Skip to content

[auth] Potential fix for desktop build (#4462) #89

[auth] Potential fix for desktop build (#4462)

[auth] Potential fix for desktop build (#4462) #89

Workflow file for this run

name: "Release (auth)"
# [Note: Testing release workflows that are triggered by tags]
#
# To test this out, push a tag with a pre-release version. The version number
# should be the version number of the next actual release.
#
# > When major, minor, and patch are equal, a pre-release version has lower
# > precedence than a normal version. Example: 1.0.0-alpha < 1.0.0.
# > https://semver.org
#
# So if the next release we intend to put out is 1.2.3, you can:
#
# git tag auth-v1.2.3-test
# git push origin auth-v1.2.3-test
#
# We use a suffix like `-test` to indicate that these are test tags, and that
# they belong to a pre-release.
#
# If you need to do multiple tests, add a .x at the end of the tag. e.g.
# `auth-v1.2.3-test.1`.
#
# Once the testing is done, also delete the tag(s) please.
on:
push:
# Run when a tag matching the pattern "auth-v*"" is pushed
tags:
- "auth-v*"
env:
FLUTTER_VERSION: "3.24.3"
jobs:
build-ubuntu:
runs-on: ubuntu-20.04
defaults:
run:
working-directory: auth
steps:
- name: Checkout code and submodules
uses: actions/checkout@v4
with:
submodules: recursive
- name: Setup JDK 17
uses: actions/setup-java@v1
with:
java-version: 17
- name: Install Flutter ${{ env.FLUTTER_VERSION }}
uses: subosito/flutter-action@v2
with:
channel: "stable"
flutter-version: ${{ env.FLUTTER_VERSION }}
cache: true
- name: Setup keys
uses: timheuer/base64-to-file@v1
with:
fileName: "keystore/ente_auth_key.jks"
encodedString: ${{ secrets.SIGNING_KEY }}
- name: Create artifacts directory
run: mkdir artifacts
- name: Build independent APK
run: |
flutter build apk --release --flavor independent --dart-define=app.flavor=independent
mv build/app/outputs/flutter-apk/app-independent-release.apk artifacts/ente-${{ github.ref_name }}.apk
env:
SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_auth_key.jks"
SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
- name: Build PlayStore AAB
# disable this step if release tag contains nightly or beta
if: startsWith(github.ref, 'refs/tags/auth-v') && !contains(github.ref, 'nightly') && !contains(github.ref, 'beta')
run: |
flutter build appbundle --release --flavor playstore --dart-define=app.flavor=playstore
env:
SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_auth_key.jks"
SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }}
SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }}
SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }}
- name: Install dependencies for desktop build
run: |
sudo apt-get update -y
sudo apt-get install -y libsecret-1-dev libsodium-dev libfuse2 ninja-build libgtk-3-dev dpkg-dev pkg-config libsqlite3-dev locate appindicator3-0.1 libappindicator3-dev libffi-dev libtiff5
sudo updatedb --localpaths='/usr/lib/x86_64-linux-gnu'
- name: Build desktop app
run: |
flutter config --enable-linux-desktop
# dart pub global activate flutter_distributor
dart pub global activate --source git https://github.com/prateekmedia/flutter_distributor --git-ref develop --git-path packages/flutter_distributor
flutter_distributor package --platform=linux --targets=deb --skip-clean
mv dist/**/*-*-linux.deb artifacts/ente-${{ github.ref_name }}-x86_64.deb
env:
LIBSODIUM_USE_PKGCONFIG: 1
- name: Generate checksums and push to artifacts
run: |
sha256sum artifacts/ente-* > artifacts/sha256sum-apk-deb
