CI tweaks to deal with repo being a fork.

- Disable parts of [tag] actions that can (and should) only be run by wez. - Sign MacOS app with adhoc signature when secrets unavailable.
bogdan2412 · Dec 4, 2024 · be30a84 · be30a84
1 parent a2a5f1d
commit be30a84
Show file tree

Hide file tree

Showing 8 changed files with 32 additions and 100 deletions.
diff --git a/.github/workflows/gen_macos_tag.yml b/.github/workflows/gen_macos_tag.yml
@@ -89,20 +89,6 @@ jobs:
         with:
           name: "macos"
           path: "WezTerm-*.zip"
-      - name: "Checkout homebrew tap"
-        uses: actions/checkout@v4
-        with:
-          repository: "wez/homebrew-wezterm"
-          path: "homebrew-wezterm"
-          token: "${{ secrets.GH_PAT }}"
-      - name: "Update homebrew tap formula"
-        shell: bash
-        run: "cp wezterm.rb homebrew-wezterm/Casks/wezterm.rb"
-      - name: "Commit homebrew tap changes"
-        uses: stefanzweifel/git-auto-commit-action@v5
-        with:
-          commit_message: "Automated update to match latest tag"
-          repository: "homebrew-wezterm"
 
   upload:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/gen_ubuntu20.04_tag.yml b/.github/workflows/gen_ubuntu20.04_tag.yml
@@ -106,20 +106,6 @@ jobs:
             *src.tar.gz
             *.AppImage
             *.zsync
-      - name: "Checkout linuxbrew tap"
-        uses: actions/checkout@v4
-        with:
-          repository: "wez/homebrew-wezterm-linuxbrew"
-          path: "linuxbrew-wezterm"
-          token: "${{ secrets.GH_PAT }}"
-      - name: "Update linuxbrew tap formula"
-        shell: bash
-        run: "cp wezterm-linuxbrew.rb linuxbrew-wezterm/Formula/wezterm.rb"
-      - name: "Commit linuxbrew tap changes"
-        uses: stefanzweifel/git-auto-commit-action@v5
-        with:
-          commit_message: "Automated update to match latest tag"
-          repository: "linuxbrew-wezterm"
 
   upload:
     runs-on: ubuntu-latest
@@ -148,17 +134,3 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         shell: bash
         run: "bash ci/retry.sh gh release upload --clobber $(ci/tag-name.sh) wezterm-*.deb wezterm-*.xz *src.tar.gz *.AppImage *.zsync *.sha256"
-      - name: "Checkout flathub/org.wezfurlong.wezterm"
-        uses: actions/checkout@v4
-        with:
-          repository: "flathub/org.wezfurlong.wezterm"
-          path: "flathub"
-          token: "${{ secrets.GH_PAT }}"
-      - name: "Create flathub commit and push"
-        shell: bash
-        run: "bash ci/make-flathub-pr.sh"
-      - name: "Submit PR"
-        env:
-          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
-        shell: bash
-        run: 'cd flathub && gh pr create --fill --body "PR automatically created by release automation in the wezterm repo"'
diff --git a/.github/workflows/gen_ubuntu22.04_continuous.yml b/.github/workflows/gen_ubuntu22.04_continuous.yml
@@ -136,8 +136,3 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         shell: bash
         run: "bash ci/retry.sh gh release upload --clobber nightly wezterm-*.deb wezterm-*.xz *.sha256"
-      - name: "Upload to gemfury"
-        env:
-          FURY_TOKEN: ${{ secrets.FURY_TOKEN }}
-        shell: bash
-        run: "for f in wezterm*.deb ; do curl -i -F package=@$f https://[email protected]/wez/ ; done"
diff --git a/.github/workflows/gen_ubuntu22.04_tag.yml b/.github/workflows/gen_ubuntu22.04_tag.yml
@@ -103,11 +103,6 @@ jobs:
         run: "git config --global --add safe.directory /__w/wezterm/wezterm"
       - name: "checkout repo"
         uses: actions/checkout@v4
-      - name: "Upload to gemfury"
-        env:
-          FURY_TOKEN: ${{ secrets.FURY_TOKEN }}
-        shell: bash
-        run: "for f in wezterm*.deb ; do curl -i -F package=@$f https://[email protected]/wez/ ; done"
       - name: "Download artifact"
         uses: actions/download-artifact@v4
         with:

diff --git a/.github/workflows/gen_windows_tag.yml b/.github/workflows/gen_windows_tag.yml
@@ -103,23 +103,3 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         shell: bash
         run: "bash ci/retry.sh gh release upload --clobber $(ci/tag-name.sh) WezTerm-*.zip WezTerm-*.exe *.sha256"
-      - name: "Checkout winget-pkgs"
-        uses: actions/checkout@v4
-        with:
-          repository: "wez/winget-pkgs"
-          path: "winget-pkgs"
-          token: "${{ secrets.GH_PAT }}"
-      - name: "Setup email for winget repo"
-        shell: bash
-        run: "cd winget-pkgs && git config user.email [email protected]"
-      - name: "Setup name for winget repo"
-        shell: bash
-        run: "cd winget-pkgs && git config user.name 'Wez Furlong'"
-      - name: "Create winget manifest and push to fork"
-        shell: bash
-        run: "bash ci/make-winget-pr.sh winget-pkgs WezTerm-*.exe"
-      - name: "Submit PR"
-        env:
-          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
-        shell: bash
-        run: 'cd winget-pkgs && gh pr create --fill --body "PR automatically created by release automation in the wezterm repo"'
diff --git a/.github/workflows/nix_continuous.yml b/.github/workflows/nix_continuous.yml
@@ -27,13 +27,15 @@ jobs:
         with:
           flake-lock-path: ./nix/flake.lock
           ignore-missing-flake-lock: false
-      - name: Setup Cachix
-        uses: cachix/cachix-action@v15
-        with:
-          name: wezterm
-          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
       - name: Build default package
-        run: |
-          nix build ./nix --json \
-          | jq -r '.[].outputs | to_entries[].value' \
-          | cachix push wezterm
+        run: nix build ./nix
+      # - name: Setup Cachix
+      #   uses: cachix/cachix-action@v15
+      #   with:
+      #     name: wezterm
+      #     authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+      # - name: Build default package
+      #   run: |
+      #     nix build ./nix --json \
+      #     | jq -r '.[].outputs | to_entries[].value' \
+      #     | cachix push wezterm
diff --git a/ci/deploy.sh b/ci/deploy.sh
@@ -83,6 +83,8 @@ case $OSTYPE in
       security default-keychain -d user -s $def_keychain
       echo "Remove build.keychain"
       security delete-keychain build.keychain || true
+    else
+      /usr/bin/codesign --force --deep --sign - $zipdir/WezTerm.app/
     fi
 
     set -x

diff --git a/ci/generate-workflows.py b/ci/generate-workflows.py
@@ -626,14 +626,14 @@ def upload_asset_nightly(self):
         patterns.append("*.sha256")
         glob = " ".join(patterns)
 
-        if self.container == "ubuntu:22.04":
-            steps += [
-                RunStep(
-                    "Upload to gemfury",
-                    f"for f in wezterm*.deb ; do curl -i -F package=@$f https://[email protected]/wez/ ; done",
-                    env={"FURY_TOKEN": "${{ secrets.FURY_TOKEN }}"},
-                ),
-            ]
+        # if self.container == "ubuntu:22.04":
+        #     steps += [
+        #         RunStep(
+        #             "Upload to gemfury",
+        #             f"for f in wezterm*.deb ; do curl -i -F package=@$f https://[email protected]/wez/ ; done",
+        #             env={"FURY_TOKEN": "${{ secrets.FURY_TOKEN }}"},
+        #         ),
+        #     ]
 
         return [
             ActionStep(
@@ -661,14 +661,14 @@ def upload_asset_tag(self):
         patterns.append("*.sha256")
         glob = " ".join(patterns)
 
-        if self.container == "ubuntu:22.04":
-            steps += [
-                RunStep(
-                    "Upload to gemfury",
-                    f"for f in wezterm*.deb ; do curl -i -F package=@$f https://[email protected]/wez/ ; done",
-                    env={"FURY_TOKEN": "${{ secrets.FURY_TOKEN }}"},
-                ),
-            ]
+        # if self.container == "ubuntu:22.04":
+        #     steps += [
+        #         RunStep(
+        #             "Upload to gemfury",
+        #             f"for f in wezterm*.deb ; do curl -i -F package=@$f https://[email protected]/wez/ ; done",
+        #             env={"FURY_TOKEN": "${{ secrets.FURY_TOKEN }}"},
+        #         ),
+        #     ]
 
         return steps + [
             ActionStep(
@@ -974,14 +974,14 @@ def tag(self):
         steps += self.test_all()
         steps += self.package(trusted=True)
         steps += self.upload_artifact()
-        steps += self.update_homebrew_tap()
+        # steps += self.update_homebrew_tap()
 
         uploader = Job(
             runs_on="ubuntu-latest",
             steps=self.checkout(submodules=False)
             + self.upload_asset_tag()
-            + self.create_winget_pr()
-            + self.create_flathub_pr(),
+            # + self.create_winget_pr()
+            # + self.create_flathub_pr(),
         )
 
         return (