CI Build #1110

Workflow file for this run

	name: CI
	run-name: CI Build
	on: [ push ]
	jobs:
	build-linux:
	environment: PROD_2028
	runs-on: ubuntu-latest
	env:
	CROSS_NO_WARNINGS: 0
	steps:
	- name: Check out repository code
	uses: actions/checkout@v4
	with:
	show-progress: false
	- name: Set up Docker Buildx
	id: buildx
	# Use the action from the master, as we've seen some inconsistencies with @v1
	# Issue: https://github.com/docker/build-push-action/issues/286
	uses: docker/setup-buildx-action@master
	with:
	install: true
	- name: Build cross builder image for x86_64
	uses: docker/build-push-action@v6
	with:
	context: ./cross/
	builder: ${{ steps.buildx.outputs.name }}
	file: cross/Dockerfile.linux_x86_64
	push: false
	tags: browsers.software/x86_64-unknown-linux-gnu-gtk:local
	cache-from: type=gha,scope=x86_64
	cache-to: type=gha,scope=x86_64,mode=max
	load: true # load the created image into docker, so cross can find it
	- name: Build cross builder image for aarch64
	uses: docker/build-push-action@v6
	with:
	context: ./cross/
	builder: ${{ steps.buildx.outputs.name }}
	file: cross/Dockerfile.linux_aarch64
	push: false
	tags: browsers.software/aarch64-unknown-linux-gnu-gtk:local
	cache-from: type=gha,scope=aarch64
	cache-to: type=gha,scope=aarch64,mode=max
	load: true # load the created image into docker, so cross can find it
	- name: Build cross builder image for armv7
	uses: docker/build-push-action@v6
	with:
	context: ./cross/
	builder: ${{ steps.buildx.outputs.name }}
	file: cross/Dockerfile.linux_armv7
	push: false
	tags: browsers.software/armv7-unknown-linux-gnueabihf-gtk:local
	cache-from: type=gha,scope=armv7
	cache-to: type=gha,scope=armv7,mode=max
	load: true # load the created image into docker, so cross can find it
	# even though we build inside a docker container via `cross`, then `cross` mounts
	# target/
	- name: Download cache
	uses: actions/cache@v4
	with:
	path: \|
	~/.cargo/bin/
	~/.cargo/registry/index/
	~/.cargo/registry/cache/
	~/.cargo/git/db/
	~/.cargo/.crates.toml
	~/.cargo/.crates2.json
	target/
	key: ${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}
	restore-keys: \|
	${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
	${{ runner.os }}-cargo-
	- name: Install signify
	run: cargo install signify --target-dir ./target/signify
	- name: Install cross
	# cargo install does check if dependency already exists,
	# but there's some conflict with github cache about it, so checking manually
	run: cargo install --list --target-dir ./target/cross \| grep cross \|\| cargo install --force cross --git https://github.com/cross-rs/cross --target-dir ./target/cross
	- name: Test x86_64 binary
	run: \|
	CROSS_BUILD_OPTS="--builder ${{ steps.buildx.outputs.name }} --cache-from type=gha,scope=x86_64 --cache-to type=gha,scope=x86_64,mode=max" cross build --target x86_64-unknown-linux-gnu --release
	- name: Test aarch64 binaries
	run: \|
	CROSS_BUILD_OPTS="--builder ${{ steps.buildx.outputs.name }} --cache-from type=gha,scope=aarch64 --cache-to type=gha,scope=aarch64,mode=max" cross build --target aarch64-unknown-linux-gnu --release
	- name: Test armv7 binaries
	run: \|
	CROSS_BUILD_OPTS="--builder ${{ steps.buildx.outputs.name }} --cache-from type=gha,scope=armv7 --cache-to type=gha,scope=armv7,mode=max" cross build --target armv7-unknown-linux-gnueabihf --release