- name: Create a draft GitHub release
uses: ncipollo/release-action@v1
with:
artifacts: "auth/artifacts/*"
draft: true
allowUpdates: true
updateOnlyUnreleased: true
- name: Upload AAB to PlayStore
# disable this step if release tag contains nightly or beta
if: startsWith(github.ref, 'refs/tags/auth-v') && !contains(github.ref, 'nightly') && !contains(github.ref, 'beta')
uses: r0adkll/upload-google-play@v1
with:
serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }}
packageName: io.ente.auth
releaseFiles: auth/build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab
track: internal
build-fedora-etc:
runs-on: ubuntu-latest
defaults:
run:
working-directory: auth
steps:
- name: Checkout code and submodules
uses: actions/checkout@v4
with:
submodules: recursive
- name: Install Flutter ${{ env.FLUTTER_VERSION }}
uses: subosito/flutter-action@v2
with:
channel: "stable"
flutter-version: ${{ env.FLUTTER_VERSION }}
cache: true
- name: Create artifacts directory
run: mkdir artifacts
- name: Install dependencies for desktop build
run: |
sudo apt-get update -y
sudo apt-get install -y libsecret-1-dev libsodium-dev libfuse2 ninja-build libgtk-3-dev dpkg-dev pkg-config rpm patchelf libsqlite3-dev locate libayatana-appindicator3-dev libffi-dev libtiff5 xz-utils libarchive-tools libcurl4-openssl-dev
sudo updatedb --localpaths='/usr/lib/x86_64-linux-gnu'
- name: Install appimagetool
run: |
wget -O appimagetool "https://github.com/AppImage/AppImageKit/releases/download/continuous/appimagetool-x86_64.AppImage"
chmod +x appimagetool
mv appimagetool /usr/local/bin/
- name: Build desktop app
run: |
flutter config --enable-linux-desktop
# dart pub global activate flutter_distributor
dart pub global activate --source git https://github.com/prateekmedia/flutter_distributor --git-ref develop --git-path packages/flutter_distributor
# Run below command if it is a beta or nightly
if [[ ${{ github.ref }} =~ beta|nightly ]]; then
flutter_distributor package --platform=linux --targets=pacman --skip-clean
mv dist/**/*-*-linux.pacman artifacts/ente-${{ github.ref_name }}-x86_64.pacman
fi
flutter_distributor package --platform=linux --targets=rpm --skip-clean
mv dist/**/*-*-linux.rpm artifacts/ente-${{ github.ref_name }}-x86_64.rpm
flutter_distributor package --platform=linux --targets=appimage --skip-clean
mv dist/**/*-*-linux.AppImage artifacts/ente-${{ github.ref_name }}-x86_64.AppImage
- name: Generate checksums
run: sha256sum artifacts/ente-* >> artifacts/sha256sum-rpm-appimage
- name: Create a draft GitHub release
uses: ncipollo/release-action@v1
with:
artifacts: "auth/artifacts/*"
draft: true
allowUpdates: true
updateOnlyUnreleased: true
build-windows:
runs-on: windows-latest
defaults:
run:
working-directory: auth
steps:
- name: Checkout code and submodules
uses: actions/checkout@v4
with:
submodules: recursive
- name: Install Flutter ${{ env.FLUTTER_VERSION }}
uses: subosito/flutter-action@v2
with:
channel: "stable"
flutter-version: ${{ env.FLUTTER_VERSION }}
cache: true
- name: Create artifacts directory
run: mkdir artifacts
- name: Build Windows installer
run: |
flutter config --enable-windows-desktop
# dart pub global activate flutter_distributor
dart pub global activate --source git https://github.com/prateekmedia/flutter_distributor --git-ref develop --git-path packages/flutter_distributor
make innoinstall
flutter_distributor package --platform=windows --targets=exe --skip-clean
mv dist/**/*-windows-setup.exe artifacts/ente-${{ github.ref_name }}-installer.exe
