name: CD on: push: tags: - r_[0-9]+ schedule: - cron: '0 3 * * *' jobs: Windows: strategy: fail-fast: false matrix: config: - native_mixed - native_dyn - native_static runs-on: windows-2022 env: OS_NAME: windows COMPILE_CONFIG: ${{matrix.config}} HOME: 'C:\\Users\\runneradmin' steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup python 3.12 uses: actions/setup-python@v5 with: python-version: '3.12' - name: Install packages run: | choco.exe install pkgconfiglite ninja - name: Install python modules shell: bash run: | pip3 install meson pytest requests distro paramiko pip3 install --no-deps $GITHUB_WORKSPACE - name: Install QT uses: jurplel/install-qt-action@v4 with: version: 5.15.2 modules: "qtwebengine" setup-python: false - name: Setup MSVC compiler uses: bus1/cabuild/action/msdevshell@v1 with: architecture: x64 - name: secret shell: bash run: | echo "${{secrets.ssh_key}}" > $SSH_KEY env: SSH_KEY: ${{ runner.temp }}/id_rsa - name: Install and configure eSigner CKA and Windows SDK if: github.event_name == 'push' env: ESIGNER_URL: https://github.com/SSLcom/eSignerCKA/releases/download/v1.0.7/SSL.COM-eSigner-CKA_1.0.7.zip run: | Set-StrictMode -Version 'Latest' # Download and Unzip eSignerCKA Setup Invoke-WebRequest -OutFile eSigner_CKA_Setup.zip "$env:ESIGNER_URL" Expand-Archive -Force eSigner_CKA_Setup.zip Remove-Item eSigner_CKA_Setup.zip Move-Item -Destination “eSigner_CKA_Installer.exe” -Path “eSigner_CKA_*\*.exe” # Install eSignerCKA New-Item -ItemType Directory -Force -Path "C:\esigner" ./eSigner_CKA_Installer.exe /CURRENTUSER /VERYSILENT /SUPPRESSMSGBOXES /DIR=”C:\esigner” /TYPE=automatic | Out-Null Remove-Item "eSigner_CKA_Installer.exe" # Configure the CKA with SSL.com credentials C:\esigner\eSignerCKATool.exe config -mode product -user "${{ secrets.ESIGNER_USERNAME }}" -pass "${{ secrets.ESIGNER_PASSWORD }}" -totp "${{ secrets.ESIGNER_TOTP_SECRET }}" -key "C:\esigner\master.key" -r C:\esigner\eSignerCKATool.exe unload C:\esigner\eSignerCKATool.exe load # Find certificate $CodeSigningCert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1 echo Certificate: $CodeSigningCert # Extract thumbprint and subject name $Thumbprint = $CodeSigningCert.Thumbprint echo "SIGNTOOL_THUMBPRINT=$Thumbprint" >> $env:GITHUB_ENV - name: Ensure base deps run: | python .github\\scripts\\ensure_base_deps.py env: SSH_KEY: ${{ runner.temp }}/id_rsa - name: Build Release run: | python .github\\scripts\\build_release_nightly.py env: SIGNTOOL_PATH: "C:/Program Files (x86)/Windows Kits/10/bin/10.0.22621.0/x86/signtool.exe" SSH_KEY: ${{ runner.temp }}/id_rsa - name: Upload failure logs if: failure() run: | python .github\\scripts\\upload_failure_logs.py env: SSH_KEY: ${{ runner.temp }}/id_rsa Linux: strategy: fail-fast: false matrix: config: - native_static - native_mixed - native_dyn - wasm - armv6_static - armv6_mixed - armv8_static - armv8_mixed - aarch64_static - aarch64_mixed - aarch64_musl_static - aarch64_musl_mixed - x86-64_musl_static - x86-64_musl_mixed - i586_static - android_arm - android_arm64 - android_x86 - android_x86_64 image_variant: ['focal'] include: - config: native_mixed image_variant: manylinux - config: aarch64_mixed image_variant: manylinux env: HOME: /home/runner SSH_KEY: /tmp/id_rsa runs-on: ubuntu-22.04 container: image: "ghcr.io/kiwix/kiwix-build_ci_${{matrix.image_variant}}:2024-06-03" options: "--device /dev/fuse --privileged" steps: - name: Checkout code shell: bash run: | cd $HOME git clone https://github.com/${REP} cd ./${REP##*/} git checkout --force ${GITHUB_SHA} pip3 install --user --no-deps . env: REP: ${{github.repository}} - name: secret shell: bash run: | echo "${{secrets.ssh_key}}" > $SSH_KEY chmod 600 $SSH_KEY - name: Ensure base deps shell: bash run: | cd $HOME kiwix-build/.github/scripts/ensure_base_deps.py env: COMPILE_CONFIG: ${{matrix.config}} - name: Build release shell: bash run: | cd $HOME kiwix-build/.github/scripts/build_release_nightly.py env: COMPILE_CONFIG: ${{matrix.config}} - name: Upload failure logs if: failure() run: $HOME/kiwix-build/.github/scripts/upload_failure_logs.py env: COMPILE_CONFIG: ${{matrix.config}} Flatpak: strategy: fail-fast: false env: HOME: /home/runner SSH_KEY: /tmp/id_rsa COMPILE_CONFIG: flatpak OS_NAME: focal runs-on: ubuntu-22.04 steps: - name: Checkout code shell: bash run: | cd $HOME git clone https://github.com/${REP} cd ./${REP##*/} git checkout --force ${GITHUB_SHA} pip3 install --user --no-deps . env: REP: ${{github.repository}} - name: Install flatpak tools run: | sudo apt-get update sudo apt-get install flatpak-builder ninja-build meson - name: secret shell: bash run: | echo "${{secrets.ssh_key}}" > $SSH_KEY chmod 600 $SSH_KEY - name: Ensure base deps shell: bash run: | cd $HOME kiwix-build/.github/scripts/ensure_base_deps.py - name: Build release shell: bash run: | cd $HOME kiwix-build/.github/scripts/build_release_nightly.py - name: Upload failure logs if: failure() run: $HOME/kiwix-build/.github/scripts/upload_failure_logs.py Macos: strategy: fail-fast: false matrix: config: - native_dyn - native_static - native_mixed - macOS_arm64_static - macOS_arm64_mixed - apple_all_static runs-on: macos-13 env: SSH_KEY: /tmp/id_rsa OS_NAME: macos CERTIFICATE: /tmp/wmch-devid.p12 SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} KEYCHAIN: /Users/runner/build.keychain-db KEYCHAIN_PASSWORD: mysecretpassword KEYCHAIN_PROFILE: build-profile steps: - name: Set Xcode version (15.0.1) # https://github.com/actions/runner-images/blob/main/images/macos/macos-13-Readme.md#xcode run: sudo xcode-select -s /Applications/Xcode_15.0.1.app - name: Checkout code uses: actions/checkout@v4 - name: Setup python 3.10 uses: actions/setup-python@v5 with: python-version: '3.10' - name: Install packages run: brew install pkg-config ninja automake autoconf - name: Install python modules run: | pip3 install meson pytest requests distro pip3 install --no-deps $GITHUB_WORKSPACE - name: secret shell: bash run: | echo "${{secrets.ssh_key}}" > $SSH_KEY chmod 600 $SSH_KEY - name: install Apple certificate shell: bash run: | echo "${{ secrets.APPLE_SIGNING_CERTIFICATE }}" | base64 --decode -o $CERTIFICATE security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN security default-keychain -s $KEYCHAIN security set-keychain-settings $KEYCHAIN security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN security import $CERTIFICATE -k $KEYCHAIN -P "${{ secrets.APPLE_SIGNING_P12_PASSWORD }}" -A -T "/usr/bin/codesign" rm $CERTIFICATE security set-key-partition-list -S apple-tool:,apple: -s -k $KEYCHAIN_PASSWORD $KEYCHAIN security find-identity -v $KEYCHAIN xcrun notarytool store-credentials \ --apple-id "${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }}" \ --password "${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }}" \ --team-id "${{ secrets.APPLE_SIGNING_TEAM }}" \ --validate \ --keychain $KEYCHAIN \ $KEYCHAIN_PROFILE - name: Ensure base deps shell: bash run: | cd $HOME $GITHUB_WORKSPACE/.github/scripts/ensure_base_deps.py env: COMPILE_CONFIG: ${{matrix.config}} - name: Build release shell: bash run: | cd $HOME $GITHUB_WORKSPACE/.github/scripts/build_release_nightly.py env: COMPILE_CONFIG: ${{matrix.config}} - name: Upload failure logs if: failure() run: $GITHUB_WORKSPACE/.github/scripts/upload_failure_logs.py env: COMPILE_CONFIG: ${{matrix.config}} Trigger_Docker: needs: [Linux] runs-on: ubuntu-22.04 env: COMPILE_CONFIG: native_static OS_NAME: linux steps: - name: Checkout code uses: actions/checkout@v4 - name: Install python modules shell: bash run: | pip3 install --user --no-deps $GITHUB_WORKSPACE - name: Trigger docker workflow shell: bash run: | cd $HOME $GITHUB_WORKSPACE/.github/scripts/trigger_docker_workflow.py env: GITHUB_PAT: ${{secrets.DOCKER_TRIGGER_GITHUB_PAT}}