[auth] Potential fix for desktop build (#4462) #89
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Release (auth)" | |
# [Note: Testing release workflows that are triggered by tags] | |
# | |
# To test this out, push a tag with a pre-release version. The version number | |
# should be the version number of the next actual release. | |
# | |
# > When major, minor, and patch are equal, a pre-release version has lower | |
# > precedence than a normal version. Example: 1.0.0-alpha < 1.0.0. | |
# > https://semver.org | |
# | |
# So if the next release we intend to put out is 1.2.3, you can: | |
# | |
# git tag auth-v1.2.3-test | |
# git push origin auth-v1.2.3-test | |
# | |
# We use a suffix like `-test` to indicate that these are test tags, and that | |
# they belong to a pre-release. | |
# | |
# If you need to do multiple tests, add a .x at the end of the tag. e.g. | |
# `auth-v1.2.3-test.1`. | |
# | |
# Once the testing is done, also delete the tag(s) please. | |
on: | |
push: | |
# Run when a tag matching the pattern "auth-v*"" is pushed | |
tags: | |
- "auth-v*" | |
env: | |
FLUTTER_VERSION: "3.24.3" | |
jobs: | |
build-ubuntu: | |
runs-on: ubuntu-20.04 | |
defaults: | |
run: | |
working-directory: auth | |
steps: | |
- name: Checkout code and submodules | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Setup JDK 17 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 17 | |
- name: Install Flutter ${{ env.FLUTTER_VERSION }} | |
uses: subosito/flutter-action@v2 | |
with: | |
channel: "stable" | |
flutter-version: ${{ env.FLUTTER_VERSION }} | |
cache: true | |
- name: Setup keys | |
uses: timheuer/base64-to-file@v1 | |
with: | |
fileName: "keystore/ente_auth_key.jks" | |
encodedString: ${{ secrets.SIGNING_KEY }} | |
- name: Create artifacts directory | |
run: mkdir artifacts | |
- name: Build independent APK | |
run: | | |
flutter build apk --release --flavor independent --dart-define=app.flavor=independent | |
mv build/app/outputs/flutter-apk/app-independent-release.apk artifacts/ente-${{ github.ref_name }}.apk | |
env: | |
SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_auth_key.jks" | |
SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }} | |
SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }} | |
SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }} | |
- name: Build PlayStore AAB | |
# disable this step if release tag contains nightly or beta | |
if: startsWith(github.ref, 'refs/tags/auth-v') && !contains(github.ref, 'nightly') && !contains(github.ref, 'beta') | |
run: | | |
flutter build appbundle --release --flavor playstore --dart-define=app.flavor=playstore | |
env: | |
SIGNING_KEY_PATH: "/home/runner/work/_temp/keystore/ente_auth_key.jks" | |
SIGNING_KEY_ALIAS: ${{ secrets.SIGNING_KEY_ALIAS }} | |
SIGNING_KEY_PASSWORD: ${{ secrets.SIGNING_KEY_PASSWORD }} | |
SIGNING_STORE_PASSWORD: ${{ secrets.SIGNING_STORE_PASSWORD }} | |
- name: Install dependencies for desktop build | |
run: | | |
sudo apt-get update -y | |
sudo apt-get install -y libsecret-1-dev libsodium-dev libfuse2 ninja-build libgtk-3-dev dpkg-dev pkg-config libsqlite3-dev locate appindicator3-0.1 libappindicator3-dev libffi-dev libtiff5 | |
sudo updatedb --localpaths='/usr/lib/x86_64-linux-gnu' | |
- name: Build desktop app | |
run: | | |
flutter config --enable-linux-desktop | |
# dart pub global activate flutter_distributor | |
dart pub global activate --source git https://github.com/prateekmedia/flutter_distributor --git-ref develop --git-path packages/flutter_distributor | |
flutter_distributor package --platform=linux --targets=deb --skip-clean | |
mv dist/**/*-*-linux.deb artifacts/ente-${{ github.ref_name }}-x86_64.deb | |
env: | |
LIBSODIUM_USE_PKGCONFIG: 1 | |
- name: Generate checksums and push to artifacts | |
run: | | |
sha256sum artifacts/ente-* > artifacts/sha256sum-apk-deb | |
