CI updates #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Windows | |
on: | |
push: | |
branches: atavism/ci-updates | |
workflow_call: | |
inputs: | |
version: | |
type: string | |
required: true | |
prefix: | |
type: string | |
required: true | |
build-suffix: # "64" or "" | |
type: string | |
required: false | |
dist-suffix: # "64-bit" or "32-bit" | |
type: string | |
required: true | |
update-suffix: # "x64" or "386" | |
type: string | |
required: true | |
arch: | |
type: string | |
required: true | |
installer-suffix: # "-x64" or "" | |
type: string | |
required: false | |
xcode_version: | |
type: string | |
required: true | |
env: | |
GOPRIVATE: github.com/getlantern | |
S3_BUCKET: lantern | |
jobs: | |
build: | |
permissions: | |
contents: "read" | |
id-token: "write" | |
env: | |
version: ${{ inputs.version }} | |
prefix: ${{ inputs.prefix }} | |
strategy: | |
matrix: | |
include: | |
- os: macos-latest | |
platform: macos | |
- os: windows-latest | |
platform: windows | |
- os: ubuntu-latest | |
platform: android | |
- os: ubuntu-latest | |
platform: linux | |
#- os: macos-latest | |
# platform: macos | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
lfs: true | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: "go.mod" | |
- name: Granting private modules access | |
run: git config --global url."https://${{ secrets.GH_TOKEN }}:[email protected]/".insteadOf "https://github.com/" | |
- name: Install WebView2 Runtime | |
if: matrix.platform == 'windows' | |
shell: pwsh | |
run: | | |
Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "MicrosoftEdgeWebView2Setup.exe" | |
Start-Process -FilePath ".\MicrosoftEdgeWebView2Setup.exe" -ArgumentList "/silent", "/install" -Wait | |
- name: Set up MinGW | |
if: matrix.platform == 'windows' | |
run: choco install mingw -y | |
- name: Install dependencies | |
if: matrix.platform == 'linux' | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y file build-essential pkg-config | |
sudo apt-get install -y libwebkit2gtk-4.1-dev | |
sudo apt-get install -y libunwind-dev libstdc++-12-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-d cmake | |
sudo apt-get install -y libgtk-3-0 libblkid1 liblzma5 | |
sudo apt-get install -y libpcap-dev libgtk-3-dev libayatana-appindicator3-dev ruby ruby-dev && sudo gem install bundler -v 2.2.26 | |
- name: Setup Xcode | |
if: matrix.platform == 'macos' | |
uses: maxim-lobanov/setup-xcode@v1 | |
with: | |
xcode-version: ${{ inputs.xcode_version }} | |
- name: Install Flutter | |
uses: subosito/flutter-action@v2 | |
with: | |
channel: "stable" | |
- run: flutter --version | |
- name: Setup JDK | |
if: matrix.platform == 'android' | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: 'gradle' | |
- name: Set gradle properties | |
if: matrix.platform == 'android' | |
env: | |
GRADLE_PROPERTIES: ${{ secrets.GRADLE_PROPERTIES }} | |
run: | | |
mkdir -p ~/.gradle/ | |
echo "GRADLE_USER_HOME=${HOME}/.gradle" >> $GITHUB_ENV | |
echo "${GRADLE_PROPERTIES}" > ~/.gradle/gradle.properties | |
- name: Decode Keystore | |
id: write_file | |
if: matrix.platform == 'android' | |
uses: timheuer/[email protected] | |
with: | |
fileName: 'keystore.release.jks' | |
fileDir: './android/app' | |
encodedString: ${{ secrets.KEYSTORE }} | |
- name: Generate app.env | |
env: | |
ANDROID_INTERSTITIAL_AD_ID: ${{ secrets.INTERSTITIAL_AD_UNIT_ID }} | |
IOS_INTERSTITIAL_AD_ID: ${{ secrets.INTERSTITIAL_AD_UNIT_ID_IOS }} | |
TAPSELL_VIDEO_INTERSTITIAL_ZONE_ID: ${{ secrets.TAPSELL_VIDEO_INTERSTITIAL_ZONE_ID }} | |
TAPSELL_INTERSTITIAL_ZONE_ID: ${{ secrets.TAPSELL_INTERSTITIAL_ZONE_ID }} | |
run: | | |
touch app.env | |
echo "Android_interstitialAd=$ANDROID_INTERSTITIAL_AD_ID" > app.env | |
echo "IOS_interstitialAd=$IOS_INTERSTITIAL_AD_ID" >> app.env | |
echo "VideoInterstitialZoneId=$TAPSELL_VIDEO_INTERSTITIAL_ZONE_ID" >> app.env | |
echo "InterstitialZoneId=$TAPSELL_INTERSTITIAL_ZONE_ID" >> app.env | |
- name: Setup protoc | |
uses: arduino/setup-protoc@v2 | |
with: | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build Lantern Library | |
shell: bash | |
run: | | |
touch app.env | |
mkdir -p "build/windows/${{inputs.arch}}/runner/Release" | |
make ${{matrix.platform}} | |
