feather/.github/workflows/guix.yml
tobtoht 03dbd9628c
Revert "ci: integrate signpath"
This reverts commit c033718956.

Revert until the SignPath GitHub app does not require admin
permissions.
2024-12-18 02:19:52 +01:00

102 lines
3.7 KiB
YAML

name: ci/gh-actions/guix
on: [push, pull_request]
jobs:
cache-sources:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: depends sources cache
id: cache
uses: actions/cache@v4
with:
path: contrib/depends/sources
key: sources-${{ hashFiles('contrib/depends/packages/*') }}
- name: download depends sources
if: steps.cache.outputs.cache-hit != 'true'
run: make -C contrib/depends download
build-guix:
runs-on: ubuntu-24.04
needs: [cache-sources]
strategy:
fail-fast: false
matrix:
toolchain:
- target: "x86_64-linux-gnu"
- target: "x86_64-linux-gnu.no-tor-bundle"
- target: "x86_64-linux-gnu.pack"
- target: "aarch64-linux-gnu"
- target: "arm-linux-gnueabihf"
- target: "riscv64-linux-gnu"
- target: "x86_64-w64-mingw32"
- target: "x86_64-w64-mingw32.installer"
- target: "x86_64-apple-darwin"
- target: "arm64-apple-darwin"
name: ${{ matrix.toolchain.target }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.ref }}
submodules: recursive
# https://github.com/actions/checkout/issues/1467
- name: git fetch tags
run: git fetch --tags
- name: remove bundled packages
run: sudo rm -rf /usr/local
- name: depends sources cache
uses: actions/cache/restore@v4
with:
path: contrib/depends/sources
key: sources-${{ hashFiles('contrib/depends/packages/*') }}
- name: install dependencies
run: sudo apt update; sudo apt -y install guix git ca-certificates apparmor-utils
- name: fix apparmor
run: sudo cp .github/workflows/guix /etc/apparmor.d/guix; sudo /etc/init.d/apparmor reload; sudo aa-enforce guix || echo "failed"
- name: purge apparmor
run: sudo apt purge apparmor
- name: build
run: SUBSTITUTE_URLS='http://bordeaux.guix.gnu.org' HOSTS="${{ matrix.toolchain.target }}" ./contrib/guix/guix-build
- name: virustotal scan
env:
VT_API_KEY: ${{ secrets.VT_API_KEY }}
if: ${{ matrix.toolchain.target == 'x86_64-w64-mingw32' && env.VT_API_KEY != '' }}
uses: crazy-max/ghaction-virustotal@v4
with:
vt_api_key: ${{ secrets.VT_API_KEY }}
files: |
guix/guix-build-*/build/distsrc-*/build/bin/feather.exe
- uses: actions/upload-artifact@v4
with:
name: ${{ matrix.toolchain.target }}
path: |
guix/guix-build-*/output/${{ matrix.toolchain.target }}/*
guix/guix-build-*/logs/${{ matrix.toolchain.target }}/*
bundle-logs:
runs-on: ubuntu-24.04
needs: [build-guix]
steps:
- uses: actions/download-artifact@v4
with:
merge-multiple: true
- name: print hashes
run: |
echo '```' >> $GITHUB_STEP_SUMMARY
uname --machine && find **/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
- uses: actions/upload-artifact@v4
with:
name: "logs"
path: '**/logs/**'
- uses: ncipollo/release-action@v1
if: startsWith(github.ref, 'refs/tags/')
with:
artifacts: "**/*.AppImage,**/*-linux-arm.zip,**/*-linux-arm64.zip,**/*-linux-riscv64.zip,**/*-linux.zip,**/*-mac-arm64.zip,**/*-mac.zip,**/*-win.zip,**/FeatherWalletSetup-*.exe,**/feather-${{github.ref_name}}.tar.gz"
draft: true
name: v${{github.ref_name}}