This repository has been archived by the owner on Jun 4, 2024. It is now read-only.
CI build #1173
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI build | |
on: | |
push: | |
branches: "*" | |
tags: "v*" | |
workflow_dispatch: | |
schedule: | |
# every night at 1am | |
- cron: '0 1 * * *' | |
jobs: | |
build_linux: | |
name: build linux | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: checkout code | |
uses: actions/checkout@v1 | |
- name: setup python version | |
uses: actions/setup-python@v1 | |
with: | |
python-version: '3.8' | |
- name: setup environ vars | |
run: python ./.github/setup_build_env.py | |
- name: create tarball of sources | |
run: | | |
mkdir -p releases/$RELEASE | |
tar cfJ /tmp/kiwix-hotspot.xz * | |
mv /tmp/kiwix-hotspot.xz releases/$RELEASE/kiwix-hotspot-$VERSION.xz | |
if: env.BUILDTYPE == 'release' | |
- name: decrypt SSH key | |
env: | |
ssh_key: ${{ secrets.ssh_key }} | |
run: | | |
mkdir -p ~/.ssh | |
chmod 700 ~/.ssh | |
echo "$ssh_key" | base64 -d > ${HOME}/.ssh/id_rsa | |
chmod 600 ${HOME}/.ssh/id_rsa | |
ssh-keyscan -p 30022 tmp.kiwix.org >> ${HOME}/.ssh/known_hosts | |
ssh-keyscan -p 30022 master.download.kiwix.org >> ${HOME}/.ssh/known_hosts | |
chmod 644 ${HOME}/.ssh/known_hosts | |
- name: install system deps | |
env: | |
DEBIAN_FRONTEND: noninteractive | |
run: | | |
sudo apt-get update -y | |
sudo apt-get install -y locales openssh-client wget zip unzip tar build-essential python3-dev libdbus-1-dev libdbus-glib-1-dev libgirepository1.0-dev gcc libcairo2-dev pkg-config python3-dev gir1.2-gtk-3.0 | |
- name: download custom kernel | |
run: | | |
wget https://drive.offspot.it/creator/bundled-in-creator/vexpress-boot.zip | |
unzip vexpress-boot.zip | |
- name: download static Qemu | |
run: | | |
wget https://drive.offspot.it/creator/bundled-in-creator/qemu-5.2.0-linux-x86_64.tar.gz | |
tar xvf qemu-5.2.0-linux-x86_64.tar.gz | |
- name: download etcher-cli (packaging only) | |
run: | | |
wget https://drive.offspot.it/creator/bundled-in-creator/balena-etcher-cli-1.4.8-linux-x64.tar.gz | |
mkdir -p etcher-cli | |
tar xf balena-etcher-cli-1.4.8-linux-x64.tar.gz -C etcher-cli --strip-components=1 | |
- name: download aria2c (packaging only) | |
run: | | |
wget https://drive.offspot.it/creator/bundled-in-creator/aria2c-linux64.zip | |
unzip aria2c-linux64.zip | |
rm aria2c-linux64.zip | |
wget https://drive.offspot.it/creator/bundled-in-creator/ca-certificates.crt | |
- name: install python deps | |
run: | | |
pip install --upgrade pip wheel | |
pip install -r requirements-linux.txt | |
python -c "import gi ; print(gi.__file__)" | |
pip install -U pyinstaller | |
- name: compile app | |
run: pyinstaller --log-level=DEBUG kiwix-hotspot-linux.spec | |
- name: show binary version | |
run: dist/kiwix-hotspot --version | |
- name: package archive | |
run: | | |
cd dist | |
tar czvf kiwix-hotspot-linux.tar.gz kiwix-hotspot | |
cd .. | |
- name: upload CI build | |
run: scp -P 30022 -v -o StrictHostKeyChecking=no dist/kiwix-hotspot-linux.tar.gz [email protected]:/data/tmp/ci/kiwix-hotspot-linux-$BRANCH.tar.gz | |
