Skip to content

CD

CD #21

Workflow file for this run

name: CD
on:
push:
tags:
- r_[0-9]+
schedule:
- cron: '0 3 * * *'
jobs:
Windows:
strategy:
fail-fast: false
matrix:
config:
- native_mixed
- native_dyn
- native_static
runs-on: windows-2022
env:
OS_NAME: windows
COMPILE_CONFIG: ${{matrix.config}}
HOME: 'C:\\Users\\runneradmin'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup python 3.12
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install packages
run: |
choco.exe install pkgconfiglite ninja
- name: Install python modules
shell: bash
run: |
pip3 install meson pytest requests distro paramiko
pip3 install --no-deps $GITHUB_WORKSPACE
- name: Install QT
uses: jurplel/install-qt-action@v4
with:
version: 5.15.2
modules: "qtwebengine"
setup-python: false
- name: Setup MSVC compiler
uses: bus1/cabuild/action/msdevshell@v1
with:
architecture: x64
- name: secret
shell: bash
run: |
echo "${{secrets.ssh_key}}" > $SSH_KEY
env:
SSH_KEY: ${{ runner.temp }}/id_rsa
- name: Install and configure eSigner CKA and Windows SDK
if: github.event_name == 'push'
env:
ESIGNER_URL: https://github.com/SSLcom/eSignerCKA/releases/download/v1.0.7/SSL.COM-eSigner-CKA_1.0.7.zip
run: |
Set-StrictMode -Version 'Latest'
# Download and Unzip eSignerCKA Setup
Invoke-WebRequest -OutFile eSigner_CKA_Setup.zip "$env:ESIGNER_URL"
Expand-Archive -Force eSigner_CKA_Setup.zip
Remove-Item eSigner_CKA_Setup.zip
Move-Item -Destination “eSigner_CKA_Installer.exe” -Path “eSigner_CKA_*\*.exe”
# Install eSignerCKA
New-Item -ItemType Directory -Force -Path "C:\esigner"
./eSigner_CKA_Installer.exe /CURRENTUSER /VERYSILENT /SUPPRESSMSGBOXES /DIR=”C:\esigner” /TYPE=automatic | Out-Null
Remove-Item "eSigner_CKA_Installer.exe"
# Configure the CKA with SSL.com credentials
C:\esigner\eSignerCKATool.exe config -mode product -user "${{ secrets.ESIGNER_USERNAME }}" -pass "${{ secrets.ESIGNER_PASSWORD }}" -totp "${{ secrets.ESIGNER_TOTP_SECRET }}" -key "C:\esigner\master.key" -r
C:\esigner\eSignerCKATool.exe unload
C:\esigner\eSignerCKATool.exe load
# Find certificate
$CodeSigningCert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
echo Certificate: $CodeSigningCert
# Extract thumbprint and subject name
$Thumbprint = $CodeSigningCert.Thumbprint
echo "SIGNTOOL_THUMBPRINT=$Thumbprint" >> $env:GITHUB_ENV
- name: Ensure base deps
run: |
python .github\\scripts\\ensure_base_deps.py
env:
SSH_KEY: ${{ runner.temp }}/id_rsa
- name: Build Release
run: |
python .github\\scripts\\build_release_nightly.py
env:
SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x86/signtool.exe"
SSH_KEY: ${{ runner.temp }}/id_rsa
- name: Upload failure logs
if: failure()
run: |
python .github\\scripts\\upload_failure_logs.py
env:
SSH_KEY: ${{ runner.temp }}/id_rsa
Linux:
strategy:
fail-fast: false
matrix:
config:
- native_static
- native_mixed
- native_dyn
- wasm
- armv6_static
- armv6_mixed
- armv8_static
- armv8_mixed
- aarch64_static
- aarch64_mixed
- aarch64_musl_static
- aarch64_musl_mixed
- x86-64_musl_static
- x86-64_musl_mixed
- i586_static
- android_arm
- android_arm64
- android_x86
- android_x86_64
image_variant: ['focal']
include:
- config: native_mixed
image_variant: manylinux
- config: aarch64_mixed
image_variant: manylinux
env:
HOME: /home/runner
SSH_KEY: /tmp/id_rsa
runs-on: ubuntu-22.04
container:
image: "ghcr.io/kiwix/kiwix-build_ci_${{matrix.image_variant}}:2024-06-03"
options: "--device /dev/fuse --privileged"
steps:
- name: Checkout code
shell: bash
run: |
cd $HOME
git clone https://github.com/${REP}
cd ./${REP##*/}
git checkout --force ${GITHUB_SHA}
pip3 install --user --no-deps .
env:
REP: ${{github.repository}}
- name: secret
shell: bash
run: |
echo "${{secrets.ssh_key}}" > $SSH_KEY
chmod 600 $SSH_KEY
- name: Ensure base deps
shell: bash
run: |
cd $HOME
kiwix-build/.github/scripts/ensure_base_deps.py
env:
COMPILE_CONFIG: ${{matrix.config}}
- name: Build release
