2023-05-28 14:21:48 +00:00
|
|
|
name: ci/gh-actions/guix
|
|
|
|
|
2023-12-06 02:10:35 +00:00
|
|
|
on: [push, pull_request]
|
2023-05-28 14:21:48 +00:00
|
|
|
|
|
|
|
jobs:
|
2023-05-30 15:58:48 +00:00
|
|
|
cache-sources:
|
2024-08-09 09:16:23 +00:00
|
|
|
runs-on: ubuntu-24.04
|
2023-05-30 15:58:48 +00:00
|
|
|
steps:
|
2024-03-13 10:44:29 +00:00
|
|
|
- uses: actions/checkout@v4
|
2023-05-30 15:58:48 +00:00
|
|
|
with:
|
|
|
|
fetch-depth: 0
|
|
|
|
- name: depends sources cache
|
2023-05-31 00:33:24 +00:00
|
|
|
id: cache
|
2024-03-13 10:44:29 +00:00
|
|
|
uses: actions/cache@v4
|
2023-05-30 15:58:48 +00:00
|
|
|
with:
|
|
|
|
path: contrib/depends/sources
|
|
|
|
key: sources-${{ hashFiles('contrib/depends/packages/*') }}
|
|
|
|
- name: download depends sources
|
2023-05-31 00:33:24 +00:00
|
|
|
if: steps.cache.outputs.cache-hit != 'true'
|
2023-05-30 15:58:48 +00:00
|
|
|
run: make -C contrib/depends download
|
|
|
|
|
2023-05-31 00:33:24 +00:00
|
|
|
build-guix:
|
2024-08-09 09:16:23 +00:00
|
|
|
runs-on: ubuntu-24.04
|
2024-03-13 11:14:37 +00:00
|
|
|
needs: [cache-sources]
|
2023-05-28 14:21:48 +00:00
|
|
|
strategy:
|
|
|
|
fail-fast: false
|
|
|
|
matrix:
|
|
|
|
toolchain:
|
2024-03-13 10:44:29 +00:00
|
|
|
- target: "x86_64-linux-gnu"
|
|
|
|
- target: "x86_64-linux-gnu.no-tor-bundle"
|
|
|
|
- target: "x86_64-linux-gnu.pack"
|
|
|
|
- target: "aarch64-linux-gnu"
|
|
|
|
- target: "arm-linux-gnueabihf"
|
|
|
|
- target: "riscv64-linux-gnu"
|
|
|
|
- target: "x86_64-w64-mingw32"
|
|
|
|
- target: "x86_64-w64-mingw32.installer"
|
|
|
|
- target: "x86_64-apple-darwin"
|
|
|
|
- target: "arm64-apple-darwin"
|
2024-11-03 19:12:45 +00:00
|
|
|
outputs:
|
|
|
|
WIN_INSTALLER_ARTIFACT_ID: ${{ steps.win-installer.outputs.WIN_INSTALLER_ARTIFACT_ID }}
|
|
|
|
WIN_EXECUTABLE_ARTIFACT_ID: ${{ steps.win-executable.outputs.WIN_EXECUTABLE_ARTIFACT_ID }}
|
2024-03-13 10:44:29 +00:00
|
|
|
name: ${{ matrix.toolchain.target }}
|
2023-05-28 14:21:48 +00:00
|
|
|
steps:
|
2024-03-13 10:44:29 +00:00
|
|
|
- uses: actions/checkout@v4
|
2023-05-28 14:21:48 +00:00
|
|
|
with:
|
|
|
|
fetch-depth: 0
|
2024-10-17 18:59:19 +00:00
|
|
|
ref: ${{ github.ref }}
|
2023-05-28 14:21:48 +00:00
|
|
|
submodules: recursive
|
2024-10-17 18:59:19 +00:00
|
|
|
# https://github.com/actions/checkout/issues/1467
|
|
|
|
- name: git fetch tags
|
|
|
|
run: git fetch --tags
|
2024-03-13 10:44:29 +00:00
|
|
|
- name: remove bundled packages
|
|
|
|
run: sudo rm -rf /usr/local
|
2023-05-28 14:21:48 +00:00
|
|
|
- name: depends sources cache
|
2024-03-13 10:44:29 +00:00
|
|
|
uses: actions/cache/restore@v4
|
2023-05-28 14:21:48 +00:00
|
|
|
with:
|
|
|
|