	- name: Build binaries and package
	env:
	APPCAST_SECRET_KEY_BASE64: ${{ secrets.APPCAST_SECRET_KEY_BASE64 }}
	run: \|
	mkdir -p secrets
	echo $APPCAST_SECRET_KEY_BASE64 \| base64 --decode > secrets/appcast_seckey
	export APPCAST_SECRET_KEY_FILE="${GITHUB_WORKSPACE}/secrets/appcast_seckey"
	./build-linux.sh
	shell: bash
	- name: Test installer
	run: \|
	# desktop-file-utils is required for running install.sh (desktop-file-install and update-desktop-database)
	sudo apt-get install -y --no-install-recommends desktop-file-utils
	target_dir='target/universal-unknown-linux-gnu/release'
	cd "$target_dir"
	set -x
	./install.sh
	shell: bash
	- name: End-to-end test - run Browsers
	run: \|
	install_dir="$HOME/.local/bin"
	cd "$install_dir"
	./browsers --no-gui https://browsers.software
	shell: bash
	- name: Upload release artifact
	uses: actions/upload-artifact@v4
	with:
	name: browsers-linux-artifacts
	path: \|
	target/universal-unknown-linux-gnu/release/browsers_linux.tar.gz
	target/universal-unknown-linux-gnu/release/browsers_linux.tar.gz.sha256
	target/universal-unknown-linux-gnu/release/browsers_linux.tar.gz.sig
	target/universal-unknown-linux-gnu/release/browsers_linux.tar.xz
	target/universal-unknown-linux-gnu/release/browsers_linux.tar.xz.sha256
	target/universal-unknown-linux-gnu/release/browsers_linux.tar.xz.sig
	target/universal-unknown-linux-gnu/release/x86_64/browsers_amd64.deb
	target/universal-unknown-linux-gnu/release/aarch64/browsers_arm64.deb
	target/universal-unknown-linux-gnu/release/armv7l/browsers_armhf.deb
	target/universal-unknown-linux-gnu/release/x86_64/browsers.x86_64.rpm
	target/universal-unknown-linux-gnu/release/aarch64/browsers.aarch64.rpm
	target/universal-unknown-linux-gnu/release/armv7l/browsers.armhfp.rpm
	build-macos:
	environment: PROD_2028
	runs-on: macos-14
	steps:
	- name: Check out repository code
	uses: actions/checkout@v4
	with:
	show-progress: false
	- name: Download cache
	uses: actions/cache@v4
	with:
	path: \|
	~/.cargo/bin/
	~/.cargo/registry/index/
	~/.cargo/registry/cache/
	~/.cargo/git/db/
	~/.cargo/.crates.toml
	~/.cargo/.crates2.json
	target/
	key: ${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}
	restore-keys: \|
	${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
	${{ runner.os }}-cargo-
	- name: Install signify
	run: cargo install signify --target-dir ./target/signify
	- name: Install apple-codesign
	run: cargo install apple-codesign --target-dir ./target/apple-codesign
	- name: Add Rust targets
	run: \|
	rustup target add x86_64-apple-darwin
	rustup target add aarch64-apple-darwin
	- name: Test x86_64 binary
	run: \|
	export MACOSX_DEPLOYMENT_TARGET=10.7
	cargo build --target x86_64-apple-darwin --release
	shell: bash
	- name: Test aarch64 binaries
	run: \|
	export MACOSX_DEPLOYMENT_TARGET=10.7
	cargo build --target aarch64-apple-darwin --release
	shell: bash
	- name: Build Universal Binary
	run: \|
	rm -rf target/universal-apple-darwin/release/
	mkdir -p target/universal-apple-darwin/release/
	lipo -create -output target/universal-apple-darwin/release/Browsers target/x86_64-apple-darwin/release/browsers target/aarch64-apple-darwin/release/browsers
	- name: Build with signing
	env:
	APPLE_DEVELOPER_ID_APP_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_ID_APP_P12 }}
	P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_APP_P12_PASSWORD }}
