CONNECT_JSON > secrets/app_store_connect.json | |
export NOTARY_API_KEY_JSON_FILE="${GITHUB_WORKSPACE}/secrets/app_store_connect.json" | |
echo "1. P12_FILE=$P12_FILE" | |
./build-mac.sh | |
shell: bash | |
- name: Test app dir | |
run: | | |
target_dir='target/universal-apple-darwin/release' | |
cd "$target_dir" | |
cd "./Browsers.app/" | |
set -x | |
ls -altrh . | |
ls -altrh ./Contents/Resources/ | |
shell: bash | |
- name: End-to-end test - run Browsers | |
run: | | |
target_dir='target/universal-apple-darwin/release' | |
cd "$target_dir" | |
set -x | |
command_output=$(./Browsers.app -W --stdout $(tty) --stderr $(tty) --args --no-gui https://browsers.software) | |
echo $command_output | |
if $command_output | grep -q 'Safari'; then | |
echo "matched Safari" | |
fi | |
if $command_output | grep -q 'Chrome'; then | |
echo "matched Chrome" | |
fi | |
if $command_output | grep -q 'Google Chrome for Testing'; then | |
echo "matched Google Chrome for Testing" | |
fi | |
# special shell script to make tty working | |
shell: 'script -q /dev/null bash -e {0}' | |
- name: Upload mac artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: browsers-mac-artifacts | |
path: | | |
target/universal-apple-darwin/release/Browsers.dmg | |
target/universal-apple-darwin/release/browsers_mac.tar.gz | |
target/universal-apple-darwin/release/browsers_mac.tar.gz.sha256 | |
target/universal-apple-darwin/release/browsers_mac.tar.gz.sig | |
target/universal-apple-darwin/release/browsers_mac.tar.xz | |
target/universal-apple-darwin/release/browsers_mac.tar.xz.sha256 | |
target/universal-apple-darwin/release/browsers_mac.tar.xz.sig | |
build-windows: | |
environment: PROD_2028 | |
runs-on: windows-latest | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Download cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
~/.cargo/.crates.toml | |
~/.cargo/.crates2.json | |
target/ | |
key: ${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} | |
restore-keys: | | |
${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
${{ runner.os }}-cargo- | |
- name: Install signify | |
run: cargo install signify --target-dir ./target/signify | |
- name: Add Rust targets | |
run: | | |
rustup target add x86_64-pc-windows-msvc | |
rustup target add aarch64-pc-windows-msvc | |
- name: Test x86_64 binary | |
run: | | |
cargo build --target x86_64-pc-windows-msvc --release | |
shell: bash | |
- name: Test aarch64 binary | |
run: | | |
cargo build --target aarch64-pc-windows-msvc --release | |
shell: bash | |
- name: Install tools | |
run: | | |
curl https://raw.githubusercontent.com/Browsers-software/ci-utils/main/zip/bzip2.dll -o bzip2.dll | |
curl https://raw.githubusercontent.com/Browsers-software/ci-utils/main/zip/zip.exe -o zip.exe | |
cp bzip2.dll "C:\Program Files\Git\mingw64\bin" | |
cp zip.exe "C:\Program Files\Git\mingw64\bin" | |
shell: bash | |
- name: Build binaries and package | |
env: | |
APPCAST_SECRET_KEY_BASE64: ${{ secrets.APPCAST_SECRET_KEY_BASE64 }} | |
run: | | |
mkdir -p secrets | |
echo $APPCAST_SECRET_KEY_BASE64 | base64 --decode > secrets/appcast_seckey | |
export APPCAST_SECRET_KEY_FILE="${GITHUB_WORKSPACE}/secrets/appcast_seckey" | |
./build-windows.sh | |
shell: bash | |
- name: Test installer | |
run: | | |
target_dir='target/universal-pc-windows-msvc/release' | |
cd "$target_dir" | |
set -x | |
./install.bat --silent | |
shell: bash | |
- name: End-to-end test - run Browsers | |
run: | | |
install_dir="$PROGRAMFILES/software.Browsers" | |
cd "$install_dir" | |