if: env.BUILDTYPE == 'CI' | |
- name: upload nightly build (cron on master) | |
run: | | |
SRCDIR=nightly/$DATE | |
mkdir -p $SRCDIR | |
cp dist/kiwix-hotspot-linux.tar.gz $SRCDIR/ | |
scp -P 30022 -r -v -o StrictHostKeyChecking=no $SRCDIR [email protected]:/data/download/nightly/ | |
if: env.BUILDTYPE == 'nightly' | |
- name: upload release build and sources (tagged) | |
run: | | |
mkdir -p releases/$RELEASE | |
cp dist/kiwix-hotspot-linux.tar.gz releases/$RELEASE/kiwix-hotspot-linux-$VERSION.tar.gz | |
scp -P 30022 -r -v -o StrictHostKeyChecking=no releases/$RELEASE [email protected]:/data/download/release/kiwix-hotspot/ | |
if: env.BUILDTYPE == 'release' | |
build_macos: | |
name: build macOS | |
runs-on: macos-11 | |
env: | |
CERTIFICATE: /tmp/wmch-devid.p12 | |
SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }} | |
ALTOOL_USERNAME: ${{ secrets.APPLE_SIGNING_ALTOOL_USERNAME }} | |
ASC_PROVIDER: ${{ secrets.APPLE_SIGNING_TEAM }} | |
steps: | |
- name: checkout code | |
uses: actions/checkout@v1 | |
- name: setup python version | |
uses: actions/setup-python@v1 | |
with: | |
python-version: '3.6' | |
- name: setup environ vars | |
run: python ./.github/setup_build_env.py | |
- name: decrypt SSH key | |
env: | |
ssh_key: ${{ secrets.ssh_key }} | |
run: | | |
mkdir -p ~/.ssh | |
chmod 700 ~/.ssh | |
echo "$ssh_key" | base64 -d > ${HOME}/.ssh/id_rsa | |
chmod 600 ${HOME}/.ssh/id_rsa | |
ssh-keyscan -p 30022 tmp.kiwix.org >> ${HOME}/.ssh/known_hosts | |
ssh-keyscan -p 30022 master.download.kiwix.org >> ${HOME}/.ssh/known_hosts | |
chmod 644 ${HOME}/.ssh/known_hosts | |
- name: install system deps | |
run: | | |
brew update | |
brew install pygobject3 gtk+3 adwaita-icon-theme npm | |
- name: install python deps | |
run: | | |
python3 -m pip install -U pip | |
python3 -m pip install -r requirements-macos.txt | |
python3 -c "import gi ; print(gi.__file__)" | |
python3 -m pip install -U pyinstaller | |
- name: Download vexpress-boot | |
run: | | |
wget https://drive.offspot.it/creator/bundled-in-creator/vexpress-boot.zip | |
unzip vexpress-boot.zip | |
- name: Bundle QEMU | |
run: | | |
wget https://drive.offspot.it/creator/bundled-in-creator/qemu-5.2.0-macOS.tar | |
tar xf qemu-5.2.0-macOS.tar | |
- name: Bundle Etcher-cli | |
run: | | |
wget https://drive.offspot.it/creator/bundled-in-creator/balena-etcher-cli-1.4.8-darwin-x64.tar.gz | |
mkdir -p etcher-cli | |
tar xf balena-etcher-cli-1.4.8-darwin-x64.tar.gz -C etcher-cli --strip-components=1 | |
- name: Bundle aria2c | |
run: | | |
wget https://drive.offspot.it/creator/bundled-in-creator/aria2c-darwin.zip | |
unzip aria2c-darwin.zip | |
rm aria2c-darwin.zip | |
wget https://drive.offspot.it/creator/bundled-in-creator/ca-certificates.crt | |
- name: Run PyInstaller | |
run: pyinstaller --log-level=DEBUG kiwix-hotspot-macos.spec | |
- name: remove extra folders in share | |
run: | | |
cd dist/Kiwix\ Hotspot.app/Contents/Resources/share/ | |
KEEPS=(fontconfig glib-2.0 icons locale themes) | |
for folder in "${KEEPS[@]}" ; do mv "$folder" "$folder.KEEP" | true ; done | |
