CD #60
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CD | |
on: | |
push: | |
tags: | |
- r_[0-9]+ | |
schedule: | |
- cron: '0 3 * * *' | |
jobs: | |
Windows: | |
strategy: | |
fail-fast: false | |
matrix: | |
config: | |
- native_mixed | |
- native_dyn | |
- native_static | |
runs-on: windows-2022 | |
env: | |
OS_NAME: windows | |
COMPILE_CONFIG: ${{matrix.config}} | |
HOME: 'C:\\Users\\runneradmin' | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup python 3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- name: Install packages | |
run: | | |
choco.exe install pkgconfiglite ninja | |
- name: Install python modules | |
shell: bash | |
run: | | |
pip3 install meson pytest requests distro paramiko | |
pip3 install --no-deps $GITHUB_WORKSPACE | |
- name: Install QT | |
uses: jurplel/install-qt-action@v4 | |
with: | |
version: 5.15.2 | |
modules: "qtwebengine" | |
setup-python: false | |
- name: Setup MSVC compiler | |
uses: bus1/cabuild/action/msdevshell@v1 | |
with: | |
architecture: x64 | |
- name: secret | |
shell: bash | |
run: | | |
echo "${{secrets.ssh_key}}" > $SSH_KEY | |
env: | |
SSH_KEY: ${{ runner.temp }}/id_rsa | |
- name: Install and configure eSigner CKA and Windows SDK | |
if: github.event_name == 'push' | |
env: | |
ESIGNER_URL: https://github.com/SSLcom/eSignerCKA/releases/download/v1.0.7/SSL.COM-eSigner-CKA_1.0.7.zip | |
run: | | |
Set-StrictMode -Version 'Latest' | |
# Download and Unzip eSignerCKA Setup | |
Invoke-WebRequest -OutFile eSigner_CKA_Setup.zip "$env:ESIGNER_URL" | |
Expand-Archive -Force eSigner_CKA_Setup.zip | |
Remove-Item eSigner_CKA_Setup.zip | |
Move-Item -Destination “eSigner_CKA_Installer.exe” -Path “eSigner_CKA_*\*.exe” | |
# Install eSignerCKA | |
New-Item -ItemType Directory -Force -Path "C:\esigner" | |
./eSigner_CKA_Installer.exe /CURRENTUSER /VERYSILENT /SUPPRESSMSGBOXES /DIR=”C:\esigner” /TYPE=automatic | Out-Null | |
Remove-Item "eSigner_CKA_Installer.exe" | |
# Configure the CKA with SSL.com credentials | |
C:\esigner\eSignerCKATool.exe config -mode product -user "${{ secrets.ESIGNER_USERNAME }}" -pass "${{ secrets.ESIGNER_PASSWORD }}" -totp "${{ secrets.ESIGNER_TOTP_SECRET }}" -key "C:\esigner\master.key" -r | |
C:\esigner\eSignerCKATool.exe unload | |
C:\esigner\eSignerCKATool.exe load | |
# Find certificate | |
$CodeSigningCert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1 | |
echo Certificate: $CodeSigningCert | |
# Extract thumbprint and subject name | |
$Thumbprint = $CodeSigningCert.Thumbprint | |
echo "SIGNTOOL_THUMBPRINT=$Thumbprint" >> $env:GITHUB_ENV | |
- name: Ensure base deps | |
run: | | |
python .github\\scripts\\ensure_base_deps.py | |
env: | |
SSH_KEY: ${{ runner.temp }}/id_rsa | |
- name: Build Release | |
run: | | |
python .github\\scripts\\build_release_nightly.py | |
env: | |
SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x86/signtool.exe" | |
SSH_KEY: ${{ runner.temp }}/id_rsa | |
- name: Upload failure logs | |
if: failure() | |
run: | | |
python .github\\scripts\\upload_failure_logs.py | |
env: | |
SSH_KEY: ${{ runner.temp }}/id_rsa | |
Linux: | |
strategy: | |
fail-fast: false | |
matrix: | |
config: | |
- native_static | |
- native_mixed | |
- native_dyn | |
- wasm | |
- armv6_static | |
- armv6_mixed | |
- armv8_static | |
- armv8_mixed | |
- aarch64_static | |
- aarch64_mixed | |
- aarch64_musl_static | |
- aarch64_musl_mixed | |
- x86-64_musl_static | |
- x86-64_musl_mixed | |
- i586_static | |
- android_arm | |
- android_arm64 | |
- android_x86 | |
- android_x86_64 | |
image_variant: ['focal'] | |
include: | |
- config: native_mixed | |
image_variant: manylinux | |
- config: aarch64_mixed | |
image_variant: manylinux | |
- config: native_dyn | |
image_variant: jammy | |
env: | |
HOME: /home/runner | |
SSH_KEY: /tmp/id_rsa | |
runs-on: ubuntu-22.04 | |
container: | |
image: "ghcr.io/kiwix/kiwix-build_ci_${{matrix.image_variant}}:2024-11-30" | |
options: "--device /dev/fuse --privileged" | |
steps: | |
- name: Checkout code | |
shell: bash | |
run: | | |
cd $HOME | |
git clone https://github.com/${REP} | |
cd ./${REP##*/} | |
git checkout --force ${GITHUB_SHA} | |
pip3 install --user --no-deps . | |
env: | |
REP: ${{github.repository}} | |
- name: secret | |
shell: bash | |
run: | | |
echo "${{secrets.ssh_key}}" > $SSH_KEY | |
chmod 600 $SSH_KEY | |
- name: Ensure base deps | |
shell: bash | |
run: | | |
cd $HOME | |
kiwix-build/.github/scripts/ensure_base_deps.py | |
env: | |
COMPILE_CONFIG: ${{matrix.config}} | |