- name: Create a draft GitHub release | |
uses: ncipollo/release-action@v1 | |
with: | |
artifacts: "auth/artifacts/*" | |
draft: true | |
allowUpdates: true | |
updateOnlyUnreleased: true | |
- name: Upload AAB to PlayStore | |
# disable this step if release tag contains nightly or beta | |
if: startsWith(github.ref, 'refs/tags/auth-v') && !contains(github.ref, 'nightly') && !contains(github.ref, 'beta') | |
uses: r0adkll/upload-google-play@v1 | |
with: | |
serviceAccountJsonPlainText: ${{ secrets.SERVICE_ACCOUNT_JSON }} | |
packageName: io.ente.auth | |
releaseFiles: auth/build/app/outputs/bundle/playstoreRelease/app-playstore-release.aab | |
track: internal | |
build-fedora-etc: | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: auth | |
steps: | |
- name: Checkout code and submodules | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Install Flutter ${{ env.FLUTTER_VERSION }} | |
uses: subosito/flutter-action@v2 | |
with: | |
channel: "stable" | |
flutter-version: ${{ env.FLUTTER_VERSION }} | |
cache: true | |
- name: Create artifacts directory | |
run: mkdir artifacts | |
- name: Install dependencies for desktop build | |
run: | | |
sudo apt-get update -y | |
sudo apt-get install -y libsecret-1-dev libsodium-dev libfuse2 ninja-build libgtk-3-dev dpkg-dev pkg-config rpm patchelf libsqlite3-dev locate libayatana-appindicator3-dev libffi-dev libtiff5 xz-utils libarchive-tools libcurl4-openssl-dev | |
sudo updatedb --localpaths='/usr/lib/x86_64-linux-gnu' | |
- name: Install appimagetool | |
run: | | |
wget -O appimagetool "https://github.com/AppImage/AppImageKit/releases/download/continuous/appimagetool-x86_64.AppImage" | |
chmod +x appimagetool | |
mv appimagetool /usr/local/bin/ | |
- name: Build desktop app | |
run: | | |
flutter config --enable-linux-desktop | |
# dart pub global activate flutter_distributor | |
dart pub global activate --source git https://github.com/prateekmedia/flutter_distributor --git-ref develop --git-path packages/flutter_distributor | |
# Run below command if it is a beta or nightly | |
if [[ ${{ github.ref }} =~ beta|nightly ]]; then | |
flutter_distributor package --platform=linux --targets=pacman --skip-clean | |
mv dist/**/*-*-linux.pacman artifacts/ente-${{ github.ref_name }}-x86_64.pacman | |
fi | |
flutter_distributor package --platform=linux --targets=rpm --skip-clean | |
mv dist/**/*-*-linux.rpm artifacts/ente-${{ github.ref_name }}-x86_64.rpm | |
flutter_distributor package --platform=linux --targets=appimage --skip-clean | |
mv dist/**/*-*-linux.AppImage artifacts/ente-${{ github.ref_name }}-x86_64.AppImage | |
- name: Generate checksums | |
run: sha256sum artifacts/ente-* >> artifacts/sha256sum-rpm-appimage | |
- name: Create a draft GitHub release | |
uses: ncipollo/release-action@v1 | |
with: | |
artifacts: "auth/artifacts/*" | |
draft: true | |
allowUpdates: true | |
updateOnlyUnreleased: true | |
build-windows: | |
runs-on: windows-latest | |
defaults: | |
run: | |
working-directory: auth | |
steps: | |
- name: Checkout code and submodules | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Install Flutter ${{ env.FLUTTER_VERSION }} | |
uses: subosito/flutter-action@v2 | |
with: | |
channel: "stable" | |
flutter-version: ${{ env.FLUTTER_VERSION }} | |
cache: true | |
- name: Create artifacts directory | |
run: mkdir artifacts | |
- name: Build Windows installer | |
run: | | |
flutter config --enable-windows-desktop | |
# dart pub global activate flutter_distributor | |
dart pub global activate --source git https://github.com/prateekmedia/flutter_distributor --git-ref develop --git-path packages/flutter_distributor | |
make innoinstall | |
flutter_distributor package --platform=windows --targets=exe --skip-clean | |
mv dist/**/*-windows-setup.exe artifacts/ente-${{ github.ref_name }}-installer.exe | |
- name: Retain Windows EXE and DLLs | |
