CI Build #577

Workflow file for this run

	name: CI
	run-name: CI Build
	on: [ push ]
	jobs:
	build-linux:
	environment: PROD_2028
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository code
	uses: actions/checkout@v4
	with:
	show-progress: false
	- name: Set up Docker Buildx
	id: buildx
	# Use the action from the master, as we've seen some inconsistencies with @v1
	# Issue: https://github.com/docker/build-push-action/issues/286
	uses: docker/setup-buildx-action@master
	with:
	install: true
	- name: Build cross builder image for x86_64
	uses: docker/build-push-action@v5
	with:
	context: ./cross/
	builder: ${{ steps.buildx.outputs.name }}
	file: cross/Dockerfile.linux_x86_64
	push: false
	tags: browsers.software/x86_64-unknown-linux-gnu-gtk:local
	cache-from: type=gha,scope=x86_64
	cache-to: type=gha,scope=x86_64,mode=max
	load: true # load the created image into docker, so cross can find it
	- name: Build cross builder image for aarch64
	uses: docker/build-push-action@v5
	with:
	context: ./cross/
	builder: ${{ steps.buildx.outputs.name }}
	file: cross/Dockerfile.linux_aarch64
	push: false
	tags: browsers.software/aarch64-unknown-linux-gnu-gtk:local
	cache-from: type=gha,scope=aarch64
	cache-to: type=gha,scope=aarch64,mode=max
	load: true # load the created image into docker, so cross can find it
	- name: Build cross builder image for armv7
	uses: docker/build-push-action@v5
	with:
	context: ./cross/
	builder: ${{ steps.buildx.outputs.name }}
	file: cross/Dockerfile.linux_armv7
	push: false
	tags: browsers.software/armv7-unknown-linux-gnueabihf-gtk:local
	cache-from: type=gha,scope=armv7
	cache-to: type=gha,scope=armv7,mode=max
	load: true # load the created image into docker, so cross can find it
	# even though we build inside a docker container via `cross`, then `cross` mounts
	# target/
	- name: Download cache
	uses: actions/cache@v3
	with:
	path: \|
	~/.cargo/bin/
	~/.cargo/registry/index/
	~/.cargo/registry/cache/
	~/.cargo/git/db/
	~/.cargo/.crates.toml
	~/.cargo/.crates2.json
	target/
	key: linux-${{ hashFiles('**/Cargo.lock') }}
	- name: Install signify
	run: cargo install signify --target-dir ./target/signify
	- name: Install cross
	# cargo install does check if dependency already exists,
	# but there's some conflict with github cache about it, so checking manually
	run: cargo install --list --target-dir ./target/cross \| grep cross \|\| cargo install --force cross --git https://github.com/cross-rs/cross --target-dir ./target/cross
	- name: Test x86_64 binary
	run: \|
	CROSS_BUILD_OPTS="--builder ${{ steps.buildx.outputs.name }} --cache-from type=gha,scope=x86_64 --cache-to type=gha,scope=x86_64,mode=max" cross build --target x86_64-unknown-linux-gnu --release
	- name: Test aarch64 binaries
	run: \|
	CROSS_BUILD_OPTS="--builder ${{ steps.buildx.outputs.name }} --cache-from type=gha,scope=aarch64 --cache-to type=gha,scope=aarch64,mode=max" cross build --target aarch64-unknown-linux-gnu --release
	- name: Test armv7 binaries
	run: \|
	CROSS_BUILD_OPTS="--builder ${{ steps.buildx.outputs.name }} --cache-from type=gha,scope=armv7 --cache-to type=gha,scope=armv7,mode=max" cross build --target armv7-unknown-linux-gnueabihf --release
	- name: Build binaries and package
	env:
	APPCAST_SECRET_KEY_BASE64: ${{ secrets.APPCAST_SECRET_KEY_BASE64 }}
	run: \|
	mkdir -p secrets
	echo $APPCAST_SECRET_KEY_BASE64 \| base64 --decode > secrets/appcast_seckey
	export APPCAST_SECRET_KEY_FILE="${GITHUB_WORKSPACE}/secrets/appcast_seckey"
	./build-linux.sh
	shell: bash
	- name: Upload release artifact
	uses: actions/upload-artifact@v3
	with:
	name: browsers-linux-artifacts
	path: \|
	target/universal-unknown-linux-gnu/release/browsers_linux.tar.gz
	target/universal-unknown-linux-gnu/release/browsers_linux.tar.gz.sha256
	target/universal-unknown-linux-gnu/release/browsers_linux.tar.gz.sig
	target/universal-unknown-linux-gnu/release/browsers_linux.tar.xz
