From 005fdbdc2f19b4fd123c2e8cc4c56b924ade70cb Mon Sep 17 00:00:00 2001
From: Yaroslav Yashin <yaroslav.yashin@gmail.com>
Date: Wed, 12 Feb 2025 20:34:21 +0100
Subject: [PATCH] Ci-cd config update

---
 .github/workflows/deploy.yml | 122 ++++++++++++++++++++++++-----------
 1 file changed, 85 insertions(+), 37 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 35e740b0d..2f24ee9a8 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -16,10 +16,7 @@ jobs:
       QT_VERSION: 6.6.2
       QIF_VERSION: 4.7
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
-      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
-      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
-      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
 
     steps:
     - name: 'Install Qt'
@@ -86,10 +83,7 @@ jobs:
       QIF_VERSION: 4.7
       BUILD_ARCH: 64
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
-      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
-      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
-      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
 
     steps:
     - name: 'Get sources'
@@ -145,23 +139,20 @@ jobs:
 # ------------------------------------------------------
 
   Build-iOS:
-    runs-on: macos-13
+    runs-on: macos-latest
 
     env:
-      QT_VERSION: 6.6.2
+      QT_VERSION: 6.8.0
       CC: cc
       CXX: c++
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
-      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
-      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
-      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
 
     steps:
     - name: 'Setup xcode'
       uses: maxim-lobanov/setup-xcode@v1
       with:
-        xcode-version: '15.2'
+        xcode-version: '15.4.0'
 
     - name: 'Install desktop Qt'
       uses: jurplel/install-qt-action@v3
@@ -217,11 +208,7 @@ jobs:
         export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/ios/bin"
         export QT_MACOS_ROOT_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos"
         export PATH=$PATH:~/go/bin
-        sh deploy/build_ios.sh | \
-          sed -e '/-Xcc -DPROD_AGW_PUBLIC_KEY/,/-Xcc/ { /-Xcc/!d; }' -e '/-Xcc -DPROD_AGW_PUBLIC_KEY/d' | \
-          sed -e '/-Xcc -DDEV_AGW_PUBLIC_KEY/,/-Xcc/ { /-Xcc/!d; }' -e '/-Xcc -DDEV_AGW_PUBLIC_KEY/d' | \
-          sed -e '/-DPROD_AGW_PUBLIC_KEY/,/-D/ { /-D/!d; }' -e '/-DPROD_AGW_PUBLIC_KEY/d' | \
-          sed -e '/-DDEV_AGW_PUBLIC_KEY/,/-D/ { /-D/!d; }' -e '/-DDEV_AGW_PUBLIC_KEY/d'
+        sh deploy/build_ios.sh
       env:
         IOS_TRUST_CERT_BASE64: ${{ secrets.IOS_TRUST_CERT_BASE64 }}
         IOS_SIGNING_CERT_BASE64: ${{ secrets.IOS_SIGNING_CERT_BASE64 }}
@@ -248,19 +235,16 @@ jobs:
 
     env:
       # Keep compat with MacOS 10.15 aka Catalina by Qt 6.4
-      QT_VERSION: 6.4.3
+      QT_VERSION: 6.8.0
       QIF_VERSION: 4.6
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
-      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
-      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
-      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
 
     steps:
     - name: 'Setup xcode'
       uses: maxim-lobanov/setup-xcode@v1
       with:
-        xcode-version: '15.4.0'
+        xcode-version: '16.1.0'
 
     - name: 'Install Qt'
       uses: jurplel/install-qt-action@v3
@@ -310,6 +294,78 @@ jobs:
         path: deploy/build/client/AmneziaVPN.app
         retention-days: 7
 