find . -type d ! -name "*.KEEP" ! -name "." -depth 1 -exec rm -rf {} \; | true | |
for folder in "${KEEPS[@]}" ; do mv "$folder.KEEP" "$folder" | true ; done | |
ls -l | |
cd - | |
- name: install Apple certificate | |
shell: bash | |
run: | | |
echo "${{ secrets.APPLE_SIGNING_CERTIFICATE }}" | base64 --decode -o $CERTIFICATE | |
security create-keychain -p mysecretpassword build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p mysecretpassword build.keychain | |
security import $CERTIFICATE -k build.keychain -P "${{ secrets.APPLE_SIGNING_P12_PASSWORD }}" -A | |
rm $CERTIFICATE | |
security set-key-partition-list -S "apple-tool:,apple:" -s -k mysecretpassword build.keychain | |
security find-identity -v | |
sudo sntp -sS -t 60 time4.google.com || true | |
xcrun altool --store-password-in-keychain-item "ALTOOL_PASSWORD" -u "$ALTOOL_USERNAME" -p "${{ secrets.APPLE_SIGNING_ALTOOL_PASSWORD }}" | |
- name: Sign application | |
run: | | |
codesign --force --sign "$SIGNING_IDENTITY" "dist/Kiwix Hotspot.app" --deep --timestamp | |
- name: create dmg | |
run: | | |
npm install -g appdmg | |
mv dist/Kiwix\ Hotspot.app . | |
appdmg dmg.json kiwix-hotspot-macos.dmg | |
- name: upload CI build | |
run: scp -P 30022 -v -o StrictHostKeyChecking=no kiwix-hotspot-macos.dmg [email protected]:/data/tmp/ci/kiwix-hotspot-macos-$BRANCH.dmg | |
if: env.BUILDTYPE == 'CI' | |
- name: upload nightly build (cron on master) | |
run: | | |
SRCDIR=nightly/$DATE | |
mkdir -p $SRCDIR | |
cp kiwix-hotspot-macos.dmg $SRCDIR/ | |
scp -P 30022 -r -v -o StrictHostKeyChecking=no $SRCDIR [email protected]:/data/download/nightly/ | |
if: env.BUILDTYPE == 'nightly' | |
- name: upload release build (tagged) | |
run: | | |
mkdir -p releases/$RELEASE | |
cp kiwix-hotspot-macos.dmg releases/$RELEASE/kiwix-hotspot-macos-$VERSION.dmg | |
scp -P 30022 -r -v -o StrictHostKeyChecking=no releases/$RELEASE [email protected]:/data/download/release/kiwix-hotspot/ | |
if: env.BUILDTYPE == 'release' | |
build_windows: | |
name: build Windows | |
runs-on: windows-2019 | |
steps: | |
- name: checkout code | |
uses: actions/checkout@v1 | |
- name: setup environ vars | |
run: python ./.github/setup_build_env.py | |
- name: update windows exe version metadata | |
env: | |
PYTHONPATH: kiwix-hotspot | |
shell: python | |
run: | | |
import os | |
from version import get_version_str, get_version_tuple | |
fpath = os.path.join("windows_bundle", "resources.rc") | |
v = get_version_tuple() | |
with open(fpath, "r") as fh: | |
content = fh.read() | |
with open(fpath, "w") as fh: | |
fh.write(content.replace("VERSION_TUPLE", f"{v[0]},{v[1]}").replace("VERSION_STR", get_version_str())) | |
- name: find latest msys version | |
shell: python | |
run: | | |
import os | |
import json | |
import subprocess | |
gh_url = "https://api.github.com/repos/msys2/msys2-installer/releases" | |
releases = subprocess.run(["curl.exe", "-L", gh_url], universal_newlines=True, encoding="utf-8", stdout=subprocess.PIPE).stdout | |
release = json.loads(releases)[0] | |