	target/universal-unknown-linux-gnu/release/browsers_linux.tar.xz.sha256
	target/universal-unknown-linux-gnu/release/browsers_linux.tar.xz.sig
	target/universal-unknown-linux-gnu/release/x86_64/browsers_amd64.deb
	target/universal-unknown-linux-gnu/release/aarch64/browsers_arm64.deb
	target/universal-unknown-linux-gnu/release/armv7l/browsers_armhf.deb
	target/universal-unknown-linux-gnu/release/x86_64/browsers.x86_64.rpm
	target/universal-unknown-linux-gnu/release/aarch64/browsers.aarch64.rpm
	target/universal-unknown-linux-gnu/release/armv7l/browsers.armhfp.rpm
	build-macos:
	environment: PROD_2028
	runs-on: macos-13
	steps:
	- name: Check out repository code
	uses: actions/checkout@v4
	with:
	show-progress: false
	- name: Download cache
	uses: actions/cache@v3
	with:
	path: \|
	~/.cargo/bin/
	~/.cargo/registry/index/
	~/.cargo/registry/cache/
	~/.cargo/git/db/
	~/.cargo/.crates.toml
	~/.cargo/.crates2.json
	target/
	key: macos-${{ hashFiles('**/Cargo.lock') }}
	- name: Install signify
	run: cargo install signify --target-dir ./target/signify
	- name: Install apple-codesign
	run: cargo install apple-codesign --target-dir ./target/apple-codesign
	- name: Add Rust targets
	run: \|
	rustup target add x86_64-apple-darwin
	rustup target add aarch64-apple-darwin
	- name: Test x86_64 binary
	run: \|
	export MACOSX_DEPLOYMENT_TARGET=10.7
	cargo build --target x86_64-apple-darwin --release
	shell: bash
	- name: Test aarch64 binaries
	run: \|
	export MACOSX_DEPLOYMENT_TARGET=10.7
	cargo build --target aarch64-apple-darwin --release
	shell: bash
	- name: Build Universal Binary
	run: \|
	rm -rf target/universal-apple-darwin/release/
	mkdir -p target/universal-apple-darwin/release/
	lipo -create -output target/universal-apple-darwin/release/Browsers target/x86_64-apple-darwin/release/browsers target/aarch64-apple-darwin/release/browsers
	- name: Build with signing
	env:
	APPLE_DEVELOPER_ID_APP_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_ID_APP_P12 }}
	P12_PASSWORD: ${{ secrets.APPLE_DEVELOPER_ID_APP_P12_PASSWORD }}
	APP_STORE_CONNECT_JSON: ${{ secrets.APP_STORE_CONNECT_JSON }}
	APPCAST_SECRET_KEY_BASE64: ${{ secrets.APPCAST_SECRET_KEY_BASE64 }}
	run: \|
	mkdir -p secrets
	echo $APPLE_DEVELOPER_ID_APP_P12_BASE64 \| base64 --decode > secrets/DeveloperIDApplication.p12
	export P12_FILE="${GITHUB_WORKSPACE}/secrets/DeveloperIDApplication.p12"
	echo $APPCAST_SECRET_KEY_BASE64 \| base64 --decode > secrets/appcast_seckey
	export APPCAST_SECRET_KEY_FILE="${GITHUB_WORKSPACE}/secrets/appcast_seckey"
	echo $APP_STORE_CONNECT_JSON > secrets/app_store_connect.json
	export NOTARY_API_KEY_JSON_FILE="${GITHUB_WORKSPACE}/secrets/app_store_connect.json"
	echo "1. P12_FILE=$P12_FILE"
	./build-mac.sh
	shell: bash
	- name: Upload mac artifacts
	uses: actions/upload-artifact@v3
	with:
	name: browsers-mac-artifacts
	path: \|
	target/universal-apple-darwin/release/Browsers.dmg
	target/universal-apple-darwin/release/browsers_mac.tar.gz
	target/universal-apple-darwin/release/browsers_mac.tar.gz.sha256
	target/universal-apple-darwin/release/browsers_mac.tar.gz.sig
	target/universal-apple-darwin/release/browsers_mac.tar.xz
	target/universal-apple-darwin/release/browsers_mac.tar.xz.sha256
	target/universal-apple-darwin/release/browsers_mac.tar.xz.sig
	build-windows:
	environment: PROD_2028
	runs-on: windows-latest
	steps:
	- name: Check out repository code
	uses: actions/checkout@v4
	with:
	show-progress: false
	- name: Download cache
	uses: actions/cache@v3
	with:
	path: \|
	~/.cargo/bin/
	~/.cargo/registry/index/
	~/.cargo/registry/cache/
	~/.cargo/git/db/
	~/.cargo/.crates.toml
	~/.cargo/.crates2.json
	target/
	key: windows-${{ hashFiles('**/Cargo.lock') }}
	- name: Install signify
	run: cargo install signify --target-dir ./target/signify
	- name: Add Rust targets
	run: \|
	rustup target add x86_64-pc-windows-msvc