shell: bash
run: |
cd $HOME
kiwix-build/.github/scripts/build_release_nightly.py
env:
COMPILE_CONFIG: ${{matrix.config}}
- name: Upload failure logs
if: failure()
run: $HOME/kiwix-build/.github/scripts/upload_failure_logs.py
env:
COMPILE_CONFIG: ${{matrix.config}}
Flatpak:
strategy:
fail-fast: false
env:
HOME: /home/runner
SSH_KEY: /tmp/id_rsa
COMPILE_CONFIG: flatpak
OS_NAME: focal
runs-on: ubuntu-22.04
steps:
- name: Checkout code
shell: bash
run: |
cd $HOME
git clone https://github.com/${REP}
cd ./${REP##*/}
git checkout --force ${GITHUB_SHA}
pip3 install --user --no-deps .
env:
REP: ${{github.repository}}
- name: Install flatpak tools
run: |
sudo apt-get update
sudo apt-get install flatpak-builder ninja-build meson
- name: secret
shell: bash
run: |
echo "${{secrets.ssh_key}}" > $SSH_KEY
chmod 600 $SSH_KEY
- name: Ensure base deps
shell: bash
run: |
cd $HOME
kiwix-build/.github/scripts/ensure_base_deps.py
- name: Build release
shell: bash
run: |
cd $HOME
kiwix-build/.github/scripts/build_release_nightly.py
- name: Upload failure logs
if: failure()
run: $HOME/kiwix-build/.github/scripts/upload_failure_logs.py
Macos:
strategy:
fail-fast: false
matrix:
config:
- native_dyn
- native_static
- native_mixed
- macOS_arm64_static
- macOS_arm64_mixed
- apple_all_static
runs-on: macos-13
env:
SSH_KEY: /tmp/id_rsa
OS_NAME: macos
CERTIFICATE: /tmp/wmch-devid.p12
SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
KEYCHAIN: /Users/runner/build.keychain-db
KEYCHAIN_PASSWORD: mysecretpassword
KEYCHAIN_PROFILE: build-profile
steps:
- name: Set Xcode version (15.0.1)
# https://github.com/actions/runner-images/blob/main/images/macos/macos-13-Readme.md#xcode
run: sudo xcode-select -s /Applications/Xcode_15.0.1.app
- name: Checkout code
uses: actions/checkout@v4
- name: Setup python 3.10
uses: actions/setup-python@v5
with:
python-version: '3.10'
- name: Install packages
run:
brew install pkg-config ninja automake autoconf
- name: Install python modules
run: |
pip3 install meson pytest requests distro
pip3 install --no-deps $GITHUB_WORKSPACE
- name: secret
shell: bash
run: |
echo "${{secrets.ssh_key}}" > $SSH_KEY
chmod 600 $SSH_KEY
- name: install Apple certificate
shell: bash
run: |
echo "${{ secrets.APPLE_SIGNING_CERTIFICATE }}" | base64 --decode -o $CERTIFICATE
security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN
security default-keychain -s $KEYCHAIN
security set-keychain-settings $KEYCHAIN
security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN
security import $CERTIFICATE -k $KEYCHAIN -P "${{ secrets.APPLE_SIGNING_P12_PASSWORD }}" -A -T "/usr/bin/codesign"
rm $CERTIFICATE
security set-key-partition-list -S apple-tool:,apple: -s -k $KEYCHAIN_PASSWORD $KEYCHAIN
security find-identity -v $KEYCHAIN
xcrun notarytool store-credentials \
--apple-id "${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }}" \
--password "${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }}" \
--team-id "${{ secrets.APPLE_SIGNING_TEAM }}" \
--validate \
--keychain $KEYCHAIN \
$KEYCHAIN_PROFILE
- name: Ensure base deps
shell: bash
run: |
cd $HOME
$GITHUB_WORKSPACE/.github/scripts/ensure_base_deps.py
env:
COMPILE_CONFIG: ${{matrix.config}}
- name: Build release
shell: bash
run: |
cd $HOME
$GITHUB_WORKSPACE/.github/scripts/build_release_nightly.py
env:
COMPILE_CONFIG: ${{matrix.config}}
- name: Upload failure logs
if: failure()
run: $GITHUB_WORKSPACE/.github/scripts/upload_failure_logs.py
env:
COMPILE_CONFIG: ${{matrix.config}}
Trigger_Docker:
needs: [Linux]
runs-on: ubuntu-22.04
env:
COMPILE_CONFIG: native_static
OS_NAME: linux
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install python modules
shell: bash
run: |
pip3 install --user --no-deps $GITHUB_WORKSPACE
- name: Trigger docker workflow
shell: bash
run: |
cd $HOME
$GITHUB_WORKSPACE/.github/scripts/trigger_docker_workflow.py
env:
GITHUB_PAT: ${{secrets.DOCKER_TRIGGER_GITHUB_PAT}}