	APP_STORE_CONNECT_JSON: ${{ secrets.APP_STORE_CONNECT_JSON }}
	APPCAST_SECRET_KEY_BASE64: ${{ secrets.APPCAST_SECRET_KEY_BASE64 }}
	run: \|
	mkdir -p secrets
	echo $APPLE_DEVELOPER_ID_APP_P12_BASE64 \| base64 --decode > secrets/DeveloperIDApplication.p12
	export P12_FILE="${GITHUB_WORKSPACE}/secrets/DeveloperIDApplication.p12"
	echo $APPCAST_SECRET_KEY_BASE64 \| base64 --decode > secrets/appcast_seckey
	export APPCAST_SECRET_KEY_FILE="${GITHUB_WORKSPACE}/secrets/appcast_seckey"
	echo $APP_STORE_CONNECT_JSON > secrets/app_store_connect.json
	export NOTARY_API_KEY_JSON_FILE="${GITHUB_WORKSPACE}/secrets/app_store_connect.json"
	echo "1. P12_FILE=$P12_FILE"
	./build-mac.sh
	shell: bash
	- name: Test app dir
	run: \|
	target_dir='target/universal-apple-darwin/release'
	cd "$target_dir"
	cd "./Browsers.app/"
	set -x
	ls -altrh .
	ls -altrh ./Contents/Resources/
	shell: bash
	- name: End-to-end test - run Browsers
	run: \|
	target_dir='target/universal-apple-darwin/release'
	cd "$target_dir"
	set -x
	open ./Browsers.app --env BROWSERS_LOG_LEVEL=DEBUG --stdout /tmp/my-stdout --stderr /tmp/my-stderr --args --no-gui https://browsers.software && cat /tmp/my-stdout && cat /tmp/my-stderr
	shell: bash
	- name: Upload mac artifacts
	uses: actions/upload-artifact@v4
	with:
	name: browsers-mac-artifacts
	path: \|
	target/universal-apple-darwin/release/Browsers.dmg
	target/universal-apple-darwin/release/browsers_mac.tar.gz
	target/universal-apple-darwin/release/browsers_mac.tar.gz.sha256
	target/universal-apple-darwin/release/browsers_mac.tar.gz.sig
	target/universal-apple-darwin/release/browsers_mac.tar.xz
	target/universal-apple-darwin/release/browsers_mac.tar.xz.sha256
	target/universal-apple-darwin/release/browsers_mac.tar.xz.sig
	build-windows:
	environment: PROD_2028
	runs-on: windows-latest
	steps:
	- name: Check out repository code
	uses: actions/checkout@v4
	with:
	show-progress: false
	- name: Download cache
	uses: actions/cache@v4
	with:
	path: \|
	~/.cargo/bin/
	~/.cargo/registry/index/
	~/.cargo/registry/cache/
	~/.cargo/git/db/
	~/.cargo/.crates.toml
	~/.cargo/.crates2.json
	target/
	key: ${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}
	restore-keys: \|
	${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
	${{ runner.os }}-cargo-
	- name: Install signify
	run: cargo install signify --target-dir ./target/signify
	- name: Add Rust targets
	run: \|
	rustup target add x86_64-pc-windows-msvc
	rustup target add aarch64-pc-windows-msvc
	- name: Test x86_64 binary
	run: \|
	cargo build --target x86_64-pc-windows-msvc --release
	shell: bash
	- name: Test aarch64 binary
	run: \|
	cargo build --target aarch64-pc-windows-msvc --release
	shell: bash
	- name: Install tools
	run: \|
	curl https://raw.githubusercontent.com/Browsers-software/ci-utils/main/zip/bzip2.dll -o bzip2.dll
	curl https://raw.githubusercontent.com/Browsers-software/ci-utils/main/zip/zip.exe -o zip.exe
	cp bzip2.dll "C:\Program Files\Git\mingw64\bin"
	cp zip.exe "C:\Program Files\Git\mingw64\bin"
	shell: bash
	- name: Build binaries and package
	env:
	APPCAST_SECRET_KEY_BASE64: ${{ secrets.APPCAST_SECRET_KEY_BASE64 }}
	run: \|
	mkdir -p secrets
	echo $APPCAST_SECRET_KEY_BASE64 \| base64 --decode > secrets/appcast_seckey
	export APPCAST_SECRET_KEY_FILE="${GITHUB_WORKSPACE}/secrets/appcast_seckey"
	./build-windows.sh