run: cp -r build/windows/x64/runner/Release ente-${{ github.ref_name }}-windows | |
- name: Code sign Windows installer and EXE | |
uses: dlemstra/code-sign-action@v1 | |
with: | |
certificate: "${{ secrets.WINDOWS_CERTIFICATE }}" | |
password: "${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}" | |
files: | | |
auth/artifacts/ente-${{ github.ref_name }}-installer.exe | |
auth/ente-${{ github.ref_name }}-windows/auth.exe | |
- name: Zip Windows EXE and DLLs | |
run: tar.exe -a -c -f artifacts/ente-${{ github.ref_name }}-windows.zip ente-${{ github.ref_name }}-windows | |
- name: Generate checksums | |
run: sha256sum artifacts/ente-* > artifacts/sha256sum-windows | |
- name: Create a draft GitHub release | |
uses: ncipollo/release-action@v1 | |
with: | |
artifacts: "auth/artifacts/*" | |
draft: true | |
allowUpdates: true | |
updateOnlyUnreleased: true | |
build-macos: | |
runs-on: macos-13 # latest is 12 | |
defaults: | |
run: | |
working-directory: auth | |
steps: | |
- name: Checkout code and submodules | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Install Flutter ${{ env.FLUTTER_VERSION }} | |
uses: subosito/flutter-action@v2 | |
with: | |
channel: "stable" | |
flutter-version: ${{ env.FLUTTER_VERSION }} | |
cache: true | |
- name: Install code signing dependencies | |
run: | | |
pip3 install codemagic-cli-tools | |
- name: Add provisioning profiles | |
run: | | |
PROFILES_HOME="$HOME/Library/MobileDevice/Provisioning Profiles" | |
mkdir -p "$PROFILES_HOME" | |
PROFILE_PATH="$(mktemp "$PROFILES_HOME"/$(uuidgen).provisionprofile)" | |
echo ${CM_PROVISIONING_PROFILE} | base64 --decode > "$PROFILE_PATH" | |
echo "Saved provisioning profile $PROFILE_PATH" | |
env: | |
CM_PROVISIONING_PROFILE: ${{ secrets.MAC_OS_BUILD_PROVISION_PROFILE_BASE64 }} | |
- name: Add certificates | |
run: | | |
# create variables | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
# copy certificates from base64 | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH | |
# add certificate to keychain | |
keychain initialize | |
keychain add-certificates --certificate $CERTIFICATE_PATH --certificate-password $P12_PASSWORD | |
# Use profile in current project | |
xcode-project use-profiles --project=macos/**/*.xcodeproj | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.MAC_OS_CERTIFICATE }} | |
P12_PASSWORD: ${{ secrets.MAC_OS_CERTIFICATE_PASSWORD }} | |
- name: Install build dependencies | |
run: | | |
python3 -m pip install setuptools | |
npm install -g appdmg | |
- name: Create artifacts directory | |
run: mkdir artifacts | |
- name: Build macOS DMG | |
run: | | |
flutter config --enable-macos-desktop | |
dart pub global activate flutter_distributor | |
flutter_distributor package --platform=macos --targets=dmg --skip-clean | |
mv dist/**/*-macos.dmg artifacts/ente-${{ github.ref_name }}.dmg | |
- name: Code sign DMG | |
run: | | |
CERT_NAME=$(security find-identity -v -p codesigning | grep "Developer ID Application" | awk -F'"' '{print $2}' | grep -m1 "") | |
codesign --force --timestamp --sign "$CERT_NAME" --options runtime artifacts/ente-${{ github.ref_name }}.dmg | |
codesign --verify --verbose=4 artifacts/ente-${{ github.ref_name }}.dmg | |
- name: Notarize and staple DMG | |
run: | | |
xcrun notarytool submit artifacts/ente-${{ github.ref_name }}.dmg \ | |
--wait \ | |
--apple-id $APPLE_ID \ | |
--password $APPLE_PASSWORD \ | |
--team-id $APPLE_TEAM_ID | |
xcrun stapler staple artifacts/ente-${{ github.ref_name }}.dmg | |
env: | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }} | |
APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }} | |
- name: Generate checksums | |
run: shasum -a 256 artifacts/ente-* > artifacts/sha256sum-macos | |
- name: Create a draft GitHub release | |
uses: ncipollo/release-action@v1 | |
with: | |
artifacts: "auth/artifacts/*" | |
draft: true | |
allowUpdates: true | |
updateOnlyUnreleased: true |