path: contrib/depends/sources
|
2023-05-30 15:58:48 +00:00
|
|
|
key: sources-${{ hashFiles('contrib/depends/packages/*') }}
|
2023-05-28 14:21:48 +00:00
|
|
|
- name: install dependencies
|
2024-11-03 19:12:45 +00:00
|
|
|
run: sudo apt update; sudo apt -y install guix git ca-certificates apparmor-utils osslsigncode
|
2024-08-09 11:10:26 +00:00
|
|
|
- name: fix apparmor
|
2024-08-09 11:24:47 +00:00
|
|
|
run: sudo cp .github/workflows/guix /etc/apparmor.d/guix; sudo /etc/init.d/apparmor reload; sudo aa-enforce guix || echo "failed"
|
|
|
|
- name: purge apparmor
|
|
|
|
run: sudo apt purge apparmor
|
2023-05-28 14:21:48 +00:00
|
|
|
- name: build
|
2024-08-09 13:43:43 +00:00
|
|
|
run: SUBSTITUTE_URLS='http://bordeaux.guix.gnu.org' HOSTS="${{ matrix.toolchain.target }}" ./contrib/guix/guix-build
|
2024-08-16 12:01:58 +00:00
|
|
|
- name: virustotal scan
|
2024-10-17 12:01:00 +00:00
|
|
|
env:
|
|
|
|
VT_API_KEY: ${{ secrets.VT_API_KEY }}
|
|
|
|
if: ${{ matrix.toolchain.target == 'x86_64-w64-mingw32' && env.VT_API_KEY != '' }}
|
2024-08-16 12:01:58 +00:00
|
|
|
uses: crazy-max/ghaction-virustotal@v4
|
|
|
|
with:
|
|
|
|
vt_api_key: ${{ secrets.VT_API_KEY }}
|
|
|
|
files: |
|
|
|
|
guix/guix-build-*/build/distsrc-*/build/bin/feather.exe
|
2024-03-13 10:44:29 +00:00
|
|
|
- uses: actions/upload-artifact@v4
|
2024-11-03 19:12:45 +00:00
|
|
|
id: upload-artifact
|
2023-05-28 14:21:48 +00:00
|
|
|
with:
|
2024-03-13 10:44:29 +00:00
|
|
|
name: ${{ matrix.toolchain.target }}
|
2023-05-28 14:21:48 +00:00
|
|
|
path: |
|
2024-03-13 10:44:29 +00:00
|
|
|
guix/guix-build-*/output/${{ matrix.toolchain.target }}/*
|
|
|
|
guix/guix-build-*/logs/${{ matrix.toolchain.target }}/*
|
2024-11-03 19:12:45 +00:00
|
|
|
- if: ${{ matrix.toolchain.target == 'x86_64-w64-mingw32.installer' }}
|
|
|
|
id: win-installer
|
|
|
|
run: echo "WIN_INSTALLER_ARTIFACT_ID=${{ steps.upload-artifact.outputs.artifact-id }}" >> "$GITHUB_OUTPUT"
|
|
|
|
- if: ${{ matrix.toolchain.target == 'x86_64-w64-mingw32' }}
|
|
|
|
id: win-executable
|
|
|
|
run: echo "WIN_EXECUTABLE_ARTIFACT_ID=${{ steps.upload-artifact.outputs.artifact-id }}" >> "$GITHUB_OUTPUT"
|
2024-03-13 10:44:29 +00:00
|
|
|
|
|
|
|
bundle-logs:
|
2024-08-09 09:16:23 +00:00
|
|
|
runs-on: ubuntu-24.04
|
2024-03-13 10:44:29 +00:00
|
|
|
needs: [build-guix]
|
|
|
|
steps:
|
|
|
|
- uses: actions/download-artifact@v4
|
|
|
|
with:
|
|
|
|
merge-multiple: true
|
2024-09-17 14:10:19 +00:00
|
|
|
- name: print hashes
|
|
|
|
run: |
|
2024-09-29 10:53:32 +00:00
|
|
|
echo '```' >> $GITHUB_STEP_SUMMARY
|
2024-09-17 14:10:19 +00:00
|
|
|
uname --machine && find **/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum >> $GITHUB_STEP_SUMMARY