for asset in release["assets"]: | |
if asset["name"].endswith(".tar.xz"): | |
url = asset["browser_download_url"] | |
with open(os.getenv("GITHUB_ENV"), "a") as fh: | |
fh.write(f"MSYSURL={url}") | |
break | |
- name: Decode SSH key | |
id: base64dec | |
uses: timheuer/base64-to-file@v1 | |
with: | |
fileName: 'id_rsa' | |
encodedString: ${{ secrets.ssh_key }} | |
- name: Prepare SSH env | |
run: | | |
mkdir -p ~/.ssh | |
chmod 700 ~/.ssh | |
mv ${{ steps.base64dec.outputs.filePath }} ${HOME}/.ssh/id_rsa | |
chmod 600 ${HOME}/.ssh/id_rsa | |
ssh-keyscan -p 30022 tmp.kiwix.org >> ${HOME}/.ssh/known_hosts | |
ssh-keyscan -p 30022 master.download.kiwix.org >> ${HOME}/.ssh/known_hosts | |
chmod 644 ${HOME}/.ssh/known_hosts | |
echo ${HOME}/.ssh/id_rsa | |
ls -l ${HOME}/.ssh/id_rsa | |
- name: Download vexpress-boot | |
run: | | |
curl.exe -L -O https://drive.offspot.it/creator/bundled-in-creator/vexpress-boot.zip | |
7z x vexpress-boot.zip | |
- name: install QEMU | |
run: | | |
mkdir "assets\qemu" | |
cd "assets\qemu" | |
curl.exe -L -O https://drive.offspot.it/creator/bundled-in-creator/qemu-w64-setup-20210203.exe | |
7z.exe x qemu-w64-setup-20210203.exe | |
del qemu-w64-setup-20210203.exe | |
move qemu-system-arm.exe qemu-arm.exe | |
# remove .fd files | |
Remove-Item edk2* -Recurse -Force | |
Remove-Item keymaps -Recurse -Force | |
Remove-Item share -Recurse -Force | |
Remove-Item '$PLUGINSDIR' -Recurse -Force | |
del qemu-system-* | |
move qemu-arm.exe qemu-system-arm.exe | |
cd ..\.. | |
- name: bundle 7zip | |
run: | | |
mkdir "assets\7zextra" | |
cd "assets\7zextra" | |
curl.exe -L -O https://drive.offspot.it/creator/bundled-in-creator/7z920_extra.7z | |
7z.exe x 7z920_extra.7z | |
curl.exe -L -O https://drive.offspot.it/creator/bundled-in-creator/7z1805-extra.7z | |
7z.exe -y x 7z1805-extra.7z | |
cd ..\.. | |
- name: Copy Imdisk Installer | |
run: | | |
mkdir "assets\imdiskinst" | |
cd "assets\imdiskinst" | |
curl.exe -L -o imdiskinst.exe https://drive.offspot.it/creator/bundled-in-creator/imdiskinst.exe | |
7z.exe x imdiskinst.exe | |
del imdiskinst.exe | |
cd ..\.. | |
- name: Download Etcher-cli | |
run: | | |
mkdir "assets\etcher-cli" | |
cd "assets\etcher-cli" | |
curl.exe -L -o etcher-cli.zip https://drive.offspot.it/creator/bundled-in-creator/Etcher-cli-1.1.2-win32-x64.zip | |
7z.exe x etcher-cli.zip | |
del etcher-cli.zip | |
cd ..\.. | |
- name: Download aria2 | |
run: | | |
cd $Env:GITHUB_WORKSPACE | |
curl.exe -L -o aria2c.zip https://drive.offspot.it/creator/bundled-in-creator/aria2c-win64.zip | |
7z.exe x aria2c.zip | |
del aria2c.zip | |
curl.exe -L -o ca-certificates.crt https://drive.offspot.it/creator/bundled-in-creator/ca-certificates.crt | |
- name: build pyinstaller in docker | |
run: docker.exe run -e MSYSURL=${Env:MSYSURL} -v ${Env:GITHUB_WORKSPACE}:'c:\code' mcr.microsoft.com/windows/servercore:ltsc2019 powershell.exe -File C:\code\build-hotspot.ps1 | |
- name: archive it | |
run: | | |
cd dist\kiwix-hotspot | |
7z.exe a -m0=Copy $Env:GITHUB_WORKSPACE\windows_bundle\kiwix-hotspot.7z * | |