- name: Retain Windows EXE and DLLs
run: cp -r build/windows/x64/runner/Release ente-${{ github.ref_name }}-windows
- name: Code sign Windows installer and EXE
uses: dlemstra/code-sign-action@v1
with:
certificate: "${{ secrets.WINDOWS_CERTIFICATE }}"
password: "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}"
files: |
auth/artifacts/ente-${{ github.ref_name }}-installer.exe
auth/ente-${{ github.ref_name }}-windows/auth.exe
- name: Zip Windows EXE and DLLs
run: tar.exe -a -c -f artifacts/ente-${{ github.ref_name }}-windows.zip ente-${{ github.ref_name }}-windows
- name: Generate checksums
run: sha256sum artifacts/ente-* > artifacts/sha256sum-windows
- name: Create a draft GitHub release
uses: ncipollo/release-action@v1
with:
artifacts: "auth/artifacts/*"
draft: true
allowUpdates: true
updateOnlyUnreleased: true
build-macos:
runs-on: macos-13 # latest is 12
defaults:
run:
working-directory: auth
steps:
- name: Checkout code and submodules
uses: actions/checkout@v4
with:
submodules: recursive
- name: Install Flutter ${{ env.FLUTTER_VERSION }}
uses: subosito/flutter-action@v2
with:
channel: "stable"
flutter-version: ${{ env.FLUTTER_VERSION }}
cache: true
- name: Install code signing dependencies
run: |
pip3 install codemagic-cli-tools
- name: Add provisioning profiles
run: |
PROFILES_HOME="$HOME/Library/MobileDevice/Provisioning Profiles"
mkdir -p "$PROFILES_HOME"
PROFILE_PATH="$(mktemp "$PROFILES_HOME"/$(uuidgen).provisionprofile)"
echo ${CM_PROVISIONING_PROFILE} | base64 --decode > "$PROFILE_PATH"
echo "Saved provisioning profile $PROFILE_PATH"
env:
CM_PROVISIONING_PROFILE: ${{ secrets.MAC_OS_BUILD_PROVISION_PROFILE_BASE64 }}
- name: Add certificates
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
# copy certificates from base64
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
# add certificate to keychain
keychain initialize
keychain add-certificates --certificate $CERTIFICATE_PATH --certificate-password $P12_PASSWORD
# Use profile in current project
xcode-project use-profiles --project=macos/**/*.xcodeproj
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.MAC_OS_CERTIFICATE }}
P12_PASSWORD: ${{ secrets.MAC_OS_CERTIFICATE_PASSWORD }}
- name: Install build dependencies
run: |
python3 -m pip install setuptools
npm install -g appdmg
- name: Create artifacts directory
run: mkdir artifacts
- name: Build macOS DMG
run: |
flutter config --enable-macos-desktop
dart pub global activate flutter_distributor
flutter_distributor package --platform=macos --targets=dmg --skip-clean
mv dist/**/*-macos.dmg artifacts/ente-${{ github.ref_name }}.dmg
- name: Code sign DMG
run: |
CERT_NAME=$(security find-identity -v -p codesigning | grep "Developer ID Application" | awk -F'"' '{print $2}' | grep -m1 "")
codesign --force --timestamp --sign "$CERT_NAME" --options runtime artifacts/ente-${{ github.ref_name }}.dmg
codesign --verify --verbose=4 artifacts/ente-${{ github.ref_name }}.dmg
- name: Notarize and staple DMG
run: |
xcrun notarytool submit artifacts/ente-${{ github.ref_name }}.dmg \
--wait \
--apple-id $APPLE_ID \
--password $APPLE_PASSWORD \
--team-id $APPLE_TEAM_ID
xcrun stapler staple artifacts/ente-${{ github.ref_name }}.dmg
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
- name: Generate checksums
run: shasum -a 256 artifacts/ente-* > artifacts/sha256sum-macos
- name: Create a draft GitHub release
uses: ncipollo/release-action@v1
with:
artifacts: "auth/artifacts/*"
draft: true
allowUpdates: true
updateOnlyUnreleased: true