+# ------------------------------------------------------
+  Build-MacOS-NE:
+    runs-on: macos-latest
+
+    env:
+      QT_VERSION: 6.8.0
+      QIF_VERSION: 4.6
+      QT_MIRROR: https://mirrors.ocf.berkeley.edu/qt/
+      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
+      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
+
+    steps:
+    - name: 'Setup Xcode'
+      uses: maxim-lobanov/setup-xcode@v1
+      with:
+        xcode-version: '16.1.0'
+
+    - name: 'Install desktop Qt'
+      uses: jurplel/install-qt-action@v3
+      with:
+        version: ${{ env.QT_VERSION }}
+        host: 'mac'
+        target: 'desktop'
+        modules: 'qtremoteobjects qt5compat qtshadertools qtmultimedia qtimageformats'
+        arch: 'clang_64'
+        dir: ${{ runner.temp }}
+        set-env: 'true'
+        extra: '--base ${{ env.QT_MIRROR }}'
+    - name: 'Install Qt Installer Framework ${{ env.QIF_VERSION }}'
+      run: |
+        mkdir -pv ${{ runner.temp }}/Qt/Tools/QtInstallerFramework
+        wget https://qt.amzsvc.com/tools/ifw/${{ env.QIF_VERSION }}.zip
+        unzip ${{ env.QIF_VERSION }}.zip -d ${{ runner.temp }}/Qt/Tools/QtInstallerFramework/
+    - name: 'Install Go'
+      uses: actions/setup-go@v5
+      with:
+        go-version: '1.22.1'
+        cache: false
+
+    - name: 'Get sources'
+      uses: actions/checkout@v4
+      with:
+        submodules: 'true'
+        fetch-depth: 10
+
+    - name: 'Install dependencies'
+      run: pip install jsonschema jinja2
+
+    - name: 'Set execute permissions for deploy script'
+      run: chmod +x deploy/build_macos_ne.sh
+
+    - name: 'Build and deploy macOS NE'
+      run: |
+        export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos/bin" 
+        export QT_MACOS_ROOT_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos" 
+        bash deploy/build_macos_ne.sh
+      env:
+        MAC_TRUST_CERT_BASE64: ${{ secrets.MAC_TRUST_CERT_BASE64 }}
+        MAC_SIGNING_CERT_BASE64: ${{ secrets.MAC_SIGNING_CERT_BASE64 }}
+        MAC_SIGNING_CERT_PASSWORD: ${{ secrets.MAC_SIGNING_CERT_PASSWORD }}
+        APPSTORE_CONNECT_MAC_PROVISIONING_BASE64: ${{ secrets.APPSTORE_CONNECT_MAC_PROVISIONING }}
+        APPSTORE_CONNECT_MAC_NE_PROVISIONING_BASE64: ${{ secrets.APPSTORE_CONNECT_MAC_NE_PROVISIONING }}
+        APPSTORE_CONNECT_KEY_ID: ${{ secrets.APPSTORE_CONNECT_KEY_ID }}
+        APPSTORE_CONNECT_ISSUER_ID: ${{ secrets.APPSTORE_CONNECT_ISSUER_ID }}
+        APPSTORE_CONNECT_PRIVATE_KEY: ${{ secrets.APPSTORE_CONNECT_PRIVATE_KEY }}
+    - name: 'Upload macOS .dmg and dSYMs to artifacts'
+      uses: actions/upload-artifact@v4
+      with:
+        name: macos dmg & dsyms
+        path: |
+          ${{ github.workspace }}/AmneziaVPN.dmg
+        retention-days: 7
 # ------------------------------------------------------
 
   Build-Android:
@@ -317,13 +373,10 @@ jobs:
 
     env:
       ANDROID_BUILD_PLATFORM: android-34
-      QT_VERSION: 6.7.3
+      QT_VERSION: 6.7.2
       QT_MODULES: 'qtremoteobjects qt5compat qtimageformats qtshadertools'
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
-      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
-      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
-      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
 
     steps:
     - name: 'Install desktop Qt'
@@ -335,8 +388,7 @@ jobs:
         arch: 'linux_gcc_64'
         modules: ${{ env.QT_MODULES }}
         dir: ${{ runner.temp }}
-        py7zrversion: '==0.22.*'
-        extra: '--base ${{ env.QT_MIRROR }}'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
     - name: 'Install android_x86_64 Qt'
       uses: jurplel/install-qt-action@v4
@@ -347,8 +399,7 @@ jobs:
         arch: 'android_x86_64'
         modules: ${{ env.QT_MODULES }}
         dir: ${{ runner.temp }}
-        py7zrversion: '==0.22.*'
-        extra: '--base ${{ env.QT_MIRROR }}'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
     - name: 'Install android_x86 Qt'
       uses: jurplel/install-qt-action@v4
@@ -359,8 +410,7 @@ jobs:
         arch: 'android_x86'
         modules: ${{ env.QT_MODULES }}
         dir: ${{ runner.temp }}
-        py7zrversion: '==0.22.*'
-        extra: '--base ${{ env.QT_MIRROR }}'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
     - name: 'Install android_armv7 Qt'
       uses: jurplel/install-qt-action@v4
@@ -371,8 +421,7 @@ jobs:
         arch: 'android_armv7'
         modules: ${{ env.QT_MODULES }}
         dir: ${{ runner.temp }}
-        py7zrversion: '==0.22.*'
-        extra: '--base ${{ env.QT_MIRROR }}'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
     - name: 'Install android_arm64_v8a Qt'
       uses: jurplel/install-qt-action@v4
@@ -383,8 +432,7 @@ jobs:
         arch: 'android_arm64_v8a'
         modules: ${{ env.QT_MODULES }}
         dir: ${{ runner.temp }}
-        py7zrversion: '==0.22.*'
-        extra: '--base ${{ env.QT_MIRROR }}'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
     - name: 'Grant execute permission for qt-cmake'
       shell: bash
@@ -485,4 +533,4 @@ jobs:
         if: ${{ fromJSON(steps.pull_request.outputs.data)[0].number != '' }}
         run: | 
           echo "Pull request:" >> $GITHUB_STEP_SUMMARY
-          echo "[[#${{ fromJSON(steps.pull_request.outputs.data)[0].number }}] ${{ fromJSON(steps.pull_request.outputs.data)[0].title }}](${{ fromJSON(steps.pull_request.outputs.data)[0].html_url }})" >> $GITHUB_STEP_SUMMARY
+          echo "[[#${{ fromJSON(steps.pull_request.outputs.data)[0].number }}] ${{ fromJSON(steps.pull_request.outputs.data)[0].title }}](${{ fromJSON(steps.pull_request.outputs.data)[0].html_url }})" >> $GITHUB_STEP_SUMMARY
\ No newline at end of file