- name: Build release | |
shell: bash | |
run: | | |
cd $HOME | |
kiwix-build/.github/scripts/build_release_nightly.py | |
env: | |
COMPILE_CONFIG: ${{matrix.config}} | |
- name: Upload failure logs | |
if: failure() | |
run: $HOME/kiwix-build/.github/scripts/upload_failure_logs.py | |
env: | |
COMPILE_CONFIG: ${{matrix.config}} | |
Flatpak: | |
strategy: | |
fail-fast: false | |
env: | |
HOME: /home/runner | |
SSH_KEY: /tmp/id_rsa | |
COMPILE_CONFIG: flatpak | |
OS_NAME: focal | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout code | |
shell: bash | |
run: | | |
cd $HOME | |
git clone https://github.com/${REP} | |
cd ./${REP##*/} | |
git checkout --force ${GITHUB_SHA} | |
pip3 install --user --no-deps . | |
env: | |
REP: ${{github.repository}} | |
- name: Install flatpak tools | |
run: | | |
sudo apt-get update | |
sudo apt-get install flatpak-builder ninja-build meson | |
- name: secret | |
shell: bash | |
run: | | |
echo "${{secrets.ssh_key}}" > $SSH_KEY | |
chmod 600 $SSH_KEY | |
- name: Ensure base deps | |
shell: bash | |
run: | | |
cd $HOME | |
kiwix-build/.github/scripts/ensure_base_deps.py | |
- name: Build release | |
shell: bash | |
run: | | |
cd $HOME | |
kiwix-build/.github/scripts/build_release_nightly.py | |
- name: Upload failure logs | |
if: failure() | |
run: $HOME/kiwix-build/.github/scripts/upload_failure_logs.py | |
Macos: | |
strategy: | |
fail-fast: false | |
matrix: | |
config: | |
- native_dyn | |
- native_static | |
- native_mixed | |
- macOS_arm64_static | |
- macOS_arm64_mixed | |
- apple_all_static | |
runs-on: macos-13 | |
env: | |
SSH_KEY: /tmp/id_rsa | |
OS_NAME: macos | |
CERTIFICATE: /tmp/wmch-devid.p12 | |
SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
KEYCHAIN: /Users/runner/build.keychain-db | |
KEYCHAIN_PASSWORD: mysecretpassword | |
KEYCHAIN_PROFILE: build-profile | |
steps: | |
- name: Set Xcode version (15.0.1) | |
# https://github.com/actions/runner-images/blob/main/images/macos/macos-13-Readme.md#xcode | |
run: sudo xcode-select -s /Applications/Xcode_15.0.1.app | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup python 3.10 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
- name: Install packages | |
run: | |
brew install pkg-config ninja automake autoconf | |
- name: Install python modules | |
run: | | |
pip3 install meson pytest requests distro | |
pip3 install --no-deps $GITHUB_WORKSPACE | |
- name: secret | |
shell: bash | |
run: | | |
echo "${{secrets.ssh_key}}" > $SSH_KEY | |
chmod 600 $SSH_KEY | |
- name: install Apple certificate | |
shell: bash | |
run: | | |
echo "${{ secrets.APPLE_SIGNING_CERTIFICATE }}" | base64 --decode -o $CERTIFICATE | |
security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN | |
security default-keychain -s $KEYCHAIN | |
security set-keychain-settings $KEYCHAIN | |
security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN | |
security import $CERTIFICATE -k $KEYCHAIN -P "${{ secrets.APPLE_SIGNING_P12_PASSWORD }}" -A -T "/usr/bin/codesign" | |
rm $CERTIFICATE | |
security set-key-partition-list -S apple-tool:,apple: -s -k $KEYCHAIN_PASSWORD $KEYCHAIN | |
security find-identity -v $KEYCHAIN | |
xcrun notarytool store-credentials \ | |
--apple-id "${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }}" \ | |
--password "${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }}" \ | |
--team-id "${{ secrets.APPLE_SIGNING_TEAM }}" \ | |
--validate \ | |
--keychain $KEYCHAIN \ | |
$KEYCHAIN_PROFILE | |
- name: Ensure base deps | |
shell: bash | |
run: | | |
cd $HOME | |
$GITHUB_WORKSPACE/.github/scripts/ensure_base_deps.py | |
env: | |
COMPILE_CONFIG: ${{matrix.config}} | |
- name: Build release | |
shell: bash | |
run: | | |
cd $HOME | |
$GITHUB_WORKSPACE/.github/scripts/build_release_nightly.py | |
env: | |
COMPILE_CONFIG: ${{matrix.config}} | |
- name: Upload failure logs | |
if: failure() | |
run: $GITHUB_WORKSPACE/.github/scripts/upload_failure_logs.py | |
env: | |
COMPILE_CONFIG: ${{matrix.config}} | |
Trigger_Docker: | |
needs: [Linux] | |
runs-on: ubuntu-22.04 | |
env: | |
COMPILE_CONFIG: native_static | |
OS_NAME: linux | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install python modules | |
shell: bash | |
run: | | |
pip3 install --user --no-deps $GITHUB_WORKSPACE | |
- name: Trigger docker workflow | |
shell: bash | |
run: | | |
cd $HOME | |
$GITHUB_WORKSPACE/.github/scripts/trigger_docker_workflow.py | |
env: | |
GITHUB_PAT: ${{secrets.DOCKER_TRIGGER_GITHUB_PAT}} |