	shell: bash
	- name: Test installer
	run: \|
	target_dir='target/universal-pc-windows-msvc/release'
	cd "$target_dir"
	set -x
	./install.bat --silent
	shell: bash
	- name: End-to-end test - run Browsers
	run: \|
	install_dir="$PROGRAMFILES/software.Browsers"
	cd "$install_dir"
	./browsers.exe --no-gui https://browsers.software
	shell: bash
	- name: Upload release artifact
	uses: actions/upload-artifact@v4
	with:
	name: browsers-windows-artifacts
	path: \|
	target/universal-pc-windows-msvc/release/Browsers_windows.zip
	target/universal-pc-windows-msvc/release/browsers_windows.tar.gz
	target/universal-pc-windows-msvc/release/browsers_windows.tar.gz.sha256
	target/universal-pc-windows-msvc/release/browsers_windows.tar.gz.sig
	target/universal-pc-windows-msvc/release/browsers_windows.tar.xz
	target/universal-pc-windows-msvc/release/browsers_windows.tar.xz.sha256
	target/universal-pc-windows-msvc/release/browsers_windows.tar.xz.sig
	release:
	needs: [ build-linux, build-macos, build-windows ]
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository code
	uses: actions/checkout@v4
	with:
	show-progress: false
	- name: Download release artifacts
	uses: actions/download-artifact@v4
	with:
	pattern: browsers-*-artifacts
	- name: Verify directories exist
	run: \|
	[ -e "browsers-linux-artifacts" ]
	[ -e "browsers-mac-artifacts" ]
	[ -e "browsers-windows-artifacts" ]
	shell: bash
	- name: Generate Changelog
	if: startsWith(github.ref, 'refs/tags/')
	# Search from CHANGELOG.md for the changelog of the version (tag name)
	run: ./tools/extract_release_notes.sh ${{ github.ref_name }} < CHANGELOG.md > ${{ github.workspace }}-RELEASE_NOTES.md
	shell: bash
	- name: Release
	uses: softprops/action-gh-release@v2
	if: startsWith(github.ref, 'refs/tags/')
	with:
	body_path: ${{ github.workspace }}-RELEASE_NOTES.md
	fail_on_unmatched_files: true
	files: \|
	browsers-linux-artifacts/browsers_linux.tar.gz
	browsers-linux-artifacts/browsers_linux.tar.gz.sha256
	browsers-linux-artifacts/browsers_linux.tar.gz.sig
	browsers-linux-artifacts/browsers_linux.tar.xz
	browsers-linux-artifacts/browsers_linux.tar.xz.sha256
	browsers-linux-artifacts/browsers_linux.tar.xz.sig
	browsers-linux-artifacts/x86_64/browsers_amd64.deb
	browsers-linux-artifacts/aarch64/browsers_arm64.deb
	browsers-linux-artifacts/armv7l/browsers_armhf.deb
	browsers-linux-artifacts/x86_64/browsers.x86_64.rpm
	browsers-linux-artifacts/aarch64/browsers.aarch64.rpm
	browsers-linux-artifacts/armv7l/browsers.armhfp.rpm
	browsers-mac-artifacts/Browsers.dmg
	browsers-mac-artifacts/browsers_mac.tar.gz
	browsers-mac-artifacts/browsers_mac.tar.gz.sha256
	browsers-mac-artifacts/browsers_mac.tar.gz.sig
	browsers-mac-artifacts/browsers_mac.tar.xz
	browsers-mac-artifacts/browsers_mac.tar.xz.sha256
	browsers-mac-artifacts/browsers_mac.tar.xz.sig
	browsers-windows-artifacts/Browsers_windows.zip
	browsers-windows-artifacts/browsers_windows.tar.gz
	browsers-windows-artifacts/browsers_windows.tar.gz.sha256
	browsers-windows-artifacts/browsers_windows.tar.gz.sig
	browsers-windows-artifacts/browsers_windows.tar.xz
	browsers-windows-artifacts/browsers_windows.tar.xz.sha256
	browsers-windows-artifacts/browsers_windows.tar.xz.sig

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CI Build #1110

Workflow file

CI Build #1110

Jobs

Run details

Workflow file for this run