command_output=$(./browsers.exe --no-gui https://browsers.software) | |
echo $command_output | |
if $command_output | grep -q 'Mozilla Firefox'; then | |
echo "matched Mozilla Firefox" | |
fi | |
if $command_output | grep -q 'Google Chrome'; then | |
echo "matched Google Chrome" | |
fi | |
if $command_output | grep -q 'Internet Explorer'; then | |
echo "matched Internet Explorer" | |
fi | |
if $command_output | grep -q ' Microsoft Edge Profile 1'; then | |
echo "matched Microsoft Edge (Profile 1)" | |
fi | |
shell: bash | |
- name: Upload release artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: browsers-windows-artifacts | |
path: | | |
target/universal-pc-windows-msvc/release/Browsers_windows.zip | |
target/universal-pc-windows-msvc/release/browsers_windows.tar.gz | |
target/universal-pc-windows-msvc/release/browsers_windows.tar.gz.sha256 | |
target/universal-pc-windows-msvc/release/browsers_windows.tar.gz.sig | |
target/universal-pc-windows-msvc/release/browsers_windows.tar.xz | |
target/universal-pc-windows-msvc/release/browsers_windows.tar.xz.sha256 | |
target/universal-pc-windows-msvc/release/browsers_windows.tar.xz.sig | |
release: | |
needs: [ build-linux, build-macos, build-windows ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
with: | |
show-progress: false | |
- name: Download release artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: browsers-*-artifacts | |
- name: Verify directories exist | |
run: | | |
[ -e "browsers-linux-artifacts" ] | |
[ -e "browsers-mac-artifacts" ] | |
[ -e "browsers-windows-artifacts" ] | |
shell: bash | |
- name: Generate Changelog | |
if: startsWith(github.ref, 'refs/tags/') | |
# Search from CHANGELOG.md for the changelog of the version (tag name) | |
run: ./tools/extract_release_notes.sh ${{ github.ref_name }} < CHANGELOG.md > ${{ github.workspace }}-RELEASE_NOTES.md | |
shell: bash | |
- name: Release | |
uses: softprops/action-gh-release@v2 | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
body_path: ${{ github.workspace }}-RELEASE_NOTES.md | |
fail_on_unmatched_files: true | |
files: | | |
browsers-linux-artifacts/browsers_linux.tar.gz | |
browsers-linux-artifacts/browsers_linux.tar.gz.sha256 | |
browsers-linux-artifacts/browsers_linux.tar.gz.sig | |
browsers-linux-artifacts/browsers_linux.tar.xz | |
browsers-linux-artifacts/browsers_linux.tar.xz.sha256 | |
browsers-linux-artifacts/browsers_linux.tar.xz.sig | |
browsers-linux-artifacts/x86_64/browsers_amd64.deb | |
browsers-linux-artifacts/aarch64/browsers_arm64.deb | |
browsers-linux-artifacts/armv7l/browsers_armhf.deb | |
browsers-linux-artifacts/x86_64/browsers.x86_64.rpm | |
browsers-linux-artifacts/aarch64/browsers.aarch64.rpm | |
browsers-linux-artifacts/armv7l/browsers.armhfp.rpm | |
browsers-mac-artifacts/Browsers.dmg | |
browsers-mac-artifacts/browsers_mac.tar.gz | |
browsers-mac-artifacts/browsers_mac.tar.gz.sha256 | |
browsers-mac-artifacts/browsers_mac.tar.gz.sig | |
browsers-mac-artifacts/browsers_mac.tar.xz | |
browsers-mac-artifacts/browsers_mac.tar.xz.sha256 | |
browsers-mac-artifacts/browsers_mac.tar.xz.sig | |
browsers-windows-artifacts/Browsers_windows.zip | |
browsers-windows-artifacts/browsers_windows.tar.gz | |
browsers-windows-artifacts/browsers_windows.tar.gz.sha256 | |
browsers-windows-artifacts/browsers_windows.tar.gz.sig | |
browsers-windows-artifacts/browsers_windows.tar.xz | |
browsers-windows-artifacts/browsers_windows.tar.xz.sha256 | |
browsers-windows-artifacts/browsers_windows.tar.xz.sig |