- name: Activate plugins | |
run: | | |
dart pub global activate protoc_plugin | |
dart pub global activate flutter_distributor | |
- name: Sign liblantern.dll with Azure Code Signing | |
if: matrix.platform == 'windows' | |
uses: getlantern/trusted-signing-action@main | |
with: | |
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
endpoint: https://wus2.codesigning.azure.net/ | |
code-signing-account-name: code-signing | |
certificate-profile-name: Lantern | |
files-folder: ${{ github.workspace }}\ | |
files-folder-filter: dll | |
file-digest: SHA256 | |
timestamp-rfc3161: http://timestamp.acs.microsoft.com | |
timestamp-digest: SHA256 | |
- name: Move liblantern.dll to release directory | |
if: matrix.platform == 'windows' | |
shell: bash | |
run: | | |
mv liblantern.dll "build/windows/${{inputs.arch}}/runner/Release" | |
- name: Extract app version from pubspec.yaml | |
id: extract_version | |
shell: bash | |
run: | | |
APP_VERSION=$(grep '^version:' pubspec.yaml | sed 's/version: //') | |
echo "APP_VERSION=$APP_VERSION" >> $GITHUB_ENV | |
- name: Build Flutter app | |
run: | | |
New-Item -Path "./dist/${{ env.APP_VERSION }}" -ItemType Directory -Force | |
flutter_distributor package --platform windows --targets exe --skip-clean | |
env: | |
INTERSTITIAL_AD_UNIT: "${{ secrets.INTERSTITIAL_AD_UNIT_ID }}" | |
SENTRY_AUTH_TOKEN: "${{ secrets.SENTRY_AUTH_TOKEN }}" | |
VERSION: "${{ env.version }}" | |
- name: Install darwin installer dependencies | |
if: matrix.platform == 'macos' | |
run: | | |
npm install -g appdmg | |
brew tap joshdk/tap | |
brew install joshdk/tap/retry | |
brew install imagemagick || true | |
- name: Build darwin installer | |
if: matrix.platform == 'macos' | |
run: | | |
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12 | |
security create-keychain -p temporaty-password build.keychain | |
security default-keychain -s build.keychain | |
security unlock-keychain -p temporaty-password build.keychain | |
security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign | |
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k temporaty-password build.keychain | |
make package-darwin | |
env: | |
VERSION: "${{ env.version }}" | |
MACOS_CERTIFICATE: ${{ secrets.MACOS_BNS_CERT }} | |
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_BNS_CERT_PASS }} | |
- name: Build installer | |
if: matrix.platform == 'linux' | |
run: | | |
cp liblantern.so "build/linux/${{inputs.dist-suffix}}/release/bundle" | |
make package-linux | |
mv dist/${{ env.APP_VERSION }}/lantern-${{ env.APP_VERSION }}-linux.deb lantern_${{inputs.version}}_x64.deb | |
mv dist/${{ env.APP_VERSION }}/lantern-${{ env.APP_VERSION }}-linux.rpm lantern_${{inputs.version}}_x64.rpm | |
- name: Rename installer | |
if: matrix.platform == 'windows' | |
shell: bash | |
run: | | |
mv "dist/${{ env.APP_VERSION }}/lantern-${{ env.APP_VERSION }}-windows-setup.exe" lantern-installer${{inputs.installer-suffix}}.exe | |
- name: Sign EXE with Azure Code Signing | |
if: matrix.platform == 'windows' | |
uses: getlantern/trusted-signing-action@main | |
with: | |
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }} | |
endpoint: https://wus2.codesigning.azure.net/ | |
code-signing-account-name: code-signing | |
certificate-profile-name: Lantern | |
files-folder: ${{ github.workspace }}/ | |
files-folder-filter: exe,dll,msix | |
file-digest: SHA256 | |
timestamp-rfc3161: http://timestamp.acs.microsoft.com | |
timestamp-digest: SHA256 | |
- uses: actions/upload-artifact@v4 | |
if: matrix.platform == 'android' | |
with: | |
name: android-apk-build | |
retention-days: 2 | |
path: | | |
lantern-installer.apk | |
- name: Upload EXE artifact | |
uses: actions/upload-artifact@v4 | |
if: matrix.platform == 'windows' | |
with: | |
name: windows${{inputs.build-suffix}}-installer-signed | |
path: | | |
lantern-installer${{inputs.installer-suffix}}.exe | |
- uses: actions/upload-artifact@v4 | |
if: matrix.platform == 'linux' | |
with: | |
name: linux-deb-build | |
path: | | |
lantern_${{inputs.version}}_x64.deb | |
- uses: actions/upload-artifact@v4 | |
if: matrix.platform == 'linux' | |
with: | |
name: linux-rpm-build | |
path: | | |
lantern_${{inputs.version}}_x64.rpm |