|
2024-09-29 10:53:32 +00:00
|
|
|
echo '```' >> $GITHUB_STEP_SUMMARY
|
2024-03-13 10:44:29 +00:00
|
|
|
- uses: actions/upload-artifact@v4
|
|
|
|
with:
|
|
|
|
name: "logs"
|
|
|
|
path: '**/logs/**'
|
2024-09-17 14:10:19 +00:00
|
|
|
- uses: ncipollo/release-action@v1
|
|
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
|
|
with:
|
2024-10-17 19:32:34 +00:00
|
|
|
artifacts: "**/*.AppImage,**/*-linux-arm.zip,**/*-linux-arm64.zip,**/*-linux-riscv64.zip,**/*-linux.zip,**/*-mac-arm64.zip,**/*-mac.zip,**/*-win.zip,**/FeatherWalletSetup-*.exe,**/feather-${{github.ref_name}}.tar.gz"
|
2024-09-17 14:10:19 +00:00
|
|
|
draft: true
|
|
|
|
name: v${{github.ref_name}}
|
2024-11-03 19:12:45 +00:00
|
|
|
|
|
|
|
codesigning:
|
|
|
|
runs-on: ubuntu-24.04
|
|
|
|
needs: [build-guix, bundle-logs]
|
|
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
|
|
strategy:
|
|
|
|
fail-fast: false
|
|
|
|
matrix:
|
|
|
|
toolchain:
|
|
|
|
- target: "x86_64-w64-mingw32"
|
|
|
|
- target: "x86_64-w64-mingw32.installer"
|
|
|
|
steps:
|
|
|
|
- name: install dependencies
|
|
|
|
run: sudo apt update; sudo apt -y install osslsigncode
|
|
|
|
- name: "set artifact id"
|
|
|
|
run: |
|
|
|
|
if [ "${{ matrix.toolchain.target }}" == "x86_64-w64-mingw32" ]; then
|
|
|
|
echo "ARTIFACT_ID=${{ needs.build-guix.outputs.WIN_EXECUTABLE_ARTIFACT_ID }}" >> $GITHUB_ENV
|
|
|
|
echo "ARTIFACT_SLUG=executable" >> $GITHUB_ENV
|
|
|
|
elif [ "${{ matrix.toolchain.target }}" == "x86_64-w64-mingw32.installer" ]; then
|
|
|
|
echo "ARTIFACT_ID=${{ needs.build-guix.outputs.WIN_INSTALLER_ARTIFACT_ID }}" >> $GITHUB_ENV
|
|
|
|
echo "ARTIFACT_SLUG=installer" >> $GITHUB_ENV
|
|
|
|
fi
|
|
|
|
- uses: signpath/github-action-submit-signing-request@v1
|
|
|
|
name: "request signature"
|
|
|
|
with:
|
|
|
|
api-token: '${{ secrets.SIGNPATH_API_KEY }}'
|
|
|
|
organization-id: 'd3e94749-9c69-44e9-82de-c65cb3832869'
|
|
|
|
project-slug: 'feather'
|
|
|
|
signing-policy-slug: 'test-signing'
|
|
|
|
artifact-configuration-slug: ${{ env.ARTIFACT_SLUG }}
|
|
|
|
github-artifact-id: ${{ env.ARTIFACT_ID }}
|
|
|
|
wait-for-completion: true
|
|
|
|
output-artifact-directory: codesigning/
|
|
|
|
- name: "extract signature"
|
|
|
|
run: osslsigncode extract-signature -in codesigning/guix-build-*/output/${{ matrix.toolchain.target }}/*-unsigned.exe -out codesigning/${{ matrix.toolchain.target }}-${{github.ref_name}}.pem
|
|
|
|
- uses: actions/upload-artifact@v4
|
|
|
|
name: "upload signature"
|
|
|
|
with:
|
|
|
|
name: ${{ matrix.toolchain.target }}.pem
|
|
|
|
path: |
|
|
|
|
codesigning/${{ matrix.toolchain.target }}-${{github.ref_name}}.pem
|