Skip to content

[release-0.14] コード署名をeSignerCKAに #1741

[release-0.14] コード署名をeSignerCKAに

[release-0.14] コード署名をeSignerCKAに #1741

name: build and deploy workflow
on:
workflow_dispatch:
inputs:
version:
description: "バージョン情報(A.BB.C / A.BB.C-preview.D)"
required: true
code_signing:
description: "コード署名する"
type: boolean
required: false
release:
types:
- published
pull_request:
push:
branches:
- "*"
- "**/*"
env:
# releaseタグ名か、workflow_dispatchでのバージョン名か、DEBUGが入る
VERSION: ${{ github.event.release.tag_name || github.event.inputs.version || 'DEBUG' }}
# Raw character weights are not public.
# Skip uploading to GitHub Release on public repo.
SKIP_UPLOADING_RELEASE_ASSET: ${{ secrets.SKIP_UPLOADING_RELEASE_ASSET || '1' }}
jobs:
build_and_deploy:
environment: ${{ github.event.inputs.code_signing == 'true' && 'code_signing' || '' }} # コード署名用のenvironment
strategy:
matrix:
include:
- os: windows-2019
features: ""
target: x86_64-pc-windows-msvc
artifact_name: windows-x64-cpu
whl_local_version: cpu
use_cuda: false
- os: windows-2019
features: directml
target: x86_64-pc-windows-msvc
artifact_name: windows-x64-directml
whl_local_version: directml
use_cuda: false
- os: windows-2019
features: ""
target: x86_64-pc-windows-msvc
artifact_name: windows-x64-cuda
whl_local_version: cuda
use_cuda: true
- os: windows-2019
features: ""
target: i686-pc-windows-msvc
artifact_name: windows-x86-cpu
whl_local_version: cpu
use_cuda: false
- os: ubuntu-20.04
features: ""
target: x86_64-unknown-linux-gnu
artifact_name: linux-x64-cpu
whl_local_version: cpu
use_cuda: false
- os: ubuntu-20.04
features: ""
target: x86_64-unknown-linux-gnu
artifact_name: linux-x64-gpu
whl_local_version: cuda
use_cuda: true
- os: ubuntu-20.04
features: ""
target: aarch64-unknown-linux-gnu
artifact_name: linux-arm64-cpu
whl_local_version: cpu
use_cuda: false
- os: macos-11
features: ""
target: aarch64-apple-darwin
artifact_name: osx-arm64-cpu
whl_local_version: cpu
use_cuda: false
- os: macos-11
features: ""
target: x86_64-apple-darwin
artifact_name: osx-x64-cpu
whl_local_version: cpu
use_cuda: false
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- name: Set up Python 3.8
uses: actions/setup-python@v4
with:
python-version: "3.8"
architecture: ${{ contains(matrix.artifact_name,'x86') && 'x86' || 'x64' }}
- name: set up ${{ matrix.target }}
uses: ./.github/actions/rust-toolchain-from-file
with:
targets: ${{ matrix.target }}
- name: Install cross compiler for aarch64-unknown-linux-gnu
if: matrix.target == 'aarch64-unknown-linux-gnu'
shell: bash
run: |
sudo apt update
sudo apt install gcc-aarch64-linux-gnu g++-aarch64-linux-gnu
- name: Install cargo-binstall
uses: taiki-e/install-action@cargo-binstall
- name: Install cbindgen
uses: ./.github/actions/cargo-binstall-cbindgen
- name: Install cargo-edit
if: ${{ env.VERSION != 'DEBUG' }}
shell: bash
run: cargo binstall cargo-edit@^0.11 --no-confirm --log-level debug
- name: set cargo version
if: ${{ env.VERSION != 'DEBUG' }}
shell: bash
run: |
cargo set-version "$VERSION" --exclude voicevox_core_python_api --exclude download --exclude xtask
cargo set-version "$VERSION+"${{ matrix.whl_local_version }} -p voicevox_core_python_api
- name: generate voicevox_core.h
shell: bash
run: cbindgen --crate voicevox_core_c_api -o ./voicevox_core.h
- name: build voicevox_core_c_api
run: cargo build -p voicevox_core_c_api -vv --features ${{ matrix.features }}, --target ${{ matrix.target }} --release
env:
ORT_USE_CUDA: ${{ matrix.use_cuda }}
- name: build voicevox_core_python_api
id: build-voicevox-core-python-api
shell: bash
run: |
pip install -r ./crates/voicevox_core_python_api/requirements.txt
maturin build --manifest-path ./crates/voicevox_core_python_api/Cargo.toml --features ${{ matrix.features }}, --target ${{ matrix.target }} --release
echo "whl=$(find ./target/wheels -type f)" >> "$GITHUB_OUTPUT"
env:
ORT_USE_CUDA: ${{ matrix.use_cuda }}
- name: Set ASSET_NAME env var
shell: bash
run: echo "ASSET_NAME=voicevox_core-${{ matrix.artifact_name }}-${{ env.VERSION }}" >> "$GITHUB_ENV"