	rustup target add aarch64-pc-windows-msvc
	- name: Test x86_64 binary
	run: \|
	cargo build --target x86_64-pc-windows-msvc --release
	shell: bash
	- name: Test aarch64 binary
	run: \|
	cargo build --target aarch64-pc-windows-msvc --release
	shell: bash
	- name: Install tools
	run: \|
	curl https://raw.githubusercontent.com/Browsers-software/ci-utils/main/zip/bzip2.dll -o bzip2.dll
	curl https://raw.githubusercontent.com/Browsers-software/ci-utils/main/zip/zip.exe -o zip.exe
	cp bzip2.dll "C:\Program Files\Git\mingw64\bin"
	cp zip.exe "C:\Program Files\Git\mingw64\bin"
	shell: bash
	- name: Build binaries and package
	env:
	APPCAST_SECRET_KEY_BASE64: ${{ secrets.APPCAST_SECRET_KEY_BASE64 }}
	run: \|
	mkdir -p secrets
	echo $APPCAST_SECRET_KEY_BASE64 \| base64 --decode > secrets/appcast_seckey
	export APPCAST_SECRET_KEY_FILE="${GITHUB_WORKSPACE}/secrets/appcast_seckey"
	./build-windows.sh
	shell: bash
	- name: Upload release artifact
	uses: actions/upload-artifact@v3
	with:
	name: browsers-windows-artifacts
	path: \|
	target/universal-pc-windows-msvc/release/Browsers_windows.zip
	target/universal-pc-windows-msvc/release/browsers_windows.tar.gz
	target/universal-pc-windows-msvc/release/browsers_windows.tar.gz.sha256
	target/universal-pc-windows-msvc/release/browsers_windows.tar.gz.sig
	target/universal-pc-windows-msvc/release/browsers_windows.tar.xz
	target/universal-pc-windows-msvc/release/browsers_windows.tar.xz.sha256
	target/universal-pc-windows-msvc/release/browsers_windows.tar.xz.sig
	release:
	needs: [ build-linux, build-macos, build-windows ]
	runs-on: ubuntu-latest
	if: startsWith(github.ref, 'refs/tags/')
	steps:
	- name: Check out repository code
	uses: actions/checkout@v4
	with:
	show-progress: false
	- name: Generate Changelog
	# Search from CHANGELOG.md for the changelog of the version (tag name)
	run: ./tools/extract_release_notes.sh ${{ github.ref_name }} < CHANGELOG.md > ${{ github.workspace }}-RELEASE_NOTES.md
	shell: bash
	- name: Download release artifacts
	uses: actions/download-artifact@v3
	- name: Verify directories exist
	run: \|
	[ -e "browsers-linux-artifacts" ]
	[ -e "browsers-mac-artifacts" ]
	[ -e "browsers-windows-artifacts" ]
	shell: bash
	- name: Release
	uses: softprops/action-gh-release@v1
	if: startsWith(github.ref, 'refs/tags/')
	with:
	body_path: ${{ github.workspace }}-RELEASE_NOTES.md
	fail_on_unmatched_files: true
	files: \|
	browsers-linux-artifacts/browsers_linux.tar.gz
	browsers-linux-artifacts/browsers_linux.tar.gz.sha256
	browsers-linux-artifacts/browsers_linux.tar.gz.sig
	browsers-linux-artifacts/browsers_linux.tar.xz
	browsers-linux-artifacts/browsers_linux.tar.xz.sha256
	browsers-linux-artifacts/browsers_linux.tar.xz.sig
	browsers-linux-artifacts/x86_64/browsers_amd64.deb
	browsers-linux-artifacts/aarch64/browsers_arm64.deb
	browsers-linux-artifacts/armv7l/browsers_armhf.deb
	browsers-linux-artifacts/x86_64/browsers.x86_64.rpm
	browsers-linux-artifacts/aarch64/browsers.aarch64.rpm
	browsers-linux-artifacts/armv7l/browsers.armhfp.rpm
	browsers-mac-artifacts/Browsers.dmg
	browsers-mac-artifacts/browsers_mac.tar.gz
	browsers-mac-artifacts/browsers_mac.tar.gz.sha256
	browsers-mac-artifacts/browsers_mac.tar.gz.sig
	browsers-mac-artifacts/browsers_mac.tar.xz
	browsers-mac-artifacts/browsers_mac.tar.xz.sha256
	browsers-mac-artifacts/browsers_mac.tar.xz.sig
	browsers-windows-artifacts/Browsers_windows.zip
	browsers-windows-artifacts/browsers_windows.tar.gz
	browsers-windows-artifacts/browsers_windows.tar.gz.sha256
	browsers-windows-artifacts/browsers_windows.tar.gz.sig
	browsers-windows-artifacts/browsers_windows.tar.xz
	browsers-windows-artifacts/browsers_windows.tar.xz.sha256
	browsers-windows-artifacts/browsers_windows.tar.xz.sig

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CI Build #577

Workflow file

CI Build #577

Jobs

Run details

Workflow file for this run