Skip to content

CI updates

CI updates #4

Workflow file for this run

name: Build Windows
on:
push:
branches: atavism/ci-updates
workflow_call:
inputs:
version:
type: string
required: true
prefix:
type: string
required: true
build-suffix: # "64" or ""
type: string
required: false
dist-suffix: # "64-bit" or "32-bit"
type: string
required: true
update-suffix: # "x64" or "386"
type: string
required: true
arch:
type: string
required: true
installer-suffix: # "-x64" or ""
type: string
required: false
xcode_version:
type: string
required: true
env:
GOPRIVATE: github.com/getlantern
S3_BUCKET: lantern
jobs:
build:
permissions:
contents: "read"
id-token: "write"
env:
version: ${{ inputs.version }}
prefix: ${{ inputs.prefix }}
strategy:
matrix:
include:
- os: macos-latest
platform: macos
- os: windows-latest
platform: windows
- os: ubuntu-latest
platform: android
- os: ubuntu-latest
platform: linux
#- os: macos-latest
# platform: macos
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
with:
lfs: true
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
- name: Granting private modules access
run: git config --global url."https://${{ secrets.GH_TOKEN }}:[email protected]/".insteadOf "https://github.com/"
- name: Install WebView2 Runtime
if: matrix.platform == 'windows'
shell: pwsh
run: |
Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "MicrosoftEdgeWebView2Setup.exe"
Start-Process -FilePath ".\MicrosoftEdgeWebView2Setup.exe" -ArgumentList "/silent", "/install" -Wait
- name: Set up MinGW
if: matrix.platform == 'windows'
run: choco install mingw -y
- name: Install dependencies
if: matrix.platform == 'linux'
run: |
sudo apt-get update
sudo apt-get install -y file build-essential pkg-config
sudo apt-get install -y libwebkit2gtk-4.1-dev
sudo apt-get install -y libunwind-dev libstdc++-12-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-d cmake
sudo apt-get install -y libgtk-3-0 libblkid1 liblzma5
sudo apt-get install -y libpcap-dev libgtk-3-dev libayatana-appindicator3-dev ruby ruby-dev && sudo gem install bundler -v 2.2.26
- name: Setup Xcode
if: matrix.platform == 'macos'
uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: ${{ inputs.xcode_version }}
- name: Install Flutter
uses: subosito/flutter-action@v2
with:
channel: "stable"
- run: flutter --version
- name: Setup JDK
if: matrix.platform == 'android'
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
cache: 'gradle'
- name: Set gradle properties
if: matrix.platform == 'android'
env:
GRADLE_PROPERTIES: ${{ secrets.GRADLE_PROPERTIES }}
run: |
mkdir -p ~/.gradle/
echo "GRADLE_USER_HOME=${HOME}/.gradle" >> $GITHUB_ENV
echo "${GRADLE_PROPERTIES}" > ~/.gradle/gradle.properties
- name: Decode Keystore
id: write_file
if: matrix.platform == 'android'
uses: timheuer/[email protected]
with:
fileName: 'keystore.release.jks'
fileDir: './android/app'
encodedString: ${{ secrets.KEYSTORE }}
- name: Generate app.env
env:
ANDROID_INTERSTITIAL_AD_ID: ${{ secrets.INTERSTITIAL_AD_UNIT_ID }}
IOS_INTERSTITIAL_AD_ID: ${{ secrets.INTERSTITIAL_AD_UNIT_ID_IOS }}
TAPSELL_VIDEO_INTERSTITIAL_ZONE_ID: ${{ secrets.TAPSELL_VIDEO_INTERSTITIAL_ZONE_ID }}
TAPSELL_INTERSTITIAL_ZONE_ID: ${{ secrets.TAPSELL_INTERSTITIAL_ZONE_ID }}
run: |
touch app.env
echo "Android_interstitialAd=$ANDROID_INTERSTITIAL_AD_ID" > app.env
echo "IOS_interstitialAd=$IOS_INTERSTITIAL_AD_ID" >> app.env
echo "VideoInterstitialZoneId=$TAPSELL_VIDEO_INTERSTITIAL_ZONE_ID" >> app.env
echo "InterstitialZoneId=$TAPSELL_INTERSTITIAL_ZONE_ID" >> app.env
- name: Setup protoc
uses: arduino/setup-protoc@v2
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Build Lantern Library
shell: bash
run: |
touch app.env
mkdir -p "build/windows/${{inputs.arch}}/runner/Release"