- name: download resource hacker portable | |
run: | | |
mkdir C:\resource_hacker | |
cd C:\resource_hacker | |
curl.exe -L -o resource_hacker.zip https://drive.offspot.it/creator/build-dependencies/resource_hacker518.zip | |
7z.exe x resource_hacker.zip | |
del resource_hacker.zip | |
- name: update binary | |
run: | | |
# download tools | |
cd $Env:GITHUB_WORKSPACE\windows_bundle\ | |
# create SFX exe from 7z archive | |
C:\Windows\System32\cmd.exe /c copy /b "..\assets\7zextra\7zS.sfx" + sfxconfig.txt + kiwix-hotspot.7z kiwix-hotspot.exe | |
# change icon, version info and add UAC manifest to to exe | |
C:\Windows\System32\cmd.exe /c copy ..\kiwix-hotspot-logo.ico icon.ico | |
C:\resource_hacker\ResourceHacker.exe -open resources.rc -save resources.res -action compile -log CONSOLE | |
C:\resource_hacker\ResourceHacker.exe -open kiwix-hotspot.exe -save kiwix-hotspot.exe -action addoverwrite -res manifest.txt -mask 24,1, -log CONSOLE | |
ping -n 10 127.0.0.1 | |
C:\resource_hacker\ResourceHacker.exe -open kiwix-hotspot.exe -save kiwix-hotspot.exe -action addoverwrite -res icon.ico -mask ICONGROUP,MAINICON, -log CONSOLE | |
ping -n 10 127.0.0.1 | |
C:\resource_hacker\ResourceHacker.exe -open kiwix-hotspot.exe -save kiwix-hotspot.exe -action addoverwrite -res resources.res -mask VERSIONINFO,1, -log CONSOLE | |
ping -n 10 127.0.0.1 | |
cd $Env:GITHUB_WORKSPACE | |
mkdir signed | |
C:\Windows\System32\cmd.exe /c move $Env:GITHUB_WORKSPACE\windows_bundle\kiwix-hotspot.exe $Env:GITHUB_WORKSPACE\signed\kiwix-hotspot-win64.exe | |
- name: sign the build | |
uses: GabrielAcostaEngler/signtool-code-sign@main | |
with: | |
certificate: '${{ secrets.WINDOWS_SIGNING_CERTIFICATE }}' | |
cert-password: '${{ secrets.WINDOWS_SIGNING_CERTIFICATE_PASSWORD }}' | |
cert-sha1: '${{ secrets.WINDOWS_SIGNING_CERTIFICATE_SHA1 }}' | |
cert-description: 'Kiwix Hotspot' | |
folder: 'signed' | |
recursive: true | |
timestamp-server: 'http://timestamp.digicert.com' | |
- name: move the build | |
run: | | |
C:\Windows\System32\cmd.exe /c move $Env:GITHUB_WORKSPACE\signed\kiwix-hotspot-win64.exe $Env:GITHUB_WORKSPACE\kiwix-hotspot-win64.exe | |
cd $Env:GITHUB_WORKSPACE\ | |
- name: upload CI build | |
run: scp -P 30022 -i ${HOME}/.ssh/id_rsa -v -o StrictHostKeyChecking=no kiwix-hotspot-win64.exe [email protected]:/data/tmp/ci/kiwix-hotspot-win64-$Env:BRANCH.exe | |
if: env.BUILDTYPE == 'CI' | |
- name: upload nightly build (cron on master) | |
run: | | |
$SRCDIR = "nightly/${Env:DATE}" | |
mkdir -p $SRCDIR | |
cp kiwix-hotspot-win64.exe $SRCDIR/ | |
scp -P 30022 -i ${HOME}/.ssh/id_rsa -r -v -o StrictHostKeyChecking=no $SRCDIR [email protected]:/data/download/nightly/ | |
if: env.BUILDTYPE == 'nightly' | |
- name: upload release build (tagged) | |
run: | | |
$SRCDIR = "releases/${Env:RELEASE}" | |
mkdir -p $SRCDIR | |
cp kiwix-hotspot-win64.exe $SRCDIR/kiwix-hotspot-win64-${Env:VERSION}.exe | |
scp -P 30022 -i ${HOME}/.ssh/id_rsa -r -v -o StrictHostKeyChecking=no $SRCDIR [email protected]:/data/download/release/kiwix-hotspot/ | |
if: env.BUILDTYPE == 'release' |