- name: Organize artifact
shell: bash
run: |
mkdir -p "artifact/${{ env.ASSET_NAME }}"
cp -v voicevox_core.h "artifact/${{ env.ASSET_NAME }}"
cp -v target/${{ matrix.target }}/release/*voicevox_core.{dll,so,dylib} "artifact/${{ env.ASSET_NAME }}" || true
cp -v target/${{ matrix.target }}/release/voicevox_core.dll.lib "artifact/${{ env.ASSET_NAME }}/voicevox_core.lib" || true
cp -v -n target/${{ matrix.target }}/release/build/onnxruntime-sys-*/out/onnxruntime_*/onnxruntime-*/lib/*.{dll,so.*,so,dylib} "artifact/${{ env.ASSET_NAME }}" || true
# libonnxruntimeについてはバージョン付のshared libraryを使用するためバージョンがついてないものを削除する
rm -f artifact/${{ env.ASSET_NAME }}/libonnxruntime.{so,dylib}
cp -v README.md "artifact/${{ env.ASSET_NAME }}/README.txt"
cp -vr model "artifact/${{ env.ASSET_NAME }}/"
echo "${{ env.VERSION }}" > "artifact/${{ env.ASSET_NAME }}/VERSION"
- name: Code signing (Windows)
if: startsWith(matrix.os, 'windows') && github.event.inputs.code_signing == 'true'
shell: bash
run: |
bash build_util/codesign.bash "artifact/${{ env.ASSET_NAME }}/voicevox_core.dll"
env:
ESIGNERCKA_USERNAME: ${{ secrets.ESIGNERCKA_USERNAME }}
ESIGNERCKA_PASSWORD: ${{ secrets.ESIGNERCKA_PASSWORD }}
ESIGNERCKA_TOTP_SECRET: ${{ secrets.ESIGNERCKA_TOTP_SECRET }}
- name: Archive artifact
shell: bash
run: |
cd artifact
7z a "../${{ env.ASSET_NAME }}.zip" "${{ env.ASSET_NAME }}"
- name: Upload to Release
if: env.VERSION != 'DEBUG' && env.SKIP_UPLOADING_RELEASE_ASSET == '0'
uses: softprops/action-gh-release@v1
with:
prerelease: true
tag_name: ${{ env.VERSION }}
files: |-
${{ env.ASSET_NAME }}.zip
target_commitish: ${{ github.sha }}
- name: Upload Python whl to Release
if: env.VERSION != 'DEBUG' && env.SKIP_UPLOADING_RELEASE_ASSET == '0'
uses: softprops/action-gh-release@v1
with:
prerelease: true
tag_name: ${{ env.VERSION }}
files: |-
${{ steps.build-voicevox-core-python-api.outputs.whl }}
target_commitish: ${{ github.sha }}
deploy_downloader:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Upload to Release
if: env.VERSION != 'DEBUG' && env.SKIP_UPLOADING_RELEASE_ASSET == '0'
uses: softprops/action-gh-release@v1
with:
prerelease: true
tag_name: ${{ env.VERSION }}
files: |-
scripts/downloads/*
target_commitish: ${{ github.sha }}
deploy_precompiled_downloader:
environment: ${{ github.event.inputs.code_signing == 'true' && 'code_signing' || '' }} # コード署名用のenvironment
strategy:
matrix:
include:
- name: download-windows-x64.exe
target: x86_64-pc-windows-msvc
os: windows-2019
- name: download-linux-x64
target: x86_64-unknown-linux-gnu
os: ubuntu-20.04
- name: download-linux-arm64
target: aarch64-unknown-linux-gnu
os: ubuntu-20.04
- name: download-osx-x64
target: x86_64-apple-darwin
os: macos-11
- name: download-osx-arm64
target: aarch64-apple-darwin
os: macos-11
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- name: Install cross compiler for aarch64-unknown-linux-gnu
if: matrix.target == 'aarch64-unknown-linux-gnu'
shell: bash
run: |
sudo apt update
sudo apt install gcc-aarch64-linux-gnu g++-aarch64-linux-gnu
- name: Set up ${{ matrix.target }}
uses: ./.github/actions/rust-toolchain-from-file
with:
targets: ${{ matrix.target }}
- name: Build downloader
run: cargo build -vv --release -p download --target ${{ matrix.target }}
- name: Rename the binary
shell: bash
run: |
case "$OS" in
Windows) exe_suffix=.exe;;
Linux | macOS) exe_suffix=;;
esac
mv $"target/${{ matrix.target }}/release/download$exe_suffix" ./${{ matrix.name }}
- name: Code signing (Windows)
if: startsWith(matrix.os, 'windows') && github.event.inputs.code_signing == 'true'
shell: bash
run: |
bash build_util/codesign.bash ./${{ matrix.name }}
env:
ESIGNERCKA_USERNAME: ${{ secrets.ESIGNERCKA_USERNAME }}
ESIGNERCKA_PASSWORD: ${{ secrets.ESIGNERCKA_PASSWORD }}
ESIGNERCKA_TOTP_SECRET: ${{ secrets.ESIGNERCKA_TOTP_SECRET }}
- name: Upload to Release
if: env.VERSION != 'DEBUG' && env.SKIP_UPLOADING_RELEASE_ASSET == '0'
uses: softprops/action-gh-release@v1
with:
prerelease: true
tag_name: ${{ env.VERSION }}
files: ${{ matrix.name }}
target_commitish: ${{ github.sha }}