make ${{matrix.platform}}
- name: Activate plugins
run: |
dart pub global activate protoc_plugin
dart pub global activate flutter_distributor
- name: Sign liblantern.dll with Azure Code Signing
if: matrix.platform == 'windows'
uses: getlantern/trusted-signing-action@main
with:
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
endpoint: https://wus2.codesigning.azure.net/
code-signing-account-name: code-signing
certificate-profile-name: Lantern
files-folder: ${{ github.workspace }}\
files-folder-filter: dll
file-digest: SHA256
timestamp-rfc3161: http://timestamp.acs.microsoft.com
timestamp-digest: SHA256
- name: Move liblantern.dll to release directory
if: matrix.platform == 'windows'
shell: bash
run: |
mv liblantern.dll "build/windows/${{inputs.arch}}/runner/Release"
- name: Extract app version from pubspec.yaml
id: extract_version
shell: bash
run: |
APP_VERSION=$(grep '^version:' pubspec.yaml | sed 's/version: //')
echo "APP_VERSION=$APP_VERSION" >> $GITHUB_ENV
- name: Build Flutter app
run: |
New-Item -Path "./dist/${{ env.APP_VERSION }}" -ItemType Directory -Force
flutter_distributor package --platform windows --targets exe --skip-clean
env:
INTERSTITIAL_AD_UNIT: "${{ secrets.INTERSTITIAL_AD_UNIT_ID }}"
SENTRY_AUTH_TOKEN: "${{ secrets.SENTRY_AUTH_TOKEN }}"
VERSION: "${{ env.version }}"
- name: Install darwin installer dependencies
if: matrix.platform == 'macos'
run: |
npm install -g appdmg
brew tap joshdk/tap
brew install joshdk/tap/retry
brew install imagemagick || true
- name: Build darwin installer
if: matrix.platform == 'macos'
run: |
echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
security create-keychain -p temporaty-password build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p temporaty-password build.keychain
security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k temporaty-password build.keychain
make package-darwin
env:
VERSION: "${{ env.version }}"
MACOS_CERTIFICATE: ${{ secrets.MACOS_BNS_CERT }}
MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_BNS_CERT_PASS }}
- name: Build installer
if: matrix.platform == 'linux'
run: |
cp liblantern.so "build/linux/${{inputs.dist-suffix}}/release/bundle"
make package-linux
mv dist/${{ env.APP_VERSION }}/lantern-${{ env.APP_VERSION }}-linux.deb lantern_${{inputs.version}}_x64.deb
mv dist/${{ env.APP_VERSION }}/lantern-${{ env.APP_VERSION }}-linux.rpm lantern_${{inputs.version}}_x64.rpm
- name: Rename installer
if: matrix.platform == 'windows'
shell: bash
run: |
mv "dist/${{ env.APP_VERSION }}/lantern-${{ env.APP_VERSION }}-windows-setup.exe" lantern-installer${{inputs.installer-suffix}}.exe
- name: Sign EXE with Azure Code Signing
if: matrix.platform == 'windows'
uses: getlantern/trusted-signing-action@main
with:
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
endpoint: https://wus2.codesigning.azure.net/
code-signing-account-name: code-signing
certificate-profile-name: Lantern
files-folder: ${{ github.workspace }}/
files-folder-filter: exe,dll,msix
file-digest: SHA256
timestamp-rfc3161: http://timestamp.acs.microsoft.com
timestamp-digest: SHA256
- uses: actions/upload-artifact@v4
if: matrix.platform == 'android'
with:
name: android-apk-build
retention-days: 2
path: |
lantern-installer.apk
- name: Upload EXE artifact
uses: actions/upload-artifact@v4
if: matrix.platform == 'windows'
with:
name: windows${{inputs.build-suffix}}-installer-signed
path: |
lantern-installer${{inputs.installer-suffix}}.exe
- uses: actions/upload-artifact@v4
if: matrix.platform == 'linux'
with:
name: linux-deb-build
path: |
lantern_${{inputs.version}}_x64.deb
- uses: actions/upload-artifact@v4
if: matrix.platform == 'linux'
with:
name: linux-rpm-build
path: |
lantern_${{inputs.version}}_x64.rpm